Site2Cloud With Customized SNAT¶
This tech note describes how to create a Site2Cloud connection between two VPCs by using a VGW and an Aviatrix gateway. The Aviatrix gateway also serves as a source NAT device and translates source IP address of the traffic initiated from a peering VPC to an IP address selected by users.
There are two VPCs as illustrated in the diagram below. VPC-1’s CIDR is 10.0.0.0/16 and VPC-2’s CIDR is 172.19.0.0/16. The Site2Cloud connection is between a VGW in VPC-1 and an Aviatrix gateway in VPC-2.
We will also configure customized SNAT at the Aviatrix gateway, which translates the source IP of traffic initiated from VPC-1 (10.0.0.0/16) to a user selected IP address (192.168.1.10 in this example). In this way, VPC-2 VMs will see all packets from VPC-1 with the same source IP address (192.168.1.10)
Steps to Configure Site2Cloud Connection and SNAT¶
- Step 1: Install an Aviatrix gateway in VPC-2.
Download and install the Aviatrix Gateways by following the instructions in this document
Don’t select “Enable SNAT” when creating the new gateway in VPC-2.
- Step 2: Create a Site2Cloud connection between a VGW in VPC-1 and an Aviatrix gateway in VPC-2
In the Aviatrix terminology, Site2Cloud is the name of the feature that enables connections from one site (or datacenter) to other sites (including cloud environments).
Please follow the instructions in this document to create the Site2Cloud connection.
- Step 3: Update VPC-1 Route Tables at AWS portal
Update VPC-1 route tables to ensure that traffic destinating to VPC-2 (172.19.0.0/16) takes the VGW as “Target”:
- Step 4: Configure Customized SNAT at the Aviatrix gateway
a. Log into the Controller and go to “Gateway” page.
b. Select the Aviatrix gateway created in VPC-2.
c. Click “Edit” button and go to “Source NAT” section.
d. Select “Customized SNAT”.
e. Configure the following SNAT rule.
|Source CIDR||VPC-1 CIDR (10.0.0.0/16)|
|Source Port||Leave it blank|
|Destination CIDR||VPC-2 CIDR (172.19.0.0/16)|
|Destination Port||Leave it blank|
|Mark||Leave it blank|
|SNAT IPs||User selected IP (192.168.1.10)|
|SNAT Port||Leave it blank|
f. Click “Save” and “Enable SNAT” buttons
Test site2cloud Connection and SNAT¶
a. Go to the “Site2Cloud” page and verify that the Site2Cloud connection status is “Up”.
b. Pings from an Ubuntu VM in VPC-1 to another Ubuntu VM in VPC-2.
c. Turn on “tcpdump icmp -n” at the Ubuntu VM in VPC-2. Verify the source IP of the pings is 192.168.1.10.