cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Ask the Expert- SD-WAN

1189
Views
0
Helpful
4
Replies
Highlighted
Beginner

VPN on ASA - Crypto Description

In a crypto map on an IOS router you can put a description, which we like to use to describe the VPN tunnel (Customer x, etc.).

In an ASA, I can't find anything under a crypto map definition or tunnel-group where I could put such a description.

I do see the annotation field which documnetation says ASDM uses it, and don't manually use it.

We configure via CLI only.

4 REPLIES 4
Cisco Employee

VPN on ASA - Crypto Description

No, unfortunately you can't put description on crypto map nor tunnel-group.

I would typically configure the crypto ACL with the name that matches that particular customer tunnel so you know that that particular crypto map belongs to that customer.

eg:

access-list customerA-vpn-acl permit ip

VPN on ASA - Crypto Description

also, the tunnel group is usually the IP address of the peer IP which would allow you to differenciate between different tunnel groups.

Beginner

Actually you can (at least on

Actually you can (at least on an ASA 5520 and 5550).  Use the command:

tunnel-group <peer ip> general-attributes

 

Use the command "annotation"

ASA(config-tunnel-general)# annotation < 512 char  annotation text string>

 

Show run won't display the annotation, but it will show up if you use the "more system:running-config" command.

Beginner

The "more" command will also

The "more" command will also display your preshared keys, which are normally hidden.