Multicloud Transit to External Devices Workflow

This document describes the workflow to connect an Aviatrix Transit Gateway to an external (or third party) router or firewall.

Deploying a Transit Gateway

If you have not launched an Aviatrix Transit Gateway, then follow the instructions for deploying an Aviatrix Transit Gateway in the Multicloud Transit Network Workflow.

Setting up the External Device Connection

  1. In CoPilot, navigate to Networking > Connectivity > External Connections (S2C) tab.

  2. Click + External Connection.

  3. Select one of the following from the Connect Public Cloud to area:

Downloading the External Connection Configuration

You can generate a remote site configuration template. This template file contains the gateway public IP address, VPC/VNet CIDR, pre-shared secret and encryption algorithm. You can import the information to your remote router/firewall configuration.

To download an external connection configuration:

  1. Go to Networking > Connectivity > External Connections (S2C).

  2. On the External Connections (S2C) tab, locate the connection you created and click the vertical ellipsis 25 icon in that row.

  3. Click Download Configuration.

  4. Enter the following values:

    • Vendor: select your remote site device from the Vendor menu, or use the Generic/Vendor Independent template (you select Generic for anything that is not an Aviatrix gateway. If you are connecting two Aviatrix gateways, you select Aviatrix as the vendor).

    • Platform: If you select a Generic vendor, the Platform field is populated as Generic, and the Software field is populated with Vendor Independent.

      If you select the Aviatrix vendor, the Platform is populated with UCC, and the Software version is 1.0. If you select a specific hardware vendor (such as Cisco), available platforms belonging to that vendor are displayed in the Platform field (ISR, ASR, and CSR are for Cisco routers), and the Software field is populated with the related software version.

  5. Click Download.

Using the Downloaded Configuration

If connecting two Aviatrix gateways, you use the information from the downloaded configuration when creating the other side of the tunnel. Gateways can be created in different Controllers or in the same Controller. See Aviatrix Gateway to Aviatrix Gateway for more information.

If connecting an Aviatrix gateway to a firewall or other on-prem vendor, you can use the downloaded configuration information to populate the necessary information in your firewall UI.

Configuring the External Device

Use the information provided in the configuration file to configure the on-prem device with IPsec tunnel and BGP.

See:

Disconnecting the External Device Connection

To disconnect an external device connection:

  1. Go to Networking > Connectivity > External Connections (S2C) tab.

  2. Locate the connection and click the Delete icon.

  3. Click Confirm.

The external connection is deleted.