Chapter 5
Managing Security Contexts
Security Context Overview
Sharing Resources
If you have a server that needs to be accessed by multiple contexts (such as a AAA server or a syslog
server), then you can choose to place the server on one context network to which all other contexts have
access, or you can place the server on a shared inside VLAN.
If you put the server on one context network, allow access to the server by authorized users. The benefit
of placing the shared resources on one context is that you only need to configure that one context for the
shared resources network. The downside is that you must allow outside access to the shared network for
the other contexts. Also, because traffic must go out of one context and then back in another, the FWSM
has a slightly greater load than if the traffic stays within a context. (See
Figure
5-4.)
Figure 5-4
Shared Resources on One Context
Internet
Switch
VLAN 200
Admin
Context A
Context B
Context C
Context
VLAN 201
VLAN 202
VLAN 203
VLAN 204
Inside
Inside
Inside
Admin
Customer C
Customer A
Network
Customer B
VLAN 300
Shared
Network
Syslog Server
AAA Server
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
5-6
OL-6392-01