Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ASA Service Module in multiple context mode - how to restore a config ?


I have migrated a FWSM to an ASA Service Module. It is working in multiple context mode. I'm surprised, that I cannot restore a config to my contexts with the command "copy tftp: running-config".

asasm-1-060/admin# copy ?

  /noconfirm      Do not prompt for confirmation

  running-config  Copy from current system configuration

  startup-config  Copy from startup configuration

asasm-1-060/admin# copy

I have also tried the other way "Back Up / Restore Additional Files Using the Export and Import Commands" desribed in the configuration guide.

Without success:

asasm-1-060/admin# import ?

ERROR: % Unrecognized command

Running Version

Cisco Adaptive Security Appliance Software Version 8.5(1)14 <context>

Hardware:   WS-SVC-ASA-SM1, 23552 MB RAM, CPU Xeon 5600 series 2000 MHz

            2 CPUs, 24 cores

Any hints would be appreciated


Everyone's tags (1)
Super Bronze

Re: ASA Service Module in multiple context mode - how to restore


I have not had to do a restore on a Cisco Firewall running in Multiple Context mode but I would imagine that the setup would go in the following way.

  • Establish Console connection to the ASA unit
  • Configure the "admin" context
  • Go to System Context and start copying the backup configuration files to the local ASA Flash to the directory path originally used by the Security Contexts
  • Insert the backup configuration of System Context

With the above I assume that you would first have to make sure that the "admin" Security Context is properly configured for you to have remote access to the ASA also for the System Context to be able to use the "admin" Security Contexts connectivity to download the required Security Context configuration files.

When you have the Security Context configuration files in the original directory path of flash (the one configured previously with the "config-url" command)  then you should be able to drop the System Context physical/logical interface configuration and finally the actual Security Context configurations that refer to the configuration files on the Flash. The Security Contexts should then be loaded with the configuration that you have just moved to the Flash.

Do note that the above explanation is something that I would ASSUME to take place when doing a restore to a Multiple Context Mode Cisco firewall. So its completely possible that I have missed something or maybe even gotten something wrong.

I imagine that most of the problems with the above posts command are due to you trying to insert them in the "admin" Security Context. The configuration related to the whole firewall device should be done in the System Context space.

- Jouni