Aviatrix Gateway to Sonicwall

This document describes how to build an IPsec tunnel based Site2Cloud connection between Aviatrix Gateway and Sonicwall.

The network setup is as follows:

VPC/VNet-AVX (with Aviatrix Gateway)

VPC/VNet CIDR: 10.0.0.0/16

On-Prem (with Sonicwall)

On-Prem Network CIDR: 10.16.100.0/24

Creating a Site2Cloud Connection at the Aviatrix Controller

  1. Go to Gateway > New Gateway to launch an Aviatrix Gateway at the subnet (public subnet in AWS, GCP, or OCI) of VPC/VNet-AVX. Collect Gateway’s public IP addresses (35.161.77.0 in this example).

  2. Go to the Site2Cloud page and click Add New to create a Site2Cloud connection.

Field

Value

VPC ID/VNet Name

Choose VPC/VNet ID of VPC-AVX

Connection Type

Unmapped

Connection Name

Arbitrary (e.g. avx-sonicwall-s2c)

Remote Gateway Type

Sonicwall

Tunnel Type

UDP

Algorithms

Unmark this checkbox

IKEv2

Unmark this checkbox

Encryption over DirectConnect

Unmark this checkbox

Enable HA

Unmark this checkbox

Primary Cloud Gateway

Select Aviatrix Gateway created above

Remote Gateway IP Address

Public IP of Sonicwall (66.7.242.225 in this example)

Pre-shared Key

Optional (auto-generated if not entered)

Remote Subnet

10.16.100.0/24 (On-Prem Network CIDR)

Local Subnet

10.0.0.0/16

Creating Address Objects for the VPN subnets

Navigate to Network > Address Objects > click Add.

Creating an Address Object for the Local Network

Field

Value

Name

Arbitrary e.g. Site2Cloud-local

Zone

LAN

Type

Network

Network

The LAN network range

Network Mask/Prefix

e.g. 255.255.255.0

image0

Creating an Address Object for the Cloud Network

Field

Value

Name

Arbitrary e.g. site2cloud-cloud

Zone

WAN

Type

Network

Network

The Cloud network range

Network Mask/Prefix

e.g. 255.255.0.0

image2

Configuring the VPN Tunnel

Navigate to VPN > Settings > click Add.

On the General tab fill in the following fields:

Field

Value

Policy Type

Site to site

Authentication Method

IKE using Preshared Secret

Name

Arbitrary (e.g. Aviatrix-GW)

IPsec Primary Gateway Address

The public IP of the Aviatrix Gateway

IPsec Secondary Gateway Address

The public IP of the Aviatrix HA Gateway if configured

Shared Secret

Arbitrary

Confirm Shared Secret

Re-enter Shared Secret

Local IKE ID

Leave blank

Peer IKE ID

Leave blank

image1

Assigning the Local and Remote Address Objects to the Tunnel

Select the Network tab and select the Address objects created above.

Choose local network from list: e.g. Site2Cloud-local.

  1. Select the Proposals tab and set the IKE and IPsec values.

Field

Value

Exchange

Main Mode

DH Group

Group2

Encryption

AES-256

Authentication

SHA1

Life Time (seconds)

28800

IPsec (Phase 2) Proposals

Field

Value

Protocol

ESP

Encryption

AES-256

Authentication

SHA1

Enable Perfect Forward Secrecy

Mark this checkbox

DH Group

Group 2

Life Time (seconds)

3600

image4

  • Note - If Secondary Peer IP is configured, then Peer IKE ID must be left blank or else failover will not work properly.

    image5

Advanced Settings

  • Click the Advance tab.

  • Mark the Enable Keep Alive checkbox.

  • Click OK to save.

image3