10-04-2007 06:59 AM - edited 02-21-2020 01:42 AM
I'm migrating IPSec VPN tunnels from a 3030 concentrator to the ASA platform and am used to seeing session names that easily relate to the business name the VPN connects to.
On the ASA I configure tunnel-groups, but am allowed to only use the peer IP address or a valid hostname for the tunnel-group name, unless I want to use certs or aggressive mode (I do neither).
This causes problems if I have a large list of active sessions and need to quickly pick the right one to work with because they're all IP addresses - not names.
Is there a way to give a tunnel-group a real name, using an alias or something, or am I stuck with looking through a bunch of IP addresses and keeping a list that matches peer IP addresses to names?
10-04-2007 08:05 AM
I know of no way to do that...but I agree it would be nice if you could add a description or something.
10-05-2007 09:49 AM
I figured out a way to name a session.
Say you have an L2L IPSec VPN to a company named Company-A and the peer IP address for that company is 12.12.12.1.
So the tunnel-group is named 12.12.12.1 as expected and when you look at the active IPSec session in ASDM for that tunnel it shows up with two lines, both of which start with 12.12.12.1.
Now go and create a name at the CLI (you can probably do it in ASDM also)like:
name 12.12.12.1 Company-A
And now when you go back into the ASDM monitor IPSec sessions, you'll see the two lines but the bottom line will now be the name instead of the peer address.
Hope that helps.
10-05-2007 10:35 AM
Cool, 5 points for answering your own thread!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide