Unify Your Remote Access with Cisco SD-WAN

Unify Your Remote Access with Cisco SD-WAN

Do you want to securely connect remote users to your applications hosted on-premises, applications hosted in IaaS, SaaS applications, or the internet?

Now you can with Cisco SD-WAN remote access aka Cisco SDWAN RA

💻 Table Of Content

1. What is Cisco SDWAN RA ?

SD-WAN RA fully integrates remote access (RA) functionality into the Cisco SD-WAN fabric, allowing you to extend the benefits of Cisco SD-WAN to RA users. With this powerful integration, Cisco IOS XE SD-WAN devices can provide RA headend functionality, all managed through Cisco vManage.

Cisco SD-WAN RA Architecture
Fig 1.1- Cisco SD-WAN Remote Access Architecture

SD-WAN RA merges the best of both worlds by extending the features and benefits of Cisco SD-WAN to RA users, who can now enjoy the same enterprise-level security features that Cisco SD-WAN users have come to depend on, such as Cisco Unified Threat Defense (UTD), Zone-based Firewall (ZBFW), Secure Internet Gateway (SIG), and more.

On top of that, Cisco FlexVPN RA solution adds scalability, I/IPsec and SSL-based RA VPN support, full integration with AAA/RADIUS and Cisco IOS PKI for automated certificate lifecycle management, support for Cisco and third-party software and hardware RA clients, dual-stack link and headend redundancy, horizontal scaling, automated routing to RA clients, and split tunneling.

2. Benefits of SD-WAN RA

  • Integrated Fabric: Eliminate the need for separate Cisco SD-WAN and RA networks.
  • Application Visibility & QoS: Enjoy application-aware routing, AppQoE, quality of service, and NAT-DIA.
  • Enterprise-Level Security: Rely on Cisco UTD, ZBFW, SIG and more.
  • Cisco FlexVPN RA: Benefit from scalability, VPN support, automated certificate lifecycle management, and more.
  • Unified infrastructure: By integrating RA into the Cisco SD-WAN fabric, you eliminate the need for separate Cisco SD-WAN and RA infrastructure.
  • Faster scalability: With Cisco SD-WAN RA, you can quickly and easily scale up or down your RA services.
  • Familiar RA clients: RA users can use the same software- or hardware-based RA clients as with solutions that do not integrate with Cisco SD-WAN.

3. What You'll Need for Your SD-WAN RA

To get your SD-WAN RA up and running, you'll need to prepare the following:
  • Public IP address for Cisco SD-WAN RA headend reachability, when connecting by internet
  • Configured RA clients to connect to the Cisco SD-WAN RA headend
  • Firewall policy to allow IKEv2/IPsec and TLS traffic
  • Private IP pool to assign a unique address to each RA client
  • Capacity planning for the Cisco SD-WAN RA headend
  • CA server for provisioning of certificates to the Cisco SD-WAN RA headend, when the headend is configured to use certificate-based authentication
  • RADIUS/EAP server for RA client authentication and policy
Now that you know what you'll need, let's dive into each of these prerequisites in more detail.

Public IP Address for SD-WAN RA Reachability
To ensure that your Cisco SD-WAN RA headend is reachable from the internet, you'll need to allocate a public IP address for it. This IP address will be used to establish a secure connection for your remote users.

Configure RA Clients to Connect to the SD-WAN RA Headend
Once you have a public IP address for your RA headend, you'll need to configure your RA clients to connect to it. This will involve setting up the appropriate encryption protocols, such as IKEv2/IPsec and TLS, so that your remote users can securely access the RA headend.

Firewall Policy to Allow IKEv2/IPsec and TLS Traffic
To ensure that your can securely connect to the RA headend, you'll need to create a firewall policy that allows IKEv2/IPsec and TLS traffic. This will ensure that traffic is encrypted and secure.

Private IP Pool to Assign a Unique Address to Each RA Client
To make sure that each RA client is assigned a unique IP address, you'll need to create a private IP pool for them. This will ensure that each client has a unique address and that traffic is routed properly.

Capacity Planning for the SD-WAN RA Headend
Before deploying your RA, you'll need to make sure that your headend has enough capacity to handle the expected traffic. This will involve looking at the number of RA clients, the type of traffic they will be sending, and the amount of bandwidth available to the RA headend.

CA Server for Provisioning of Certificates to the SD-WAN RA Headend
If you're using certificate-based authentication for your RA headend, you'll need to set up a CA server to provide the necessary certificates. This will ensure that your RA clients are able to securely connect to the headend.

RADIUS/EAP Server for RA Client Authentication and Policy
Finally, you'll need to set up a RADIUS/EAP server for authentication and policy for your RA clients. This will allow you to control who has access to the RA headend and ensure that only authorized users can connect.

Now that you know what you'll need to do to get ready for your Cisco SD-WAN RA setup, you can start the process of prepping your RA headend and clients. Good luck!

4. Supported Devices for Your SD-WAN RA

You'll need a reliable and robust router to support your network needs. Look no further than these amazing devices from Cisco!

Cisco Catalyst 8300-1N1S-6T
This router is perfect for those looking for a balance between performance and price. It features a 1RU form factor, and provides 1x 10G SFP+ port, 1x RJ45 port, and 6x SFP ports. This router is ideal for businesses who are looking for an economical solution for their SD-WAN RA.

Cisco Catalyst 8300-2N2S-4T2X
This router is the perfect choice for those looking for maximum performance. It features two 10G SFP+ ports, two RJ45 ports, and four SFP+ ports. This router is ideal for businesses who need the highest performance for their SD-WAN RA.

Cisco Catalyst 8500-12X
For businesses who need a lot of ports, this router is the perfect choice. It features 12 10G SFP+ ports, allowing you to connect a large number of devices and services. This router is ideal for businesses who are looking for a high-performance router with plenty of ports.

Cisco Catalyst 8500-12X4QC
This router offers the same features as the 8500-12X, with the addition of four 10G SFP+ ports for quad-channel connections. This router is ideal for businesses who need to connect multiple devices or services with quad-channel connections.

Cisco Catalyst 8500L Edge
This device is perfect for edge applications. It features eight 10G SFP+ ports and is designed for low-latency applications. This router is ideal for businesses who need to connect edge devices or services with high-speed connections.

Cisco Catalyst 8000V Edge Software
This software is perfect for those looking for a virtual solution. It features a software-defined architecture and is designed for virtualized edge applications. This software is ideal for businesses who need to connect edge devices or services with virtualized connections.

5. Conclusion

With Cisco SD-WAN RA, you can easily and securely extend the power of Cisco SD-WAN to your remote users. With SD-WAN RA, businesses can enjoy all of these features and benefits in a single integrated solution, saving time and money while ensuring secure, reliable connectivity.

Continue Reading...