search
GoodAccess WebsiteRequest Free TrialDownload App

Cisco Meraki

This guide will show you how to connect your Cisco Meraki device to the GoodAccess Gateway via a site-to-site connection using the IPsec protocol.

hashtag
Step 1 - Creating a new branch connection

Log in to the GoodAccess Control Panel, and go to Network > Clouds & Branches.arrow-up-right

Click + Add new, enter a Name (e.g., Prague Office), select the required Gateway, and define your local Subnets (using CIDR notation).

Choose IPSec Protocol, and click Continue.

Fill out the configuration form (Public IP, Pre-Shared Key, etc.). These parameters must match the configuration you will set on your device in the next steps.

Click Submit to finish, or Continue to define optional Branch Segments for finer access control.

circle-info

You may return to the configuration via the Edit button of your Branch at any time.

circle-info

Example of configuration:

  • Shared Secret - Create a new strong password

  • Public IP - IP of your Cisco

  • IKE Lifetime (Phase 1) - 8 hours (28800 seconds)

  • Tunnel Lifetime (Phase 2) - 1 hour (3600 seconds)

  • Dead Peer Detection Delay - 30 seconds

  • Encryption (Phase 1) - aes256

  • Encryption (Phase 2) - aes256

  • Integrity (Phase 1) - sha256

  • Integrity (Phase 2) - sha256

  • Diffie-Hellman Groups (Phase 1) - 14 - modp2048

  • Diffie-Hellman Groups (Phase 2) - 14 - modp2048

hashtag
Step 2 - Creating a new site-to-site connection

Log in to the Cisco Meraki Admin consolearrow-up-right, and go to Security & SD WAN > Site-to-site VPN.

circle-info

Make sure that the local LAN you wish to access via GoodAccess is participating in the VPN.

Scroll down to the Organization-wide settings > Non-Meraki VPN peers, and click Add a peer.

Give the peer a name and set the configuration as follows:

  • IKE version - IKEv2

  • Public IP - IP of your GoodAccess Gateway

  • Private subnets - Subnet of your GoodAccess Gateway

  • Preshared secret - Shared Secret (Step 1)

  • IPsec policies - Click Default and set the configuration as follows:

circle-info

Must match configuration from GoodAccess (Step 1).

hashtag
Phase 1

  • Encryption - AES256

  • Authentication - SHA256

  • Diffie-Hellman group - 14

  • Lifetime (seconds) - 28800

hashtag
Phase 2

  • Encryption - AES256

  • Authentication - SHA256

  • PFS group - 14

  • Lifetime (seconds) - 3600

Click Update, and Save to finish the configuration.

You have now successfully connected your device to GoodAccess.

circle-exclamation

Firewall rules

Make sure that your device allows incoming connections from your GoodAccess Gateway private subnet on the following ports:

  • UDP 500

  • UDP 4500

circle-info

You may check the status of the connection in:

  • GoodAccess: Go to Control Panel > Network > Clouds & Branches to view the tunnel status. Use the Test Connection button to validate the IPsec tunnel itself, or optionally to test a specific system (target must have ICMP enabled).

  • Cisco Meraki: Go to Security & SD WAN > VPN Status > Non-Meraki peer.

PreviousCiscoNextFortiGate

Last updated

Was this helpful?