Outlines prerequisites for Cisco Secure Equipment Access integration with Cisco Catalyst SD-WAN.
Network reachability to the Cisco secure equipment access portal
Before deploying a configuration group that includes the Cisco SEA feature, ensure that the routers in the network that will run the Cisco SEA agent application have network reachability to the Cisco SEA cloud portal.
-
Deploy a configuration group to a set of devices to establish reachability to a Cisco SEA cloud portal.
-
Deploy a configuration group to a set of devices to enable Cisco SEA on the devices. After you confirm reachability in the previous step, you can modify the same configuration group that you used in that step, adding the Cisco SEA feature, and deploy the configuration group to the devices.
This same requirement applies when you add devices to a configuration group that has the Cisco SEA feature and that you have deployed to devices already. If you want to deploy the configuration group to additional devices, make note of the above and first establish reachability to a Cisco SEA cloud portal for the additional devices.
Virtual port group interfaces
The Cisco SEA application requires virtual port group (VPG) interfaces 7 to 10 to be available. Ensure that these VPG interfaces are not configured for use with a different application.
The Cisco SEA application uses VPG interface 7 to connect to the Cisco SEA cloud portal, and reserves VPG interfaces 8 to 10 to connect to remote assets. For restrictions that apply to virtual port groups, see Restrictions for Cisco secure equipment access integration.
IP address for virtual port group interface 7
For each router, configure an IP address for VPG interface 7 connectivity to the Cisco SEA cloud portal.