Aviatrix Gateway to Juniper SRX¶
This document describes how to build an IPsec tunnel-based Site2Cloud connection between an Aviatrix Gateway and a JuniperSRX Firewall.
The network setup is as follows:
VPC/VNet-multicloudvpc1 (with Aviatrix Gateway)
VPC/VNet CIDR: 10.1.1.0/16
VPC/VNet Subnet CIDR (public in AWS, GCP, or OCI): 10.1.1.0/24
VPC/VNet Private Subnet CIDR: 10.1.2.0/24
On-Prem (with Juniper SRX Firewall)
On-Prem Network CIDR: 10.0.0.0/16
On-prem Public Network CIDR: 10.0.3.0/24
On-prem Private Network CIDR: 10.0.2.0/24
Creating a Site2Cloud Connection at the Aviatrix Controller¶
- Go to Gateway > New Gateway to launch an Aviatrix Gateway at the subnet of VPC/VNet-multicloudvpc1 (public subnet for AWS, GCP, or OCI). Collect Gateway’s public IP addresses (3.213.233.93 in this example).
- Go to the Site2Cloud page and click Add New to create a Site2Cloud connection.
- Go to the Site2Cloud page. From the Site2Cloud connection table, select the connection created above (e.g. avx-SRX-S2C).
- Select Generic from the Vendor dropdown menu.
- Click the Download Configuration button to download the SRX Site2Cloud configuration.
- Save the configuration file as a reference for configuring your Juniper SRX.
The following is an SRX sample configuration based on the Site2Cloud configuration above.
Configuring JuniperSRX¶
Apply the following configuration to your SRX:
Troubleshooting and Verifying at the Aviatrix Controller¶
- At the Aviatrix Controller, select Site2Cloud from the left sidebar. Verify that the status of the Site2Cloud connection is up.
- At the Site2Cloud - Diagnostics page, run various diagnostics commands.
| Field | Value |
|---|---|
| VPC ID/VNet Name | VPC/VNet- multicloudvpc1 (Aviatrix Gateway VPC/VNet) ID |
| Connection | Name of the Site2Cloud connection created above |
| Gateway | Name of the Aviatrix Gateway |
| Action | One of the supported diagnostics commands |