Configure Context Sharing Between Catalyst SD-WAN and Secure Access
This topic describes how to set up context sharing between Catalyst SD-WAN and Secure Access for VPN IDs.
Table of Contents
Prerequisites
- Make sure DNS and ip domain-lookup command is configured on vpn0 for devices and cisco sd-wan manager with both having internet access.
- NAT needs to be enabled on the WAN of SD-WAN edge internet interface.
- Re-directing branch internet/SaaS-bound traffic from the branch LAN towards Cisco Secure Access can be done using the SSE default route in config-group or policy-group (data policy for specific application based redirect). See documentation for more details.
- Supported using config-group/policy-group infra only on Catalyst SD-WAN manager.
Generate API Key Pair for Context Sharing
To configure the API keys needed for Catalyst SD-WAN Manager and Cisco Secure Access to share information, you need to generate key pair from Cisco Secure Access.
- Log into Cisco Secure Access and navigate to Admin > Management > API Keys.
- In the upper right, click the Add button.
- From within the Key Scope section, expand Deployments and select Identities.
- Set the scope to Read/Write.
- When all scopes are defined, click CREATE KEY. Copy and save the resulting key and secret.
Create Cisco Secure Access Credentials
-
In another browser tab, log into Catalyst SD-WAN Manager, and navigate to Administration > Settings > Cloud Credentials.
-
Enable Cisco SSE.
-
Paste your Secure Access Organization Id, Api key, and Secret.
-
Enable Context Sharing.
-
Click Add.
Add Secure Service Edge (SSE) Policy Group
- Navigate to Configuration > Policy Groups > Secure Internet Gateway/Secure Service Edge.
- Click Add Secure Service Edge (SSE) to configure the SSE connectivity policy.
Enable Context Sharing
-
Under SSE Provider, select Cisco Secure Access.
-
Under Context Sharing, enable VPN and/or SGT for context sharing for your SSE policy.
-
Click Save.
Solution Workflow < Configure Context Sharing between Catalyst SD-WAN and Secure Access > Verify and Monitor Context Sharing
Updated about 1 month ago