We have a couple of Cisco ASA 5525's, running firmware 9.6(1)3 and ASDM 7.6(1). We have a number of site-to-site VPN tunnels established, and everything's running fine.
However, when something DOES go wrong, it's painful trying to figure out which VPN is which. In other firewalls, we have the ability to give a VPN tunnel a name: some human way of determining which tunnel is which. But ASDM just lists them by IP:
If I edit the config of one of the tunnels, I can see there's a "Connection Name":
However, it's read-only: I can change everything about the tunnel except the name.
Is there any way to change the tunnel name so that's easy (or at least, easier) to identify one tunnel from the other?
Best Answer
TLDR; if you want to change the tunnel name you must delete the tunnel and create the tunnel using the name you want.
When you create a Cisco VPN tunnel there are a few things you set. One is the crypto map. Regardless of what you name the tunnel the cryptomap automatically creates a name (if you are creating the VPN tunnel with ASDM).
The second part is the remote peer. The remote peer is an IP address. You cannot use a name for a remote peer.
The third part is the tunnel group name. By default in ASDM the tunnel group name is the same as the remote peer. You can uncheck the box that says "Same as IP Address" when you create the tunnel so you can choose a different name for the tunnel group name.
When you do that there are only three lines in the configuration that use the tunnel group name.
If you use the remote peer IP Address as the tunnel name your configuration will look like this:
If you use a different name for the tunnel you configuration will look like this:
Notice that because the first occurrence of the tunnel name is in the line that establishes the tunnel group that if you want to change the tunnel name you MUST delete the tunnel and create a new tunnel with the name you want to use.