Step 2: Configure Cisco Catalyst SD-WAN Templates
Configure a Catalyst SD-WAN tunnel to connect a Catalyst SD-WAN device to Cisco Secure Access.
In Cisco Catalyst SD-WAN Manager, all the features are configured through templates. Once the Cisco Catalyst SD-WAN devices are registered with Cisco Catalyst SD-WAN Manager, you cannot configure anything through the CLI.
You can use the Cisco Catalyst SD-WAN Manager Device and Feature templates to establish a tunnel from the device. First define the device template and then the feature template.
In SD-WAN Manager version 20.9, the SIG template is divided into several sections:
- Device Type, Template Name, Description, and SIG Provider (Umbrella, Zscaler, or Generic).
In version 20.4/17.4, the only two tunnel types that are offered are Umbrella and Third Party. You can configure Secure Access manual tunnels (IPSec or GRE) using the Third Party option. Starting in 20.5/17.5, the three tunnel types that are offered are Umbrella, Zscaler, and Generic. To configure IPSec or GRE Secure Access tunnels, choose the Generic option. You can configure Secure Access manual and automatic tunnels (IPSec or GRE) using the Generic option. Secure Access recommends you use automatic tunnels if available. - Tracker: Allows you to configure custom L7 health check tracker information.
- Configuration: Allows you to specify different tunnel type (IPSec or GRE) and other tunnel characteristics, such as tunnel name, tracker name, tunnel source, whether the tunnel is attached to a primary or secondary data center (which is specified or discovered later) and advanced options, like IP MTU and other tunnel settings.
- High Availability: Allows you to choose up to 4 active tunnels or 4 active/standby tunnel pairs by choosing the tunnels defined in the Configuration section under the Active or Backup column. You can also modify traffic ratios for the tunnels.
- Advanced Settings (if applicable): Allows you to define primary or secondary data centers and Secure Access location name if desired, and advanced Secure Access settings (XFF Forwarding, Enable IPS Control, etc).