A-7
Cisco ASA 5500 Series Configuration Guide using the CLI
AppendixA Using the Command-Line Interface
Text Configuration Files
Automatic Text Entries
When you download a configuration to the ASA, it inserts some lines automatically. For example, the
ASA inserts lines for default settings or for the time the configuration was modified. You do not need to
enter these automatic entries when you create your text file.
Line Order
For the most part, commands can be in any order in the file. However, some lines, such as ACEs, are
processed in the order they appear, and the order can affect the function of the accesslist. Other
commands might also have order requirements. For example, you must enter the nameif command for
an interface first because many subsequent commands use the name of the interface. Also, commands in
a command-specific configuration mode must directly follow the main command.
Commands Not Included in the Text Configuration
Some commands do not insert lines in the configuration. For example, a runtime command such as
show running-config does not have a corresponding line in the text file.
Passwords
The login, enable, and user passwords are automatically encrypted before they are stored in the
configuration. For example, the encrypted form of the password “cisco” might look like
jMorNbK0514fadBh. You can copy the configuration passwords to another ASA in its encrypted form,
but you cannot unencrypt the passwords yourself.
If you enter an unencrypted password in a text file, the ASA does not automatically encrypt it when you
copy the configuration to the ASA. The ASA only encrypts it when you save the runningconfiguration
from the command line using the copy running-config startup-config or write memory command.
Multiple Security Context Files
For multiple security contexts, the entire configuration consists of the following multiple parts:
The security context configurations
The system configuration, which identifies basic settings for the ASA, including a list of contexts
The admin context, which provides network interfaces for the system configuration
The system configuration does not include any interfaces or network settings for itself. Rather, when
the system needs to access network resources (such as downloading the contexts from the server), it
uses a context that is designated as the admin context.
Each context is similar to a single context mode configuration. The system configuration differs from a
context configuration in that the system configuration includes system-only commands (such as a list of
all contexts) while other typical commands are not present (such as many interface parameters).