Aviatrix Gateway to Aviatrix Gateway

This section describes how to configure an IPsec tunnel between an Aviatrix Gateway and another Aviatrix Gateway using Aviatrix Site2Cloud.

There are only a couple of reasons to use Site2Cloud when connecting two Aviatrix Gateways:

  1. You have overlapping CIDR blocks but need to peer two VPC/VNets.

  2. The two Aviatrix Gateways are not part of the same Controller (i.e., one is at your customer and the other one is in your environment).

Deployment

There are two Aviatrix Gateways in this scenario. Since you are using the Site2Cloud feature, you must configure each side of the tunnel individually.

In this procedure the gateways are referred to as Gateway A and Gateway B. You can pick either gateway to be Gateway A or Gateway B.

Configure Tunnel from Gateway A to Gateway B

  1. Follow the steps in Site2Cloud Configuration Workflow to create a Mapped or Unmapped external (Site2Cloud) connection. Use this table for specific field values.

    Field Description

    Connect Public Cloud to

    External Device: Static Route-Based/Static Route-Based (Mapped)/Static Policy-Based/Static Policy-Based (Mapped)

    Local Gateway

    Select Gateway A from the dropdown.

    Remote Gateway Type

    Aviatrix

    Remote Gateway IP

    Enter the public IP address of Gateway B.

    Pre-shared Key

    Leave blank and Aviatrix will generate

  2. Click Save.

  3. Once complete, click the vertical ellipsis 25 menu next to the new external connection and select Download Configuration.

  4. Select Aviatrix for Vendor, UCC for Platform and 1.0 for Software.

  5. Click Download. You can use the information in this file to create the other side of the tunnel.

Configure Tunnel from Gateway B to Gateway A

  1. Go to Networking > Connectivity > External Connections (S2C).

  2. Create a new external connection using the information from the downloaded configuration file. Use this table for specific values:

    Field Description

    Connect Public Cloud to

    External Device: Static Route-Based/Static Route-Based (Mapped)/Static Policy-Based/Static Policy-Based (Mapped)

    Local Gateway

    Select Gateway B from the dropdown.

    Remote Gateway Type

    Aviatrix

    Remote Gateway IP

    Enter the public IP address of Gateway A.

    Pre-shared Key

    Leave blank and Aviatrix will generate

  3. Click Save.

Test

Once complete, you can check tunnel status at Diagnostics > Cloud Routes > External Connections.

Troubleshoot

Wait 2-3 minutes for the tunnel to come up. If it does not come up within that time, check the IP addresses to confirm they are accurate. Additional troubleshooting is available at Diagnostics > Diagnostic Tools.