Site2Cloud With Customized SNAT
This document demonstrates how to create a Site2Cloud connection between two VPCs by using a VGW and an Aviatrix gateway. The Aviatrix gateway also serves as a Source NAT device and translates source IPs of traffic initiated from a peering VPC to an IP address selected by users.
Environment Requirements
There are two VPCs as illustrated in the diagram below. The VPC-1 CIDR is 10.0.0.0/16 and the VPC-2 CIDR is 172.19.0.0/16. The Site2Cloud connection is between a VGW in VPC-1 and an Aviatrix gateway in VPC-2.
You will also configure customized SNAT at the Aviatrix gateway, which translates the source IP of traffic initiated from VPC-1 (10.0.0.0/16) to a user selected IP address (192.168.1.10 in this example). This way, VPC-2 VMs will see all packets from VPC-1 with the same source IP address (192.168.1.10).
Steps to Configure Site2Cloud Connection and SNAT
-
Install an Aviatrix gateway in VPC-2. Download and install the Aviatrix Gateways by following these instructions.
-
Follow the instructions in one of these documents to create an Unmapped external connection between a VGW in VPC-1 and an Aviatrix gateway in VPC-2.
Select the Generic Remote Gateway Type when you complete one of the above procedures. Any other Remote Gateways listed here are only valid with Controller version 6.7 or lower.
The Site2Cloud external connection feature enables connections from one site (or datacenter) to other sites (including cloud environments).
-
Update VPC-1 Route Tables at AWS portal to ensure that traffic with VPC-2 (172.19.0.0/16) as the destination takes the VGW as "Target":
Field Value Destination
172.19.0.0/16
Target
VGW ID
-
Configure Customized SNAT at the Aviatrix gateway.
-
In Aviatrix CoPilot, go to Cloud Fabric > Gateways > Spoke Gateways.
-
Select the Aviatrix gateway created in VPC-2.
-
On the Settings tab, expand the Network Address Translation (NAT) area.
-
Turn On Source NAT.
-
Select Customized SNAT.
-
Configure the following SNAT rule.
Field Value Source CIDR
VPC-1 CIDR (10.0.0.0/16)
Source Port
Leave it blank
Destination CIDR
VPC-2 CIDR (172.19.0.0/16)
Destination Port
Leave it blank
Protocol
all
Connection
None
Mark
Leave it blank
SNAT IPs
User selected IP (192.168.1.10)
SNAT Port
Leave it blank
-
-
Click Save.
-
Slide Apply Route Entry On to commit the rule.
Test Site2Cloud Connection and SNAT
-
Go to Diagnostics > Cloud Routes > External Connections to verify that the external connection status is Up.
-
Ping from an Ubuntu VM in VPC-1 to another Ubuntu VM in VPC-2.
-
Turn on "tcpdump icmp -n" at the Ubuntu VM in VPC-2. Verify the source IP of the pings is 192.168.1.10.