Skip to main content
Cisco Meraki

Cisco+ Secure Connect Remote Access Setup

Graphical user interface, diagram, application

Description automatically generated

Prerequisites 

Requirement

Details

Private DNS server IP addresses Servers used to resolve private application names
Corporate domain name Domains that must be resolved to access private applications 
Client IP address pools North America and Europe have 4 data centers  each. Each region specified must have a complete set (4) address pools. These pools cannot overlap with existing internal addresses/subnets in use
Any subnets that require tunnel bypass You may want to direct specific traffic, such as DNS, to bypass (route outside of) the tunnel 
Datacenter gateway device The physical or software device on the data center side of the VPN connection. Any IKEv2 compatible device is supported, however, configuration details will vary.  
Datacenter gateway device IP The internet-routable IP address for the device's external interface 
Datacenter gateway IKEv2 pre-shared key The combination of the gateway device IP and the pre-shared key is used for tunnel establishment

Onboarding 

In order to begin, you'll first need to tie Cisco Meraki and Cisco Umbrella management together for a seamless experience.  For further instructions, see Cisco+ Secure Connect Onboarding

Remote Access Setup (Get Started) 

  1. Get Started with Secure Connect from the main homepage and click - Set up Remote Access

popup.png

Figure 1: Get Started with Secure Connect Pop-Up 

Alternately, Navigate to Secure Connect -> Configure ->Remote Access Setup to begin the setup process

  1. This "checklist" guides you through the main remote access configuration tasks.  As each task is completed, the progress bar advances. These tasks can be done in any order, however, the steps below begins at  top of this checklist at Setup Remote Access Service

setup.png

Figure 2: Remote Access Get Started Checklist

Set Up Remote Access Service  

Purpose: Setup the network configuration, traffic steering, AnyConnect settings and, Datacenter regions. 

  1. Click Set Up Remote Access Service. For further details see: Remote Access Service Setup

Set Up Secure Access Tunnels

  1.  Click Set Up Secure Access Tunnels.  For further details seeSet Up Secure Access Tunnels

Configure SAML 

  1. Click Configure SAML
  2. Click ADD in the upper right hand corner of the screen 

SAMLadd.png
Figure 3: Begin SAML configuration

  1. Follow the wizard to configure a SAML IdP.   For more information, please see our SAML Guides
  2. In the upper right hand corner of the screen, click Return to Cisco Plus Secure Connect 

secureconnectbutton.png
Figure 4: Return to Secure Connect

Provision Users and Groups  

Provision users and groups from your selected SAML IdP for use in Umbrella policies and for user identification in reports 

  1. Select your identity provider and click the  to expand the tab for further configuration details 
  2. Follow the instructions to complete provisioning 

  3. Once provisioning is complete, you will see the list of users and groups downloaded from the identity provider.  

 
Figure 5: Active Directory Provisioning Example 

 

  1. In the upper right hand corner of the screen, click Return to Cisco Plus Secure Connect 

secureconnectbutton.png
Figure 6: Return to Secure Connect

AnyConnect Client  
  1. Ensure the AnyConnect client device is running 4.10 or later 

  2. Note one of the remote access location’s FQDN from Deployments > Configuration > Remote Access 

  3. a. After a client connects for the first time it will download all available locations 

  4. Add the FQDN as a new VPN connection in the AnyConnect client 

  5. Only use the FQDNs.  Using an IP address will not work 

     

  • Was this article helpful?