06-07-2016 02:33 PM - edited 03-12-2019 07:21 AM
Hello,
I am in the need of establishing the CSR 1000v for S2S/C2S VPN and a DMZ, but into an existing Resource Group.
The templates only continues if I choose to create a new Resource Group, but that doesn't work even with S2S VPN between two vNets in the different Resource Groups. Something about the routing of traffic behind the scenes, that doesn't allow traffic to flow correctly.
I also tried moving all resources, and exchanged some for allready existing resource. But when I create the VM with the necessary resources, it doesn't seem to work. It boots up, but none of ethernet interfaces comes up. So this feels like a dead end.
Thank you all.
Roy Apalnes
06-07-2016 11:21 PM
I have this exact issue as well, any help is very much appreciated.
06-08-2016 10:22 AM
Hi Roy,
We have escalated the issue with Microsoft Azure portal change, and will have it fixed soon.
In the meanwhile, you can try to run Azure CLI with the following command:
azure vm create -g ' + RG + ' -l ' + Location + ' -n ' + CSR_Name \
+ ' -z ' + CSR_Size + ' -N ' + NIC1 + ',' + NIC2 + ' -y ' + OS_Type \
+ ' -o ' + Storage + ' -R ' + Container_Name + ' -u ' + username + ' -p ' \
+ passwd + ' -Q ' + Image_Urn + ' -d ' + OS_Disk + ' --plan-name ' \
+ Plan_Name + ' --plan-publisher ' + Plan_Publisher + ' --plan-product ' \
+Plan_Product
Replace red with the existing resource name, and here are other perimeters related to CSR:
OS_Type="linux"
OS_Disk="cisco:cisco-csr-1000v:csr-azure-byol:3.16.2.vhd"
Plan_Name="csr-azure-byol"
Plan_Publisher="cisco"
Plan_Product="cisco-csr-1000v"
Container_Name="vhds"
Image_Urn="cisco:cisco-csr-1000v:csr-azure-byol:3.16.2"
Thanks,
Fan
06-08-2016 02:54 PM
azure :
At line:1 char:1
+ azure vm create -g ' + Basic-Infrastructure + ' -l ' + North Europe + ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError
error: missing required argument `dns-name'
I am not to great at Infrastructure as a Code yet, and would appriciate the help to input the parameter, as I can't find dns-name parameter anywhere.
06-08-2016 04:32 PM
Hi Roy,
Missed the dns part, please see below as an example of vm creation, vm show and login to CSR:
FANGU-M-40A8:~ fangu$ azure vm create -g test2nic -l westus -n test2nicvm -z Standard_D2 -N test2nicvm-Nic0 test2nicvm-Nic1 -y Linux -o test2nicvm -R vhds -u fangu -p Cisco123! -Q cisco:cisco-csr-1000v:csr-azure-byol:3.16.2 -d cisco:cisco-csr-1000v:csr-azure-byol:3.16.2.vhd --plan-name csr-azure-byol --plan-publisher cisco --plan-product cisco-csr-1000v -w test2nicvm.westus.cloudapp.azure.com
info: Executing command vm create
+ Looking up the VM "test2nicvm"
info: Using the VM Size "Standard_D2"
info: The [OS, Data] Disk or image configuration requires storage account
+ Looking up the storage account test2nicvm
+ Looking up the NIC "test2nicvm-Nic0"
info: The storage URI 'https://test2nicvm.blob.core.windows.net/' will be used for boot diagnostics settings, and it can be overwritten by the parameter input of '--boot-diagnostics-storage-uri'.
+ Creating VM "test2nicvm"
info: vm create command OK
FANGU-M-40A8:~ fangu$ azure vm show
info: Executing command vm show
Resource group name: test2nic
Virtual machine name: test2nicvm
+ Looking up the VM "test2nicvm"
+ Looking up the NIC "test2nicvm-Nic0"
+ Looking up the public ip "test2nicvm"
data: Id :/subscriptions/f5469ef2-f7e4-4dc9-944c-2c849fdf2067/resourceGroups/test2nic/providers/Microsoft.Compute/virtualMachines/test2nicvm
data: ProvisioningState :Succeeded
data: Name :test2nicvm
data: Location :westus
data: Type :Microsoft.Compute/virtualMachines
data:
data: Hardware Profile:
data: Size :Standard_D2
data:
data: Storage Profile:
data: Image reference:
data: Publisher :cisco
data: Offer :cisco-csr-1000v
data: Sku :csr-azure-byol
data: Version :3.16.2
data:
data: OS Disk:
data: OSType :Linux
data: Name :cli06c20bc302309ed8-os-1465427353433
data: Caching :ReadWrite
data: CreateOption :FromImage
data: Vhd:
data: Uri :https://test2nicvm.blob.core.windows.net/vhds/cisco:cisco-csr-1000v:csr-azure-byol:3.16.2.vhd
data:
data: OS Profile:
data: Computer Name :test2nicvm
data: User Name :fangu
data: Linux Configuration:
data: Disable Password Auth :false
data:
data: Network Profile:
data: Network Interfaces:
data: Network Interface #1:
data: Primary :true
data: MAC Address :00-0D-3A-30-DD-43
data: Provisioning State :Succeeded
data: Name :test2nicvm-Nic0
data: Location :westus
data: Public IP address :13.88.190.174
data: FQDN :test2nicvm.westus.cloudapp.azure.com
data:
data: Diagnostics Profile:
data: BootDiagnostics Enabled :true
data: BootDiagnostics StorageUri :https://test2nicvm.blob.core.windows.net/
data:
data: Diagnostics Instance View:
info: vm show command OK
FANGU-M-40A8:~ fangu$ ssh fangu@13.88.190.174
The authenticity of host '13.88.190.174 (13.88.190.174)' can't be established.
RSA key fingerprint is 7b:d1:80:b1:91:dc:bf:69:dd:a6:49:e3:cb:af:78:e4.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '13.88.190.174' (RSA) to the list of known hosts.
Password:
test2nicvm#
06-08-2016 09:57 PM
It is still complaining about argument 'dns-name':
azure vm create -g Basic-Infrastructure -l NorthEurope -n DMZ-CSR03 -z Standard_D2 -N DMZ-CSR03 IAS-CSR03 -y Linux -o nbrem2 -R vhds -u nbrem -p nbrem -Q cisco:cisco-csr-1000v:csr-azure-byol:3.16.2 -d cisco:cisco-csr-1000v:csr-azure-byol:3.16.2.vhd --plan-name csr-azure-byol --plan-publisher cisco --plan-product cisco-csr-1000v -w nbremcsr03.northeurope.cloudapp.azure.com
azure :
At line:1 char:1
+ azure vm create -g ' + Basic-Infrastructure + ' -l ' + North Europe + ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError
error: missing required argument `dns-name'
Also tried it this way:
azure vm create -g ' + Basic-Infrastructure + ' -l ' + North Europe + ' -n ' + DMZ-CSR03 \
+ ' -z ' + Standard_D2 + ' -N ' + DMZ-CSR03 + ',' + IAS-CSR03 + ' -y ' + Linux \
+ ' -o ' + nbrem2 + ' -R ' + vhds + ' -u ' + nbrem + ' -p ' \
+ ' -w nbremcsr03.northeurope.cloudapp.azure.com '
+ nbrem + ' -Q ' + cisco:cisco-csr-1000v:csr-azure-byol:3.16.2 + ' -d ' + cisco:cisco-csr-1000v:csr-azure-byol:3.16.2.vhd + ' --plan-name ' \
+ csr-azure-byol + ' --plan-publisher ' + cisco + ' --plan-product ' \
+cisco-csr-1000v '
But errors on: missing required argument dns-name.
Tried running the exact same command as you, even though the naming would be completely off and all resources would need to be created, while main is allready created except from the VM and disk. But that failed with unknown option -N.
06-13-2016 09:24 AM
I managed to get the Azure CLI command right when working with Microsoft Premier Support:
azure vm create -g Basic-Infrastructure -n DMZ-CSR03 -l northeurope -z Standard_D2 -N DMZ-CSR03,IAS-CSR03 -y Linux -o nbremdmz -R vhds -u nbrem -p ExtremePassword! -Q cisco:cisco-csr-1000v:csr-azure-byol:3.16.2 -d DMZ-CSR03.vhd --plan-name csr-azure-byol --plan-publisher cisco --plan-product cisco-csr-1000v
Thank you fangu, and looking forward to the update template in the Azure Marketplace.
06-08-2016 10:32 PM
Rookie mistake, had to enter config mode ARM, making this work:
azure vm create -g ' + Basic-Infrastructure + ' -l ' + North Europe + ' -n ' + DMZ-CSR03 \
+ ' -z ' + Standard_D2 + ' -N ' + DMZ-CSR03 + ',' + IAS-CSR03 + ' -y ' + Linux \
+ ' -o ' + nbrem2 + ' -R ' + vhds + ' -w ' + nbremcsr03.northeurope.cloudapp.azure.com + ' -u ' + nbrem + ' -p ' \
+ nbrem + ' -Q ' + cisco:cisco-csr-1000v:csr-azure-byol:3.16.2 + ' -d ' + cisco:cisco-csr-1000v:csr-azure-byol:3.16.2.vhd + ' --plan-name ' \
+ csr-azure-byol + ' --plan-publisher ' + cisco + ' --plan-product ' \
+cisco-csr-1000v '
But it seems stuck on:
info: Executing command vm create
How long should it take?
06-09-2016 03:35 PM
Hi Roy, how did it go? Normally it should not exceed 10-15 mins.
BTW, we will have an updated template in production within 2-3 business days, and we are actively working with MS right now. This new template will have the following changes and will be updated in the deployment guide.
- User can only create a CSR in a new RG
- User can have CSR created on existing VNet from an existing RG.
06-09-2016 10:10 PM
Hi, I did not manage to successfully deploy the template with the CLI commands, but the command seemed right, because it started without any errors, but it stands still as mention above.
The only message I see in the Developer Command Prompt for VS2015 or PowerShell ISE is:
info: Executing command vm create
But it is good to hear we can have a working template in the Azure Marketplace within two-three business days.
06-27-2016 01:36 PM
Any updates on this limitation? We still don't see the option in the Azure portal to create a CSR inside an existing resource group. It seems like this option was previously available (2 months ago), but it's not allowed anymore
06-30-2016 04:33 AM
Hi,
Cisco/Microsoft have fixed it in a different way. We still deploy the CSR into a new resource group, but it is now working within a virtual network in a different resource group.
I don't understand why this is the better choice, as it doesn't make sense to use a resource belonging to a different resource group.
Initially we tried using vNet to vNet VPN, but that failed for Cisco AnyConnect Clients, due to a restriction in the Azure Network. Making every seem connected, but traffic didn't flow back from the internal vNet to the AnyConnect clients.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide