10-23-2012 01:12 PM
In a crypto map on an IOS router you can put a description, which we like to use to describe the VPN tunnel (Customer x, etc.).
In an ASA, I can't find anything under a crypto map definition or tunnel-group where I could put such a description.
I do see the annotation field which documnetation says ASDM uses it, and don't manually use it.
We configure via CLI only.
10-23-2012 04:22 PM
No, unfortunately you can't put description on crypto map nor tunnel-group.
I would typically configure the crypto ACL with the name that matches that particular customer tunnel so you know that that particular crypto map belongs to that customer.
eg:
access-list customerA-vpn-acl permit ip
10-24-2012 05:22 PM
also, the tunnel group is usually the IP address of the peer IP which would allow you to differenciate between different tunnel groups.
07-17-2015 11:19 AM
Actually you can (at least on an ASA 5520 and 5550). Use the command:
tunnel-group <peer ip> general-attributes
Use the command "annotation"
ASA(config-tunnel-general)# annotation < 512 char annotation text string>
Show run won't display the annotation, but it will show up if you use the "more system:running-config" command.
07-17-2015 11:23 AM
The "more" command will also display your preshared keys, which are normally hidden.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: