Aviatrix Gateway to Juniper SRX

This document describes how to build an IPsec tunnel-based Site2Cloud connection between an Aviatrix Gateway and a JuniperSRX Firewall.

The network setup is as follows:

VPC/VNet-multicloudvpc1 (with Aviatrix Gateway)


VPC/VNet Subnet CIDR (public in AWS, GCP, or OCI):

VPC/VNet Private Subnet CIDR:

On-Prem (with Juniper SRX Firewall)

On-Prem Network CIDR:

On-prem Public Network CIDR:

On-prem Private Network CIDR:

Creating a Site2Cloud Connection at the Aviatrix Controller

  1. Go to Gateway > New Gateway to launch an Aviatrix Gateway at the subnet of VPC/VNet-multicloudvpc1 (public subnet for AWS, GCP, or OCI). Collect Gateway’s public IP addresses ( in this example). image1

  2. Go to the Site2Cloud page and click Add New to create a Site2Cloud connection.

  1. Go to the Site2Cloud page. From the Site2Cloud connection table, select the connection created above (e.g. avx-SRX-S2C).
    • Select Generic from the Vendor dropdown menu.

    • Click the Download Configuration button to download the SRX Site2Cloud configuration.

    • Save the configuration file as a reference for configuring your Juniper SRX.


    The following is an SRX sample configuration based on the Site2Cloud configuration above.


Configuring JuniperSRX

Apply the following configuration to your SRX:

Troubleshooting and Verifying at the Aviatrix Controller

  1. At the Aviatrix Controller, select Site2Cloud from the left sidebar. Verify that the status of the Site2Cloud connection is up.


  2. At the Site2Cloud - Diagnostics page, run various diagnostics commands.



VPC ID/VNet Name

VPC/VNet- multicloudvpc1 (Aviatrix Gateway VPC/VNet) ID


Name of the Site2Cloud connection created above


Name of the Aviatrix Gateway


One of the supported diagnostics commands