Cisco

This guide will show you how to connect your Cisco device to the GoodAccess Gateway via a site-to-site connection using the IPsec protocol.

Step 1 - Creating a new branch connection

Click + Add new, enter the Branch name and subnet, and select Gateway.

Choose IPSec Protocol, fill out the Settings configuration form, and click Save.

You may return to the configuration via the Edit button of your Branch at any time.

Example of configuration (Default preset):

Cloud/Branch subnet - Subnet of your local network
Shared Secret - Create a new strong password
Public IP - IP of your Cisco
IKE Lifetime (Phase 1) - 8 hours (28800 seconds)
Tunnel Lifetime (Phase 2) - 1 hour (3600 seconds)
Dead Peer Detection Delay - 30 seconds
Encryption (Phase 1) - aes256
Encryption (Phase 2) - aes256
Integrity (Phase 1) - sha256
Integrity (Phase 2) - sha256
Diffie-Hellman Groups (Phase 1) - 16 - modp4096
Diffie-Hellman Groups (Phase 2) - 16 - modp4096

Step 2 - Creating a new IPSec profile

Give the profile a name and set the configuration as follows:

Keying mode - Auto
IKE Version - IKEv2
Phase I & II Options - Must match configuration from GoodAccess (Step 1)

Click Apply to confirm your settings.

Step 3 - Creating a new site-to-site connection

Go to VPN > Site-to-Site. Click the Add button to create a new connection.

Give the connection a name and set the configuration as follows:

IPSec Profile - Select the profile you just created (Step 2)
Remote Endpoint - Select Static IP and enter the IP of your GoodAccess Gateway

Local/Remote IKE Authentication Method

Pre-shared Key - Shared Secret from GoodAccess (Step 1)

Router's graphical user interface (GUI) with arrows highlighting key steps to creating a new site-to-site connection.

Local Group Setup

Local Identifier Type - Local WAN IP
Local Identifier - Your public IP
Local IP Type - Subnet
IP Address - IP of your network
Subnet Mask - Your Subnet Mask

Remote Group Setup

Remote Identifier Type - Remote WAN IP
Remote Identifier - IP of your GoodAccess Gateway
Remote IP Type - Subnet
IP Address - Subnet of your GoodAccess Gateway
Subnet Mask - Subnet Mask of your GoodAccess Gateway

Don't forget to Apply changes.

Router's graphical user interface (GUI) showing configuration for the Local & Remote Group Setup sections of a site-to-site connection.

You have now successfully connected your device to GoodAccess.

Firewall rules

Make sure that your device allows incoming connections from your GoodAccess Gateway private subnet on the following ports:

UDP 500
UDP 4500

You may check the status of the connection in:

GoodAccess - Control Panel > Clouds & Branches > Edit button > Test connection
Cisco - VPN > Site-to-Site > Status > VPN Status

Step 4 (optional) - Enabling DPD

Switch to Advanced Setup and enable DPD (Dead Peer Detection).

Click Apply to confirm your settings.

Router's graphical user interface (GUI) with arrows highlighting key steps to enabling Dead Peer Detection (DPD) for a site-to-site connection.

Step 5 (optional) - Saving the configuration

Click on the Red floppy disk icon to access Configuration Management, and click on Apply.

By saving the configuration, you prevent the risk of losing your IPsec configuration even if the router reboots or loses power.

Router's graphical user interface (GUI) with arrows highlighting key steps to saving the configuration.

PreviousBranch Connector NextCisco Meraki

Last updated 11 months ago

Was this helpful?

hashtagStep 1 - Creating a new branch connection

hashtagStep 2 - Creating a new IPSec profile

hashtagStep 3 - Creating a new site-to-site connection

hashtagLocal/Remote IKE Authentication Method

hashtagLocal Group Setup

hashtagRemote Group Setup

hashtagStep 4 (optional) - Enabling DPD

hashtagStep 5 (optional) - Saving the configuration