To factory reset a Cisco ASA firewall in Multiple context mode, you'll need to issue a "write erase" then "reload" under the "system" context. You can verify the current ASA mode using the "show mode" CLI command.
ciscoasa/admin# changeto system
ciscoasa#
show mode
Security context mode: multiple
ciscoasa#
write erase
Erase
configuration in flash memory? [confirm]
[OK]
ciscoasa#
reload
Proceed
with reload? [confirm]
***
*** ---
START GRACEFUL SHUTDOWN ---
Shutting
down isakmp
Shutting
down webvpn
Shutting
down sw-module
Shutting
down License Controller
Shutting
down File system
***
*** ---
SHUTDOWN NOW ---
Process
shutdown finished
Rebooting...
(status 0x9)
<OUTPUT TRUNCATED>
You'll need to convert the ASA back to Single mode using the "mode single" global config command. It will auto reboot after the confirmation.
ciscoasa>
enable
Password: <ENTER>
ciscoasa#
show mode
Security context mode: multiple
ciscoasa#
configure terminal
ciscoasa(config)#
mode ?
configure
mode commands/options:
multiple
Multiple mode; mode with security contexts
noconfirm
Do not prompt for confirmation
single
Single mode; mode without security contexts
ciscoasa(config)#
mode single
WARNING:
This command will change the behavior of the device
WARNING:
This command will initiate a Reboot
Proceed
with change mode? [confirm]
Security
context mode: single
ciscoasa(config)#
***
*** ---
START GRACEFUL SHUTDOWN ---
***
***
Message to all terminals:
***
*** change mode
Shutting
down isakmp
Shutting
down sw-module
Shutting
down License Controller
Shutting
down File system
***
*** ---
SHUTDOWN NOW ---
***
***
Message to all terminals:
***
*** change mode
Process
shutdown finished
<OUTPUT TRUNCATED>
ERROR:
MIGRATION - Could not get the startup configuration.
Cryptochecksum
(changed): d41d8cd9 8f00b204 e9800998 ecf8427e
INFO:
converting 'fixup protocol dns maximum-length 512' to MPF commands
ERROR:
Inspect configuration of this type exists, first remove
that
configuration and then add the new configuration
INFO:
converting 'fixup protocol ftp 21' to MPF commands
INFO:
converting 'fixup protocol h323_h225 1720' to MPF commands
INFO:
converting 'fixup protocol h323_ras 1718-1719' to MPF commands
INFO:
converting 'fixup protocol ip-options 1' to MPF commands
INFO:
converting 'fixup protocol netbios 137-138' to MPF commands
INFO:
converting 'fixup protocol rsh 514' to MPF commands
INFO:
converting 'fixup protocol rtsp 554' to MPF commands
INFO:
converting 'fixup protocol sip 5060' to MPF commands
INFO:
converting 'fixup protocol skinny 2000' to MPF commands
INFO:
converting 'fixup protocol smtp 25' to MPF commands
INFO:
converting 'fixup protocol sqlnet 1521' to MPF commands
INFO:
converting 'fixup protocol sunrpc 111' to MPF commands
INFO:
converting 'fixup protocol sunrpc_udp 111' to MPF commands
INFO:
converting 'fixup protocol tftp 69' to MPF commands
INFO:
converting 'fixup protocol sip udp 5060' to MPF commands
INFO:
converting 'fixup protocol xdmcp 177' to MPF commands
INFO:
Power-On Self-Test in process.
.......................................................................
INFO:
Power-On Self-Test complete.
INFO:
Starting HW-DRBG health test...
INFO:
HW-DRBG health test passed.
INFO:
Starting SW-DRBG health test...
INFO:
SW-DRBG health test passed.
Pre-configure
Firewall now through interactive prompts [yes]? CXSC module is no longer
supported and was prevented from booting
Consider
uninstalling the unsupported CXSC module with the command รขsw-module module
cxsc uninstall'
Firewall
Mode [Routed]: <CTRL+C>
User
enable_1 logged in to ciscoasa
Logins
over the last 1 days: 1.
Failed
logins since the last login: 0.
Type help
or '?' for a list of available commands.
ciscoasa>
enable
Password:
ciscoasa#
show mode
Security context mode: single