What does Site2Cloud do?¶
Site2Cloud builds an encrypted connection between two sites over the Internet, in an easy to use and template driven manner. Its workflow is similar to AWS VGW or Azure VPN.
On one end of the tunnel is an Aviatrix gateway. On the other end could be a on-prem router, firewall or another public cloud VPC/VNet where the Aviatrix Controller does not manage.
What are the use cases for Site2Cloud?¶
Here are the popular use cases:
- SaaS provider to its customer site If you need to move data continuously and securely from customer or partner sites to your SaaS service hosted in AWS, Azure or Google, building an encrypted tunnel between the customer site to you is required.
- Branch offices to cloud If you have many branch offices that need to access applications hosted in AWS or Azure, using Site2Cloud is the most economical way to build a secure tunnel. Why pay extra to SD-WAN vendors to go through their “cloud” when you can use your existing Internet connection?
Why should I consider using Aviatrix Site2Cloud?¶
Read this comparison analysis to learn why you should use Aviatrix.
In addition, Aviatrix provides a simple point and click user interface for you to build and manage a large deployment.
Does site2cloud support HA?¶
Yes. Enable HA when configuring a site2cloud connection.
What are the encryption algorithms supported?¶
|Phase 1 Authentication||SHA-1, SHA-512, SHA-384, SHA-256|
|Phase 1 DH Groups||2, 1, 5, 14, 15, 16, 17, 18, 19|
|Phase 1 Encryption||AES-256-CBC, AES-192-CBC, AES-128-CBC, 3DES|
|Phase 2 Authentication||HMAC-SHA-1, HMAC-SHA-512, HMAC-SHA-384, HMAC-SHA-256, NO-AUTH|
|Phase 2 DH Groups||2, 1, 5, 14, 15, 16, 17, 18, 19|
|Phase 2 Encryption||AES-256-CBC, AES-192-CBC, AES-128-CBC, AES-128-GCM-96, AES-256-GCM-128, 3DES, NULL-ENCR|
Is IKEv2 supported?¶
How frequent are keys rotated?¶
Re-key for IKE phase 1 is every 8 hours. Re-key for IKE phase 2 is every hour.
Are there configuration examples with other devices?¶
Aviatrix site2cloud supports all types of on-prem firewall and router devices that terminate VPN connection. Below are configuration examples to specific devices.
Are there any tech notes on solving overlapping IP addresses?¶
Here are a few documents in the Tech Notes session that demonstrate how you can solve some of them.