Thanks Paul,

I understand what your saying - you are agreeing with me that on a L2L the connection name has to be the IP address.  Now that we have agreed.  On the L2L we have two fields:

1. Peer IP adress

2. Connection Name

Are we saying that the option for NOT using the IP address as the connection name does not exist.   Should I open a case with Cisco ?  Is there a bug with version ASA 8.3  that  needs fixing ??

Clearly the setup is giving me the option to use a NAME or an IP address.

Regards,

Sergio

when creating a L2L tunnel the tunnel name has to be the IP address of the peer. That is the only option that works. I think that is also included on the documentation.

You can only use names when doing remote access VPN.

I will look for that documentation.

check this link:

http://www.cisco.com/en/US/partner/docs/security/asa/asa83/asdm63/configuration_guide/vpn_gen.html#wp1134767

Connection Name—Specifies the name assigned to this connection profile. For the Edit function, this field is display-only. You can specify that the connection name is the same as the IP address specified in the Peer IP Address field.

Hi Paul,

Sorry for not getting back to you sooner...

I finally got a chance to open a TAC with Cisco and the explanation given was that the CONNECTION NAME is used when the remote site is using DYNAMIC IP as its PEER address.

Here is the config I was recommended to look at.

VPN Between Sonicwall Products and Cisco Security Appliance Configuration Example

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a008052c9d4.shtml

PIX/ASA 7.x and later : Dynamic IPsec Between a Statically addressed PIX and a Dynamically addressed IOS Router with NAT Configuration Example

http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_configuration_example09186a00807ea936.shtml

I think we can close this discussion... thanks again for your help.

Serigo