Aviatrix Gateway to Cisco ASA
This document describes how to build an IPsec tunnel based Site2Cloud connection between an Aviatrix Gateway and Cisco ASA Firewall.
The network setup is as follows:
VPC/VNet-AVX (with Aviatrix Gateway)
VPC/VNet CIDR: 10.0.0.0/16
VPC/VNet Public Subnet CIDR: 10.0.1.0/24
VPC/VNet Private Subnet CIDR: 10.0.2.0/24
On-Prem (with Cisco ASA Firewall)
On-Prem Network CIDR: 10.10.0.0/16
Creating an External Connection
-
In Aviatrix CoPilot, launch an Aviatrix Transit Gateway at the subnet (public subnet for AWS, GCP, or OCI) of VPC/VNet-AVX. Collect the Gateway’s public IP addresses (52.8.12.122 in this example).
-
Navigate to Networking > Connectivity > External Connections (S2C) to create a Site2Cloud connection using the values for one of the below options:
Substitute the following values:
-
Remote Gateway Type: Generic
-
Algorithms: turn Off
-
Remote Gateway IP: Public IP of ASA WAN port
-
Remote Subnet CIDR(s): 10.10.0.0/16 (VPC2 private subnet)
-
Local Subnet CIDR(s): 10.0.2.0/24 (VPC1 private subnet)
-
-
After the connection is created, select the vertical ellipsis menu for that connection and select Download Configuration.
-
In the Download Configuration dialog, select Cisco from the Vendor dropdown menu.
-
Select ASA 5500 Series from the Platform dropdown menu.
-
Select the proper ASA Software version from Software drop down list depending on your ASA running OS.
-
Click Download.
-
Save the configuration file as a reference for configuring your ASA.
The following is an excerpt of an ASA sample configuration based on the Site2Cloud configuration above.
Configuring Cisco ASA
-
Either SSH into the ASA or connect to it directly through its console port.
-
Issue the configure terminal command in privileged EXEC mode to start global configuration mode. The prompt changes to the following :
hostname(config)#
-
Enter the CLIs as per the downloaded configuration. Note that you may need to modify these CLIs to fit your ASA configuration.
Verifying the Connection Status
In CoPilot, go to the Diagnostics > Cloud Routes > External Connections tab to confirm the Status and Tunnel Status of the external connection.
Troubleshooting
You can use the Diagnostic Tools (under Diagnostics in the left navigation menu) to troubleshoot any connection issues.
For support, please open a support ticket at Aviatrix Support Portal.