Site2Cloud With Customized SNAT

This document demonstrates how to create a Site2Cloud connection between two VPCs by using a VGW and an Aviatrix gateway. The Aviatrix gateway also serves as a Source NAT device and translates source IPs of traffic initiated from a peering VPC to an IP address selected by users.

Environment Requirements

There are two VPCs as illustrated in the diagram below. The VPC-1 CIDR is 10.0.0.0/16 and the VPC-2 CIDR is 172.19.0.0/16. The Site2Cloud connection is between a VGW in VPC-1 and an Aviatrix gateway in VPC-2.

s2c-snat

You will also configure customized SNAT at the Aviatrix gateway, which translates the source IP of traffic initiated from VPC-1 (10.0.0.0/16) to a user selected IP address (192.168.1.10 in this example). This way, VPC-2 VMs will see all packets from VPC-1 with the same source IP address (192.168.1.10).

Steps to Configure Site2Cloud Connection and SNAT

  1. Install an Aviatrix gateway in VPC-2. Download and install the Aviatrix Gateways by following these instructions.

  2. Follow the instructions in one of these documents to create an Unmapped external connection between a VGW in VPC-1 and an Aviatrix gateway in VPC-2.

    Select the Generic Remote Gateway Type when you complete one of the above procedures. Any other Remote Gateways listed here are only valid with Controller version 6.7 or lower.

    The Site2Cloud external connection feature enables connections from one site (or datacenter) to other sites (including cloud environments).

  1. Update VPC-1 Route Tables at AWS portal to ensure that traffic with VPC-2 (172.19.0.0/16) as the destination takes the VGW as "Target":

    Field Value

    Destination

    172.19.0.0/16

    Target

    VGW ID

  2. Configure Customized SNAT at the Aviatrix gateway.

    1. In Aviatrix CoPilot, go to Cloud Fabric > Gateways > Spoke Gateways.

    2. Select the Aviatrix gateway created in VPC-2.

    3. On the Settings tab, expand the Network Address Translation (NAT) area.

    4. Turn On Source NAT.

    5. Select Customized SNAT.

    6. Configure the following SNAT rule.

    Field Value

    Source CIDR

    VPC-1 CIDR (10.0.0.0/16)

    Source Port

    Leave it blank

    Destination CIDR

    VPC-2 CIDR (172.19.0.0/16)

    Destination Port

    Leave it blank

    Protocol

    all

    Connection

    None

    Mark

    Leave it blank

    SNAT IPs

    User selected IP (192.168.1.10)

    SNAT Port

    Leave it blank

s2c-snat2
  1. Click Save.

  2. Slide Apply Route Entry On to commit the rule.

Test Site2Cloud Connection and SNAT

  • Go to Diagnostics > Cloud Routes > External Connections to verify that the external connection status is Up.

  • Ping from an Ubuntu VM in VPC-1 to another Ubuntu VM in VPC-2.

  • Turn on "tcpdump icmp -n" at the Ubuntu VM in VPC-2. Verify the source IP of the pings is 192.168.1.10.