%BOOK_ENTITIES; ]>

Cisco Virtual Network Management Center (VNMC) provides centralized multi-device and policy management for Cisco Network Virtual Services. When Cisco VNMC is integrated with ASA 1000v Cloud Firewall and Cisco Nexus 1000v dvSwitch in &PRODUCT; you will be able to: Configure Cisco ASA 1000v Firewalls Create and apply security profiles that contain ACL policy sets for both ingress and egress traffic, connection timeout, NAT policy sets, and TCP intercept &PRODUCT; supports Cisco VNMC on Cisco Nexus 1000v dvSwich-enabled VMware hypervisors.

A Cloud administrator adds VNMC as a network element by using the admin API addCiscoVnmcResource after specifying the credentials A Cloud administrator adds ASA 1000v appliances by using the admin API addCiscoAsa1000vResource. You can configure one per guest network. A Cloud administrator creates an Isolated guest network offering by using ASA 1000v as the service provider for Firewall, Source NAT, Port Forwarding, and Static NAT.

Ensure that Cisco ASA 1000v appliance is set up externally and then registered with &PRODUCT; by using the admin API. Typically, you can create a pool of ASA 1000v appliances and register them with &PRODUCT;. Specify the following to set up a Cisco ASA 1000v instance: ESX host IP Standalone or HA mode Port profiles for the Management and HA network interfaces. This need to be pre-created on Nexus dvSwitch switch. Port profiles for both internal and external network interfaces. This need to be pre-created on Nexus dvSwitch switch, and to be updated appropriately while implementing guest networks. The Management IP for Cisco ASA 1000v appliance. Specify the gateway such that the VNMC IP is reachable. Administrator credentials VNMC credentials After Cisco ASA 1000v instance is powered on, register VNMC from the ASA console. Ensure that Cisco VNMC appliance is set up externally and then registered with &PRODUCT; by using the admin API. A single VNMC instance manages multiple ASA1000v appliances. Ensure that Cisco Nexus 1000v appliance is set up and configured in &PRODUCT; when adding VMware cluster.

Ensure that all the prerequisites are met. See . Add a VNMC instance. See . Add a ASA 1000v instance. See . Create a Network Offering and use Cisco VNMC as the service provider for desired services. See . Create an Isolated Guest Network by using the network offering you just created.

Log in to the &PRODUCT; UI as administrator. In the left navigation bar, click Infrastructure. In Zones, click View More. Choose the zone you want to work with. Click the Network tab. In the Network Service Providers node of the diagram, click Configure. You might have to scroll down to see this. Click Cisco VNMC. Click View VNMC Devices Click the Add VNMC Device and provide the following: Host: The IP address of the VNMC instance. Username: The user name of the account on the VNMC instance that &PRODUCT; should use. Password: The password of the account. Click OK.

Log in to the &PRODUCT; UI as administrator. In the left navigation bar, click Infrastructure. In Zones, click View More. Choose the zone you want to work with. Click the Network tab. In the Network Service Providers node of the diagram, click Configure. You might have to scroll down to see this. Click Cisco VNMC. Click View ASA 1000v. Click the Add CiscoASA1000v Resource and provide the following: Host: The management IP address of the ASA 1000v instance. The IP address is used to connect to ASA 1000V. Inside Port Profile: The Inside Port Profile configuration on Cisco Nexus1000v dvSwitch. Cluster: The VMware cluster to which you are adding the ASA 1000v instance. Ensure that the cluster is Cisco Nexus 1000v dvSwitch enabled. Click OK.

To have Cisco ASA 1000v support for a guest network, create a network offering as follows: Log in to the &PRODUCT; UI as a user or admin. From the Select Offering drop-down, choose Network Offering. Click Add Network Offering. In the dialog, make the following choices: Name: Any desired name for the network offering. Description: A short description of the offering that can be displayed to users. Network Rate: Allowed data transfer rate in MB per second. Traffic Type: The type of network traffic that will be carried on the network. Guest Type: Choose whether the guest network is isolated or shared. Persistent: Indicate whether the guest network is persistent or not. The network that you can provision without having to deploy a VM on it is termed persistent network. VPC: This option indicate whether the guest network is Virtual Private Cloud-enabled. A Virtual Private Cloud (VPC) is a private, isolated part of &PRODUCT;. A VPC can have its own virtual network topology that resembles a traditional physical network. For more information on VPCs, see . Specify VLAN: (Isolated guest networks only) Indicate whether a VLAN should be specified when this offering is used. Supported Services: Use Cisco VNMC as the service provider for Firewall, Source NAT, Port Forwarding, and Static NAT to create an Isolated guest network offering. System Offering: Choose the system service offering that you want virtual routers to use in this network. Conserve mode: Indicate whether to use conserve mode. In this mode, network resources are allocated only when the first virtual machine starts in the network. Click OK The network offering is created.