LogoLogo
GoodAccess WebsiteRequest Free TrialDownload App
  • Getting Started
    • 1. What is GoodAccess?
    • 2. Architecture Overview
    • 3. Sign up for Free Trial
    • 4. Download App & Connect
  • 🖥️Configuration guides
    • Features
      • Zero Trust Access Control
        • Access Cards
        • Device Posture Check
        • Device Approval
        • Geo Restrictions
      • API Integration
        • API Reference
          • Members
          • Groups
          • Systems
          • Access Cards
          • Relations
          • Gateways
          • Logs
        • Acronis Integration
      • SIEM Integration
      • SSO/SCIM
        • Auth0
        • Cisco Duo
        • Google Workspace
        • JumpCloud
        • Microsoft Entra ID
        • Okta
        • OneLogin
        • Ping Identity
        • Universal (SAML)
      • MFA
      • Passkeys
      • MSI deployment
      • Threat Blocker
      • Custom Domain Blocking
      • DNS Management
      • Split Tunneling
      • Port Forwarding
    • Branch Connector
      • Cisco
      • Cisco Meraki
      • FortiGate
      • MikroTik
      • SonicWall
      • UniFi USG
      • Zyxel Nebula Control Center
      • Other supported routers and firewalls
    • Cloud Connector
      • AWS
      • Google Cloud
      • Microsoft Azure
      • Other Public Cloud providers
    • IP whitelisting
      • APACHE Web Server
      • AWS VPC
      • Azure (Office 365)
      • Google Cloud
      • Google Workspace
      • Magento
      • Microsoft IIS
      • NGINX
        • Domain
        • Subdomain
        • URL
      • OpenCart
      • PHP
      • PHPMyAdmin
      • Pipedrive
      • SalesForce
      • SSH server
      • WordPress
      • Zoho CRM
    • Linux
      • DEB repository
      • RPM repository
      • Manual installation
      • Linux Troubleshooting
  • 🆘FAQ & Troubleshooting
    • FAQ
      • Business
      • Technical
    • Troubleshooting
  • 📓Product Changelog
    • Windows
    • macOS
Powered by GitBook
On this page
  • Step 1 - Creating a new branch connection
  • Step 2 - Creating a new IPSec profile
  • Step 3 - Creating a new site-to-site connection
  • Local Group Setup
  • Remote Group Setup
  • Step 4 (optional) - Enabling DPD
  • Step 5 (optional) - Saving the configuration

Was this helpful?

  1. Configuration guides
  2. Branch Connector

Cisco

This guide will show you how to connect your Cisco device to the GoodAccess Gateway via a site-to-site connection using the IPsec protocol.

PreviousBranch ConnectorNextCisco Meraki

Last updated 2 months ago

Was this helpful?

Step 1 - Creating a new branch connection

Click + Add new, enter the Branch name and subnet, and select Gateway.

Choose IPSec Protocol, fill out the Settings configuration form, and click Save.

You may return to the configuration via the Edit button of your Branch at any time.

Example of configuration (Default preset):

  • Cloud/Branch subnet - Subnet of your local network

  • Shared Secret - Create a new strong password

  • Public IP - IP of your Cisco

  • IKE Lifetime (Phase 1) - 8 hours (28800 seconds)

  • Tunnel Lifetime (Phase 2) - 1 hour (3600 seconds)

  • Dead Peer Detection Delay - 30 seconds

  • Encryption (Phase 1) - aes256

  • Encryption (Phase 2) - aes256

  • Integrity (Phase 1) - sha256

  • Integrity (Phase 2) - sha256

  • Diffie-Hellman Groups (Phase 1) - 16 - modp4096

  • Diffie-Hellman Groups (Phase 2) - 16 - modp4096

Step 2 - Creating a new IPSec profile

Log in to your Cisco device, and go to VPN > IPSec Profiles. Click Add to create a new profile.

Give the profile a name and set the configuration as follows:

  • Keying mode - Auto

  • IKE Version - IKEv2

Click Apply to confirm your settings.

Step 3 - Creating a new site-to-site connection

Go to VPN > Site-to-Site. Click the Add button to create a new connection.

Give the connection a name and set the configuration as follows:

  • Remote Endpoint - Select Static IP and enter the IP of your GoodAccess Gateway

Local/Remote IKE Authentication Method

Local Group Setup

  • Local Identifier Type - Local WAN IP

  • Local Identifier - Your public IP

  • Local IP Type - Subnet

  • IP Address - IP of your network

  • Subnet Mask - Your Subnet Mask

Remote Group Setup

  • Remote Identifier Type - Remote WAN IP

  • Remote Identifier - IP of your GoodAccess Gateway

  • Remote IP Type - Subnet

  • IP Address - Subnet of your GoodAccess Gateway

  • Subnet Mask - Subnet Mask of your GoodAccess Gateway

Don't forget to Apply changes.

You have now successfully connected your device to GoodAccess.

Firewall rules

Make sure that your device allows incoming connections from your GoodAccess Gateway private subnet on the following ports:

  • UDP 500

  • UDP 4500

You may check the status of the connection in:

  • GoodAccess - Control Panel > Clouds & Branches > Edit button > Test connection

  • Cisco - VPN > Site-to-Site > Status > VPN Status

Step 4 (optional) - Enabling DPD

Switch to Advanced Setup and enable DPD (Dead Peer Detection).

Click Apply to confirm your settings.

Step 5 (optional) - Saving the configuration

Click on the Red floppy disk icon to access Configuration Management, and click on Apply.

By saving the configuration, you prevent the risk of losing your IPsec configuration even if the router reboots or loses power.

Phase I & II Options - Must match configuration from GoodAccess

IPSec Profile - Select the profile you just created

Pre-shared Key - Shared Secret from GoodAccess

🖥️
Log in to the GoodAccess Control Panel, and go to Network > Clouds & Branches.
(Step 1)
(Step 2)
(Step 1)
Creating a new IPSec profile
Creating a new site-to-site connection
Setting up the local & remote group setup of a site-to-site connection
Setting up DPD (Dead Peer Detection)
Saving the configuration
Router's graphical user interface (GUI) with arrows highlighting key steps to creating a new IPSec profile.
Router's graphical user interface (GUI) with arrows highlighting key steps to creating a new site-to-site connection.
Router's graphical user interface (GUI) showing configuration for the Local & Remote Group Setup sections of a site-to-site connection.
Router's graphical user interface (GUI) with arrows highlighting key steps to enabling Dead Peer Detection (DPD) for a site-to-site connection.
Router's graphical user interface (GUI) with arrows highlighting key steps to saving the configuration.