Cisco Secure Connect Pre-configuration Checklist

Secure Connect will need the following information:

For Secure Internet Access:

1. Branch offices names and locations
2. The manufacture and model information for on-site routers or firewalls that will be connecting to the Secure Connect cloud.  For devices that are not Cisco Meraki MXs or Cisco SD-WAN (Viptela), you will need the WAN IP address of that device.

For Secure Remote Access:

3. Your internal DNS server addresses
4. Your organization’s domain names
5. A list of the private applications (those located in a data center or running in an IaaS environment such as AWS, Azure or GCP) that remote workers will need to access.
6. For those applications you will need the server IP address and TCP/UDP port number
7. If you are using client-based remote access, you will need to an identify unique IP address pool for each Secure Connect data center that you plan to use

Preparing to deploying Secure Connect:

After you gather that information, please review the following questions:

8. Which people will need administrative access to the Secure Connect dashboard?
9. Which Secure Connect data center(s) should you use? (A list of data centers can be found here.)
10. How will each private application need to be access – clientless (ZTNA), client (VPN) or both?
11. Remote access and some features for internet usage policy enforcement (CASB, for example) require user authentication and provisioning services.  What Identity Provider (IdP) you will be using for those services? More info on IdP can be found here.
12. If you are using client -based remote access, you will need to decide if you will be implementing traffic steering, which allows you to specify what end-point traffic goes through the VPN tunnel and what traffic goes directly to the Internet.  More info on traffic steering can be found here.

Finally, if are you are planning to utilize client-based remote access, read more about Cisco Secure Client by going to www.cisco.com/go/secureclient or clicking here.