From 2e7cda826e75aeffd82ae038bcfdb41bdb1a8022 Mon Sep 17 00:00:00 2001 From: radhikap Date: Wed, 21 Aug 2013 10:01:10 +0530 Subject: [PATCH] CLOUDSTACK-906 review comments fixed --- docs/en-US/vnmc-cisco.xml | 52 +++++++++++++++++++++++++++------------ 1 file changed, 36 insertions(+), 16 deletions(-) diff --git a/docs/en-US/vnmc-cisco.xml b/docs/en-US/vnmc-cisco.xml index 7c721785c7e..62a472da66d 100644 --- a/docs/en-US/vnmc-cisco.xml +++ b/docs/en-US/vnmc-cisco.xml @@ -21,15 +21,19 @@
External Guest Firewall Integration for Cisco VNMC (Optional) Cisco Virtual Network Management Center (VNMC) provides centralized multi-device and policy - management for Cisco Network Virtual Services. When Cisco VNMC is integrated with ASA 1000v - Cloud Firewall and Cisco Nexus 1000v dvSwitch in &PRODUCT; you will be able to: + management for Cisco Network Virtual Services. You can integrate Cisco VNMC with &PRODUCT; to + leverage the firewall and NAT service offered by ASA 1000v Cloud Firewall. Use it in a Cisco + Nexus 1000v dvSwitch-enabled cluster in &PRODUCT;. In such a deployment, you will be able to: - Configure Cisco ASA 1000v Firewalls + Configure Cisco ASA 1000v firewalls. You can configure one per guest network. - Create and apply security profiles that contain ACL policy sets for both ingress and - egress traffic, connection timeout, NAT policy sets, and TCP intercept + Use Cisco ASA 1000v firewalls to create and apply security profiles that contain ACL + policy sets for both ingress and egress traffic. + + + Use Cisco ASA 1000v firewalls to create and apply NAT policy sets. &PRODUCT; supports Cisco VNMC on Cisco Nexus 1000v dvSwich-enabled VMware @@ -43,7 +47,7 @@ A Cloud administrator adds ASA 1000v appliances by using the admin API - addCiscoAsa1000vResource. You can configure one per guest network. + addCiscoAsa1000vResource. . A Cloud administrator creates an Isolated guest network offering by using ASA 1000v as @@ -51,6 +55,32 @@
+
+ Guidelines + + + When a guest network is created with Cisco VNMC firewall provider, an additional public + IP is acquired along with the Source NAT IP. The Source NAT IP is used for the rules, + whereas the additional IP is used to for the ASA outside interface. Ensure that this + additional public IP is not released. You can identify this IP as soon as the network is + in implemented state and before acquiring any further public IPs. The additional IP is the + one that is not marked as Source NAT. You can find the IP used for the ASA outside + interface by looking at the Cisco VNMC used in your guest network. + + + + + + + + + + + + + + +
Using Cisco ASA 1000v Firewall, Cisco Nexus 1000v dvSwitch, and Cisco VNMC in a Deployment @@ -103,16 +133,6 @@
-
- Guidelines - When a guest network is created with Cisco VNMC firewall provider, an additional public - IP is acquired along with the Source NAT IP. The Source NAT IP is used for the ASA outside - interface, whereas the additional IP is used to workaround an ASA limitation. Ensure that - this additional public IP is not released. You can identify this IP as soon as the network - is in implemented state and before acquiring any further public IPs. The additional IP is - the one that is not marked as Source NAT. You can find the IP used for the ASA outside - interface by looking at the Cisco VNMC used in your guest network. -
Using Cisco ASA 1000v Services