When troubleshooting a Cisco ASA that is operating in multiple context mode, which two
verification steps should be performed if a user context does not pass user traffic? (Choose two.)
A.
Verify the interface status in the system execution space.
B.
Verify the mac-address-table on the Cisco ASA.
C.
Verify that unique MAC addresses are configured if the contexts are using nonshared
interfaces.
D.
Verify the interface status in the user context.
E.
Verify the resource classes configuration by accessing the admin context.
Explanation:
http://www.ciscopress.com/articles/article.asp?p=426641
Packet Flow in Multiple Mode When the packets traverse through the security appliance in multiple
mode, they are classified and forwarded to the right context. The packets are then processed
based on the configured security policies on a context.
T Packet Classification In multiple mode, the security appliance must classify the packets to findout which context should operate on them. The packet classification is done at the ingress
interface point that tags the packets using the source IP address, source port, destination IP
address, destination port, and the interface or VLAN. The packet is processed based on the
security policies configured in that context.
That said we need to note also that:
System Configuration
The system administrator adds and manages contexts by configuring each context configuration
location, allocated interfaces, and other context operating parameters in the system configuration,
which, like a single mode configuration, is the startup configuration. The system configuration
identifies basic settings for the security appliance. The system configuration does not include any
network interfaces or network settings for itself; rather, when the system needs to access network
resources (such as downloading the contexts from the server), it uses one of the contexts that is
designated as the admin context. The system configuration does include a specialized failover
interface for failover traffic only.
Context Configurations The security appliance includes a configuration for each context that
identifies the security policy, interfaces, and almost all the options you can configure on a
standalone device. You can store context configurations on the internal Flash memory or the
external Flash memory card, or you can download them from a TFTP, FTP, or HTTP(S) server.