GoodAccess Website Request Free Trial Download App

Cisco Meraki

This guide will show you how to connect your Cisco Meraki device to the GoodAccess Gateway via a site-to-site connection using the IPsec protocol.

Step 1 - Creating a new branch connection

Log in to the GoodAccess Control Panel, and go to Network > Clouds & Branches.

Click + Add new, enter the Branch name and subnet, and select Gateway.

Choose IPSec Protocol, fill out the Settings configuration form, and click Save.

You may return to the configuration via the Edit button of your Branch at any time.

Example of configuration:

Cloud/Branch subnet - Subnet of your local network
Shared Secret - Create a new strong password
Public IP - IP of your Cisco
IKE Lifetime (Phase 1) - 8 hours (28800 seconds)
Tunnel Lifetime (Phase 2) - 1 hour (3600 seconds)
Dead Peer Detection Delay - 30 seconds
Encryption (Phase 1) - aes256
Encryption (Phase 2) - aes256
Integrity (Phase 1) - sha256
Integrity (Phase 2) - sha256
Diffie-Hellman Groups (Phase 1) - 14 - modp2048
Diffie-Hellman Groups (Phase 2) - 14 - modp2048

Step 2 - Creating a new site-to-site connection

Log in to the Cisco Meraki Admin console, and go to Security & SD WAN > Site-to-site VPN.

Make sure that the local LAN you wish to access via GoodAccess is participating in the VPN.

Scroll down to the Organization-wide settings > Non-Meraki VPN peers, and click Add a peer.

Give the peer a name and set the configuration as follows:

IKE version - IKEv2
Public IP - IP of your GoodAccess Gateway
Private subnets - Subnet of your GoodAccess Gateway
Preshared secret - Shared Secret (Step 1)
IPsec policies - Click Default and set the configuration as follows:

Must match configuration from GoodAccess (Step 1).

Phase 1

Encryption - AES256
Authentication - SHA256
Diffie-Hellman group - 14
Lifetime (seconds) - 28800

Phase 2

Encryption - AES256
Authentication - SHA256
PFS group - 14
Lifetime (seconds) - 3600

Click Update, and Save to finish the configuration.

You have now successfully connected your device to GoodAccess.

Firewall rules

Make sure that your device allows incoming connections from your GoodAccess Gateway private subnet on the following ports:

UDP 500
UDP 4500

You may check the status of the connection in:

GoodAccess - Control Panel > Clouds & Branches > Edit button > Test connection
Cisco Meraki - Security & SD WAN > VPN Status > Non-Meraki peer

PreviousCisco NextFortiGate

Last updated 1 month ago

Was this helpful?