To factory reset a Cisco ASA firewall in Multiple context mode, you'll need to issue a "write erase" then "reload" under the "system" context. You can verify the current ASA mode using the "show mode" CLI command.
ciscoasa/admin# changeto system
ciscoasa# show mode
Security context mode: multiple
ciscoasa# write erase
Erase configuration in flash memory? [confirm]
[OK]
ciscoasa# reload
Proceed with reload? [confirm]
***
*** --- START GRACEFUL SHUTDOWN ---
Shutting down isakmp
Shutting down webvpn
Shutting down sw-module
Shutting down License Controller
Shutting down File system
***
*** --- SHUTDOWN NOW ---
Process shutdown finished
Rebooting... (status 0x9)
<OUTPUT TRUNCATED>
You'll need to convert the ASA back to Single mode using the "mode single" global config command. It will auto reboot after the confirmation.
ciscoasa> enable
Password: <ENTER>
ciscoasa# show mode
Security context mode: multiple
ciscoasa# configure terminal
ciscoasa(config)# mode ?
configure mode commands/options:
multiple Multiple mode; mode with security contexts
noconfirm Do not prompt for confirmation
single Single mode; mode without security contexts
ciscoasa(config)# mode single
WARNING: This command will change the behavior of the device
WARNING: This command will initiate a Reboot
Proceed with change mode? [confirm]
Security context mode: single
ciscoasa(config)#
***
*** --- START GRACEFUL SHUTDOWN ---
***
*** Message to all terminals:
***
*** change mode
Shutting down isakmp
Shutting down sw-module
Shutting down License Controller
Shutting down File system
***
*** --- SHUTDOWN NOW ---
***
*** Message to all terminals:
***
*** change mode
Process shutdown finished
<OUTPUT TRUNCATED>
ERROR: MIGRATION - Could not get the startup configuration.
Cryptochecksum (changed): d41d8cd9 8f00b204 e9800998 ecf8427e
INFO: converting 'fixup protocol dns maximum-length 512' to MPF commands
ERROR: Inspect configuration of this type exists, first remove
that configuration and then add the new configuration
INFO: converting 'fixup protocol ftp 21' to MPF commands
INFO: converting 'fixup protocol h323_h225 1720' to MPF commands
INFO: converting 'fixup protocol h323_ras 1718-1719' to MPF commands
INFO: converting 'fixup protocol ip-options 1' to MPF commands
INFO: converting 'fixup protocol netbios 137-138' to MPF commands
INFO: converting 'fixup protocol rsh 514' to MPF commands
INFO: converting 'fixup protocol rtsp 554' to MPF commands
INFO: converting 'fixup protocol sip 5060' to MPF commands
INFO: converting 'fixup protocol skinny 2000' to MPF commands
INFO: converting 'fixup protocol smtp 25' to MPF commands
INFO: converting 'fixup protocol sqlnet 1521' to MPF commands
INFO: converting 'fixup protocol sunrpc 111' to MPF commands
INFO: converting 'fixup protocol sunrpc_udp 111' to MPF commands
INFO: converting 'fixup protocol tftp 69' to MPF commands
INFO: converting 'fixup protocol sip udp 5060' to MPF commands
INFO: converting 'fixup protocol xdmcp 177' to MPF commands
INFO: Power-On Self-Test in process.
.......................................................................
INFO: Power-On Self-Test complete.
INFO: Starting HW-DRBG health test...
INFO: HW-DRBG health test passed.
INFO: Starting SW-DRBG health test...
INFO: SW-DRBG health test passed.
Pre-configure Firewall now through interactive prompts [yes]? CXSC module is no longer supported and was prevented from booting
Consider uninstalling the unsupported CXSC module with the command รข€˜sw-module module cxsc uninstall'
Firewall Mode [Routed]: <CTRL+C>
User enable_1 logged in to ciscoasa
Logins over the last 1 days: 1.
Failed logins since the last login: 0.
Type help or '?' for a list of available commands.
ciscoasa> enable
Password:
ciscoasa# show mode
Security context mode: single
