cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1369
Views
0
Helpful
3
Replies

ASA 5550 - Context load order on reload / powercycle issue

Paul Cummings
Level 1
Level 1

Hi,

I've encountered something a little strange.

I'm currently running 15 contexts on a 5550 which are loading their configs from an FTP server (albeit temporarily!) using the config-url ftp://xxxxx line in the context configuration.

The admin context is configured to load its configuration from the local disk0: on the ASA.

Obviously the system context uses the admin context's management IP to pull each of the other "customer" context configurations from the FTP server. This works fine when the admin context is up and running and I can successfully remove and re-add the contexts at will to reload the configs (or write mem from within the context to write changes back to the FTP server).

Ok - all good so far...

The weird thing is that we just had to powercycle the ASA and it took a good 20 minutes to boot up! I discovered that the ASA didn't load the admin context first (despite being first in the system context config)... and therefore the ASA was attempting to load the other contexts first.... which it couldn't because the admin context wasn't live to allow the system context to pull the configs off the ftp server... in fact the admin context was loaded last which meant that inband management connectivity (via ssh etc) was offline while the ASA slowly timed out loading each of the customer contexts. Not good.

Does anyone know whether it is possible to force the ASA to load the admin context first? If not then this issue makes the functionality of storing the contexts configs on remote tftp/ftp/scp/http (etc) servers a little redundant.

Cheers

Paul

3 Replies 3

Panos Kampanakis
Cisco Employee
Cisco Employee

Paul,

Is the admin the first context in the config of the system?

PK

Hi PK

Yes the admin context is listed first in the system context configuration.

Thanks

Paul

That is very interesting!

Please open a case with TAC. This is a interesting race scenario that most people don't come accross because they keep their config locally. It might be a new bug, I don't think there is existing one.

PK

Review Cisco Networking for a $25 gift card