Just as a proposal, it's theoretically doable to get IPSec Peer hostname instead of IP, it is not a description, but at least a meaningful name. In IKEv1 and IKEv2 there's a field for Identity exchanged between peers, it can be IP, hostname or Key ID. This should be written to ceipSecEndPtRemoteName in CISCO-ENHANCED-IPSEC-FLOW-MIB in case you're doing identity of Key ID. Off course, this needs to be verified and implemented in Observium to get displayed properly.

Best regards, Sergei

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐

On Friday, March 1, 2019 6:43 PM, David Jesus Maturano Sanchez via observium <observium@observium.org> wrote:

This isn’t supported by ASA, there’s no way to do that for IPSec tunnels.

David M.

De: observium <observium-bounces@observium.org> en nombre de Johnathon Voegeli via observium <observium@observium.org>
Responder a: Observium <observium@observium.org>
Fecha: viernes, 1 de marzo de 2019, 11:38
Para: Observium <observium@observium.org>
CC: Johnathon Voegeli <jvoegeli@voigtie.com>
Asunto: [Observium] Cisco ASA IPSec tunnels

Hey guys,

Does anyone know where to set the “tunnel name” in a Cisco ASA or more rather where Observium gets that info? I have a dozen or so IPSec tunnels built, but Obs calls them all by the outside interface IP I suspect because I am too dense to figure out where its getting the tunnel name field from?

cid:image001.png@01D4D02B.AA8D38E0

The local address and the tunnel name are all the same.