VPN on ASA - Crypto Description

cds-cisco · ‎10-23-2012

In a crypto map on an IOS router you can put a description, which we like to use to describe the VPN tunnel (Customer x, etc.).

In an ASA, I can't find anything under a crypto map definition or tunnel-group where I could put such a description.

I do see the annotation field which documnetation says ASDM uses it, and don't manually use it.

We configure via CLI only.

Jennifer Halim · ‎10-23-2012

No, unfortunately you can't put description on crypto map nor tunnel-group.

I would typically configure the crypto ACL with the name that matches that particular customer tunnel so you know that that particular crypto map belongs to that customer.

eg:

access-list customerA-vpn-acl permit ip

mikull.kiznozki · ‎10-24-2012

also, the tunnel group is usually the IP address of the peer IP which would allow you to differenciate between different tunnel groups.

Fred Fujihara · ‎07-17-2015

Actually you can (at least on an ASA 5520 and 5550). Use the command:

tunnel-group <peer ip> general-attributes

Use the command "annotation"

ASA(config-tunnel-general)# annotation < 512 char annotation text string>

Show run won't display the annotation, but it will show up if you use the "more system:running-config" command.

Fred Fujihara · ‎07-17-2015

The "more" command will also display your preshared keys, which are normally hidden.