Restrictions on Multi-Context Enhancements for Cisco ASA Software Release 9.0 – Updated

Another sign that it’s time to stop buying service modules for Catalyst 6500. This is not the time for dedicated hardware appliances such as ACE or ASA Service Modules. Mulitcontext support for routing and VPN is not available on C6500 ASA Service Module.


Multi-Context Enhancements

Enhances the current ASA Multicontext capability to include support for Site-to-site VPN and Dynamic Routing Protocols. Also adds support for mixed routed and transparent mode multi-context configuration.

• Enables each firewall context to maintain its own routing table for static and dynamic routes

• Allows customers to mix and match routing protocols on a per-context basis.

• Supports IKEv1 and IKEv2.

• Maintains single mode site-to-site VPN features in multiple modes.

• Allows flexible VPN resource allocations in system context

All ASA 5500 and 5500-X appliances (with the exception of the ASA 5505) and the Cisco Catalyst 6500 Series ASA Services Module

via Cisco ASA Software Release 9.0 Data Sheet  [Cisco Adaptive Security Appliance (ASA) Software] – Cisco Systems.

Update: my mistake – misreading. It does work on the ASA-SM. I STILL wouldn’t buy one.

About Greg Ferro

Greg Ferro is a Network Engineer/Architect, mostly focussed on Data Centre, Security Infrastructure, and recently Virtualization. He has over 20 years in IT, in wide range of employers working as a freelance consultant including Finance, Service Providers and Online Companies. He is CCIE#6920 and has a few ideas about the world, but not enough to really count.

He is a host on the Packet Pushers Podcast, blogger at and on Twitter @etherealmind and Google Plus

You can contact Greg via the site contact page.

  • Olivier Cahagne

    Greg, unless I’m mistaken, documentation states that only ASA 5505 doesn’t support multi-context.

    • Rick Arps

      I would agree.
      As I read it, it is supported on the ASA SM, though that’s not to say that I would ever recommend one.

  • marc abel

    As someone who was considering an ASA SM, why would you recommend against one?

    • Etherealmind

      The use of the fabric backplane limits the ASA software as to what is can achieve. The interface code in ASA-OS is vital to the security function and it’s likely that you will be “feature orphaned”. I’d say that the code would be developed to the “normal” ASA and then ported to the ASA-SM – that means unresolved bugs, feature starvation etc etc.

      Look back at the FWSM and you will get the idea.

Subscribe For Weekly Updates by Email

Get a Weekly Summary of Latest Articles and Posts to your Email Inbox Every Sunday

Thanks for signing up. Look for the email from MailChimp & make sure you confirm your email address. You may need to check your spam or gmail settings to be sure of receiving the email.

Note: You can unsubscribe at any time using the link at the bottom of every email.