There are 3 types of Contexts in the ASA Firewall. Following are the types.
1. SES Context (System Execution Space)
2. Admin Context
3. User Context
System Execution Space (SES) Context :
* It is created by default. It cannot be modified or deleted.
* There can only be 1 SES context, not more than that.
* It does not participate in Control and Data plane.
* Whenever we take the console of the Multi-Context ASA, we always login to SES Context by default.
* From SES Context, we create another context and allocate physical resources to other contexts.
* Creation/deletion/suspension of all contexts are done on SES Context.
* Any Configuration done in the SES context gets saved in NVRAM.
Admin Context :
* It is also created by default when switching to multi-mode in ASA.
* Admin Context can be deleted, suspended, created from SES context.
* Admin Context is a prerequisite for User Contexts, without Admin Context, User Contexts cannot be created.
* Any Configuration done in Admin Context gets saved in Flash.
* The purpose of this context is generally for management like Remote Access- SSH, telnet, NTP, DNS, etc.
* Only one Admin Context can be there in the ASA firewall.
User Context :
* It does not thereby default, we can create user contexts as per our requirement, licenses.
* It can be created and deleted from the SES context only.
* We allocate interfaces or/and sub-interfaces to the User context as per our requirement and the User context takes an active part in Control and Data Plane.
* Every User context has its separate RIB, FIB, Connection Table, NAT Table, configuration, etc.
* Any configuration done in User Context gets saved in Flash
