This configuration enables devices to establish a secure link with the Cisco SEA cloud portal for enhanced security and access management.
Before you begin
API key
-
In the Cisco SEA cloud portal, create an API key to enable devices to establish a secure link with the Cisco SEA cloud portal.
For information about creating an API key, see the Cisco Secure Equipment Access documentation on the Cisco DevNet site. When you generate the API key, if there is an option to enable the key for external controller integration, choose that option.
-
Copy the API key and have it ready for the procedure.
Connectivity
The devices in your network that operate with Cisco SEA require network reachability to the Cisco SEA cloud portal. Ensure that your network topology provides this reachability.
Remote server
In Cisco Catalyst SD-WAN Manager Release 20.16.x, set up a remote server. This is a locally hosted file server, required to host the Cisco SEA Agent image. Refer to the Register Remote Server section of the Cisco Catalyst SD-WAN Monitor and Maintain Configuration Guide for setup instructions.
Follow these steps to configure a connection to a Cisco Secure Equipment Access portal in the Network Hierarchy:
Procedure
SUMMARY STEPS
- From the Cisco SD-WAN Manager menu, choose .
- Click External Services.
- In the Secure Equipment Access Cloud pane, enter these:
- Click Save.
- If you are using Cisco Catalyst SD-WAN Manager Release 20.16.x, do this:
DETAILED STEPS
|
1. |
From the Cisco SD-WAN Manager menu, choose . |
|
2. |
Click External Services. |
|
3. |
In the Secure Equipment Access Cloud pane, enter these:
Table 1.
Secure equipment access cloud pane
| Field |
Description |
| Cluster access type |
Choose an API key option:
|
| API Key |
(This field appears if you choose Manual in Cluster access type.) Enter the API key that you generated in the Cisco SEA cloud portal.
Note
Starting from SD-WAN Manager 26.1.1.1, you can edit the Secure Equipment Access (SEA) API key in the Secure Equipment Access Cloud window for external services. Updating the API key does not require stopping any running configurations. You must re-deploy the configuration groups after updating the SEA API key.
|
| Select Secure Equipment Access Cluster |
(This field appears if you choose Auto in Cluster access type.) Choose the cluster name associated with your Cisco SEA cloud portal account. Click Connect and log in with your Cisco SEA cloud portal credentials. |
| VPN |
VPN providing reachability between devices and the Cisco SEA cloud portal.
Note
|
| Proxy |
If devices in your network require a proxy for connectivity between devices and the Cisco SEA cloud portal, enter the IP address of the proxy.
Note
|
|
|
4. |
Click Save.
|
|
5. |
If you are using Cisco Catalyst SD-WAN Manager Release 20.16.x, do this:
-
Open Maintenance > Software Repository > Remote server.
-
Edit the automatically created remote server called: SEA-RemoteServer to use the locally hosted remote server that you have configured.
-
Change the IP address to use the locally hosted remote server that hosts the SEA Agent image.
Note
From Cisco Catalyst SD-WAN Manager Release 20.18.1 or later, SD-WAN Manager does not automatically create a remote server entry.
|
What to do next
From Cisco Catalyst SD-WAN Manager Release 20.18.1 or later, upload the Cisco SEA application to SD-WAN Manager to connect to the Cisco SEA cloud.