03-08-2016 01:29 PM - edited 03-12-2019 12:27 AM
Hi! Since recent availability of ASAv for Microsoft Azure I have question about network design. Currently it is possible to have 4 network interfaces in ASAv, so we limited to 3 subnets in Azure VNET. We have more than 3 subnets and Azure Gateway for S2S connectivity.
Is it possible to place ASAv inside interface in gateway subnet to substitute azure gateway and provide connectivity to all VNET subnets.
03-09-2016 04:01 PM
Buy two ASAv's?
Change to Amazon AWS to get rid of restriction?
Sounds like an awkward problem.
03-10-2016 03:03 AM
Philip, thanks for proposals I believe that also there are great places outside of our solar system )
To be close to subject, I asked this to Azure Support and got answer:
unfortunately the gateway subnet is only destined to Azure gateway.
We often due some maintenance and upgrades or downgrades to the gateways, and if some more appliances or vm’s were inside that subnet, they could suffer with this operations.
This is why that type of implementation is not supported.
07-24-2017 03:14 PM
I am not aware of the subnet limitation described above in the Azure Virtual Network. This has never been the limitation. Make sure that you have properly assigned your IP Address Space and Subnet Layout to accommodate that Address Space.
07-01-2016 03:38 PM
If you're using a Network Virtual Appliance (the ASAv) you don't need to use the Gateway subnet at all. Just assign a Public IP address to one of the ASAv NICs and set up your site-to-site VPN to that Public IP and don't use the Gateway subnet at all. You only need the Gateway subnet when you're using an Azure native gateway for either Azure provided VPN or ExpressRoute gateways.
09-24-2016 03:00 AM
Jonor003 you are right but in details it's not so simple. Currently you can attach only 3 subnets to ASAv, but we have more than 7.
You can't attach anything to gateway subnet only Azure gateway can reside there. It's because of redundancy which Azure apply to the their gateway.
02-13-2019 08:21 AM
Hello:
I am really struggling with the ASAv Platform Implementation on Azure. Per the Azure - ASAv Install document, only NIC 0 / Management can be assigned a Public IP Address. Even when I try to assign the same external IP Address via the ssh session, I automatically lose connection to the device and have to try to recover via the Serial Console.
Is the expectation to use NIC0 / Management as the Interface launching the IPSec Tunnel? Would you also be able to provide any specific links on establishing a VPN Tunnel? In addition, would I use Static Routing to route between the Management / NIC1 / NIC2 / NIC3 Interfaces?
Thank you
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide