search
GoodAccess WebsiteRequest Free TrialDownload App

Zyxel Nebula Control Center

This guide will show you how to connect your branch in Zyxel Nebula Control Center to the GoodAccess Gateway via a site-to-site connection using the IPSec protocol.

hashtag
Step 1 - Creating a new branch connection

Log in to the GoodAccess Control Panel, and go to Network > Clouds & Branches.arrow-up-right

Click + Add new, enter the Branch name and subnet, and select Gateway.

Choose IPSec Protocol, fill out the Settings configuration form, and click Save.

circle-info

You may return to the configuration via the Edit button of your Branch at any time.

circle-info

Example of configuration (Default preset):

  • Cloud/Branch subnet - Subnet of your local network

  • Shared Secret - Create a new strong password

  • Public IP - IP of your site

  • IKE Lifetime (Phase 1) - 8 hours (28800 seconds)

  • Tunnel Lifetime (Phase 2) - 1 hour (3600 seconds)

  • Dead Peer Detection Delay - 30 seconds

  • Encryption (Phase 1) - aes256

  • Encryption (Phase 2) - aes256

  • Integrity (Phase 1) - sha256

  • Integrity (Phase 2) - sha256

  • Diffie-Hellman Groups (Phase 1) - 16 - modp4096

  • Diffie-Hellman Groups (Phase 2) - 16 - modp4096

hashtag
Step 2 - Creating a new site-to-site connection

Log in to the Zyxel Nebula Control Center, and switch to the site you want to connect to GoodAccess.

Go to Configure > Firewall > Site-to-Site VPN.

Nebula Control Center menu with key steps for navigating to the Site-to-Site VPN configuration.
Menu of Configure > Firewall

Enable the local network you want to access via GoodAccess.

Under the Non-Nebula VPN peers section click on the + Add button, give it a name, and set the configuration as follows:

  • Public IP - IP of your GoodAccess Gateway

  • Private subnet - Subnet of your GoodAccess Gateway

  • Pre-shared secret - Shared Secret (Step 1)

Click on the Default button, and set the configuration as follows:

  • IKE version - IKEv2

  • Phase 1 & 2 - Must match configuration from GoodAccess (Step 1)

Click OK, and then Save.

Nebula Control Center with key steps to creating a new site-to-site connection.
Creating a new site-to-site connection
Nebula Control Center showing configuration for the Phase 1 and 2 section of an IPSec policy.
Setting up the Phase 1 & 2 configuration

You have now successfully connected your branch to GoodAccess.

circle-exclamation

Firewall rules

Make sure that your device allows incoming connections from your GoodAccess Gateway private subnet on the following ports:

  • UDP 500

  • UDP 4500

circle-info

You may check the status of the connection in:

  • GoodAccess - Control Panel > Clouds & Branches > Edit button > Test connection

  • Nebula Control Center - Monitor > Firewall > VPN connections

PreviousUniFi USGNextOther supported routers and firewalls

Last updated

Was this helpful?