Can I name an ASA session?

jkeeffe · ‎10-04-2007

I'm migrating IPSec VPN tunnels from a 3030 concentrator to the ASA platform and am used to seeing session names that easily relate to the business name the VPN connects to.

On the ASA I configure tunnel-groups, but am allowed to only use the peer IP address or a valid hostname for the tunnel-group name, unless I want to use certs or aggressive mode (I do neither).

This causes problems if I have a large list of active sessions and need to quickly pick the right one to work with because they're all IP addresses - not names.

Is there a way to give a tunnel-group a real name, using an alias or something, or am I stuck with looking through a bunch of IP addresses and keeping a list that matches peer IP addresses to names?

acomiskey · ‎10-04-2007

I know of no way to do that...but I agree it would be nice if you could add a description or something.

jkeeffe · ‎10-05-2007

I figured out a way to name a session.

Say you have an L2L IPSec VPN to a company named Company-A and the peer IP address for that company is 12.12.12.1.

So the tunnel-group is named 12.12.12.1 as expected and when you look at the active IPSec session in ASDM for that tunnel it shows up with two lines, both of which start with 12.12.12.1.

Now go and create a name at the CLI (you can probably do it in ASDM also)like:

name 12.12.12.1 Company-A

And now when you go back into the ASDM monitor IPSec sessions, you'll see the two lines but the bottom line will now be the name instead of the peer address.

Hope that helps.

acomiskey · ‎10-05-2007

Cool, 5 points for answering your own thread!