Static Route-Based External Connection (Mapped)
Connect overlapping networks between the cloud and on-prem from a Spoke Gateway.
To set up a static route-based (Mapped) external connection:
-
Go to Networking > Connectivity > External Connections (S2C) tab.
-
Click + External Connection.
-
Select or enter the following values:
Parameter |
Description |
||||
Name |
A name for this connection. |
||||
Connect Public Cloud to |
Select the External Device radio button. Click on the dropdown menu and select Static Route-Based (Mapped). To create a Custom Mapped connection, click on the Custom Mapped toggle switch to turn it ON. See the Custom Mapped section below for instructions. |
||||
Local Gateway |
The name of the local gateway. This is the gateway in the cloud that will connect to an on-prem gateway or device. |
||||
Real Local Subnet CIDR(s) |
Specify a list of the source network CIDRs that will be encrypted. If left blank, the full CIDR is used. If you enter a value, make sure you include the VPC/VNet as well. These Local Subnets are advertised to Remote Subnets that the connection can reach. Examples of real local subnets are 172.16.1.0/24, 172.16.2.0/24.
|
||||
Virtual Local Subnet CIDR(s) |
Specify a list of virtual local network CIDRs that are mapped to the real local subnet (for example, for the real CIDRs listed above for the real local subnet, you can have these virtual local subnets: 192.168.7.0/24, 192.168.8.0/24). |
||||
Remote Gateway Type |
Any other Remote Gateways listed here are only valid with Controller version 6.7 or lower. If using a higher Controller version, only select Generic or Aviatrix. |
||||
Real Remote Subnet CIDR(s) |
Specify a list of the destination network CIDRs that will be encrypted (for example, 10.10.1.0/24, 10.10.2.0/24). |
||||
Virtual Remote Subnet CIDR(s) |
Specify a list of virtual remote network CIDRs that are mapped to the real remote subnet (for example, for the real CIDRs listed above, you can have these virtual remote subnets: 192.168.1.0/24, 192.168.2.0/24). |
Custom Mapped Connection
Parameter |
Description |
||||
Local Gateway |
The name of the local gateway. This is the gateway in the cloud that will connect to an on-prem gateway or device. |
||||
Remote Gateway Type |
|
||||
Local Initiated Traffic |
|||||
Real Source Subnet CIDR(s) |
Specify a list of the source network CIDRs that will be encrypted. If left blank, the full CIDR is used. If you enter a value, make sure you include the VPC/VNet as well. These Local Subnets are advertised to Remote Subnets that the connection can reach. Examples of real local subnets are 172.16.1.0/24, 172.16.2.0/24.
|
||||
Virtual Source Subnet CIDR(s) |
Specify a list of virtual source network CIDRs that are mapped to the real source subnet (for example, for the real CIDRs listed above for the real source subnet, you can have these virtual source subnets: 192.168.7.0/24, 192.168.8.0/24). |
||||
Real Destination Subnet CIDR(s) |
Specify a list of the source network CIDRs that will be encrypted. If left blank, the full CIDR is used. If you enter a value, make sure you include the VPC/VNet as well. These Destination Subnets are advertised to Remote Subnets that the connection can reach. Examples of real local subnets are 172.16.1.0/24, 172.16.2.0/24.
|
||||
Real Source Subnet CIDR(s) |
Specify a list of the source network CIDRs that will be encrypted. If left blank, the full CIDR is used. If you enter a value, make sure you include the VPC/VNet as well. These Local Subnets are advertised to Remote Subnets that the connection can reach. Examples of real local subnets are 172.16.1.0/24, 172.16.2.0/24.
|
||||
Remote Initiated Traffic |
|||||
Real Source Subnet CIDR(s) |
Specify a list of the source network CIDRs that will be encrypted. If left blank, the full CIDR is used. If you enter a value, make sure you include the VPC/VNet as well. These Local Subnets are advertised to Remote Subnets that the connection can reach. Examples of real local subnets are 172.16.1.0/24, 172.16.2.0/24.
|
||||
Virtual Source Subnet CIDR(s) |
Specify a list of virtual source network CIDRs that are mapped to the real source subnet (for example, for the real CIDRs listed above for the real source subnet, you can have these virtual source subnets: 192.168.7.0/24, 192.168.8.0/24). |
||||
Real Destination Subnet CIDR(s) |
Specify a list of the source network CIDRs that will be encrypted. If left blank, the full CIDR is used. If you enter a value, make sure you include the VPC/VNet as well. These Destination Subnets are advertised to Remote Subnets that the connection can reach. Examples of real local subnets are 172.16.1.0/24, 172.16.2.0/24.
|
||||
Real Source Subnet CIDR(s) |
Specify a list of the source network CIDRs that will be encrypted. If left blank, the full CIDR is used. If you enter a value, make sure you include the VPC/VNet as well. These Local Subnets are advertised to Remote Subnets that the connection can reach. Examples of real local subnets are 172.16.1.0/24, 172.16.2.0/24.
|
Advanced Settings
Parameter |
Description |
Authentication Method |
You can authenticate the connection using PSK or certificate-based authentication.
|
Over Private Network |
Select this option if your underlying infrastructure is private network, such as AWS Direct Connect and Azure ExpressRoute. See the "How does it work" section for more details. When this option is selected, BGP and IPsec run over private IP addresses. |
IKev2 |
Select the option to connect to the remote site using the IKEv2 protocol. This is the recommended protocol. If you configure IKEv1 in a connection that uses certificate-based authentication and is connecting to another Aviatrix device, you must add the intermediate CAs in addition to the root CA. When an intermediate CA is renewed and re-authentication is attempted, the connection will go down until you add the new certificate. |
Algorithms |
If the Algorithms checkbox is unmarked, the default values will be used. If it is marked, you can set any of the fields defined below.
|
Connection |
|
+Single IP HA |
Enable this setting to set up High Availability (HA) instances for each new connection that can go up if the primary instance goes down. When active, each standby instance will use the same IP address as the remote connection. |
Remote Gateway IP |
Enter the IP address for the remote gateway.
|
-
Click Create.
The new static route-based external connection appears in the table.