Links
Comment on page

Cisco

This guide will show you how to connect your Cisco device to the GoodAccess Gateway via a site-to-site connection using the IPsec protocol.

Step 1 - Creating a new branch connection

Click + Add new, enter the Branch name and subnet, and select Gateway.
Choose IPSec Protocol, fill out the Settings configuration form, and click Save.
You may return to the configuration via the Edit button of your Branch at any time.

Step 2 - Creating a new IPSec profile

Log in to your Cisco device, and go to VPN > IPSec Profiles. Click Add to create a new profile.
Give the profile a name and set the configuration as follows:
  • Keying mode - Auto
  • IKE Version - IKEv2
  • Phase I & II Options - Must match configuration from GoodAccess (Step 1)
Click Apply to confirm your settings.
Router's graphical user interface (GUI) with arrows highlighting key steps to creating a new IPSec profile.
Creating a new IPSec profile

Step 3 - Creating a new site-to-site connection

Go to VPN > Site-to-Site. Click the Add button to create a new connection.
Give the connection a name and set the configuration as follows:
  • IPSec Profile - Select the profile you just created (Step 2)
  • Remote Endpoint - Select Static IP and enter the IP of your GoodAccess Gateway
Router's graphical user interface (GUI) with arrows highlighting key steps to creating a new site-to-site connection.
Creating a new site-to-site connection

Local Group Setup

  • Local Identifier Type - Local WAN IP
  • Local Identifier - Your public IP
  • Local IP Type - Subnet
  • IP Address - IP of your network
  • Subnet Mask - Your Subnet Mask

Remote Group Setup

  • Remote Identifier Type - Remote WAN IP
  • Remote Identifier - IP of your GoodAccess Gateway
  • Remote IP Type - Subnet
  • IP Address - Subnet of your GoodAccess Gateway
  • Subnet Mask - Subnet Mask of your GoodAccess Gateway
Don't forget to Apply changes.
Router's graphical user interface (GUI) showing configuration for the Local & Remote Group Setup sections of a site-to-site connection.
Setting up the local & remote group setup of a site-to-site connection
You have now successfully connected your device to GoodAccess.
You may check the status of the connection in:
  • GoodAccess - Control Panel > Clouds & Branches > Edit button > Test connection
  • Cisco - VPN > Site-to-Site > Status > VPN Status

Step 4 (optional) - Enabling DPD

Switch to Advanced Setup and enable DPD (Dead Peer Detection).
Click Apply to confirm your settings.
Router's graphical user interface (GUI) with arrows highlighting key steps to enabling Dead Peer Detection (DPD) for a site-to-site connection.
Setting up DPD (Dead Peer Detection)

Step 5 (optional) - Saving the configuration

Click on the Red floppy disk icon to access Configuration Management, and click on Apply.
By saving the configuration, you prevent the risk of losing your IPsec configuration even if the router reboots or loses power.
Router's graphical user interface (GUI) with arrows highlighting key steps to saving the configuration.
Saving the configuration