Have an account?

  •   Personalized content
  •   Your products and support

Need an account?

Create an account

Available Languages

Download Options

  • PDF
    (517.5 KB)
    View with Adobe Reader on a variety of devices
Updated:January 11, 2019
Document ID:d945d22d-6f97-48e3-90ba-6ce4a27af293

Available Languages

Download Options

  • PDF
    (517.5 KB)
    View with Adobe Reader on a variety of devices
Updated:January 11, 2019
Document ID:d945d22d-6f97-48e3-90ba-6ce4a27af293

Intelligent WAN (IWAN) Application for the Cisco® Application Policy Infrastructure Controller - Enterprise Module (APIC-EM) allows you to accelerate the deployment of IWAN and align to business priorities based on applications and user needs.

Product Overview

The IWAN Application simplifies WAN deployments by providing a highly intuitive, policy-based interface that helps IT abstract network complexity and design for business intent. The business policy is automatically translated into network policies that are propagated across the network. This solution enables IT to accelerate the transition to hybrid WAN, and quickly realize the benefits of Software-Defined WAN (SD-WAN): lower costs, simplified IT, increased security, and optimized application performance.

The IWAN Application is prescriptive of the Cisco Validated Design and provisioning of its core pillars for a large number of sites from a centralized location. Upon power-up the branch-office routers are automatically configured and ready to use. This architecture is based on open interfaces, a software-defined networking (SDN) services plane, and device-layer abstraction. This approach will allow full policy-directed deployment and operation of the network. IT can now meet line-of-business (LOB) time-to-market needs with automated functions that are propagated in minutes as you activate branch offices or roll out applications. The network including all routers is abstracted and IT can focus on the business priorities without being concerned about the underlying topology.

Features and Benefits

Table 1 lists the features and benefits of the Cisco APIC-EM Application for IWAN.

Table 1.       Features and Benefits of Cisco APIC-EM Application for IWAN



Plug and Play

The network is used to deploy Cisco 4000 Series Integrated Services Routers (ISRs) in new sites. When the controller scanner discovers a new router, it creates a Network Information Database (NIDB) entry for it and then automatically configures it. This capability (zero-touch deployment) eliminates manual intervention, saving you time and helping prevent errors. All you need to do is connect the cable and power up the device.

Centralized policy automation

The IWAN Application has a centralized policy automation engine that helps guarantee that all sites run the business policies intended by the administrator.

The IWAN Application is also designed to allow the administrator to specify the business needs in terms of application delivery in a drag-and-drop intuitive fashion (figure 1). You can deliver highly advanced technologies such as Dynamic Multipoint VPN (DMVPN), quality of service (QoS), and Performance Routing (PfR) without having to spend any time learning command-line interface (CLI) commands.

Public-key-infrastructure (PKI) certificate

The IWAN Application uses the APIC-EM Trust Manager service. This service automates the lifecycle management of issuing, renewing, and revoking the PKI X.509 certificate for IWAN. With this feature, IWAN Application greatly simplifies the process of establishing and keeping trust in the network.

Centralized hybrid WAN management

The IWAN Application defines business-level preferences by application or groups of applications in terms of the preferred path for hybrid WAN links. This feature allows for cost savings by helping guarantee delivery of application experience over any connection and using otherwise inactive or backup links.

QoS deployment and change of management

The IWAN Application can enforce QoS priority policies facing the WAN as well as the LAN. You can categorize applications into business-critical, default, or best-effort. This feature helps application traffic behave consistently and in accordance with your QoS service-level agreements (SLAs).

Network wide visibility and segmentation with Application Visibility and Control (AVC)

The IWAN Application provides a prepopulated set of common applications and lets you create a profile for custom applications. This feature helps you apply QoS and path control by application or set of applications and by business needs and priority (Figure 2).

DMVPN deployment and change of management

The IWAN Application fully automates the provisioning of the Cisco DMVPN. This automation includes the management of DMVPN intern IP address allocations as well as setting the high encryption policies. With the application the provisioning of DMPVN is highly automated and simplified.

Cisco Validated Designs based IWAN deployment workflows

Business-intent workflows allow for rapid deployment of a large number of sites without spending time building templates. It is preloaded with Cisco best practices for deploying hybrid WANs and with the most common service providers’ QoS models.

Figure 1.      APIC-EM IWAN Application Main Set Up Page


Figure 2.      APIC-EM Application for IWAN Application Policy Setup Page


Supported Cisco Platforms and Software Releases

Cisco IWAN supports the following Cisco router platforms and software releases.



Software Release

Cisco 4000 Series Integrated Services Routers






Cisco IOS XE 3.16.2S and later and later with AppX and Security licenses

Cisco ASR 1000 Series Aggregation Services Routers








Cisco IOS XE 3.16.2S

Cisco CSR 1000v Series Routers

Cloud Services Router 1000v

Cisco IOS XE 3.16.2S

Cisco Integrated Services Routers Generation 2 (ISR-G2) Series Routers

ISR 3945 

ISR 3945-ISM 

ISR 3945-E 

ISR 3945E-ISM 

ISR 3925 

ISR 3925-ISM 

ISR 3925E 

ISR 3925E-ISM 

ISR 2951 

ISR 2951-ISM 

ISR 2921 

ISR 2921-ISM 

ISR 2911 

ISR 2911-ISM 

ISR 2901 

ISR 2901-ISM 

ISR 1941 

ISR 1941-ISM 

ISR 1921 

ISR 1921-ISM 


Cisco IOS 15.5(3)M2a


The IWAN Application is a component of the APIC-EM. APIC-EM can be purchased a-la-carte or with the Cisco ONE Software. With the a-la-carte option, Cisco provides a bundle license for the number of devices in the network. This license allows you to manage IWAN routers with either the APIC-EM Application for IWAN or Cisco Primes Infrastructure 3.1+.

More details and ordering information can be found here: http://www.cisco.com/c/dam/en/us/products/collateral/cloud-systems-management/prime-infrastructure/presentation-c97-735996.pdf

System Requirements

The APIC-EM with the IWAN Application runs on a virtual appliance. The system resources to run the application follow:

   Server: 64-bit x86

   vCPU: 6 (2.4 GHz)

   RAM: 64 GB

(Note: For a multi-host hardware deployment (two or three hosts), 32GB RAM is sufficient for each host.)

   Disk I/O Speed: 200 Mbps

   Browser: Chrome (47 or later)

   Storage: 500-GB hard disk drive or preferably 1-TB HDD

   Network adapter: 1x

You also must have an HTTP or Secure HTTP (HTTPS) proxy to connect the APIC-EM plug and play service to the public cloud. This proxy can be a commercial standard HTTP or HTTPS proxy.

Software Requirements

For Cisco IWAN on APIC-EM, the following software is required to access the server:


     Chrome (Version 47.0 or higher)

     Mozilla Firefox (Version 44.0 or higher)

Cisco and Partner Services

The Cisco APIC-EM Application for IWAN is part of the Cisco ONE Enterprise Networks architecture and is supported by Cisco ONE Services, which provides post sale technical support and advanced services.

Cisco Capital

Financing to Help You Achieve Your Objectives

Cisco Capital® financing can help you acquire the technology you need to achieve your objectives and stay competitive. We can help you reduce your capital expenditures (CapEx). Accelerate your growth. Optimize your investment dollars and return on investment (ROI). Cisco Capital financing gives you flexibility in acquiring hardware, software, services, and complementary third-party equipment. And there’s just one predictable payment. Cisco Capital is available in more than 100 countries. Learn more.




Learn more