diff --git a/docs/en-US/vnmc-cisco.xml b/docs/en-US/vnmc-cisco.xml
index 6181348bb76..924806cfe13 100644
--- a/docs/en-US/vnmc-cisco.xml
+++ b/docs/en-US/vnmc-cisco.xml
@@ -20,16 +20,16 @@
-->
External Guest Firewall Integration for Cisco VNMC (Optional)
- Cisco Virtual Network Management Center (VNMC) provides centralized multi-device and
- policy management for Cisco Network Virtual Services. When Cisco VNMC is integrated with
- ASA 1000v Cloud Firewall and Cisco Nexus 1000v dvSwitch in &PRODUCT; you will be able to:
+ Cisco Virtual Network Management Center (VNMC) provides centralized multi-device and policy
+ management for Cisco Network Virtual Services. When Cisco VNMC is integrated with ASA 1000v
+ Cloud Firewall and Cisco Nexus 1000v dvSwitch in &PRODUCT; you will be able to:
Configure Cisco ASA 1000v Firewalls
- Create and apply security profiles that contain ACL policy sets for both ingress
- and egress traffic, connection timeout, NAT policy sets, and TCP intercept
+ Create and apply security profiles that contain ACL policy sets for both ingress and
+ egress traffic, connection timeout, NAT policy sets, and TCP intercept
&PRODUCT; supports Cisco VNMC on Cisco Nexus 1000v dvSwich-enabled VMware
@@ -46,22 +46,21 @@
addCiscoAsa1000vResource. You can configure one per guest network.
- A Cloud administrator creates an Isolated guest network offering by using ASA
- 1000v as the service provider for Firewall, Source NAT, Port Forwarding, and Static
- NAT.
+ A Cloud administrator creates an Isolated guest network offering by using ASA 1000v as
+ the service provider for Firewall, Source NAT, Port Forwarding, and Static NAT.
- Cisco ASA 1000v Firewall, Cisco Nexus 1000v dvSwitch, and Cisco VNMC
+ <title>Using Cisco ASA 1000v Firewall, Cisco Nexus 1000v dvSwitch, and Cisco VNMC in a
Deployment
Prerequisites
- Ensure that Cisco ASA 1000v appliance is set up externally and then registered
- with &PRODUCT; by using the admin API. Typically, you can create a pool of ASA
- 1000v appliances and register them with &PRODUCT;.
+ Ensure that Cisco ASA 1000v appliance is set up externally and then registered with
+ &PRODUCT; by using the admin API. Typically, you can create a pool of ASA 1000v
+ appliances and register them with &PRODUCT;.
Specify the following to set up a Cisco ASA 1000v instance:
@@ -71,17 +70,17 @@
Standalone or HA mode
- Port profiles for the Management and HA network interfaces. This need to
- be pre-created on Nexus dvSwitch switch.
+ Port profiles for the Management and HA network interfaces. This need to be
+ pre-created on Nexus dvSwitch switch.
- Port profiles for both internal and external network interfaces. This need
- to be pre-created on Nexus dvSwitch switch, and to be updated appropriately
- while implementing guest networks.
+ Port profiles for both internal and external network interfaces. This need to be
+ pre-created on Nexus dvSwitch switch, and to be updated appropriately while
+ implementing guest networks.
- The Management IP for Cisco ASA 1000v appliance. Specify the gateway such
- that the VNMC IP is reachable.
+ The Management IP for Cisco ASA 1000v appliance. Specify the gateway such that
+ the VNMC IP is reachable.
Administrator credentials
@@ -99,11 +98,21 @@
appliances.
- Ensure that Cisco Nexus 1000v appliance is set up and configured in &PRODUCT;
- when adding VMware cluster.
+ Ensure that Cisco Nexus 1000v appliance is set up and configured in &PRODUCT; when
+ adding VMware cluster.
+
+ Guidelines
+ When a guest network is created with Cisco VNMC firewall provider, an additional public
+ IP is acquired along with the Source NAT IP. The Source NAT IP is used for the ASA outside
+ interface, whereas the addition IP is used to workaround an ASA limitation. Ensure that this
+ additional public IP is not released. You can identify this IP as soon as the network is in
+ implemented state and before acquiring any further public IPs. The additional IP is the one
+ that is not marked as Source NAT. You can find the IP used for the ASA outside interface by
+ looking at the Cisco VNMC used in your guest network.
+
Using Cisco ASA 1000v Services
@@ -120,11 +129,13 @@
See .
- Create a Network Offering and use Cisco VNMC as the service provider for desired services.
+ Create a Network Offering and use Cisco VNMC as the service provider for desired
+ services.
See .
- Create an Isolated Guest Network by using the network offering you just created.
+ Create an Isolated Guest Network by using the network offering you just
+ created.
@@ -164,8 +175,8 @@
Host: The IP address of the VNMC instance.
- Username: The user name of the account on the VNMC instance that &PRODUCT;
- should use.
+ Username: The user name of the account on the VNMC instance that &PRODUCT; should
+ use.
Password: The password of the account.
@@ -209,16 +220,15 @@
Click the Add CiscoASA1000v Resource and provide the following:
- Host: The management IP address of the ASA 1000v instance. The IP address is
- used to connect to ASA 1000V.
+ Host: The management IP address of the ASA 1000v instance. The IP address is used
+ to connect to ASA 1000V.
- Inside Port Profile: The Inside Port Profile configuration on Cisco
- Nexus1000v dvSwitch.
+ Inside Port Profile: The Inside Port Profile configuration on Cisco Nexus1000v
+ dvSwitch.
- Cluster: The VMware cluster to which you are adding the ASA 1000v
- instance.
+ Cluster: The VMware cluster to which you are adding the ASA 1000v instance.
Ensure that the cluster is Cisco Nexus 1000v dvSwitch enabled.
@@ -230,8 +240,7 @@
Creating a Network Offering Using Cisco ASA 1000v
- To have Cisco ASA 1000v support for a guest network, create a network offering as
- follows:
+ To have Cisco ASA 1000v support for a guest network, create a network offering as follows:
Log in to the &PRODUCT; UI as a user or admin.
@@ -250,51 +259,50 @@
offering.
- Description: A short description of the
- offering that can be displayed to users.
+ Description: A short description of the offering
+ that can be displayed to users.
- Network Rate: Allowed data transfer rate in
- MB per second.
+ Network Rate: Allowed data transfer rate in MB
+ per second.
- Traffic Type: The type of network traffic
- that will be carried on the network.
+ Traffic Type: The type of network traffic that
+ will be carried on the network.
- Guest Type: Choose whether the guest
- network is isolated or shared.
+ Guest Type: Choose whether the guest network is
+ isolated or shared.
- Persistent: Indicate whether the guest
- network is persistent or not. The network that you can provision without having
- to deploy a VM on it is termed persistent network.
+ Persistent: Indicate whether the guest network is
+ persistent or not. The network that you can provision without having to deploy a VM on
+ it is termed persistent network.
VPC: This option indicate whether the guest
- network is Virtual Private Cloud-enabled. A Virtual Private Cloud (VPC) is a
- private, isolated part of &PRODUCT;. A VPC can have its own virtual network
- topology that resembles a traditional physical network. For more information on
- VPCs, see .
+ network is Virtual Private Cloud-enabled. A Virtual Private Cloud (VPC) is a private,
+ isolated part of &PRODUCT;. A VPC can have its own virtual network topology that
+ resembles a traditional physical network. For more information on VPCs, see .
- Specify VLAN: (Isolated guest networks
- only) Indicate whether a VLAN should be specified when this offering is
- used.
+ Specify VLAN: (Isolated guest networks only)
+ Indicate whether a VLAN should be specified when this offering is used.
- Supported Services: Use Cisco VNMC as the
- service provider for Firewall, Source NAT, Port Forwarding, and Static NAT to
- create an Isolated guest network offering.
+ Supported Services: Use Cisco VNMC as the service
+ provider for Firewall, Source NAT, Port Forwarding, and Static NAT to create an
+ Isolated guest network offering.
System Offering: Choose the system service
offering that you want virtual routers to use in this network.
- Conserve mode: Indicate whether to use
- conserve mode. In this mode, network resources are allocated only when the first
- virtual machine starts in the network.
+ Conserve mode: Indicate whether to use conserve
+ mode. In this mode, network resources are allocated only when the first virtual
+ machine starts in the network.
@@ -303,4 +311,5 @@
The network offering is created.
-
\ No newline at end of file
+
+