Multicloud Transit to External Devices Workflow
This document describes the workflow to connect an Aviatrix Transit Gateway to an external (or third party) router or firewall.
Deploying a Transit Gateway
If you have not launched an Aviatrix Transit Gateway, then follow the instructions for deploying an Aviatrix Transit Gateway in the Multicloud Transit Network Workflow.
Setting up the External Device Connection
-
In CoPilot, navigate to Networking > Connectivity > External Connections (S2C) tab.
-
Click + External Connection.
-
Select one of the following from the Connect Public Cloud to area:
Downloading the External Connection Configuration
You can generate a remote site configuration template. This template file contains the gateway public IP address, VPC/VNet CIDR, pre-shared secret and encryption algorithm. You can import the information to your remote router/firewall configuration.
To download an external connection configuration:
-
Go to Networking > Connectivity > External Connections (S2C).
-
On the External Connections (S2C) tab, locate the connection you created and click the vertical ellipsis icon in that row.
-
Click Download Configuration.
-
Enter the following values:
-
Vendor: select your remote site device from the Vendor menu, or use the Generic/Vendor Independent template (you select Generic for anything that is not an Aviatrix gateway. If you are connecting two Aviatrix gateways, you select Aviatrix as the vendor).
-
Platform: If you select a Generic vendor, the Platform field is populated as Generic, and the Software field is populated with Vendor Independent.
If you select the Aviatrix vendor, the Platform is populated with UCC, and the Software version is 1.0. If you select a specific hardware vendor (such as Cisco), available platforms belonging to that vendor are displayed in the Platform field (ISR, ASR, and CSR are for Cisco routers), and the Software field is populated with the related software version.
-
-
Click Download.
Using the Downloaded Configuration
If connecting two Aviatrix gateways, you use the information from the downloaded configuration when creating the other side of the tunnel. Gateways can be created in different Controllers or in the same Controller. See Aviatrix Gateway to Aviatrix Gateway for more information.
If connecting an Aviatrix gateway to a firewall or other on-prem vendor, you can use the downloaded configuration information to populate the necessary information in your firewall UI.