Security Context Overview
•
•
Note
For management traffic destined for an interface, the interface IP address is used for classification.
Invalid Classifier Criteria
The following configurations are not used for packet classification:
•
•
Cisco Security Appliance Command Line Configuration Guide
3-4
static (inside,shared) 10.10.10.0 10.10.10.0 netmask 255.255.255.0
Context B:
static (inside,shared) 10.20.10.0 10.20.10.0 netmask 255.255.255.0
Context C:
static (inside,shared) 10.30.10.0 10.30.10.0 netmask 255.255.255.0
NAT exemption—The classifier does not use a NAT exemption configuration for classification
purposes because NAT exemption does not identify a mapped interface.
Routing table—If a context includes a static route that points to an external router as the next-hop
to a subnet, and a different context includes a static command for the same subnet, then the classifier
uses the static command to classify packets destined for that subnet and ignores the static route.
Chapter 3
Enabling Multiple Context Mode
OL-10088-01