Cisco Catalyst SD-WAN Solution Integrations Guide, Releases 26.x and Later

PDF

Restrictions for Cisco secure equipment access integration

Want to summarize with AI?

Log in

Outlines limitations and constraints when integrating Cisco Secure Equipment Access with Cisco SD-WAN Manager.


Single Cisco SEA cloud portal

Cisco SD-WAN Manager can connect to only a single Cisco SEA cloud portal.

Single Cisco SD-WAN Manager

A single organization, as defined in the Cisco SEA cloud portal, can connect to only one Cisco SD-WAN Manager. This has consequences for a Cisco SEA cloud portal that is operating in a multitenant environment, because a Cisco SD-WAN Manager instance represents a single organization.

Virtual port groups (VPG) and remote asset connectivity

The Cisco SEA application uses VPG interface 7 to connect to the Cisco SEA cloud portal, and reserves VPG interfaces 8 to 10 to connect to assets. A single VPG interface (8, 9, or 10) can provide connectivity for a single remote asset network. The remote asset network can include more than one asset.

Editing secure equipment access cloud fields

On the Configuration > Network Hierarchy > External Services page, in the Secure Equipment Access Cloud section, if you update the VPN or Proxy fields, Cisco SD-WAN Manager resets the IP address of the remote server called SEA-RemoteServer.

If you edit these fields, restore the IP address of the remote server:

  • From the Cisco SD-WAN Manager menu, choose Maintenance > Software Repository > Remote server.

  • Edit the remote server for SEA to use the locally hosted remote server that you have configured. Edit the automatically created server, called: SEA-RemoteServer and change the IP address to use the locally hosted remote server that hosts the SEA Agent image.

API key

The API key used for establishing a secure link with the Cisco SEA cloud portal has an expiration period of one year.

Remote server

In Cisco Catalyst SD-WAN Manager Release 20.16.x, the Cisco SEA Agent image is locally hosted on a remote server using HTTP protocol only. SCP and FTP protocols are not supported.

Multitenancy

Multitenant environment support varies by version:

  • In Cisco Catalyst SD-WAN Manager Release 20.16.x, multitenant environments do not support integration with Cisco Secure Equipment Access.

  • From Cisco Catalyst SD-WAN Manager Release 20.18.1, multitenant environments support integration with Cisco Secure Equipment Access only at the tenant level, not at the provider level.