Verify and Monitor Context Sharing
This topic describes how verify context sharing between Catalyst SD-WAN and Secure Access for VPN IDs.
Table of Contents
- Verify Context Sharing in Secure Access
- Monitor Context Sharing in SD-WAN Manager
- Monitor Secure Access Tunnels using the CLI
- Activity Search in Secure Access
- Related Information
Verify Context Sharing in Secure Access
Service VPN IDs from Catalyst SD-WAN are automatically added to Secure Access as source resources when enabled from the SD-WAN Manager. Once added, these VPN IDs can be used when configuring access rules.
- Navigate to Resources > Sources and Destinations > SD-WAN Service VPN IDs to verify that the VPN IDs are shared as resources.
- Navigate to Secure > Policy > Access Policy.
- Click the Add Rule drop down and choose Internet Access to verify that the VPN IDs are shared as source objects for internet access rules.
- From the Select sources drop down, choose Catalyst SD-WAN Service VPN IDs as a rule source.
From there, you can select Any Catalyst SD-WAN Service VPN ID, which will include all existing and future VPN IDs in the rule. Alternately, you can select any (or all) existing VPN IDs for more granular internet access rules.
Monitor Context Sharing in SD-WAN Manager
You can view information about the Cisco Secure Access tunnels that you have configured from a Cisco Catalyst SD-WAN device.
- Under SD-WAN Manager Tunnel monitoring Dashboard.
-
Monitor Secure Access Tunnels using the CLI
To view information about the Cisco Secure Access tunnels that you have configured from a Cisco Catalyst SD-WAN device, use the show sse all command.
Device# show sse all
***************************************
SSE Instance Cisco-Secure-Access
***************************************
Tunnel name : Tunnel15000001
Site id: 2678135102
Tunnel id: 617865691
SSE tunnel name: C8K-63a9b72b-f1fa-4973-a323-c36861cf59ee
HA role: Active
Local state: Up
Tracker state: Up
Destination Data Center: 52.42.220.205
Tunnel type: IPSEC
Provider name: Cisco Secure Access
Context sharing: CONTEXT_SHARING_SRC_VPN
Tunnel name : Tunnel15000002
Site id: 2678135102
Tunnel id: 617865691
SSE tunnel name: C8K-63a9b72b-f1fa-4973-a323-c36861cf59ee
HA role: Backup
Local state: Up
Tracker state: Up
Destination Data Center: 44.241.136.173
Tunnel type: IPSEC
Provider name: Cisco Secure Access
Context sharing: CONTEXT_SHARING_SRC_VPN
Activity Search in Secure Access
To search for activity from the sources in your environment over a selected time period, use the Activity Search report. The report lists all security (and non-security) activity for the sources reporting to Secure Access for the selected time period.
-
Navigate to Monitor > Reports > Activity Search. This takes you to the default view of the Activity Search report, which lists all of your identities and the internet requests or traffic events for your organization, tracked over time.
-
Hover over individual column values to apply it as a search filter or to exclude it from the search.
Related Information
For more information:
Configure Context Sharing between Catalyst SD-WAN and Secure Access < Verify and Monitor Context Sharing > About Cisco Security for Chromebooks
Updated 3 months ago