Configure a PIX Security Appliance to Perform in Multiple Context Mode
Enable multiple context mode

When the PIX Security Appliance is changed from single mode to multiple mode, the PIX converts the running configuration into two files. These files are a new startup configuration, stored n Flash, that comprises the system configuration, and admin.cfg, stored in the disk partition, that comprises the admin context . The original running configuration is saved to disk as old_running.cfg. The original startup configuration is not saved, so if it differs from the running configuration, it should be backed up before proceeding.

The Admin Context
The system configuration does not include any network interfaces or network settings for itself. When the system needs to access network it uses one of the contexts that is designated as the admin context. If the system is already in multiple context mode, or if it is converted from single mode, the admin context is created automatically as a file on the disk partition called admin.cfg.

The admin context has the following characteristics :

  • The system execution space has no traffic-passing interfaces, and uses the policies and interfaces of the admin context to communicate with other devices.
  • Used to fetch configurations for other contexts and send system level syslogs.
  • Users logged in to the admin context are able to change to the system context and create new contexts.
  • Since the admin context is special, it does not count against the licensed context count.
  • Aside from the significance to the system, it could be used as a regular context.

Setting the Security Context Mode
Use the show mode command in privileged EXEC mode to show the security context mode for the running software image and for any image in Flash memory . The mode will be either:

  • Single – Multiple mode disabled.
  • Multiple – Multiple mode enabled.

To set the security context mode to single or multiple, use the mode command in global configuration mode . In single mode, the PIX Security Appliance has a single configuration and behaves as a single device. In multiple mode, multiple contexts, each with its own configuration, can be created. The number of contexts allowed depends on the license.

When converting from multiple mode to single mode, an administrator might want to first copy a full startup configuration, if one is available, to the PIX Security Appliance. The system configuration inherited from multiple mode is not a complete functioning configuration for a single mode device.