I have now successfully deployed the CSR within Azure and established an IKEv2 IPsec VPN back to my ASA. All good, one issue I have is the deployment mode that Azure uses with the CSR, it only has one interface so is a router on a stick type deployment.
Whilst this works it is different from the approach I have used for other public cloud providers (VMWare based), I would like to standardize using a traditional "inside" and "outside" interface configuration but cannot find any way of doing this on Azure. I have a feeling this will involve using Powershell.
Has anyone any experience of deploying CSR 1000v on Azure, if so did you just use the single network interface approach or is there a way of having 2 or even 3 interfaces as per the standard CSR template.
I have attached a diagram to show the two different approaches.
In azure, NIC count is restricted by VM size, here some numbers:
VM Size (Standard Tier)
A3, A6, D3, A8, G3, D12
A4, A7, A9, G4, D4, D13
G5 (32-core), DS14 (16-core)
All other sizes
Also according to Azure docs you can assign NIC count only during VM setup and only via Powershell or Resource group template. And I do not see the way to create multiple nics for CSR.
Thanks guys, it does indeed look like it is down to the virtual machine size selection, I will delete my CSR and select the A3 size to see if that gives you two NICs by default.
I'm surprised there is so little information on deploying the CSR in Azure, plenty on AWS and vCloud.
Thanks for your help I will post my updates once the new VM is deployed.
Andy, we will wait for update, but I think CSR now on early stage so we need to wait some time while it will production ready )
Anyway I will appreciate for your update and experience.
You're correct that the Azure VM size controls how many NICs you're allowed to create. You're also correct that their Web Portal is incapable of many "network centric" sorts of activities, so you must use Powershell or ARM Templates. As I mentioned in another post, we're still actively working with the Azure team at Microsoft to iron out exactly what those commands and templates should look like.
In the long term I'm hoping Azure will add the following to the Web Portal, which would allow CSR deployment to take place without relying on those complicated tools:
I too have successfully deployed the CSR1000v in Azure but noticed the issue with the single interface. As of right now there looks to be no way to deploy CSR1000v via power shell (no image available) which thus restricts the creation of multiple NICs. Any idea when this would be supported?