diff --git a/docs/en-US/vnmc-cisco.xml b/docs/en-US/vnmc-cisco.xml
index 7c721785c7e..62a472da66d 100644
--- a/docs/en-US/vnmc-cisco.xml
+++ b/docs/en-US/vnmc-cisco.xml
@@ -21,15 +21,19 @@
External Guest Firewall Integration for Cisco VNMC (Optional)
Cisco Virtual Network Management Center (VNMC) provides centralized multi-device and policy
- management for Cisco Network Virtual Services. When Cisco VNMC is integrated with ASA 1000v
- Cloud Firewall and Cisco Nexus 1000v dvSwitch in &PRODUCT; you will be able to:
+ management for Cisco Network Virtual Services. You can integrate Cisco VNMC with &PRODUCT; to
+ leverage the firewall and NAT service offered by ASA 1000v Cloud Firewall. Use it in a Cisco
+ Nexus 1000v dvSwitch-enabled cluster in &PRODUCT;. In such a deployment, you will be able to:
- Configure Cisco ASA 1000v Firewalls
+ Configure Cisco ASA 1000v firewalls. You can configure one per guest network.
- Create and apply security profiles that contain ACL policy sets for both ingress and
- egress traffic, connection timeout, NAT policy sets, and TCP intercept
+ Use Cisco ASA 1000v firewalls to create and apply security profiles that contain ACL
+ policy sets for both ingress and egress traffic.
+
+
+ Use Cisco ASA 1000v firewalls to create and apply NAT policy sets.
&PRODUCT; supports Cisco VNMC on Cisco Nexus 1000v dvSwich-enabled VMware
@@ -43,7 +47,7 @@
A Cloud administrator adds ASA 1000v appliances by using the admin API
- addCiscoAsa1000vResource. You can configure one per guest network.
+ addCiscoAsa1000vResource. .
A Cloud administrator creates an Isolated guest network offering by using ASA 1000v as
@@ -51,6 +55,32 @@
+
+ Guidelines
+
+
+ When a guest network is created with Cisco VNMC firewall provider, an additional public
+ IP is acquired along with the Source NAT IP. The Source NAT IP is used for the rules,
+ whereas the additional IP is used to for the ASA outside interface. Ensure that this
+ additional public IP is not released. You can identify this IP as soon as the network is
+ in implemented state and before acquiring any further public IPs. The additional IP is the
+ one that is not marked as Source NAT. You can find the IP used for the ASA outside
+ interface by looking at the Cisco VNMC used in your guest network.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Using Cisco ASA 1000v Firewall, Cisco Nexus 1000v dvSwitch, and Cisco VNMC in a
Deployment
@@ -103,16 +133,6 @@
-
- Guidelines
- When a guest network is created with Cisco VNMC firewall provider, an additional public
- IP is acquired along with the Source NAT IP. The Source NAT IP is used for the ASA outside
- interface, whereas the additional IP is used to workaround an ASA limitation. Ensure that
- this additional public IP is not released. You can identify this IP as soon as the network
- is in implemented state and before acquiring any further public IPs. The additional IP is
- the one that is not marked as Source NAT. You can find the IP used for the ASA outside
- interface by looking at the Cisco VNMC used in your guest network.
-
Using Cisco ASA 1000v Services