Skip to main content

 

Cisco Meraki Documentation

Getting Started

Getting Started with Secure Connect Documentation

Welcome to Secure Connect! This page is here to assist you with setting up and configuring Secure Connect. If you are unfamiliar with the Secure Connect solution and its use cases, please click here.

To begin, review the Pre-onboarding Checklist below, This will streamline the setup process. After that there are two essential steps for all Secure Connect customers:

  1. Account Setup – In this step, you will create (for new customers) and link your Meraki and Umbrella accounts. This will provide a seamless experience between the two dashboards.
  2. Connect a site or sites to the Secure Connect cloud

If you have Secure Connect Complete and need to connect remote users, then you will need to follow these steps:

  1. Set up an identity provider - This will be used to authenticate remote users connecting to the network through Remote Access or to an application using Zero Trust Network Access (ZTNA).
  2. For remote access:
    1. Configure Remote Access
    2. Define Private Application for Network-based Access
    3. Establish Network Access Policies
  3. For ZTNA, create a Private Application for Browser-based Access

Finally, configure the DNS, Firewall, and Web Internet Access policies. There are default policies in place to provide a basic level of security. It is recommended that you review and customize the policies for your organization's needs.

Pre-onboarding Checklist

Configuring Cisco Secure Connect will require some information about your organization.  This checklist will help you gather the needed information along with provide some recommended things to consider before you start the onboarding process.

Connecting Sites
  • Review the Design Guide.  With Secure Connect you have the option to route your private application traffic through the Secure Connect backbone or through the traditional Meraki Hub and Spoke SD-WAN network.
  • Branch offices names and locations
  • The manufacture and model information for on-site routers or firewalls that will be connecting to the Secure Connect cloud.  For devices that are not Cisco Meraki MXs/Z or Cisco SD-WAN (Viptela), you will need the WAN IP address of that device.
Configuring Remote Access:
  • Your internal DNS server addresses
  • Your organization’s domain names
  • A list of the private applications (those located in a data center or running in an IaaS environment such as AWS, Azure or GCP) that remote workers will need to access.
    • For those applications, you will need the server IP address and TCP/UDP port number.
  • If you are using remote access, you will need to identify a unique IP address pool for each Secure Connect data center that you plan to use
Preparing to deploy Secure Connect:

After you gather that information, please review the following questions:

  • Which people will need administrative access to the Secure Connect dashboard?
  • Which Secure Connect data center(s) should you use? (A list of data centers can be found here.)
  • How will each private application need to be access – Clientless (browser-based) ZTNA, Client-based ZTNA or Client-based VPN Access, or all?
  • Remote access and some features for internet usage policy enforcement (CASB, for example) require user authentication and provisioning services.  What Identity Provider (IdP) you will be using for those services? More info on IdP can be found here.
  • If you are using Client-based VPN Access , you will need to decide if you will be implementing traffic steering, which allows you to specify what end-point traffic goes through the VPN tunnel and what traffic goes directly to the Internet.  More info on traffic steering can be found here.

If are you are planning to utilize Client-based VPN Access, read more about Cisco Secure Client by going to www.cisco.com/go/secureclient.