Enable AD authentication on csr1000v

a.feniello 21 Reputation points


i m setting up a flex vpn tunnel between 2 routers:

Server router: CSR 1000v hosted on Azure
Edge router: IR809g on premise

Currently the tunnel works with local authentication but I would like to enable AAA authentication on the CSR1000v and connect it to my Azure AD.

It is possibile? How can i do?

Microsoft Entra
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Marilee Turscak-MSFT 35,616 Reputation points Microsoft Employee

    Hi @a.feniello ,

    I understand that you are looking to enable Azure AD authentication on a Cisco CSR 1000v.

    There does not appear to be any documentation for this on the Azure AD side, but Cisco offers these guidelines for how to set up the authentication.

    In HA version 1, you create an application in the Azure Active Directory and grant it permission to access the route tables. In HA version 2, an application representing the CSR 1000v is automatically created in the Azure Active Directory via Azure Managed Identities.

    Their support table covers the supported authentication scenarios:


    Since we do not have documentation for this on the Azure side, I would recommend reaching out on the Cisco community for questions around your specific configuration.



    If this answer was helpful to you, please consider "marking as answer" so that others in the community with similar questions can more easily find a solution.

    0 comments No comments