vCloud – ORG vDC Network Management

Edge Gateway vs. Cisco ASAv

GreenCloud IaaS environments are deployed with either an Edge Gateway router or a Cisco ASAv firewall. An Edge Gateway is a virtual router embedded in vCloud, whereas a Cisco ASAv is a different virtual router which is created outside of vCloud and imported. Both types of virtual routers manage external-facing connections, as well as internally-defined subnets and networks. The practical differences as they pertain to Org VDC networks are as follows:

  • Edge Gateways use the vCloud interface to directly change network interfaces and NAT/Firewall rules
    • Cisco ASAv’s use direct SSH login or ASDM management to change those components
  • Edge Gateways use Routed networks to directly interface with external networks
    • Cisco ASAv’s use Isolated networks to connect to VLAN-backed external networks

For further information, see the Edge Gateway and Cisco ASAv index articles.

View Org VDC Networks

To view the Org VDC networks on a VDC, log in to vCloud, select the Administration tab, double-click on a vDC, and select the Org VDC Networks tab.


Types of Org VDC Networks

There are three types of Org VDC networks in vCloud:

  • Isolated networks are for private IP subnets.
    • These networks can be used to allow vApps to communicate with one another, and can be used to create IP pools on which VMs can be addressed.
    • These can be used to allow internal communication to the external internet through a Cisco ASAv. For more information on Cisco ASAvs, please see the Cisco ASAv Reference Guide.
  • Routed networks are connected directly to an Edge Gateway.
    • They can be used to allow internal communication to the external internet.
    • These should be used in place of isolated networks when an Edge Gateway is present in the vDC. For more information on Edge Gateways, please see the Edge Gateway Reference Guide.
  • External network direct connections are only used to connect a private VLAN to a customer environment.
    • Please do not connect directly to an external network without instruction to do so. It will not work.
    • More information on Org VDC external network connections can be retrieved by contacting GreenCloud Support.


Org VDC Network Creation

To create a new Org VDC Network, select the green plus symbol from the Org VDC Networks tab. In the dialog, select the type of network to be created.

If an Edge Gateway is present, create a routed network and select the existing Edge Gateway as shown above, then select Next. Otherwise a new isolated network can be created.

At the next page, enter the relevant network information. To allocate IPs to the Static IP Pool, enter a range in the box and select “Add”. The example below includes a subnet on, and allocates

Select “Next” when the IP configuration is correct. At the following screen, enter the name of the new Org VDC network and select “Finish”. Verify that all information is correct.

At this point the Org VDC network is complete. If you reach the network quota for a vDC you will not be able to create any more networks, but there will be no error until this point in the process. The network quota can be increased by contacting GreenCloud support.

Connecting a VM to an Org VDC Network

In order to reach the internet, each VM must be connected to an Org VDC network with internet access. This will be either a Routed network with access to an Edge Gateway, or an Isolated network with access to an ASAv. Right-click on a VM and select Properties, then go to the Hardware tab. Scroll down to the NICs section. See VM Management for more details.

Select the Network dropdown and click on “Add Network…” to open the dialog.


Select “Organization VDC network” at the next screen as shown:

Select the appropriate Org VDC network, and select Finish.

The VM will now have connectivity to that Org VDC network, and will have the ability to use IPs from that network. If the Org VDC network is routed to an Edge Gateway or connected to a Cisco ASAv, the VM should be able to communicate with the internet. Please note that the proper NAT and Firewall rules will need to be configured in order to allow communication.

Was this article helpful?

Related Articles