In addition to the Marketplace-based deployment, Cisco provides a compressed virtual hard disk (VHD) that you can upload to Azure and then use these ARM templates to deploy ASAv & ASAv HA in Azure.
Using a Image and two JSON files (a Template file and a Parameter File), you can deploy and provision all the resources for the ASAv and ASAv HA in a single, coordinated operation.
To deploy using a VHD image, you must upload the VHD image to your Azure storage account. Then, you can create an image using the uploaded disk image and use Azure Resource Manager template for deployment.
Azure templates are JSON files that contain resource descriptions and parameter definitions.
Use the instructions in the quick start guide for ASAv deployment.
These instructions are for ASAv, ASAv HA deployment procedure is very similar.
ASAv deployment using VHD and ARM
-
Download the ASAv vhd image from Cisco Download Software download page.
e.g. asav9-18-1.vhd.bz2 -
Un-compress the *.bz2 & upload the VHD image to container in Azure storage account.
-
Create a Image from the VHD and acquire the Resource ID of the newly created Image.
-
Use the ARM template to deploy a Cisco Adaptive Security Virtual Appliance(ASAv) HA using the image.
-
Update the parameters in the parameters template file(json) and use it to provide the parameters to the ARM template.
-
Review and purchase the template to deploy Cisco Adaptive Security Virtual Appliance(ASAv) HA.
-
Configure the Cisco Adaptive Security Virtual Appliance (ASAv) HA.
Refer the ASAv HA documentation for this.
Azure ASAv HA configuration
- Image ID (created using the downloaded vhd)
- Virtual network with 4 subnets corresponding to management and 3 data subnets.
-
vmName-prefix: The prefix for ASAv HA VMs name in Azure.
e.g. cisco-asav-ha -
vmImageId: The ID of the image used for deployment. Internally, Azure associates every resource with a Resource ID.
e.g. /subscriptions//resourceGroups/images-rg/providers/Microsoft.Compute/images/asav-9-18-1 -
adminUsername: The username for logging into ASAv. This cannot be the reserved name ‘admin’.
e.g. cisco -
adminPassword: The admin password for ASAv VM.
e.g. Password@2021
ASAv Password constraints:
- Password must be 12 to 72 characters long (Azure Password constraint)
- must have : 1 lowercase, 1 uppercase, 1 number & 1 special characters
- must have no more than 2 repeating or sequential(ASCII) characters
-
vmStorageAccount-A: Your Azure storage account for ASAv HA vm-A. You can use an existing storage account or create a new one. The storage account name must be between 3 and 24 characters, and can only contain lowercase letters and numbers.
e.g. ciscoasavstorage1 -
vmStorageAccount-B: Your Azure storage account for ASAv HA vm-B. You can use an existing storage account or create a new one. The storage account name must be between 3 and 24 characters, and can only contain lowercase letters and numbers.
e.g. ciscoasavstorage2 -
virtualNetworkResourceGroup: The name of the virtual network's Resource Group.
e.g. asav-vnet-rg -
virtualNetworkName: The name of the virtual network.
e.g. asav-vnet -
mgmtSubnetName: The management interface will attach to this subnet. This maps to Nic0, the first subnet. Note, this must match an existing subnet name if joining an existing network.
e.g. mgmt -
mgmtSubnetIP-A: The Management interface IP address for ASAv HA vm-A.
e.g. 10.8.0.10 -
mgmtSubnetIP-B: The Management interface IP address for ASAv HA vm-B.
e.g. 10.8.0.11 -
data1SubnetName: The data interface 1 will attach to this subnet. This maps to Nic1, the second subnet. Note, this must match an existing subnet name.
e.g. data-subnet1 -
data1SubnetIP-A: The data interface 1: IP address for ASAv HA vm-A.
e.g. 10.8.1.10 -
data1SubnetIP-B: The data interface 1: IP address for ASAv HA vm-B.
e.g. 10.8.1.11 -
data2SubnetName: The data interface 2 will attach to this subnet. This maps to Nic2, the third subnet. Note, this must match an existing subnet name.
e.g. data-subnet2 -
data2SubnetIP-A: The data interface 2: IP address for ASAv HA vm-A.
e.g. 10.8.2.10 -
data2SubnetIP-B: The data interface 2: IP address for ASAv HA vm-B.
e.g. 10.8.2.11 -
data3SubnetName: The data interface 3 will attach to this subnet. This maps to Nic3, the fourth subnet. Note, this must match an existing subnet name.
e.g. data-subnet3 -
data3SubnetIP-A: The data interface 3: IP address for ASAv HA vm-A.
e.g. 10.8.3.10 -
data3SubnetIP-B: The data interface 3: IP address for ASAv HA vm-B.
e.g. 10.8.3.11 -
vmSize: The VM size to use for the ASAv. Standard_D3_v2 is the default.
Supported sizes:
-
Standard_D3
-
Standard_D4*
-
Standard_D3_v2
-
Standard_D4_v2*
-
Standard_D8_v3*
-
Standard_DS3*
-
Standard_DS4*
-
Standard_DS3_v2*
-
Standard_DS4_v2*
-
Standard_F4*
-
Standard_F8*
-
Standard_F4*
-
Standard_F8*
-
Standard_D5**
-
Standard_DS5**
-
Standard_D5_v2**
-
Standard_DS5_v2**
-
Standard_D16_v3**
-
Standard_F16**
-
Standard_F16s**
-
Standard_D8s_v3#
-
Standard_D16s_v3#
-
Standard_F8s_v2#
-
Standard_F16s_v2#
'*' : requires ASAv version 9.13 or above. '**': requires ASAv version 9.15 or above. '#' : requires ASAv version 9.17 or above.
- Software Downloads Home
- ASAv deployment using VHD and ARM
- Azure ASAv quick start guide
- Azure ASAv HA configuration
This project is licensed under the Apache License, Version 2.0 - see the LICENSE file for details.
Copyright (c) 2022 Cisco Systems Inc and/or its affiliates.
- Changes to support new VM sizes: Standard_D8s_v3, Standard_D16s_v3, Standard_F8s_v2, Standard_F16s_v2
- API version updates for Azure resources
- Support for Accelerated networking on the network interfaces (now AN is enabled on the data interfaces)
- New 16 core VM sizes support
- API versions updated for Azure resources