Chapter 4
Configuring Security Contexts
Security Context Overview
Note that all new incoming traffic must be classified, even from inside networks.
Figure 4-2
shows a host
on the Context B inside network accessing the Internet. The classifier assigns the packet to Context B
because the ingress interface is VLAN 300, which is assigned to Context B.
Figure 4-2
Incoming Traffic from Inside Networks
Internet
VLAN 100
Admin
Context A
Context B
Context
FWSM
FWSM
FWSM
Classifier
VLAN 200
VLAN 250
VLAN 300
Inside
Admin
Inside
Customer B
Network
Customer A
Host
Host
Host
10.1.1.13
10.1.1.13
10.1.1.13
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
4-6
OL-20748-01