Restart a single context on an ASA with virtual instances

The Cisco ASA firewall can run as virtual host for multiple virtual ASA's known as contexts.  We recently ran into an issue where a memory leak made one context inoperable.  Rather than reload the entire ASA and take out the other contexts we wanted to only restart the context that was having problems.  Unfortunately there is no way to reboot an individual context as the reload command does not exist inside a context.  The solution is to delete the context and recreate it.  This may sound daunting, but it takes a few seconds and your config is restored.

1.  First login to the ASA and change to the context that's having problems and save the config.  In our case the context named "transparent" was the one that stopped working.  (You may not want to save the config if a configuration issue broke the context.  If so this step is optional.)

   login as: admin admin@10.10.10.1's password: Type help or '?' for a list of available commands. ASA5525/admin> ASA5525/admin> en Password: ************ ASA5525/admin# changeto context transparent ASA5525/transparent# wr mem

2. Then switch to the system context (the hypervisor layer) and show the context information.  In our case we have three contexts: admin, customer and transparent.

   ASA5525/transparent# changeto system ASA5525# show run context ! admin-context admin context admin   allocate-interface GigabitEthernet0/0   allocate-interface GigabitEthernet0/1   allocate-interface GigabitEthernet0/1.2   allocate-interface Management0/0   config-url disk0:/admin.cfg !

   context customer   allocate-interface GigabitEthernet0/0   allocate-interface GigabitEthernet0/1.499   config-url disk0:/customer.cfg !

   context transparent   allocate-interface GigabitEthernet0/3 outside   allocate-interface GigabitEthernet0/4 inside   config-url disk0:/transparent.cfg !

3. Copy the config for the context causing you problems.  Then remove the context.

   ASA5525# conf t ASA5525(config)# no context transparent WARNING: Removing context 'transparent' Proceed with removing the context? [confirm] Removing context 'transparent' (3)... Done

4. Last, paste the config for the context back in.  The config-url line is the setting that will point the context to the old config and all your settings will be restored!

   ASA5525(config)# context transparent Creating context 'transparent'... Done. (4) ASA5525(config-ctx)#   allocate-interface GigabitEthernet0/3 outside ASA5525(config-ctx)#   allocate-interface GigabitEthernet0/4 inside ASA5525(config-ctx)#   config-url disk0:/transparent.cfg ........................................................................................................................................................................................................................................................................................................................................ Cryptochecksum (unchanged): 66500bfe fd55ab5f 0bca53e5 91192fb3 INFO: Context transparent was created with URL disk0:/transparent.cfg ASA5525(config-ctx)#