Aviatrix Gateway to AWS VGW

Overview

This document describes how to configure an IPsec tunnel between an Aviatrix Gateway and an AWS Virtual Private Gateway (VGW).

gw2vgw

Deployment Guide

For this use case, we will configure the AWS VGW VPN connection first and then download the configuration from AWS and import it into Aviatrix.

Create the VPN Connection

Note

Prerequisites

  1. You have a VGW created and attached to a VPC
  2. You have an Aviatrix Gateway provisioned in a different VPC. You will need this gateway’s public IP address for the steps below.
  1. Login to your AWS VPC Dashboard in the region where your VGW is located

  2. Create a new Customer Gateway

    awscg

    Field Description
    Name Enter any name here
    Routing Select Static
    IP Address Enter the Aviatrix Gateway’s public IP
  3. Create a VPN Connection

    awsvpn

    Field Description
    Name Enter any name here
    Virtual Private Gateway Select your VGW
    Customer Gateway Select Existing
    Routing Options Select Static
    Static IP Prefixes Enter the CIDR(s) of the VPC where the Aviatrix Gateway resides.
    Tunnel Options Leave blank/default
  4. Select the VPN you just created and click the Download Configuration button along the top. At the dialog, select Generic for the Vendor, Generic for the Platform and Vendor Agnostic for the Software

  5. Follow the steps in this guide. Use this table for specific field values

    Field Description
    VPC ID/VNet Name Select Gateway A VPC or VNet from the drop down.
    Remote Gateway Type Aviatrix
    Registered Leave unchecked
    Primary Cloud Gateway Select Gateway A from the list
    Remote Gateway IP Address Enter the public IP address of Gateway B.
    Pre-shared Key Leave blank and Aviatrix will generate
  6. Once complete, select the newly created tunnel in the list

  7. Select Aviatrix for Vendor, UCC for Platform and 1.0 for Software.

  8. Click Download Configuration. You will use this file to create the other side of the tunnel.

    awsdownloadvpnconfig

Configure Aviatrix

  1. Login to your Aviatrix Controller

  2. Follow the steps in this guide. Use this table for specific field values

    Field Description
    VPC ID/VNet Name Select the Aviatrix Gateway VPC or VNet from the drop down.
    Connection Type Unmapped
    Remote Gateway Type AWS VGW
    Algorithms Checked
  3. Open the configuration file from the previous section. Scroll to the #1: Internet Key Exchange Configuration section.

    Phase 1 Configuration

    Field Description
    Phase 1 Authentication Select the value that matches the value Internet Key Exchange Configuration > Authentication Algorithm
    Phase 1 DH Groups Select the value that matches the value Internet Key Exchange Configuration > Diffie-Hellman
    Phase 1 Encryption Select the value that matches the value Internet Key Exchange Configuration > Encryption Algorithm

    avxphase1config

  4. Open the configuration file from the previous section. Scroll to the #2: IPSec Configuration section.

    Phase 2 Configuration

    Field Description
    Phase 2 Authentication Select the value that matches the value IPSec Configuration > Authentication Algorithm
    Phase 2 DH Groups Select the value that matches the value IPSec Configuration > Perfect Forward Secrecy
    Phase 2 Encryption Select the value that matches the value IPSec Configuration > Encryption Algorithm

    avxphase2config

  5. Populate the remaining fields.

    Field Description
    Remote Gateway IP Address Enter the value that matches the value Tunnel Interface Configuration > Outside IP Addresses > Virtual Private Gateway
    Pre-shared Key Enter the value that matches the value Internet Key Exchange Configuration > Pre-Shared Key

    tunnelconfig

Test

Once complete, test the communiation using the tunnel

Troubleshooting

Wait 2-3 minutes for the tunnel to come up. If it does not come Up within that time, check the IP addresses to confirm they are accurate. Additional troubleshooting is available in the Diagnositics tab.