Figure 1: Secure Private Access Tunnel
An IPsec (Internet Protocol Security) IKEv2 (Internet Key Exchange, version 2) tunnel is used to securely forward traffic from Cisco Umbrella to the destination networks of the private applications. For more details on supported IPSec parameters, reference Supported IPSec parameters
Create a new Tunnel
Click ADD in the upper right hand corner of the screen
Enter a Tunnel Name, select the correct datacenter Device Type and click Save
Figure 2: Add a secure access tunnel
If both Private Access (for remote users) and Secure Internet Access (for branch location access) tunnels, TWO separate tunnels are required today. It is not possible to use a single tunnel for both types of access. Creating multiple tunnels from the same device is possible with some devices. For more details, see Can-I-create-multiple-IPSEC-Tunnels
Specify the Service Type as Private Access
Figure 3: Configure private access service
Client Reachable Prefixes -enter in a subnet or the subnets that remote users need to access. Traffic destined to these subnets are sent securely through the tunnel.
Figure 4: Specify tunnel traffic
Configure Tunnel ID and Passphrase
- Set a Tunnel ID and Passphrase. These values must match the respective values on the datacenter device. For more details see: Network Tunnel Configuration
a. For Cisco devices, reference the instructions here
b. For non-Cisco devices, reference the instructions here
If a tunnel is showing as “Not Established” (Deployments > Network Tunnels page) check the device has been configured using our supported IPsec paramters.
If a tunnel is showing as “Inactive” ensure traffic is being generated which should be routed down the VPN.
Secure Access Tunnel Provisioning is complete!!!
Figure 5: Return to Secure Connect link
In the upper right hand corner of the screen, click Return to Cisco Plus Secure Connect