Sold by: Cisco Systems, Inc.
Deployed on AWS
Free Trial
The DNA Essentials Package for Catalyst 8000V (C8000V) includes all DNA Essentials feature sets and delivers multi-gigabit performance for enterprise-class networking services & VPN in the AWS cloud, as well as twice the IPSec throughput with IMIX packets.
4.2
Overview
As part of Cisco's Cloud connect portfolio, the DNA Essentials package for Catalyst 8000V (C8000V) delivers the maximum performance available in AWS cloud for virtual networking services. Deliver high-speed secure VPN services with High Availability, strong Firewall protection, Application Visibility & Control, and more... This AMI runs Cisco IOS XE technology features and uses AWS instances with direct I/O path for higher & more consistent performance. The C8000V with full Cisco IOS-XE support enables customers to deploy the same enterprise-class networking services that they are so used to in their on-prem networks inside AWS. This AMI enables enterprise-class Routing, VPN, High-Availability, Firewall, IP SLA, VPC Interconnection, Application Visibility & Control, Performance Monitoring, and Optimization. The familiar IOS XE CLI and RESTful API ensures easy deployment, monitoring, troubleshooting, and service orchestration.
If you are using the Cisco Cloud Services Router 1000V (CSR 1000V) virtual router in autonomous mode, then you may want to use the GUI-driven migration tool to migrate those instances to Cisco Catalyst 8000V (C8000V) instance. This migration uses AWS CloudFormation template based automation to spin-up a new instance of Catalyst 8000V and copy the configuration files from the CSR 1000V instance. You can batch migrate up to ten CSR 1000V instances in one go. The migrated instances will include the enhanced "secure object storage" feature in C8000V that stores all sensitive configuration information in an encrypted file system inside the VM. See the http://cs.co/c8000v-aws-migration-tool chapter in the Catalyst 8000V Configuration Guide for AWS for more details.
Highlights
- Enterprise-class VPN in AWS that's faster, cheaper, and more scalable than other VPN solutions. Manage both sides of your VPN for greater security. Familiar IOS-XE based VPN supports the same commands, tools, and logs as Cisco ISR and ASR platforms.
Details
Sold by
Categories
Delivery method
Delivery option
64-bit (x86) Amazon Machine Image (AMI)
Latest version
Operating system
OtherLinux Cisco IOS XE
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Free trial
Try this product free for 30 days according to the free trial terms set by the vendor. Usage-based pricing is in effect for usage beyond the free trial terms. Your free trial gets automatically converted to a paid subscription when the trial ends, but may be canceled any time before that.
Pricing is based on actual usage, with charges varying according to how much you consume. Subscriptions have no end date and may be canceled any time. Alternatively, you can pay upfront for a contract, which typically covers your anticipated usage for the contract duration. Any usage beyond contract will incur additional usage-based costs.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Cost/hour |
|---|---|
c5n.large Recommended | $2.78 |
c5.4xlarge | $3.48 |
c5.2xlarge | $2.78 |
c5.large | $2.13 |
c5.xlarge | $2.31 |
c5n.18xlarge | $6.907 |
c5n.xlarge | $3.48 |
c5n.9xlarge | $6.78 |
c5n.2xlarge | $3.48 |
c5.9xlarge | $3.168 |
Vendor refund policy
No Refunds
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
64-bit (x86) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Version release notes
Supported instance types: t3.medium c5.large c5.xlarge c5.2xlarge c5.4xlarge c5.9xlarge c5n.large c5n.xlarge c5n.2xlarge c5n.9xlarge
Additional details
Usage instructions
Complete the following steps to launch a Catalyst 8000V (C8000V) AMI: 1. Locate the C8000V product page by searching the AWS Marketplace for 'C8000V'. 2. On the C8000V product page, click the 'Continue' button. 3. Use either the 'Launch with EC2 Console' tab to complete the deployment of a C8000V AMI. Select the correct version and region, and click the 'Launch with EC2 Console' button. 4. The Launch Instances Wizard will open. Select the desired instance type and click 'Next'. 5. Select your desired VPC environment in the 'Network' pull-down menu. 6. Select your desired IP subnet for the first C8000V network interface in the 'Subnet' pull-down menu. 7. Add any additional network interfaces, and select the appropriate subnet for each to connect to. 8. Click 'Review and Launch', and then review the information for correctness. 9. If the information is correct, click 'Launch', and then either select an existing key pair to use for authentication, or create a new key pair. If you create a key pair, make sure to download and save the private key. 10. Click 'Launch Instances'. 11. From the AWS Console, wait for your instance to indicate a state of 'running'. It may take a few moments after that point, before you can connect to your C8000V instance. Connect to your instance using an SSH client, and the private SSH key selected or created earlier in these steps. Example: ssh -i mykeypair.pem ec2-user@myhostname.compute-1.amazonaws.com . 12. See notes for further instructions.
Support
Vendor support
Cisco TAC support services for Pay As You Go is available for purchase through any Cisco Partner. Cisco Partner Locator: https://locatr.cloudapps.cisco.com/WWChannels/LOCATR/openBasicSearch.do . Support Community: https://supportforums.cisco.com/community/csr-amazon . A 30-day free trial period is included for first-time users. For questions or to obtain C8000V AMI access to the GovCloud region, contact ask-csr-aws-pm@cisco.com .
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Cisco Systems, Inc.
By Juniper Networks
By Palo Alto Networks
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Virtual Routing and Switching
Enterprise-class routing capabilities with Cisco IOS XE technology support, enabling deployment of same networking services available in on-premises networks within AWS cloud environment.
VPN and Encryption
Multi-gigabit VPN performance with twice the IPSec throughput using IMIX packets, supporting High Availability and secure encrypted communication between network endpoints.
Firewall and Security
Enterprise-class firewall protection with secure object storage feature that encrypts sensitive configuration information in an encrypted file system within the virtual machine.
Application Visibility and Control
Application-level visibility and control capabilities combined with performance monitoring and optimization features for traffic management and network optimization.
Management and Orchestration
IOS XE command-line interface and RESTful API support enabling deployment, monitoring, troubleshooting, and service orchestration with AWS CloudFormation template-based automation for configuration management.
Next Generation Firewall Architecture
High-performance firewall solution with core firewall, VPN, NAT, and advanced L4-L7 security services including application security, IPS, and anti-virus capabilities.
Anti-Virus and Malware Protection
Cloud-based anti-virus protection that detects and blocks spyware, adware, viruses, keyloggers, and other malware over POP3, HTTP, SMTP, and FTP protocols.
Intrusion Detection and Prevention
Intrusion detection and prevention (IPS) system integrated with application visibility and control through AppSecure for threat detection and workload protection.
VPN and Secure Connectivity
IPsec and full mesh VPN termination services enabling secure connectivity from on-premises data centers, campuses, and branches to AWS cloud across geographically dispersed VPCs.
AWS Cloud Service Integration
Native integration with AWS services including Elastic Load Balancer, Auto-Scaling Groups, CloudWatch, Security Hub, Key Management Service, Elastic Network Adapter support, and Gateway Load Balancer with L3 gateway and L4 load balancer capabilities.
Application Layer Visibility and Control
Complete application layer-7 visibility and control of traffic with next-generation firewall capabilities in AWS environments
AI/ML-Powered Threat Detection
AI/ML-powered inspection engine with researcher-grade signatures for detection of zero-day threats, exploits, malware, spyware, and command and control attacks
Dynamic Policy Management
Policy definitions that dynamically apply to cloud assets based on AWS tags, Application IDs, User IDs, geographies, or zones without manual intervention
Cloud Infrastructure Integration
Seamless integration with Gateway Load Balancer, AWS Auto Scaling, and Transit VPC with AWS Transit Gateway for protection across dynamic and large-scale deployments
Advanced Threat Prevention Service
Cloud-delivered Advanced Threat Prevention security service with market-leading threat coverage against known and zero-day threats while maintaining performance
Standard contract
No
No
No
Customer reviews
reviewer2847981
New site-based policies have transformed regional control and improved uptime across locations
Reviewed on Jun 01, 2026
Review from a verified AWS customer
What is our primary use case?
Cisco Catalyst SD-WAN has been in use for a year and a half, which is when we first started deploying it. We are now finalizing that deployment in our environment and are almost exclusively switching over from our old SD-WAN solution to the Cisco-based one.
What is most valuable?
I appreciate the control that we have with Cisco Catalyst SD-WAN . With the previous solution that we had, we could not build independent tunnels to each SD-WAN appliance, as they were all aggregated. Now we have considerably more freedom. We no longer have to speculate whether one thing going down means we lose an entire region of the firm; instead, everything is site-by-site based.
Cisco Catalyst SD-WAN helps us specifically through the control of policies. With Catalyst, we are able to build out these policies at a regional level. Rather than relying on a centralized location, we have been able to distribute this across the country. We are able to target bigger regions and optimize traffic flow for those specific regions instead of being locked into whatever the previous vendor was providing us.
What needs improvement?
For our environment, there are some bugs with how we interpret data in terms of circuit usage, for example. This has been on our to-do list for a while because it has been broken. We have not been able to get it to work quite right specifically for our environment. We have been trying to get support and push for that resolution because for our metrics, it is valuable. Having a blank screen instead of this data can be intimidating, so we are trying to get that fixed.
For how long have I used the solution?
I have been working in my field professionally for about three years.
What do I think about the stability of the solution?
Cisco Catalyst SD-WAN has been fine for the most part. We tend to play it safe and use versions that have been tested more thoroughly, rather than necessarily old versions. Issues we might have run into stem from us being out of date, such as wanting to implement and use something that was actually on a newer version that we just had not had time to upgrade to.
How are customer service and support?
I would rate Cisco's operational efficiency in my IT environment very highly. At this point, we are almost an entirely Cisco-based organization, and everything that we operate on for the most part is Cisco-based. We have good support from Cisco, and I think we are happy with how everything is going.
Which solution did I use previously and why did I switch?
Before, our solution was VMware VeloCloud , which was then purchased by Arista recently, and that is what we are switching away from.
How was the initial setup?
I was not involved with the pricing, setup cost, and licensing too much. We did run into some licensing issues in the beginning, but it was through the vendor and the provider that we were using, not necessarily a Cisco thing. If that had not been involved, the process would have been smoother.
What was our ROI?
The increased uptime with Cisco Catalyst SD-WAN has been a return on investment.
What other advice do I have?
We have been focusing on fast deployment and then going back to tweak policies and figure out which features we want. I would rate this review a 10.
reviewer1844226
Improved WAN connectivity has reduced latency and simplifies secure deployments and troubleshooting
Reviewed on Jun 01, 2026
Review provided by PeerSpot
What is our primary use case?
The main use case is WAN connectivity.
What is most valuable?
The features that I like the most about Cisco Catalyst SD-WAN are that it is secure, cheaper, and once you know it, it's easy to deploy.
An example of how these features have benefited our organization is that we have reduced latency and we can troubleshoot faster for packet loss and jitter.
What needs improvement?
I think Cisco Catalyst SD-WAN could be improved because too many vulnerabilities come up, so upgrading it is a challenge, and the hardware keeps changing; we moved from Viptela 1K to 2K, then again to the Cisco Catalyst router, so it's an expense.
For how long have I used the solution?
We have been using Cisco Catalyst SD-WAN in our new company for eight years.
What do I think about the scalability of the solution?
Cisco Catalyst SD-WAN scales with the growing needs of our organization at a level of eight.
How are customer service and support?
I evaluate the customer service and tech support as good support.
Which solution did I use previously and why did I switch?
Before adopting Cisco Catalyst SD-WAN, a decision had already been made regarding the solution when I was onboarded.
How was the initial setup?
I describe the experience with deploying Cisco Catalyst SD-WAN as initial deployment taking some time, but once deployed, it's easy to roll out changes.
What's my experience with pricing, setup cost, and licensing?
My experience with pricing, setup cost, and licensing is that it is very tedious.
What other advice do I have?
Cisco does not optimize the experience in a hybrid or distributed enterprise setup for us since we don't have hybrid; it's all on-premises.
We face no specific challenges with hybrid and distributed enterprise networks because we don't have hybrid networks.
My impression of the end-to-end visibility offered by Cisco is that it is a managed solution, and while we reach out to our managed vendor for visibility, I think it is something we should explore more; during troubleshooting, we don't use that tool as much as we would prefer.
I give this review an overall rating of nine.
Danish Nazir
Faced complex visibility and policy challenges but have improved basic traffic routing control
Reviewed on Jan 20, 2026
Review provided by PeerSpot
What is our primary use case?
I have used Cisco Catalyst SD-WAN as a customer. I am a customer of Cisco, and I have been a customer rather than a partner of Cisco.
What is most valuable?
The features are useful, but it is more about how insightful these features are and how easily you are able to understand the flow and mitigate a threat. Although those features exist in Cisco Catalyst SD-WAN , the lack of visibility makes it very difficult to find out what precisely is being monitored through the advanced threat prevention features of Cisco Catalyst SD-WAN Viptela solution. The features are undoubtedly useful, but at the end of the day, it boils down to how easily you can see the insights provided by the solution. I feel Cisco slightly lacks in that aspect. It could be because the hardware itself is a router with added security functionality, while in Fortinet or Palo Alto, those systems are intrinsically firewalls with security capabilities built-in, and routing added on top. Hence, the visibility part in those solutions is better compared to Cisco Catalyst SD-WAN, since it is not a logging device.
What needs improvement?
I have found some other solutions more insightful and user-friendly as compared to Cisco Catalyst SD-WAN, but the basic SD-WAN functionality is good enough. I am using it only because it was done as a pilot project, specifically for my 60 to 70 sites. For the majority of the sites, I am using Fortinet's Secure SD-WAN solution and I found that more viable and more in alignment with my requirements.
For example, there is not any Internet Service Database available in Cisco Catalyst SD-WAN intrinsically. If I want to write a policy based on applications, I am not able to write it, at least in Cisco Catalyst SD-WAN Viptela deployment that we have done, and that is fairly easy to do in Fortinet. The second issue is the logging capability. I think the visibility that Fortinet Secure SD-WAN has is not even comparable. Cisco Catalyst SD-WAN does not provide that sort of insight or control as far as traffic steering is concerned.
With respect to the SLAs, I barely know which sort of SLAs are violated in Cisco Catalyst SD-WAN, so I do not have clear visibility on where the traffic is moving from at my spoke or hub locations. I believe Fortinet gives me a very clear picture of where the traffic is going. Overall visibility, whether it is data traffic or logs, is much better in Fortinet compared to Cisco Catalyst SD-WAN.
The complexity of Cisco Catalyst SD-WAN Viptela is noticeable and quite complicated to configure. If something breaks, you have to involve TAC and others to fix it. On the contrary, you can work with underlays. Even if your IPsec overlay tunnel is down, it does not impact your production. Thus, we find Fortinet's solution significantly better than Cisco Catalyst SD-WAN solution.
I have used Application-aware Routing in Cisco Catalyst SD-WAN. However, I found it to be very complicated, especially regarding policy writing. For my breakout of VC traffic, we had to write a bunch of IP addresses for Zoom, Webex , and others. Presently, it can only identify Webex as an application, and I highly doubt whether there is any application identification for Zoom and other platforms, as we were not able to find it during our implementation. It is done through static whitelisting of the IPs, which is not a scalable solution since IPs can change at any time. Overall, the application-aware routing policies are not as flexible and scalable as the Internet Service Database feature of Fortinet provides.
The struggles encompass policy writing, logging capabilities, traffic visibility, and complex configuration. There is also the issue of load balancing. We have faced considerable challenges with traffic load balancing between the links. Although the SLA targets are configurable, understanding how traffic flows is challenging, making troubleshooting exceedingly difficult. Overall, I find it a quite complicated solution with not that much operational usability.
For how long have I used the solution?
I have been working with Cisco Catalyst SD-WAN for close to two and a half years now.
What do I think about the stability of the solution?
The basic functionality and the control connections created are complicated, and a simple issue in the control connections between the fabric causes numerous complexities that demand extensive troubleshooting time.
What do I think about the scalability of the solution?
It is done through static whitelisting of the IPs, which is not a scalable solution since IPs can change at any time.
How are customer service and support?
The complexity of Cisco Catalyst SD-WAN Viptela is noticeable and quite complicated to configure. If something breaks, you have to involve TAC and others to fix it.
Which solution did I use previously and why did I switch?
We are using Cisco Catalyst SD-WAN infrastructure primarily because we have invested in it after using ISR 4K routers and the legacy IWAN solution, which is the predecessor of SD-WAN, Intelligent WAN. Since the devices still have an operational life left, we want to leverage that.
What other advice do I have?
I have already settled with Cisco ISE after visiting the website a few months ago where I researched Cisco ISE and other Cisco products. I have already procured the Cisco ISE solution. There are some other products as well. We are using Cisco ACI as well. Cisco ACI stands for Application Centric Infrastructure. Cisco Catalyst SD-WAN Viptela is also being used and we are using Cisco ACI as well. I am not sure how Cisco Catalyst SD-WAN supports cloud environments because our deployment is on-premises. Therefore, I cannot comment on the vAnalytics and other solutions that could enhance security or visibility since I have not used them myself. My overall review rating for this product is four out of five.
Aashiesh Sharrma
Has provided reliable support and improved deployment experience with a simpler interface
Reviewed on Oct 17, 2025
Review provided by PeerSpot
What is most valuable?
In my view, Cisco Catalyst SD-WAN would be less effective when it comes to SD-WAN functions compared to Versa.
The overall operability of Versa is better than Cisco Catalyst SD-WAN . As a seller, I still find Cisco Catalyst SD-WAN to be a little complicated.
The ease of use, interface, and implementation are better with Versa.
Functionality-wise, both Versa and Cisco Catalyst SD-WAN possibly would be at par. I would not comment on that for sure, but from the deployment perspective, I still feel Versa has got an easy interface to get things managed.
The integrated threat protection and end-to-end encryption features in Cisco Catalyst SD-WAN are good.
What needs improvement?
More or less, it's the same with Cisco in terms of complexity and pricing, so there's not much of a difference. They might want to consider incorporating features seen in Versa or other competitors to improve their points.
How are customer service and support?
I would rate the technical support by Cisco as nine out of ten.
That's even a little bit better than what Versa has, because Cisco engineers can be found everywhere compared to Versa. This is an advantage that they carry.
What other advice do I have?
Cisco Catalyst SD-WAN is positioned ideally where customers already have Cisco routers and other equipment, making migration to Cisco Catalyst SD-WAN easier. In these use cases, Cisco Catalyst SD-WAN is very competitive.
When discussing application-aware routing features, this is a standard feature all the OEMs are offering.
Cisco Catalyst SD-WAN would be more expensive compared to Versa. I have been a partner and reseller of both Versa and Cisco.
I rate Cisco Catalyst SD-WAN eight out of ten.
Internet
Reliable Virtual Router for Secure Cloud Connectivity
Reviewed on Aug 21, 2025
Review provided by G2
What do you like best about the product?
Runs on cloud infrastructure, reducing CAPEX also protects traffic with IPsec, TLS, and built-in threat detection are great features for SME & large organizations.
What do you dislike about the product?
Initially configuration & integration with Cisco DNA Center can be challenging without prior Cisco experience but going good when its done.
What problems is the product solving and how is that benefiting you?
The biggest issues get resolved were reliable & secure connectivity, intelligent traffic steering & handled high throughput last one is best part.