CISCO-ASA - Cluster Factory Reset: Difference between revisions
| Line 128: | Line 128: | ||
After re-enabling failover, verify that both units in the cluster are synchronized and that the failover is working correctly: | After re-enabling failover, verify that both units in the cluster are synchronized and that the failover is working correctly: | ||
<nowiki> | <nowiki> | ||
show failover</nowiki> | show failover</nowiki> | ||
Revision as of 10:02, 18 February 2026
Removing Contexts in a Cisco ASA Cluster
In a **multi-context configuration** on Cisco ASA devices, each context functions as a virtual firewall with its own configuration, interfaces, and policies. If you need to remove a context from your ASA, follow the steps below.
Steps to Remove a Context
1. **Access the ASA CLI**: Log in to the ASA device using SSH, console, or other access methods.
2. **Enter Privileged Exec Mode**: Once logged in, enter privileged exec mode:
enable
3. **Enter Configuration Mode**: Enter configuration mode to make changes:
config terminal
4. **Switch to System Context**: Since you are working in a multi-context setup, you need to enter the **system context** (the default context):
changeto system
5. **Remove the Context**: Use the following command to remove the context:
no context <context_name>
Example: If the context name is `Sales`, use:
no context Sales
6. **Verify the Removal**: After the context is removed, verify it has been deleted using:
show context
This will list all remaining contexts. The context you removed should no longer appear.
7. **Return to the System Context**: If you were previously in a specific context, return to the system context using:
changeto system
8. **Save the Configuration**: Once the context is removed, save the configuration to ensure changes are persistent:
write memory
Example CLI Session for Removing a Context
ASA# enable Password: ******** ASA# config terminal ASA(config)# changeto system ASA(system)# no context Sales ASA(system)# show context
Factory Reset of a Cisco ASA Cluster
Performing a factory reset on a **Cisco ASA Cluster** (e.g., ASA 5500-X or other models) will erase all configurations, including interfaces, routing, VPN settings, and security policies, returning the device to its default settings. Follow the steps below to reset both the active and standby units of an ASA cluster.
Steps for Factory Reset of a Cisco ASA Cluster
Access the ASA CLI
Log in to each ASA unit in the cluster (both active and standby units) using SSH, console, or any other method.
Check Cluster Configuration
Before performing the reset, check the cluster status to ensure you are on the correct member:
show failover
Break the Failover
To reset the cluster configuration, you must first break the failover between the active and standby units. Enter the following command on both units:
no failover
Erase the Configuration
Erase the **startup configuration** on both units using:
write erase
Or alternatively:
erase startup-config
This will remove all configuration settings.
Reboot the ASA Unit
After erasing the configuration, reboot the ASA unit to apply the changes:
reload
When prompted to save the configuration, select **No**, as you just erased it.
Repeat for Standby Unit
After performing the reset on the active unit, repeat the same steps on the **standby unit** in the cluster.
Re-enable Failover
Once both units are factory reset and rebooted, re-enable the failover process to restore the cluster:
failover
Verify Cluster Synchronization
After re-enabling failover, verify that both units in the cluster are synchronized and that the failover is working correctly:
show failover
Example CLI Session for Factory Reset
ASA# enable Password: ******** ASA# config terminal ASA(config)# no failover ASA(config)# write erase ASA(config)# reload
After performing the reset on both the active and standby units, re-enable failover and check synchronization:
ASA(config)# failover ASA(config)# show failover
Important Notes
- **Backup Configuration**: Always **backup your configuration** before performing a factory reset or removing contexts. Use the following command to back up the configuration:
copy running-config tftp://<TFTP_server_IP>/backup.cfg
- **Impact**: Resetting the device or removing contexts will erase all configurations associated with the context or unit, including interfaces, security policies, routing, and VPN configurations.
- **Multi-Context Licensing**: Ensure that your device is licensed for multi-context operation if you plan to use multiple contexts. The reset or removal of contexts will impact how interfaces and resources are allocated.
Useful Links
- [Cisco ASA Documentation](https://www.cisco.com/c/en/us/support/security/asa-5500-series-next-generation-firewalls/tsd-products-support-series-home.html)
- [Cisco ASA Configuration Guides](https://www.cisco.com/c/en/us/td/docs/security/asa/)
- [Cisco Knowledge Base](https://support.cisco.com/)
- [Cisco ASA Failover Configuration](https://www.cisco.com/c/en/us/td/docs/security/asa/asa914/configuration-guide/firewall/intro-failover.html)
- [Cisco ASA Cluster Configuration](https://www.cisco.com/c/en/us/td/docs/security/asa/asa92/configuration/firewall-cluster.html)
---
