Secure Access Help Center

Reserved IP

A reserved IP is a single-tenant public IP address deployed on Cisco Secure Access. The reserved IP maps to a unique source IP address for your organization's web traffic and is not shared with any other Secure Access instance. Secure Access NAT as a Service (NATaaS) manages the web traffic egressing from the secure web gateway on your reserved IP.

Note: Reserved IP is available only for web traffic protected by the Secure Access secure web gateway.

Table of Contents

Network Requirements

For Reserved IP, Secure Access designates an IP address only for your organization's web traffic from the secure web gateway. For more information about the Secure Access IP address range for web traffic, see Secure Access NAT as a Service.

Deployment of the Reserved IP

🚧

Important

Before Cisco can assign the reserved IP address to your organization, your must contact your Cisco partner or sales representative and order your reserved IP address.

  • Reserved IP is available only for web traffic protected by the Secure Access secure web gateway.
  • Cisco Secure Access does not support reserving contiguous IP addresses.
  • Once Secure Access deploys the reserved IP for your organization, any web traffic that is forwarded to the provisioned cloud provider region uses the reserved IP for all web traffic.

Known Limitations

Secure Access has known limitations for the use of Reserved IP.

Remote Browser Isolation

  • Remote Browser Isolation (RBI) is not supported by Reserved IP. Applications or services that require a reserved IP address should not use remote browser isolation.

Reserved IP Surrender

When an organization surrenders one or more reserved IPs back to Cisco, the reserved IPs become available to other organizations for provisioning. Reserved IP addresses are not transferable from one AWS region to another. For more information, see Reserved IP Supplemental Terms.

Port Exhaustion

Port exhaustion is unlikely to occur. However, if port exhaustion does occur, the session is dropped and the client on the user device retries the connection.

Reporting and Reserved IP

The Activity Search report has two filters associated with Reserved IP.

  • Egress IP Type—The egress IP type, choose either Shared or Reserved.
  • Egress Data Center—The list of available Secure Access data centers.

To filter by Egress IP Address, use the IP Address filter field. For more information, see Advanced Search.

Calculate Your Maximum Sessions

Determine the maximum sessions available in a Secure Access instance.

This formula illustrates the way in which Reserved IP maps sessions to a single reserved IP.

sIP x sP x dIP x dP x nP
  • sIP (Source IP)— A single source IP address. For example, use a value of 1.
    Secure Access supports more than one source IP address at a time. The source IP address the egress IP from your organization's premises or from a roaming user device.
  • sP (Source Ports)—We do not restrict source ports. Use the value of 65536 for the full port range of 65,536 potential source ports.
  • dIP (Destination IPs)—The total number of destination IPs, which clients can use to establish a session.
    To determine the greatest number of sessions supported, use the total possible number of public IPv4 addresses 3,706,452,992.
    To determine the fewest number of sessions supported, use 1. A value of 1 emulates a fully qualified domain name (FQDN) that only supports a single IP address. All clients establish a session with the same FQDN.
  • dP (Destination Ports)—We do not restrict ports. Use the value of 65536 for the full port range of 65,536 destination ports.
  • nP (Number of Protocols)—Secure Access only supports TCP. Use a value of 1 for TCP.

Example

1 x 65536 x 1 x 65536 x 1 = 4294967296

Secure Access NAT as a Service < Reserved IP > Reserved IP Supplemental Terms

Updated 29 days ago