828-505-7480

The Cisco ASA firewall can run as virtual host for multiple virtual ASA’s known as contexts.  We recently ran into an issue where a memory leak made one context inoperable.  Rather than reload the entire ASA and take out the other contexts we wanted to only restart the context that was having problems.  Unfortunately there is no way to reboot an individual context as the reload command does not exist inside a context.  The solution is to delete the context and recreate it.  This may sound daunting, but it takes a few seconds and your config is restored.

  1.  First login to the ASA and change to the context that’s having problems and save the config.  In our case the context named “transparent” was the one that stopped working.  (You may not want to save the config if a configuration issue broke the context.  If so this step is optional.)

    login as: admin
    admin@10.10.10.1’s password:
    Type help or ‘?’ for a list of available commands.
    ASA5525/admin>
    ASA5525/admin> en
    Password: ************
    ASA5525/admin# changeto context transparent
    ASA5525/transparent# wr mem

  2. Then switch to the system context (the hypervisor layer) and show the context information.  In our case we have three contexts: admin, customer and transparent.
    ASA5525/transparent# changeto system
    ASA5525# show run context
    !
    admin-context admin
    context admin
      allocate-interface GigabitEthernet0/0
      allocate-interface GigabitEthernet0/1
      allocate-interface GigabitEthernet0/1.2
      allocate-interface Management0/0
      config-url disk0:/admin.cfg
    !
    context customer
      allocate-interface GigabitEthernet0/0
      allocate-interface GigabitEthernet0/1.499
      config-url disk0:/customer.cfg
    !
    context transparent
      allocate-interface GigabitEthernet0/3 outside
      allocate-interface GigabitEthernet0/4 inside
      config-url disk0:/transparent.cfg
    !
  3. Copy the config for the context causing you problems.  Then remove the context.
    ASA5525# conf t
    ASA5525(config)# no context transparent
    WARNING: Removing context ‘transparent’
    Proceed with removing the context? [confirm]
    Removing context ‘transparent’ (3)… Done
  4. Last, paste the config for the context back in.  The config-url line is the setting that will point the context to the old config and all your settings will be restored!
    ASA5525(config)# context transparent
    Creating context ‘transparent’… Done. (4)
    ASA5525(config-ctx)#   allocate-interface GigabitEthernet0/3 outside
    ASA5525(config-ctx)#   allocate-interface GigabitEthernet0/4 inside
    ASA5525(config-ctx)#   config-url disk0:/transparent.cfg
    ………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………………….
    Cryptochecksum (unchanged): 66500bfe fd55ab5f 0bca53e5 91192fb3
    INFO: Context transparent was created with URL disk0:/transparent.cfg
    ASA5525(config-ctx)#