Skip to main content

 

Cisco Meraki Documentation

Meraki IPSec to AutoVPN Secure Access Manual Migration Guide

  1. Last updated
  2. Save as PDF

Introduction 

Cisco Secure Access is a cloud-native Security Service Edge (SSE) platform that delivers Zero Trust Access solution designed to provide secure, seamless access to applications for users anywhere, on any device, without the friction of traditional VPNs or older ZTNA solutions. It simplifies IT operations by consolidating multiple security tools into a unified platform, reducing complexity and improving security posture with AI-powered threat detection and granular access controls. 

Cisco has enabled AutoVPN connectivity to Secure Access to simplify its SASE portfolio by converging on a single SSE platform and unified go-to-market strategy. This evolution reduces complexity for partners, sellers, and customers, making it easier to deliver consistent, feature-rich SASE experiences across all market segments. 

As we work towards providing a seamless transition from IPSec to AutoVPN to Secure Access, customers opting to proceed with a manual migration can use this guide which provides best practices and detailed instructions to help ensure a successful and efficient manual migration process.   

Migration Requirements 

Officially, any Meraki organization using  IPSec can be manually migrated to AutoVPN with Secure Access. When considering this manual migration, please take into account the level of effort involved.

General Recommendations: 

  • Organizations with a larger number of IPSec tunnels will require longer downtime to migrate all connections  

  • Number of IPSec tunnels: Any 

 

Migration Limitations 

Consider the following limitations when planning a manual migration to Secure Access 

  • Older MX devices that cannot run firmware 19+ cannot be migrated to AutoVPN (Documentation)  

 

Pre-Migration Preparation 

  • Identify all private applications and their IP addresses and ports that remote users need to access behind MX.

  • Identify IPSec configuration and routing used (static or BGP)

  • Prepare administrative access to the Secure Access dashboard (doc). 

  • Plan for a maintenance window to minimize disruption during migration. 

  • There will be no need to change  policy related configurations during this tunnel connectivity based migration.

Migration Steps  

During your maintenance window:  

  1. Verify and upgrade all your sites to 19+ firmware (Documentation

  2. Integrate Meraki org with Secure Access (Documentation

  3. Enroll your MX sites and devices into Secure Access regions (Documentation

  4. Disable any Meraki IPSec tunnels to Secure Access (Documentation

 

Verification Steps 

It is important to verify all use cases and connectivity during the scheduled downtime window. 

 

  • Verify connectivity from Remote Access VPN users to private applications through Secure Access. 

  • Confirm that posture assessment and access policies are enforced correctly. 

  • Verify ZTNA user can enroll and access private resource 

  • Verify ZTNA user can enroll and is blocked to certain private resource 

  • Verify DNS policy is working as expected 

  • Verify Web policy is working as expected  

 

 

Configuration Removal 

After successful onboarding and validation, remove old Meraki IPSec configurations that are no longer needed. 

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    How-to
  2. Tags
    This page has no tags.