Guides
Secure Access Help Center

Solution Workflow

This topic describes how context sharing between Catalyst SD-WAN and Secure Access works for VPN ID.

  1. Catalyst SD-WAN Manager integrates with Cisco Secure Access using SSE cloud credentials.
  2. Cisco Secure Access learns VPN identities using APIs (out-of-band).
  3. In Catalyst SD-WAN Manager, the Secure Service Edge policy group is configured to share VPN context in IPsec tunnels.
  4. Once the tunnels are up, VPN ID context is shared in the IPsec metadata header inline.
  5. VPN identities are leveraged in Secure Access internet access rules.
  6. Packets with VPN ID context are then subject to Secure Access policy match as source objects.

Note: VPN-ID context sharing is optional.

Related Information

Cisco Catalyst SD-WAN Getting Started Guide Cisco Catalyst SD-WAN Getting Started Guide

Cisco Catalyst SD-WAN Security Configuration Guide Cisco Catalyst SD-WAN Security Configuration Guide

Cisco Catalyst SD-WAN Segmentation Configuration Guide Cisco Catalyst SD-WAN Segmentation Configuration Guide

Components and Prerequisites < Solution Workflow > Configure Context Sharing between Catalyst SD-WAN and Secure Access

Updated about 2 months ago