Microsoft Azure Government Cloud is an isolated and dedicated cloud platform, which enables government agencies and government approved contractors to host sensitive data. Connectivity from on-premises locations to Azure Government Cloud must be secure, scalable and dynamic.
With Cisco CSR1000v now available on Azure Government Cloud, Government Cloud customers can enjoy the same advanced routing and security benefits delivered on Azure public cloud. Cisco CSR1000v provides best in class routing capabilities that support full path encryption with the strongest cipher suites available in the market, L4-L7 firewall capabilities and L7 visibility and control. Using Cisco CSR1000v in concert with the Azure Government Cloud delivers on the value proposition of ensuring Government data receives the protection of Cisco’s security capabilities in the Azure cloud environment they trust.
Because Cisco CSR1000V runs full featured Cisco IOS-XE, management of CSR1000V simply becomes another location inside an already deployed Cisco based network and plugs in easily to existing management tools and operations. See below for some FAQs.
To launch the CSR 1000V on Azure Government Cloud there is a pre-built solution available to you. The solution is based on templates we created to ease the deployment of the CSR 1000V on Azure. The templates allow the solution to deploy different resources at the same time to fully support a CSR 1000V deployment. The solution details are as follows:
2 or 4 Network-Interface-Cards (NICs)
VNet configured with two or four subnets, one private or three private and one public
Routing tables on each subnet, with user-defined routes, the private subnet will use private-facing interface as the gateway so the VMs behind the router will not have direct access to the internet
Enables IP forwarding for each interface
Adds UDP port 500 (ISKAMP) and 4500 (NAT-T) in the security group on the public subnet for VPN connections
Azure D2 or D3 instance type compute
How to Deploy CiscoCSR in Azure Government
Go to the solution templates for 2-NIC and 4-NIC Cisco CSR1000v in Azure QuickStart Repo on Github, found at the links below. They can be found by searching for Cisco CSR1000v, or clicking below. They can be found by searching for Cisco CSR1000v, or clicking below. For step by step deployment instructions for solution templates from Github in to Azure Government Cloud, see our technical documentation.
NOTE: you will need an Azure Government Account valid in order to continue. To experience the power of Azure Government for your organization, sign up for an Azure Government Trial.
When deploying the CSR 1000V solution on Azure D2 compute specifications are 2 vCPU and 7GB of RAM. With these specifications the CSR 1000V can achieve a CEF throughput of 500Mbps and an IPSec throughput (AES 256) of 150 Mbps.
When deploying the CSR 1000V solution on Azure D3 compute specifications are 4 vCPU and 14GB of RAM. With these specifications the CSR 1000V can achieve a CEF throughput of 500Mbps and an IPSec throughput (AES 256) of 500 Mbps.
Both offers support up to 1,000 VPN tunnels.
How Does Licensing the CSR 1000V Work on AzureGovernment Cloud?
If you want to connect your enterprise network to Azure the CSR 1000V supports Bring Your Own License (BYOL). This means you buy a license from Cisco or a partner and install that license to the CSR 1000V running on Azure Government Cloud.
If you want to give the CSR 1000V a try on Azure, Cisco offers 60-day demo licenses to all CCO account holders. If you don’t have an account, you go to this link, and create a guest account. Once you have a guest account, follow the instructions here for temporarily licensing you CSR 1000V on Azure.
You can access this whitepaper to learn more about the integration of Cisco CSR 1000V with Microsoft Azure.
To launch the CSR 1000V for Microsoft Azure, please visit the Azure Government Marketplace and search for Cisco CSR 1000V.
We welcome your comments and suggestions to help us continually improve your Azure Government experience. To stay up to date on all things Azure Government, be sure to subscribe to our RSS feed and to receive emails, click "Subscribe by Email!" on the Azure Government Blog. To experience the power of Azure Government for your organization, sign up for an Azure Government Trial.
Hi, I tried to login one ASR 920-12SZ-IM router but no output came on Putty. Then i try to put router in ROMMON mode to check the IOS it stuck on "Last reset cause: BootFromUpgradeRegFail " doesn't get Rommon> prompt. What else i can do? plea...
The refurbished switch I just purchased is failing to boot. When I look in the flash memory there is only a tar file. Does it require a bin file to boot? I am not sure if there is some way I can boot up the switch with the tar file or if I should delete t...
hello all, I have a new vpn setup that uses cisco integrated services router for access control by using AAA model local.I have two vpn groups set up with the intention of having each group separated access to internal subnets. currently almost ...
Hello, I have a remote user who has access to 192.168.10.0 subnet through a remote client to site VPN setup. The address pool subnet that they receive thru DHCP at the router via VPN is the same as the Vlan that is on the switch that they are a...
Hi all, I have a subcontractor that I want to give limited access to one machine on my switch. The subcontractor logs in via VPN access to cisco 3825. The vpn connection has a unique subnet 192.168.x.x and routs to my layer 3 switch (3750...