Configuring Cisco+ Secure Connect will require some information about your organization. This checklist will help you gather the needed information along with provide some recommended things to consider before you start the onboarding process.
Cisco+ Secure Connect will need the following information:
For Secure Internet Access:
- Branch offices names and locations
- The manufacture and model information for on-site routers or firewalls that will be connecting to Cisco+ Secure Connect clouds. For devices that are not Cisco Meraki MXs or Cisco SD-WAN (Viptela), you will need the WAN IP address of that device.
For Secure Remote Access:
- Your internal DNS server addresses
- Your organization’s domain names
- A list of the private applications (those located in a data center or running in an IaaS environment such as AWS, Azure or GCP) that remote workers will need to access.
- For those applications you will need the server IP address and TCP/UDP port number
- If you are using client-based remote access, you will need to an identify unique IP address pool for each Cisco+ Secure Connect data center that you plan to use
Preparing to deploying Cisco+ Secure Connect:
After you gather that information, please review the following questions:
- Which people will need administrative access to the Cisco+ Secure Connect dashboard?
- Which Cisco+ Secure Connect data center(s) should you use? (A list of data centers can be found here.)
- How will each private application need to be access – clientless (ZTNA), client (VPN) or both?
- Remote access and some features for internet usage policy enforcement (CASB, for example) require user authentication and provisioning services. What Identity Provider (IdP) you will be using for those services? More info on IdP can be found here.
- If you are using client -based remote access, you will need to decide if you will be implementing traffic steering, which allows you to specify what end-point traffic goes through the VPN tunnel and what traffic goes directly to the Internet. More info on traffic steering can be found here.
Finally, if are you are planning to utilize client-based remote access, read more about Cisco Secure Client by going to www.cisco.com/go/secureclient or clicking here.