Device Compatibility and Network Tunnels

Secure Access connects and secures traffic from IPsec tunnels established by various network devices. A network device must have the capability to configure an IPsec (Internet Protocol Security) IKEv2 (Internet Key Exchange, version 2) tunnel and connect to Secure Access.

Table of Contents

IPsec Tunnel Requirements

IPsec tunnels for Secure Access must have an MTU that is no larger than 1280 bytes. Secure Access automatically clamps the TCP MSS to 1240 or below.

Fragmented packets in underlay or overlay are dropped. Slightly larger MTU and MSS may work depending on your IPsec configuration. For more information about establishing tunnels to Secure Access, see the tunnel configuration topics found in Network Tunnel Configuration.

Supported Devices for Setting Up IPsec Tunnels

Secure Access integrates with network devices that can create compatible IPsec tunnels. We provide guides to configure tunnels from various network devices. For devices where the setup is not documented, we cannot guarantee that the device can establish an IPsec tunnel to Secure Access.

PlatformSoftware Version
Cisco Meraki MX
*Configure Tunnels with Meraki MX
Cisco Catalyst SD-WAN (formerly known as Viptela) cEdge and vEdge
* Configure Tunnels with Cisco Catalyst SD-WAN cEdge and vEdge
18.4.5+, 19.2.3+
Cisco ISR-G2
* Configure Tunnels with Cisco ISR
Cisco ASA
* Configure Tunnels with Cisco Adaptive Security Appliance (ASA)
Cisco ASA v9.8
Cisco FTD
* Configure Tunnels with Cisco Secure Firewall
6.4+ ( 6.7 when using VTI)

Manage Network Tunnel Groups < Device Compatibility and Network Tunnels > Add a Network Tunnel Group