Static Route-Based External Connection (ActiveMesh)

Connect to a remote site that supports route-based VPN with static configuration from the Transit/BGP-enabled Spoke Gateway.

To set up a static route-based (ActiveMesh) external connection:

  1. Go to Networking > Connectivity > External Connections (S2C) tab.

  2. Click + External Connection.

  3. Select or enter the following values:

Parameter

Description

Name

A name for this connection.

Connect Public Cloud to

Select the External Device radio button. Click on the dropdown menu and select Static Route-Based (ActiveMesh).

Local Gateway

The name of the local gateway. This is the gateway in the cloud that will connect to an on-prem gateway or device.

Remote Subnet CIDR(s)

The subnet CIDR range(s) for the remote gateway, or the on-prem gateway you are connecting to the cloud.

Over Private Network

Select this option if your underlying infrastructure is private network, such as AWS Direct Connect and Azure ExpressRoute. When this option is selected, BGP and IPsec run over private IP addresses.

IKEv2

Select the option to connect to the remote site using the IKEv2 protocol. This is the recommended protocol.

If you configure IKEv1 in a connection that uses certificate-based authentication and is connecting to another Aviatrix device, you must add the intermediate CAs in addition to the root CA. When an intermediate CA is renewed and re-authentication is attempted, the connection will go down until you add the new certificate.

Algorithms

If the Algorithms checkbox is unmarked, the default values will be used. If it is marked, you can set any of the fields defined below.

  • Phase 1 Authentication

  • Phase 1 DH Groups

  • Phase 1 Encryption

  • Phase 2 Authentication

  • Phase 2 DH Groups

  • Phase 2 Encryption

Learned CIDR Approval

Enable this setting to set up an approval process for gateway learned CIDRs for this BGP external connection. This approval process improves security for your network. If an unapproved CIDR address attempts to access the connection, CoPilot sends an approval email to the CoPilot admin so that the admin can approve or block access.

ActiveMesh Connection

+Remote Gateway

Click here to add a remote gateway, or an on-prem gateway to connect to the cloud.

Remote Gateway IP

The IP address of the remote or on-prem device.

  • Remote Gateway IP - Enter the IP address for the remote gateway.

  • Local Gateway Instance - Enter the IP address for the local gateway.

  • Pre-Shared Key - Enter the pre-shared key for this connection.

  1. Click Save.

The new static route-based external connection appears in the table.