Guides
Secure Access Help Center

Configure Context Sharing Between Catalyst SD-WAN and Secure Access

This topic describes how to set up context sharing between Catalyst SD-WAN and Secure Access for VPN IDs.

Table of Contents

Prerequisites

  • Make sure DNS and ip domain-lookup command is configured on vpn0 for devices and cisco sd-wan manager with both having internet access.
  • NAT needs to be enabled on the WAN of SD-WAN edge internet interface.
  • Re-directing branch internet/SaaS-bound traffic from the branch LAN towards Cisco Secure Access can be done using the SSE default route in config-group or policy-group (data policy for specific application based redirect). See documentation for more details.
  • Supported using config-group/policy-group infra only on Catalyst SD-WAN manager.

Generate API Key Pair for Context Sharing

To configure the API keys needed for Catalyst SD-WAN Manager and Cisco Secure Access to share information, you need to generate key pair from Cisco Secure Access.

  1. Log into Cisco Secure Access and navigate to Admin > Management > API Keys.
  2. In the upper right, click the Add button.
  3. From within the Key Scope section, expand Deployments and select Identities.
  4. Set the scope to Read/Write.
  1. When all scopes are defined, click CREATE KEY. Copy and save the resulting key and secret.

Create Cisco Secure Access Credentials

  1. In another browser tab, log into Catalyst SD-WAN Manager, and navigate to Administration > Settings > Cloud Credentials.

  2. Enable Cisco SSE.

  3. Paste your Secure Access Organization Id, Api key, and Secret.

  4. Enable Context Sharing.

  5. Click Add.

Add Secure Service Edge (SSE) Policy Group

  1. Navigate to Configuration > Policy Groups > Secure Internet Gateway/Secure Service Edge.
  2. Click Add Secure Service Edge (SSE) to configure the SSE connectivity policy.

Enable Context Sharing

  1. Under SSE Provider, select Cisco Secure Access.

  2. Under Context Sharing, enable VPN and/or SGT for context sharing for your SSE policy.

  3. Click Save.

    Solution Workflow < Configure Context Sharing between Catalyst SD-WAN and Secure Access > Verify and Monitor Context Sharing

Updated about 2 months ago