Cloud Network and Security

Lab Objectives This lab guide shows how to configure active/active Azure VPN gateways with IKEv2 VPNs to an "on prem" CSR. The Azure VPN GW utilizes BGP over IKEv2 tunnels to a CSR located in a VNET that simulates an on prem environment. The test VM subnet on the onprem side will have UDRs pointed to the CSR1 inside interface. BGP max paths allows ECMP load sharing as well as HA. The main goal of this lab is to quickly stand up a sandbox environment for functionality testing of active/active tunnels to the Azure VPN GW. The test VMs will be able to ping each other and relevant interfaces.  BGP prefix filters could be used to lock down route advertisement if required. The routing configuration is only an example and could be solved many ways. The entire environment is built on Azure and does not require any hardware.   Requirements : A valid Azure subscription account. If you don’t have one, you can create your free azure account ( https://azure.microsoft.com/en-us

Lab Objectives This lab guide shows how to configure highly available load balanced Cisco CSRs. Each CSR in Azure utilizes BGP over IKEv2 tunnel to a CSR located in a VNET that simulates an on prem environment. The test VM subnet on the Azure side will have UDRs pointed to an Azure Standard Load Balancer with a backend pool of the inside interfaces of CSR1 and CSR2. Traffic is load balanced across the 2 CSRs with the health probes monitoring the inside interfaces. In the event of a failure on CSR1 or CSR2, the load balancer will only steer traffic to the healthy CSR. BGP is also enabled between CSR1 and CSR2 providing tunnel redundancy if one of the tunnels goes down. The main goal of this lab is to quickly stand up a sandbox environment for functionality testing. The test VMs will be able to ping each other, all CSR interfaces including VTIs/loopbacks.  BGP prefix filters could be used to lock down route advertisement if required. The main goal of this lab is to quickly stan