CISCO-ASA - Cluster Factory Reset: Difference between revisions

Return to Wiki Index

In a **multi-context configuration** on Cisco ASA devices, each context functions as a virtual firewall with its own configuration, interfaces, and policies. If you need to remove a context from your ASA, follow the steps below.

1. **Access the ASA CLI**: Log in to the ASA device using SSH, console, or other access methods.

2. **Enter Privileged Exec Mode**: Once logged in, enter privileged exec mode:

enable

3. **Enter Configuration Mode**: Enter configuration mode to make changes:

config terminal

4. **Switch to System Context**: Since you are working in a multi-context setup, you need to enter the **system context** (the default context):

changeto system

5. **Remove the Context**: Use the following command to remove the context:

no context <context_name>

Example: If the context name is `Sales`, use:

no context Sales

6. **Verify the Removal**: After the context is removed, verify it has been deleted using:

show context

This will list all remaining contexts. The context you removed should no longer appear.

7. **Return to the System Context**: If you were previously in a specific context, return to the system context using:

changeto system

8. **Save the Configuration**: Once the context is removed, save the configuration to ensure changes are persistent:

write memory

ASA# enable
Password: ********

ASA# config terminal
ASA(config)# changeto system
ASA(system)# no context Sales
ASA(system)# show context

Performing a factory reset on a **Cisco ASA Cluster** (e.g., ASA 5500-X or other models) will erase all configurations, including interfaces, routing, VPN settings, and security policies, returning the device to its default settings. Follow the steps below to reset both the active and standby units of an ASA cluster.

Log in to each ASA unit in the cluster (both active and standby units) using SSH, console, or any other method.

Before performing the reset, check the cluster status to ensure you are on the correct member:

show failover

To reset the cluster configuration, you must first break the failover between the active and standby units. Enter the following command on both units:

no failover

Erase the **startup configuration** on both units using:

write erase

Or alternatively:

erase startup-config

This will remove all configuration settings.

After erasing the configuration, reboot the ASA unit to apply the changes:

reload

When prompted to save the configuration, select **No**, as you just erased it.

After performing the reset on the active unit, repeat the same steps on the **standby unit** in the cluster.

Once both units are factory reset and rebooted, re-enable the failover process to restore the cluster:

failover

After re-enabling failover, verify that both units in the cluster are synchronized and that the failover is working correctly:

show failover

ASA# enable
Password: ********

ASA# config terminal
ASA(config)# no failover
ASA(config)# write erase
ASA(config)# reload

After performing the reset on both the active and standby units, re-enable failover and check synchronization:

ASA(config)# failover
ASA(config)# show failover

• • Backup Configuration**: Always **backup your configuration** before performing a factory reset or removing contexts. Use the following command to back up the configuration:

copy running-config tftp://<TFTP_server_IP>/backup.cfg

• • Impact**: Resetting the device or removing contexts will erase all configurations associated with the context or unit, including interfaces, security policies, routing, and VPN configurations.

• • Multi-Context Licensing**: Ensure that your device is licensed for multi-context operation if you plan to use multiple contexts. The reset or removal of contexts will impact how interfaces and resources are allocated.

• [Cisco ASA Documentation](https://www.cisco.com/c/en/us/support/security/asa-5500-series-next-generation-firewalls/tsd-products-support-series-home.html)
• [Cisco ASA Configuration Guides](https://www.cisco.com/c/en/us/td/docs/security/asa/)
• [Cisco Knowledge Base](https://support.cisco.com/)
• [Cisco ASA Failover Configuration](https://www.cisco.com/c/en/us/td/docs/security/asa/asa914/configuration-guide/firewall/intro-failover.html)
• [Cisco ASA Cluster Configuration](https://www.cisco.com/c/en/us/td/docs/security/asa/asa92/configuration/firewall-cluster.html)

---

Return to Wiki Index