Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
560
Views
1
Helpful
2
Replies

How to determine the region to which Secure Access connects

masa.oym
Level 1
Level 1

‎04-01-2025 12:58 AM - edited ‎04-01-2025 11:12 PM

Hello, 

I would like to confirm the technical specifications of Cisco Secure Access.

How is the region determined when connecting from Secure Client (AnyConnect VPN) to Secure Access?

When multiple IP pools are assigned to a VPN Profile, the name "Auto Select Nearest Location" is added to the AnyConnect VPN destination (Global FQDN).
I assume that the nearest region is selected in some way, but I am unclear about the flow for determining the nearest region from the connection source.

Do Client ZTA module and Clientless ZTA also implement a mechanism for connecting to the nearest region?

Labels:
0 Helpful
2 Replies 2

jkachika
Cisco Employee
Cisco Employee

‎04-02-2025 09:03 AM

hello there,

VPN uses a latency based routing mechanism to figure out the closest region the headends are deployed and resolves to their IP addresses. For now, this is based on AWS latency based routing which essentially figures out the location of connection source (I'm guessing it uses maxmind) and compares that with a precomputed table against all their regions to determine the least latency region. I'm not fully familiar with ZTA internals but I believe ZTA also uses a similar mechanism. 

masa.oym
Level 1
Level 1

‎04-03-2025 07:27 PM

Hello jkachika,
Does the latency based routing mechanism use the "Amazon Route53" technology? If so, I would like to check the following site. Thanks.
https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy-latency.html

0 Helpful
Customers Also Viewed These Support Documents