Cisco ASA Series Cli Configuration Manual page 247

Chapter 1 Configuring Multiple Context Mode
Changing the Admin Context
The system configuration does not include any network interfaces or network settings for itself; rather,
when the system needs to access network resources (such as downloading the contexts from the server),
it uses one of the contexts that is designated as the admin context.
The admin context is just like any other context, except that when a user logs in to the admin context,
then that user has system administrator rights and can access the system and all other contexts. The
admin context is not restricted in any way, and can be used as a regular context. However, because
logging into the admin context grants you administrator privileges over all contexts, you might need to
restrict access to the admin context to appropriate users.
Guidelines
You can set any context to be the admin context, as long as the configuration file is stored in the internal
flash memory.
Prerequisites
Perform this procedure in the system execution space.
Detailed Steps
Command
admin-context context_name
Example:
hostname(config)# admin-context
administrator
Changing the Security Context URL
This section describes how to change the context URL.
Guidelines
•
•
•
Purpose
Sets the admin context. Any remote management sessions, such as Telnet,
SSH, or HTTPS, that are connected to the admin context are terminated.
You must reconnect to the new admin context.
Note
You cannot change the security context URL without reloading the configuration from the new URL.
The ASA merges the new configuration with the current running configuration.
Reentering the same URL also merges the saved configuration with the running configuration.
A merge adds any new commands from the new configuration to the running configuration.
–
If the configurations are the same, no changes occur.
–
If commands conflict or if commands affect the running of the context, then the effect of the
merge depends on the command. You might get errors, or you might have unexpected results. If
the running configuration is blank (for example, if the server was unavailable and the
configuration was never downloaded), then the new configuration is used.
A few system configuration commands, including ntp server,
identify an interface name that belongs to the admin context. If you
change the admin context, and that interface name does not exist in
the new admin context, be sure to update any system commands
that refer to the interface.
Cisco ASA Series CLI Configuration Guide
Managing Security Contexts
1-27