09-23-2013 11:35 PM - edited 03-11-2019 07:42 PM
Hi,
I have migrated a FWSM to an ASA Service Module. It is working in multiple context mode. I'm surprised, that I cannot restore a config to my contexts with the command "copy tftp: running-config".
asasm-1-060/admin# copy ?
/noconfirm Do not prompt for confirmation
running-config Copy from current system configuration
startup-config Copy from startup configuration
asasm-1-060/admin# copy
I have also tried the other way "Back Up / Restore Additional Files Using the Export and Import Commands" desribed in the configuration guide.
Without success:
asasm-1-060/admin# import ?
ERROR: % Unrecognized command
Running Version
Cisco Adaptive Security Appliance Software Version 8.5(1)14 <context>
Hardware: WS-SVC-ASA-SM1, 23552 MB RAM, CPU Xeon 5600 series 2000 MHz
2 CPUs, 24 cores
Any hints would be appreciated
Thomas
09-24-2013 01:24 AM
Hi,
I have not had to do a restore on a Cisco Firewall running in Multiple Context mode but I would imagine that the setup would go in the following way.
With the above I assume that you would first have to make sure that the "admin" Security Context is properly configured for you to have remote access to the ASA also for the System Context to be able to use the "admin" Security Contexts connectivity to download the required Security Context configuration files.
When you have the Security Context configuration files in the original directory path of flash (the one configured previously with the "config-url" command) then you should be able to drop the System Context physical/logical interface configuration and finally the actual Security Context configurations that refer to the configuration files on the Flash. The Security Contexts should then be loaded with the configuration that you have just moved to the Flash.
Do note that the above explanation is something that I would ASSUME to take place when doing a restore to a Multiple Context Mode Cisco firewall. So its completely possible that I have missed something or maybe even gotten something wrong.
I imagine that most of the problems with the above posts command are due to you trying to insert them in the "admin" Security Context. The configuration related to the whole firewall device should be done in the System Context space.
- Jouni
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide