10-23-2012 01:12 PM
In a crypto map on an IOS router you can put a description, which we like to use to describe the VPN tunnel (Customer x, etc.).
In an ASA, I can't find anything under a crypto map definition or tunnel-group where I could put such a description.
I do see the annotation field which documnetation says ASDM uses it, and don't manually use it.
We configure via CLI only.
10-23-2012 04:22 PM
No, unfortunately you can't put description on crypto map nor tunnel-group.
I would typically configure the crypto ACL with the name that matches that particular customer tunnel so you know that that particular crypto map belongs to that customer.
eg:
access-list customerA-vpn-acl permit ip
10-24-2012 05:22 PM
also, the tunnel group is usually the IP address of the peer IP which would allow you to differenciate between different tunnel groups.
07-17-2015 11:19 AM
Actually you can (at least on an ASA 5520 and 5550). Use the command:
tunnel-group <peer ip> general-attributes
Use the command "annotation"
ASA(config-tunnel-general)# annotation < 512 char annotation text string>
Show run won't display the annotation, but it will show up if you use the "more system:running-config" command.
07-17-2015 11:23 AM
The "more" command will also display your preshared keys, which are normally hidden.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide