Chapter 14. Network Setup
168
When a guest network is created with Cisco VNMC firewall provider, an additional public IP is
acquired along with the Source NAT IP. The Source NAT IP is used for the rules, whereas the
additional IP is used to for the ASA outside interface. Ensure that this additional public IP is not
released. You can identify this IP as soon as the network is in implemented state and before
acquiring any further public IPs. The additional IP is the one that is not marked as Source NAT. You
can find the IP used for the ASA outside interface by looking at the Cisco VNMC used in your guest
network.
Use the public IP address range from a single subnet. You cannot add IP addresses from different
subnets.
Only one ASA instance per VLAN is allowed because multiple VLANS cannot be trunked to ASA
ports. Therefore, you can use only one ASA instance in a guest network.
Only one Cisco VNMC per zone is allowed.
Supported only in Inline mode deployment with load balancer.
The ASA firewall rule is applicable to all the public IPs in the guest network. Unlike the firewall rules
created on virtual router, a rule created on the ASA device is not tied to a specific public IP.
Use a version of Cisco Nexus 1000v dvSwitch that support the vservice command. For example:
nexus-1000v.4.2.1.SV1.5.2b.bin
Cisco VNMC requires the vservice command to be available on the Nexus switch to create a guest
network in CloudPlatform.
14.5.3.1.2. Prerequisites
1. Configure Cisco Nexus 1000v dvSwitch in a vCenter environment.
Create Port profiles for both internal and external network interfaces on Cisco Nexus 1000v
dvSwitch. Note down the inside port profile, which needs to be provided while adding the ASA
appliance to CloudPlatform.
For information on configuration, see Section 10.6, “Configuring a vSphere Cluster with Nexus
1000v Virtual Switch”.
2. Deploy and configure Cisco VNMC.
For more information, see Installing Cisco Virtual Network Management Center1 and Configuring
Cisco Virtual Network Management Center2.
3. Register Cisco Nexus 1000v dvSwitch with Cisco VNMC.
For more information, see Registering a Cisco Nexus 1000V with Cisco VNMC3.
4. Create Inside and Outside port profiles in Cisco Nexus 1000v dvSwitch.
1 http://www.cisco.com/en/US/docs/switches/datacenter/vsg/sw/4_2_1_VSG_2_1_1/install_upgrade/guide/
b_Cisco_VSG_for_VMware_vSphere_Rel_4_2_1_VSG_2_1_1_and_Cisco_VNMC_Rel_2_1_Installation_and_Upgrade_Guide_chapter_011.html
2 http://www.cisco.com/en/US/docs/unified_computing/vnmc/sw/1.2/VNMC_GUI_Configuration/
b_VNMC_GUI_Configuration_Guide_1_2_chapter_010.html
3 http://www.cisco.com/en/US/docs/switches/datacenter/vsg/sw/4_2_1_VSG_1_2/vnmc_and_vsg_qi/guide/
vnmc_vsg_install_5register.html#wp1064301