Cisco Secure Connect - Defining Private Applications

Last updated
Save as PDF

Overview

A private application is an application that is hosted within a private datacenter or private cloud. Cisco Secure Connect enables organizations to control access to an application to users connecting via client-based remote access (VPN) or via clientless remote access (ZTNA). The first step is to define your applications in Cisco Secure Connect.

Configuration Steps

From the Secure Connect menu, navigate to Identities & Connections -> Applications.

Screenshot 2023-06-02 at 9.43.53 AM.png

Navigate to Private Apps tab and look to the upper right-hand corner, and choose Add App

Screenshot 2023-10-30 at 8.23.51 PM.png

Give your application a good descriptive Name and Description

Select Network Based Access and/or Browser Based Access based on how the application will be accessed

Network-Based Access

Create an application as a object which can be used to control access from RAVPN and branch users. The app will be listed under destination criteria in the Secure Connect -> Cloud Firewall rules designated as Private App and Network type.

Name of the application
Description (optional)
Enable the Network Based Access option
Enter the IP address and port information
Select the protocol - TCP, UDP, ICMP or Any.

Documentation - Private Apps NAP.png

One the app is created, you can click on in and review details on its settings.

Browser-Based Access

Create an application as a object which can be used to control access from external browser-only users. The app will be listed under destination criteria in the Secure Connect -> Policies -> Browser Access rules.

Name of the application
Description (optional)
Enable the Browser Based Access option
Enter the IP address and port information
Select the protocol HTTP/HTTPS
SNI (Server Name Indication) field (optional) - this is the SNI field the proxy should use while connecting to the private application
Enable/Disable the application certificate - Proxy should validate the application certificate or not while connecting to the application.
Click on Generate for the External URL - this is the URL you can use to access the application.

Documentation - Private Apps BAP.png

Note: Validate Application Certificate - If the application is configured to use HTTPS, this toggle tells the proxy to validate the certificate presented by the application web server (with public Root CAs) or don't validate it and just accept any certificate

Scroll down to add the application to an Application Group (optional) and press Save.

Documentation - Private Apps App Group.png

Once app is created, you can click on it and review the settings.

API Endpoint

The Secure Connect Private Application API endpoint incorporates CRUD (Create, Read, Update, Delete) operations, serving as a versatile interface for managing private applications within a given organization.

With these operations, users have the ability to programmatically create new private applications, retrieve details of existing applications, modify properties of specific applications, and remove applications as needed.

This capability ensures efficient management and control of the private applications lifecycle in a Meraki environment.

For additional information on the Private Application API endpoint, see Secure Connect Private Application API Reference
For a sample Python code (Import private applications from a CSV file), see Meraki Secure Connect Private Applications Import Script

This is an early access API endpoint.
To opt-in for early access APIs, navigate to Organization > Early Access -> Early API Access.

Keep in mind that this API endpoint might be subject to changes.

Next Steps

For additional information on network-based access policy rules for RAVPN and Branch users, see Cloud Firewall Private App and Network rules.

For additional information on browser-based access policy rules for external users, see Configure Browser Access Policy.