Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
493
Views
5
Helpful
8
Replies

Re: Reserved IP Address in Cisco Secure Access

Edsnow
Level 1
Level 1

‎11-04-2025 06:09 AM

Hi, 

If we purchased a Reserved Egress IP Address in Cisco Secure Internet Access, Is it possible that we route some traffic through reserved IP address some traffic through shared IP address ?

0 Helpful
8 Replies 8

Aref Alsouqi
VIP
VIP

‎11-04-2025 06:35 AM

I don't think that is possible, I think once the dedicated IP is deployed to your organization any web traffic will be sourced from that IP.

Royalty
Spotlight
Spotlight

‎11-04-2025 11:54 AM

Hi @Edsnow,

I agree with Aref. The Reserved IP is associated with a specific Secure Access Region (geographic data center location) of Cisco's cloud SSE services

Any traffic that reaches or traverses through that Secure Access Region will use the Reserved IP assigned to the region. If your web traffic passes through a region where you haven’t provisioned a Reserved IP, it will instead use the shared IP range for that region. The choice of which Secure Access Region to use as ingress is dependent on your deployment method, e.g. Cisco Secure Access client vs branch IPSec Network Tunnel.

Attempting to perform traffic engineering to selectively route traffic through either the Reserved IP or the Shared IP based on the destination IP address/domain is not supported

The documentation below may be of use if you've not seen it already! See 'Reserved IP' and 'Secure NAT as a Service'

https://docs.sse.cisco.com/

adamwin
Cisco Employee
Cisco Employee

‎11-04-2025 06:55 PM

This is not supported today but we are looking to develop this functionality. What's your use-case for doing so?

Edsnow
Level 1
Level 1
In response to adamwin

‎11-04-2025 08:00 PM

HI @adamwin ,

There is no use case as of now. but I am bit confused when I filter the logs in my console as shared IP address, I am seeing some of the windows update traffic is egressing with Shared IP Addresses. Any thoughts on this?

As more details The traffic egressing from Mumbai DC in India. 

0 Helpful

adamwin
Cisco Employee
Cisco Employee
In response to Edsnow

‎11-04-2025 08:27 PM

Reserved IP is not enabled on Microsoft update and some Cisco destinations. This is by-design. 

Edsnow
Level 1
Level 1
In response to adamwin

‎11-04-2025 10:30 PM

Hi @adamwin ,

Any cisco Doc for which all are the excluded domains for Reserved IP address? 

0 Helpful

Royalty
Spotlight
Spotlight

‎11-05-2025 07:58 AM - edited ‎11-05-2025 07:58 AM

Hi @Edsnow,

There is no public document with all of the excluded domains. In general, see below for information on the traffic that is excluded from using the Reserved IP address.

  • Secure Access excludes Microsoft Update traffic on the organization's reserved IP.
  • Secure Access does not provide the reserved IP for web sites that load over QUIC
  • Secure Access only supports reserved IP for traffic using SWG.
  • Reserved IP is available only for IPv4
  • Remote Browser Isolation (RBI) is not supported by Reserved IP. Applications or services that require a reserved IP address should not use remote browser isolation as they will egress on the Shared IP range.
Customers Also Viewed These Support Documents