Integrate Cisco SDWAN OnRamp for MultiCloud with a Cisco FTDv pair at the edge of the Azure environment

Eric G 5 Reputation points
2024-09-05T20:48:38.49+00:00

Diagram

I am trying to add Azure to my Cisco SDWAN environment using Cisco's OnRamp for MultiCloud. I also need packets inspection (both directions) by Cisco FTDvs (pair) configured between Azure load balancers (LB). So ingress traffic should flow as such: vWAN -> vHub (created by Cisco SDWAN) -> Cisco FTD LB -> Cisco C8000v SDWAN routers -> Azure resources (egress, reverse, skipping C8000vs if Internet-bound; traversing the C8000vs if SDWAN-bound). I have tried multiple configuration adjustments without any success: manipulating route tables, adding route maps, iBGP between the FTDs and C8000vs, eBGP between the vHub and FTDs, etc., ad nauseam.When deploying the vWAN and vHub via Cisco OnRamp, it puts everything "physically" (for lack of a better descriptor) behind the vHub. The diagram attached shows the topology as created by Azure when deploying OnRamp via Cisco vManage. I feel like we're trying to force something that might not be possible even though route manipulation should solve this, especially considering we're dealing with all L3 devices (vHub, C8000vs, and FTDvs). Any recommendations would be welcomed!

Azure Virtual WAN
Azure Virtual WAN
An Azure virtual networking service that provides optimized and automated branch-to-branch connectivity.
233 questions
{count} vote

1 answer

Sort by: Most helpful
  1. Rohith Vinnakota 1,515 Reputation points Microsoft Vendor
    2024-10-07T16:49:02.9066667+00:00

     Hi Eric G

    Good day!

    I'm glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this! Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others ", I'll repost your solution in case you'd like to "Accept " the answer.

    Issue: Integrate Cisco SDWAN OnRamp for MultiCloud with a Cisco FTDv pair at the edge of the Azure environment

    Solution: we have routing working as we want it using a mix of BGP peering and route maps. The VMs are peered directly to the Transit-vNet (FTDv, single without load balancers for testing purposes), and the FTDv is peered over eBGP to the vHub. All Internet-bound and SDWAN-bound traffic is flowing from the VMs through the FTDv. We are using the following topology:

    Azure_Proposed_Diagram_02


    Thank you again for your time and patience throughout this issue.

    Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

    1 person found this answer helpful.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.