Cisco SASE Site Onboarding API Workflow

To get started with the Cisco SASE Site Onboarding API workflow, sign in to Security Cloud Control (SCC) and create your API keys for the Cisco SD-WAN Manager API and Cisco Secure Access API.

You'll use the Cisco SD-WAN Manager API to collect the attributes and identifiers of the SD-WAN resources and create the Secure Internet or Secure Private Access profiles. Then, set the traffic intent for the network traffic on the SD-WAN sites and deploy the Configuration Groups and Policy Groups for the profiles.

Once you complete the deployment of the Configuration Groups and Policy Groups, you can monitor the Catalyst SD-WAN sites that you onboarded in the organization.

Step 1: Create Your API Credentials

For information about creating your Cisco SD-WAN Manager API credentials and Cisco Secure Access API credentials in SCC, see SASE Authentication.

Step 2: Generate Access Tokens

For information about generating your Cisco SD-WAN Manager API gateway URL and Cross-Site Request Forgery (CSRF) access token and your Cisco Secure Access API access token, see SASE Authorization.

Step 3: Collect Identifiers for the SD-WAN Resources

1. List the SASE regions in SD-WAN Manager.
2. List the Catalyst SD-WAN sites in SD-WAN Manager.
3. List the Configuration Groups in the organization.
   • Get the ID of the devices in the Configuration Group.
4. List the Policy Groups in the organization.
5. List the identifiers of the Secure Internet Access profiles.
   • Get the ID of the service.
6. List the identifiers of the Secure Private Access profiles.
   • Get the ID of the service.
7. List the LAN service VPN profiles in the Configuration Group.
   • Get the ID of the LAN service VPN profile.
8. Get the details of the Configuration Group and LAN service VPN profile.

Step 4: Create SD-WAN Profiles

1. Create the Secure Internet Access profiles in SD-WAN Manager.
   • Add the settings for the Secure Internet Access profile.
2. Create the Secure Private Access profile in SD-WAN Manager.
   • Add the settings for the Secure Private Access profile.

Step 5: Set Traffic Intent and Deploy Policy Group

Set the routes for the internet and private network traffic, set variables in the SD-WAN access profiles, and then deploy the profiles in the Policy Group.

1. Update the route for the service in the Configuration Group and LAN service VPN profile.
2. Add the Secure Internet Access profiles or Secure Private Access profiles to the SD-WAN Policy Group.
3. Deploy a Policy Group in SD-WAN Manager.
4. Deploy a Configuration Group in SD-WAN Manager.

Step 6: Monitor the Network Tunnel Traffic

1. Monitor the Network Tunnel Groups and network tunnels deployed in Cisco SASE.
2. View the events for the network tunnels deployed in Cisco SASE.