How can I use Aviatrix to connect one site with another using IPsec VPN?

Aviatrix gateways can be used to connect one site to another. This solution requires one Aviatrix gateway in each location that needs to be connected. These on-premises gateways can be deployed as virtual machines on VMware, KVM or Hyper-V.

Environment Requirements

An Aviatrix site-to-site deployment is accomplished by one gateway initializing an IPSec session with the other gateway. For this to work, at least one of the gateways needs to be accessible via a public IP address. This can be accomplished by setting up the public IP address on the edge router on premises and configuring NAT from that public IP address to the Aviatrix VM. The only ports that need to be forwarded from the edge router to the VM are UDP ports 500 and 4500.

On the other site, the second gateway does not need a public IP assigned to the Aviatrix gateway. This second gateway will reach outbound to the first Aviatrix GW (GW1).

The last requirement is to configure static routes in the internal routers (default gateway of the Aviatrix VM) in both the sites. This static route should send traffic destined to the other site to the Aviatrix GW as the next hop.

Steps to Configure IPSec Connectivity

Step 1: Install Aviatrix gateway in each site.

Download and install the Aviatrix gateway VMs by following instructions in this document:

Step 2: Configure Site2Cloud in Gateway 1.

Note: In the Aviatrix terminology, Site2Cloud is the name of the feature that enables connections from one site (or datacenter) to other sites (including cloud environments).

    1. Log into the Web UI of the first gateway (GW1).
    2. Click on Site2Cloud in the navigation pane.
    3. Click on the Add New Connection button.

    1. Fill out the details in the Site2Cloud form as shown below:
      1. Remote Gateway IP is the public IP of the other site.
      2. Remote Subnet is the CIDR (or comma-separated CIDRs) of the other site.
      3. Local Subnet is the CIDRs in the local site.

      1. Click OK. You will see the connection listed in the Site2Cloud UI.
      2. Click on the connection from the list. You will see “Edit Site2Site” options appear under the list.

      1. Select Aviatrix in the Vendor dropdown.
      2. Click on the Download Configuration button. This will download a text file (.txt) to your local machine.
      3. Log in to Gateway 2’s web UI on the other site (GW2).
      4. Go to the Site2Cloud page.
      5. Click on Add New Connection.
      6. Locate the Import button at the bottom of the screen.
      7. Select the text file you downloaded from the other gateway. This will auto populate the details in the form.
      8. Click “OK”.
      9. This will start the IPsec negotiations between both gateways. You should see the connection status change to “Up” within a few minutes.

      Please reach out to [email protected] if you have any questions.