GoodAccess WebsiteRequest Free TrialDownload App

Cisco Meraki

This guide will show you how to connect your Cisco Meraki device to the GoodAccess Gateway via a site-to-site connection using the IPsec protocol.

Step 1 - Creating a new branch connection

Log in to the GoodAccess Control Panel, and go to Network > Clouds & Branches.

Click + Add new, enter the Branch name and subnet, and select Gateway.

Choose IPSec Protocol, fill out the Settings configuration form, and click Save.

You may return to the configuration via the Edit button of your Branch at any time.

Example of configuration:

  • Cloud/Branch subnet - Subnet of your local network

  • Shared Secret - Create a new strong password

  • Public IP - IP of your Cisco

  • IKE Lifetime (Phase 1) - 8 hours (28800 seconds)

  • Tunnel Lifetime (Phase 2) - 1 hour (3600 seconds)

  • Dead Peer Detection Delay - 30 seconds

  • Encryption (Phase 1) - aes256

  • Encryption (Phase 2) - aes256

  • Integrity (Phase 1) - sha256

  • Integrity (Phase 2) - sha256

  • Diffie-Hellman Groups (Phase 1) - 14 - modp2048

  • Diffie-Hellman Groups (Phase 2) - 14 - modp2048

Step 2 - Creating a new site-to-site connection

Log in to the Cisco Meraki Admin console, and go to Security & SD WAN > Site-to-site VPN.

Make sure that the local LAN you wish to access via GoodAccess is participating in the VPN.

Scroll down to the Organization-wide settings > Non-Meraki VPN peers, and click Add a peer.

Give the peer a name and set the configuration as follows:

  • IKE version - IKEv2

  • Public IP - IP of your GoodAccess Gateway

  • Private subnets - Subnet of your GoodAccess Gateway

  • Preshared secret - Shared Secret (Step 1)

  • IPsec policies - Click Default and set the configuration as follows:

Must match configuration from GoodAccess (Step 1).

Phase 1

  • Encryption - AES256

  • Authentication - SHA256

  • Diffie-Hellman group - 14

  • Lifetime (seconds) - 28800

Phase 2

  • Encryption - AES256

  • Authentication - SHA256

  • PFS group - 14

  • Lifetime (seconds) - 3600

Click Update, and Save to finish the configuration.

You have now successfully connected your device to GoodAccess.

Firewall rules

Make sure that your device allows incoming connections from your GoodAccess Gateway private subnet on the following ports:

  • UDP 500

  • UDP 4500

You may check the status of the connection in:

  • GoodAccess - Control Panel > Clouds & Branches > Edit button > Test connection

  • Cisco Meraki - Security & SD WAN > VPN Status > Non-Meraki peer

PreviousCiscoNextFortiGate

Last updated

Was this helpful?