This guide will show you how to connect your Cisco device to the GoodAccess Gateway via a site-to-site connection using the IPSec protocol.

Step 1 - Creating a new branch connection

Log in to the GoodAccess Control Panel, and go to Network > Clouds & Branches.

Click + Add new, enter the Branch name and subnet, and select Gateway.

Choose IPSec Protocol, fill out the Settings configuration form, and click Save.

You may return to the configuration via the Edit button of your Branch at any time.

Example of configuration (Default preset):

  • Cloud/Branch subnet - Subnet of your local network

  • Shared Secret - Create a new strong password

  • Public IP - IP of your Cisco

  • IKE Lifetime (Phase 1) - 8 hours (28800 seconds)

  • Tunnel Lifetime (Phase 2) - 1 hour (3600 seconds)

  • Dead Peer Detection Delay - 30 seconds

  • Encryption (Phase 1) - aes256

  • Encryption (Phase 2) - aes256

  • Integrity (Phase 1) - sha256

  • Integrity (Phase 2) - sha256

  • Diffie-Hellman Groups (Phase 1) - 16 - modp4096

  • Diffie-Hellman Groups (Phase 2) - 16 - modp4096

Step 2 - Creating a new IPSec profile

Log in to your Cisco device, and go to VPN > IPSec Profiles. Click Add to create a new profile.

Give the profile a name and set the configuration as follows:

  • Keying mode - Auto

  • IKE Version - IKEv2

  • Phase I & II Options - Must match configuration from GoodAccess (Step 1)

Click Apply to confirm your settings.

Step 3 - Creating a new site-to-site connection

Go to VPN > Site-to-Site. Click the Add button to create a new connection.

Give the connection a name and set the configuration as follows:

  • IPSec Profile - Select the profile you just created (Step 2)

  • Remote Endpoint - Select Static IP and enter the IP of your GoodAccess Gateway

Local Group Setup

  • Local Identifier Type - Local WAN IP

  • Local Identifier - Your public IP

  • Local IP Type - Subnet

  • IP Address - IP of your network

  • Subnet Mask - Your Subnet Mask

Remote Group Setup

  • Remote Identifier Type - Remote WAN IP

  • Remote Identifier - IP of your GoodAccess Gateway

  • Remote IP Type - Subnet

  • IP Address - Subnet of your GoodAccess Gateway

  • Subnet Mask - Subnet Mask of your GoodAccess Gateway

Don't forget to Apply changes.

You have now successfully connected your device to GoodAccess.

You may check the status of the connection in:

  • GoodAccess - Control Panel > Clouds & Branches > Edit button > Test connection

  • Cisco - VPN > Site-to-Site > Status > VPN Status

Step 4 (optional) - Enabling DPD

Switch to Advanced Setup and enable DPD (Dead Peer Detection).

Click Apply to confirm your settings.

Step 5 (optional) - Saving the configuration

Click on the Red floppy disk icon to access Configuration Management, and click on Apply.

By saving the configuration, you prevent the risk of losing your IPsec configuration even if the router reboots or loses power.

Last updated