Solution Workflow
This topic describes how context sharing between Catalyst SD-WAN and Secure Access works for VPN ID.
- Catalyst SD-WAN Manager integrates with Cisco Secure Access using SSE cloud credentials.
- Cisco Secure Access learns VPN identities using APIs (out-of-band).
- In Catalyst SD-WAN Manager, the Secure Service Edge policy group is configured to share VPN context in IPsec tunnels.
- Once the tunnels are up, VPN ID context is shared in the IPsec metadata header inline.
- VPN identities are leveraged in Secure Access internet access rules.
- Packets with VPN ID context are then subject to Secure Access policy match as source objects.
Note: VPN-ID context sharing is optional.
Related Information
Cisco Catalyst SD-WAN Getting Started Guide Cisco Catalyst SD-WAN Getting Started Guide
Cisco Catalyst SD-WAN Security Configuration Guide Cisco Catalyst SD-WAN Security Configuration Guide
Cisco Catalyst SD-WAN Segmentation Configuration Guide Cisco Catalyst SD-WAN Segmentation Configuration Guide
Components and Prerequisites < Solution Workflow > Configure Context Sharing between Catalyst SD-WAN and Secure Access
Updated 3 months ago