LogoLogo
GoodAccess WebsiteRequest Free TrialDownload App
  • Getting Started
    • 1. What is GoodAccess?
    • 2. Architecture Overview
    • 3. Sign up for Free Trial
    • 4. Download App & Connect
  • 🖥️Configuration guides
    • Features
      • Zero Trust Access Control
        • Access Cards
        • Device Posture Check
        • Device Approval
        • Geo Restrictions
      • API Integration
        • API Reference
          • Members
          • Groups
          • Systems
          • Access Cards
          • Relations
          • Gateways
          • Logs
        • Acronis Integration
      • SIEM Integration
      • SSO/SCIM
        • Auth0
        • Cisco Duo
        • Google Workspace
        • JumpCloud
        • Microsoft Entra ID
        • Okta
        • OneLogin
        • Ping Identity
        • Universal (SAML)
      • MFA
      • Passkeys
      • MSI deployment
      • Threat Blocker
      • Custom Domain Blocking
      • DNS Management
      • Split Tunneling
      • Port Forwarding
    • Branch Connector
      • Cisco
      • Cisco Meraki
      • FortiGate
      • MikroTik
      • SonicWall
      • UniFi USG
      • Zyxel Nebula Control Center
      • Other supported routers and firewalls
    • Cloud Connector
      • AWS
      • Google Cloud
      • Microsoft Azure
      • Other Public Cloud providers
    • IP whitelisting
      • APACHE Web Server
      • AWS VPC
      • Azure (Office 365)
      • Google Cloud
      • Google Workspace
      • Magento
      • Microsoft IIS
      • NGINX
        • Domain
        • Subdomain
        • URL
      • OpenCart
      • PHP
      • PHPMyAdmin
      • Pipedrive
      • SalesForce
      • SSH server
      • WordPress
      • Zoho CRM
    • Linux
      • DEB repository
      • RPM repository
      • Manual installation
      • Linux Troubleshooting
  • 🆘FAQ & Troubleshooting
    • FAQ
      • Business
      • Technical
    • Troubleshooting
  • 📓Product Changelog
    • Windows
    • macOS
Powered by GitBook
On this page
  • Step 1 - Creating a new branch connection
  • Step 2 - Creating a new site-to-site connection

Was this helpful?

  1. Configuration guides
  2. Branch Connector

Zyxel Nebula Control Center

This guide will show you how to connect your branch in Zyxel Nebula Control Center to the GoodAccess Gateway via a site-to-site connection using the IPSec protocol.

PreviousUniFi USGNextOther supported routers and firewalls

Last updated 3 months ago

Was this helpful?

Step 1 - Creating a new branch connection

Click + Add new, enter the Branch name and subnet, and select Gateway.

Choose IPSec Protocol, fill out the Settings configuration form, and click Save.

You may return to the configuration via the Edit button of your Branch at any time.

Example of configuration (Default preset):

  • Cloud/Branch subnet - Subnet of your local network

  • Shared Secret - Create a new strong password

  • Public IP - IP of your site

  • IKE Lifetime (Phase 1) - 8 hours (28800 seconds)

  • Tunnel Lifetime (Phase 2) - 1 hour (3600 seconds)

  • Dead Peer Detection Delay - 30 seconds

  • Encryption (Phase 1) - aes256

  • Encryption (Phase 2) - aes256

  • Integrity (Phase 1) - sha256

  • Integrity (Phase 2) - sha256

  • Diffie-Hellman Groups (Phase 1) - 16 - modp4096

  • Diffie-Hellman Groups (Phase 2) - 16 - modp4096

Step 2 - Creating a new site-to-site connection

Log in to the Zyxel Nebula Control Center, and switch to the site you want to connect to GoodAccess.

Go to Configure > Firewall > Site-to-Site VPN.

Enable the local network you want to access via GoodAccess.

Under the Non-Nebula VPN peers section click on the + Add button, give it a name, and set the configuration as follows:

  • Public IP - IP of your GoodAccess Gateway

  • Private subnet - Subnet of your GoodAccess Gateway

Click on the Default button, and set the configuration as follows:

  • IKE version - IKEv2

Click OK, and then Save.

You have now successfully connected your branch to GoodAccess.

Firewall rules

Make sure that your device allows incoming connections from your GoodAccess Gateway private subnet on the following ports:

  • UDP 500

  • UDP 4500

You may check the status of the connection in:

  • GoodAccess - Control Panel > Clouds & Branches > Edit button > Test connection

  • Nebula Control Center - Monitor > Firewall > VPN connections

Pre-shared secret - Shared Secret

Phase 1 & 2 - Must match configuration from GoodAccess

🖥️
Log in to the GoodAccess Control Panel, and go to Network > Clouds & Branches.
(Step 1)
(Step 1)
Menu of Configure > Firewall
Creating a new site-to-site connection
Setting up the Phase 1 & 2 configuration
Nebula Control Center menu with key steps for navigating to the Site-to-Site VPN configuration.
Nebula Control Center with key steps to creating a new site-to-site connection.
Nebula Control Center showing configuration for the Phase 1 and 2 section of an IPSec policy.