Remote Access Deployment

Getting Started with Configure remote access service

1. Get started with navigate to Secure Connect -> Identities & Connections -> Remote Access to begin the setup process.

2. Once you are in the Remote Access page, a service wizard will guide you through Configure regions and DNS Servers. You will need to complete these two minimum requirements to get your Remote Access journey starts.

3. Configure regions will allow you to choose your locations under Asia Pacific, Europe and North America regions.

Select the Secure Connect data center Location where your client VPN tunnels will terminate. You can choose single or multiple regions based on your own architecture design.

A Location is added by entering an private IP address range in the Assigned IP pool field. Display Name is optional, if you are willing to use the default name, leave the space blank and the grey-out default name will be automatically populated once you click Save button.

There are a few things to be aware when configuring Locations.

• A minimum of two locations must be added per region.   
• The IP address ranges must be in the private address space defined in RFC1918 in CIDR format.
• The largest and smallest supported IP range is x.x.x.x/16 and x.x.x.x/28.
• The IP address ranges you choose for your remote client must not be overlapped with any other address ranges in your internal network. 
• Changing the Display Name is an optional step.
• Leave the Location space blank if you do not want to use that location or if you are using Reserved IP already. To learn more about Reserved IP, please check this link.

4. Add the IP address(es) of the DNS Server(s).  Secure Client will use these servers to resolve applications accessed through the tunnel.
Add a Default domain for DNS resolution and additional DNS Names (optional) in the respective fields and Click Save.

5. After complete and save your configurations. The new page will show you that your selected Remote Access locations has been successfully provisioned. To make any changes or verify configuration, select each tab or click Configure Regions to edit regions/locations head-end.

There are a few items to be noted:

• FQDN - The unique FQDN sitting on the top left corner is used for remote users connecting to remote access VPN through Cisco Secure Client, it will find the remote user's nearest geographical location from your provisioned list. 

• Secure Client - Click Downloads button under Secure Client, you can download the latest version of Secure Client software in Windows, MacOS and Linus operating systems. You can also download XML file for your MDM solution.

• Task Wizard (Tasks to enable Remote Access) - You will see a task checklist wizard on the top of the Remote Access page.
  • By default, it is collapsed
  • You can always expand it to check what tasks left to be completed. As each task is completed, the progress bar advances. 

Configure identity provider to provision users

Once you completed Configure remote access service, to complete the whole experience of Remote Access. You need to configure your remote users, please check Configure and provision users to complete deployments.