Skip to content

Latest commit

 

History

History
131 lines (89 loc) · 6.18 KB

README.md

File metadata and controls

131 lines (89 loc) · 6.18 KB
Raw

Azure ASAv HA deployment using VHD and ARM template

In addition to the Marketplace-based deployment, Cisco provides a compressed virtual hard disk (VHD) that you can upload to Azure and then use these ARM templates to deploy ASAv & ASAv HA in Azure.
Using a Image and two JSON files (a Template file and a Parameter File), you can deploy and provision all the resources for the ASAv and ASAv HA in a single, coordinated operation.

To deploy using a VHD image, you must upload the VHD image to your Azure storage account. Then, you can create an image using the uploaded disk image and use Azure Resource Manager template for deployment.
Azure templates are JSON files that contain resource descriptions and parameter definitions.

Use the instructions in the quick start guide for ASAv deployment.
These instructions are for ASAv, ASAv HA deployment procedure is very similar.

ASAv deployment using VHD and ARM

Deployment overview

  1. Download the ASAv vhd image from Cisco Download Software download page.
    e.g. asav9-14-1.vhd.bz2

  2. Un-compress the *.bz2 & upload the VHD image to container in Azure storage account.

  3. Create a Image from the VHD and acquire the Resource ID of the newly created Image.

  4. Use the ARM template to deploy a Cisco Adaptive Security Virtual Appliance(ASAv) HA using the image.

  5. Update the parameters in the parameters template file(json) and use it to provide the parameters to the ARM template.

  6. Review and purchase the template to deploy Cisco Adaptive Security Virtual Appliance(ASAv) HA.

  7. Configure the Cisco Adaptive Security Virtual Appliance (ASAv) HA.
    Refer the ASAv HA documentation for this.
    Azure ASAv HA configuration

Parameters for the Azure ARM template:

Pre-requisites:

  1. Image ID (created using the downloaded vhd)
  2. Virtual network with 4 subnets corresponding to management and 3 data subnets.

Parameters:

  1. vmName-prefix: The prefix for ASAv HA VMs name in Azure.
    e.g. cisco-asav-ha

  2. vmImageId: The ID of the image used for deployment. Internally, Azure associates every resource with a Resource ID.
    e.g. /subscriptions/73d2537e-ca44-46aa-beb2-74ff1dd61b41/resourceGroups/images-rg/providers/Microsoft.Compute/images/asav-9-14-1

  3. adminUsername: The username for logging into ASAv. This cannot be the reserved name ‘admin’.
    e.g. cisco

  4. adminPassword: The admin password. This must be 12 to 72 characters long, and include three of the following: 1 lower case, 1 upper case, 1 number, 1 special character.
    e.g. Password@123123

  5. vmStorageAccount-A: Your Azure storage account for ASAv HA vm-A. You can use an existing storage account or create a new one. The storage account name must be between 3 and 24 characters, and can only contain lowercase letters and numbers.
    e.g. ciscoasavstorage1

  6. vmStorageAccount-B: Your Azure storage account for ASAv HA vm-B. You can use an existing storage account or create a new one. The storage account name must be between 3 and 24 characters, and can only contain lowercase letters and numbers.
    e.g. ciscoasavstorage2

  7. virtualNetworkResourceGroup: The name of the virtual network's Resource Group.
    e.g. asav-vnet-rg

  8. virtualNetworkName: The name of the virtual network.
    e.g. asav-vnet

  9. mgmtSubnetName: The management interface will attach to this subnet. This maps to Nic0, the first subnet. Note, this must match an existing subnet name if joining an existing network.
    e.g. mgmt

  10. mgmtSubnetIP-A: The Management interface IP address for ASAv HA vm-A.
    e.g. 10.8.0.10

  11. mgmtSubnetIP-B: The Management interface IP address for ASAv HA vm-B.
    e.g. 10.8.0.11

  12. data1SubnetName: The data interface 1 will attach to this subnet. This maps to Nic1, the second subnet. Note, this must match an existing subnet name.
    e.g. data-subnet1

  13. data1SubnetIP-A: The data interface 1: IP address for ASAv HA vm-A.
    e.g. 10.8.1.10

  14. data1SubnetIP-B: The data interface 1: IP address for ASAv HA vm-B.
    e.g. 10.8.1.11

  15. data2SubnetName: The data interface 2 will attach to this subnet. This maps to Nic2, the third subnet. Note, this must match an existing subnet name.
    e.g. data-subnet2

  16. data2SubnetIP-A: The data interface 2: IP address for ASAv HA vm-A.
    e.g. 10.8.2.10

  17. data2SubnetIP-B: The data interface 2: IP address for ASAv HA vm-B.
    e.g. 10.8.2.11

  18. data3SubnetName: The data interface 3 will attach to this subnet. This maps to Nic3, the fourth subnet. Note, this must match an existing subnet name.
    e.g. data-subnet3

  19. data3SubnetIP-A: The data interface 3: IP address for ASAv HA vm-A.
    e.g. 10.8.3.10

  20. data3SubnetIP-B: The data interface 3: IP address for ASAv HA vm-B.
    e.g. 10.8.3.11

  21. vmSize: The VM size to use for the ASAv. Standard_D3_V2 is the default.
    Supported sizes:

  • Standard_D3

  • Standard_D4*

  • Standard_D3_v2

  • Standard_D4_v2*

  • Standard_D8_v3*

  • Standard_DS3*

  • Standard_DS4*

  • Standard_DS3_v2*

  • Standard_DS4_v2*

  • Standard_F4*

  • Standard_F8*

  • Standard_F4*

  • Standard_F8*

    '*': requires ASAv version 9.13 or above.

References

Licensing Info

This project is licensed under the Apache License, Version 2.0 - see the LICENSE file for details.

Copyright

Copyright (c) 2020 Cisco Systems Inc and/or its affiliates.