OLT Capacity Planning for GPON Access NetworksPlan OLT capacity for GPON OLT systems and EA5800 capacity planning, optimizing GPON split ratio and OLT uplink design for scalable fiber access.
Enterprise OLT Platform Selection for Fiber AccessDesign enterprise OLT platform strategy for GPON OLT platform, modular OLT chassis, and OLT service boards to scale passive optical LAN and XG-PON evolution.
Tunnel Video Surveillance VLAN Stability over FiberDesign stable tunnel video surveillance VLANs using optical transport backbone and Arista fiber aggregation for resilient Huawei OptiX OSN CCTV networks.
Fiber vs Copper in Industrial Networks Design GuideCompare fiber vs copper in industrial ethernet, plan hybrid industrial fiber network designs, and select rugged ethernet switches and industrial SFP transceivers.
The modern enterprise demands both seamless connectivity and uncompromised security, regardless of where users or applications reside. Traditional branch VPNs and siloed security stacks are often too complex, slow, and labor-intensive to manage in a hybrid cloud world.
Cisco Meraki Secure Connect addresses this by delivering a unified Secure Access Service Edge (SASE) solution, unifying networking and security into a single, cohesive framework. Designed for simplicity and minimal effort, Secure Connect provides an unparalleled user experience.
Part 1: Overview of Meraki Secure Connect SASE Solution
Cisco Secure Connect is a turnkey SASE product that seamlessly connects users, things, and applications from anywhere. It combines essential networking capabilities, robust security features, and unified visibility through the powerful, easy-to-use Cisco Meraki dashboard.
This unified approach significantly reduces complexity and operational costs while enabling an agile hybrid work experience.
The Three Major Use Cases of Meraki Secure Connect
Secure Connect is designed around three major overarching use cases, addressing various enterprise needs:
Secure Internet Access (SIA): Enhancing Internet security for users, applications, or IoT devices using cloud-based advanced protection against threats like malware and phishing. This applies to both in-office and remote workers.
Site Interconnect: Dramatically simplifying network architecture by providing full end-to-end connectivity. It connects sites, users, and applications using Native Meraki SD-WAN, Catalyst SD-WAN, or standard IPsec VPN.
Secure Remote Access (SRA): Securely connecting remote workers to private applications hosted in data centers or private clouds via client-based or clientless accessibility methods.
Part 2: Deployment Scenarios for Meraki Secure Connect
Organizations can simplify their architectures by connecting locations securely. Meraki sites (using Meraki MX devices) can be onboarded seamlessly into Secure Connect. This allows the site traffic to be routed through the Secure Connect cloud service, where security services can be leveraged. Sites can be connected via Meraki SD-WAN Integration or even using Non-Meraki IPsec Tunnel for maximum flexibility.
Remote Workforce and Vendor Access (SRA)
Secure Connect facilitates secure access to private applications hosted in data centers. For remote users:
Client-based Access: Users leverage the Secure Client (formerly AnyConnect) with the Zero Trust Access module.
Clientless ZTNA: Sometimes referred to as browser-based access, this allows users to access web applications without needing an agent installed on their machine.
Hybrid Cloud Environments
For private applications residing in data centers or private clouds, Secure Connect’s SRA use case ensures that remote users can securely reach those resources. Traffic is forwarded through the interconnect backbone before reaching its final destination.
Part 3: Key Features and Security Benefits of Meraki Secure Connect
Integrated Cloud Security Stack
Traffic sent to the Secure Connect cloud service passes through multiple critical security layers:
DNS Layer Security
Cloud Firewall
Secure Web Gateway (SWG)
CASB (Cloud Access Security Broker)
Data Loss Prevention (DLP), available in the Advantage licensing tier
Zero Trust Enforcement
Secure Connect supports both Client-based ZTNA and Clientless (Browser-based) ZTNA. Client-based ZTNA leverages the Secure Client to forward traffic to the ZTNA proxy, which then uses the interconnect backbone to reach the resource.
Simplified Management and Unified Visibility
All Secure Connect configuration, administration, and policy management—including connecting sites, setting up Identity Providers (IdP), and configuring internet access policies—is performed through a unified, easy-to-use interface powered by the Cisco Meraki dashboard.
Part 4: Technical Implementation and SD-WAN Integration
SD-WAN Integration for Branch Deployment
When connecting sites, the process depends on whether the Meraki MX device is a spoke (Greenfield) or a hub (Brownfield) in the existing SD-WAN fabric:
Greenfield (Spoke Sites): When a site currently operating as VPN type "Off" is connected to Secure Connect, it participates in the SD-WAN fabric as a spoke. Two connections corresponding to the selected region's data center locations are added, and a default route is propagated automatically.
Brownfield (Hub Sites): A Meraki site operating as a VPN type Hub will continue to participate in the SD-WAN fabric as a hub. Connections are built between the hub and Secure Connect data centers. To utilize the cloud security services for Internet-bound traffic, administrators must enable the default route option within the configuration.
Client Connectivity
For remote users, the client software is the Secure Client (formerly AnyConnect). The VPN as a service allows users to connect to a point of presence, passing traffic through the cloud firewall. Administrators can also implement traffic steering to split traffic away from the cloud service if necessary.
Part 5: Comparison with Traditional VPN Solutions
Feature
Traditional VPN/Basic SD-WAN
Cisco Secure Connect (SASE)
Security Architecture
Perimeter-focused, trust by default; separate security layers.
Zero Trust Architecture (ZTA); least privileged access policies based on user identity.
Management
Separate dashboards and policies for networking and security.
Unified visibility and management via the Meraki dashboard.
Security Services
Requires appliance-based firewalls, separate proxies.
Cloud-based security stack integrated in the path (DNS, Cloud Firewall, SWG, CASB, DLP).
Complexity & Cost
High deployment complexity, high capital expenditure, and management overhead.
Turnkey SASE solution that reduces costs and complexity.
Part 6: Best Practices and Licensing Recommendations for Secure Connect
Licensing Decisions
Secure Connect is available in two packaging options and two licensing tiers:
Foundation Package: Includes Secure Internet Access (SIA) and Site Interconnect use cases.
Complete Package: Includes all Foundation features plus the Secure Remote Access (SRA) use case.
Advantage Tier: Necessary for implementing advanced features such as Data Loss Prevention (DLP).
Part 7: Router-switch Advantages
Securely expanding your network and implementing a modern SASE architecture requires reliable hardware and timely deployment. We understand that securing the necessary infrastructure components, such as Meraki MX devices for SD-WAN integration, is crucial. Router-switch is committed to providing global stocked inventory and rapid quotation services to ensure your SASE deployment stays on track. We offer multi-brand procurement and technical scheme guidance to support your branch deployment strategy, regardless of its scale.
FAQ
What is Meraki Secure Connect?
It is a unified Secure Access Service Edge (SASE) product that combines networking and security capabilities, managed through the Cisco Meraki dashboard.
How does Secure Connect support SASE branch deployment?
It connects branch sites using Meraki SD-WAN integration or non-Meraki IPsec Tunnels, allowing all site traffic to be secured by cloud-based services like DNS security and Cloud Firewall.
What are the three major use cases for Cisco Secure Connect?
They are Secure Internet Access, Site Interconnect, and Secure Remote Access.
How does Secure Connect implement Zero Trust?
It uses client-based ZTNA (via Secure Client module) and clientless (browser-based) ZTNA. It applies policies based on user identity for least privileged access.
Is multi-branch management centrally supported?
Yes, the entire solution, including connectivity, security policies, and site management, is configured and managed through a unified, easy-to-use interface powered by the Cisco Meraki dashboard.
Which license package includes Secure Remote Access?
The Complete license package includes Secure Remote Access, in addition to Secure Internet Access and Site Interconnect.
To evaluate the best SASE implementation for your multi-branch or hybrid environment, contact Router-switch today for expert consultation and to receive a quick quote on all necessary Meraki and Cisco hardware, ensuring global delivery support.
Expertise Builds Trust
20+ Years • 200+ Countries • 21500+ Customers/Projects CCIE · JNCIE · NSE7 · ACDX · HPE Master ASE · Dell Server/AI Expert