Skip to main content
Cisco Meraki

Cisco+ Secure Connect -Setting Up Secure Access Tunnels ( Non- Meraki )

Figure 1: Secure Private Access Tunnel

An IPsec (Internet Protocol Security) IKEv2 (Internet Key Exchange, version 2) tunnel is used to securely forward traffic from Cisco Umbrella to the destination networks of the private applications. For more details on supported IPSec parameters, reference Supported IPSec parameters 

Create a new Tunnel

  1. Click ADD in the upper right hand corner of the screen 

  2. Enter a Tunnel Name, select the correct datacenter Device Type and click Save 

Figure 2: Add a secure access tunnel

Configure Tunnel

Multiple Tunnels

If both Private Access (for remote users) and Secure Internet Access (for branch location access) tunnels, TWO separate tunnels are required today. It is not possible to use a single tunnel for both types of access.   Creating multiple tunnels from the same device is possible with some devices. For more details, see Can-I-create-multiple-IPSEC-Tunnels

  1. Specify the Service Type as Private Access 

Figure 3: Configure private access service

  1. Client Reachable Prefixes -enter in a subnet or the subnets that remote users need to access. Traffic destined to these subnets are sent securely through the tunnel. 

Figure 4: Specify tunnel traffic

Configure Tunnel ID and Passphrase

  1. Set a Tunnel ID and Passphrase. These values must match the respective values on the datacenter device.  For more details see: Network Tunnel Configuration 

a. For Cisco devices, reference the instructions here

b. For non-Cisco devices, reference the instructions here


Please note that the following DC's are enabled for Secure Connect so please use the below IP while connect to tunnel headend



Los Angeles, CA


Santa Clara, CA


New York, NY


Ashburn, VA


London, UK


Frankfurt, DE


Paris, FR


Prague, CZ

  • If a tunnel is showing as “Not Established” (Deployments > Network Tunnels page) check the device has been configured using our supported IPsec paramters.   

  • If a tunnel is showing as “Inactive” ensure traffic is being generated which should be routed down the VPN.   

Secure Access Tunnel Provisioning is complete!!!

Figure 5: Return to Secure Connect link

  1. In the upper right hand corner of the screen, click Return to Cisco Plus Secure Connect 

    1. Once the tunnel is established traffic will not flow until traffic, such as a ping, is sent from the network where the private application resides.  Once this is complete, traffic will flow bidirectionally.  
  • Was this article helpful?