Show all contexts for multi-context asa and get the config for each context

I am wanting to get the configs of each context on my multi-context asa. the nexus switches show all there contexts but the asa does not. any ideas on how to show all contexts and then configs related to each context?


  • So we do this ... I'm not convinced it is the most elegant method but it works, which is a key starting point I guess.

    We have created a device template and labelled it, for want of better wording, "Cisco ASA Multi Context Startup" and a 2nd one for "Running" which is essentially a duplicate of the startup. You cam start with the basic ASA template and work it up from there.

    Next step is to edit the template, and here the XML editor is your friend, to add in each of the contexts that you want to download. BTW, once you've created the XML file you can later edit the entries via the interactive wizard if preferred. 

    Below is an extract from our template, starting at the write erase line as up to there is the same as the base ASA backup.

        <Command Name="EraseConfig" Value="write erase${CRLF}Yes" />
        <Command Name="SaveConfig" Value="write memory" />
        <Command Name="Version" Value="show version" />
        <Command Name="ChangeToSystemContext" RegEx="#" Value="changeto system" />
        <Command Name="ChangeToContext" RegEx="#" Value="changeto context ${ContextName}" />
        <Command Name="ShowInterfaces" Value="show interface ip brief" />
        <Command Name="ShowContext" Value="show context" />
        <Command Name="ShowMode" Value="show mode" />
        <Command Name="System_Startup" Value="more system:running-config" />
        <Command Name="Admin_Startup" Value="more disk0:/admin.cfg" />
        <Command Name="NAME_OF_YOUR_FIREWALL_HERE_Startup" Value="more disk0:/NAME_OF_CFG_FILE.cfg" />

    Take note of:

    • ... ="more system:running-config"  - we use more so as to extract the VPN PSK's and other info that is **** out in usual CLI backups.

    • ...="Admin_Startup" Value="more disk0:/admin.cfg" />  - this is the backup of the root context, you man need to change the filename to suit your needs.

    • <Command Name="NAME_OF_YOUR_FIREWALL_HERE_Startup" Value="more disk0:/NAME_OF_CFG_FILE.cfg" /> - replace the bits in bold with your actual values. You may also need to amend the disk0 to suit your environment.

    In node details : config tab you then have a specific download action. You'll have running / startup / and however many of the above you've configured.

    We have then created 2 jobs to automate backups.

    • Job 1 is every device in that environment excluding the multi-context devices
    • Job 2 is specifically for the multi-context devices, and when you get to the "Add Job Specific Details" you will see all the startup and/or running configs you've added in to the aforementioned device template. Simply tick the ones you want and bob's your father's brother.

    Hope this helps.

  • Sorry, I meant to say, the line with the firewall name and config file name can added in a rinse and repeat fashion as many times as you need to do so.
  • Fab - where I can I will always help and happy to have been able to do so here.

  • For some reason I cannot get this to work. It will always error out with "config too short" for the multiple contexts. I copied the existing template and added the few lines at the bottom of your example. I've also tried adding the UseMultipleDownloadCommands option without effect.

    I've had to do something like this to get it to work. Needed to do this for all contexts including the admin and system:

    <Command Name="NAME_OF_YOUR_FIREWALL_HERE_Startup" Value="changeto system${CRLF}more disk0:/NAME_OF_CFG_FILE.cfg" RegEx="#"/>

    I'm running NCM version 2020.2.5 HF1.