Static Route-Based External Connection (ActiveMesh)
Connect to a remote site that supports route-based VPN with static configuration from the Transit/BGP-enabled Spoke Gateway.
To set up a static route-based (ActiveMesh) external connection:
-
Go to Networking > Connectivity > External Connections (S2C) tab.
-
Click + External Connection.
-
Select or enter the following values:
Parameter |
Description |
||
Name |
A name for this connection. |
||
Connect Public Cloud to |
Select the External Device radio button. Click on the dropdown menu and select Static Route-Based (ActiveMesh). |
||
Local Gateway |
The name of the local gateway. This is the gateway in the cloud that will connect to an on-prem gateway or device. |
||
Remote Subnet CIDR(s) |
The subnet CIDR range(s) for the remote gateway, or the on-prem gateway you are connecting to the cloud. |
||
Over Private Network |
Select this option if your underlying infrastructure is private network, such as AWS Direct Connect and Azure ExpressRoute. When this option is selected, BGP and IPsec run over private IP addresses. |
||
IKEv2 |
Select the option to connect to the remote site using the IKEv2 protocol. This is the recommended protocol.
|
||
Algorithms |
If the Algorithms checkbox is unmarked, the default values will be used. If it is marked, you can set any of the fields defined below.
|
||
Learned CIDR Approval |
Enable this setting to set up an approval process for gateway learned CIDRs for this BGP external connection. This approval process improves security for your network. If an unapproved CIDR address attempts to access the connection, CoPilot sends an approval email to the CoPilot admin so that the admin can approve or block access. |
||
ActiveMesh Connection |
|||
+Remote Gateway |
Click here to add a remote gateway, or an on-prem gateway to connect to the cloud. |
||
Remote Gateway IP |
The IP address of the remote or on-prem device.
|
-
Click Save.
The new static route-based external connection appears in the table.