Skip to main content

Overview

IPsec VPN (Internet Protocol Security Virtual Private Network) is a secure network protocol suite that authenticates and encrypts data packets sent over an IP network. Aviatrix leverages IPsec VPN technology to establish secure, encrypted tunnels between your cloud infrastructure and on-premises networks or other cloud environments.

Key Features

Secure Site-to-Cloud Connectivity

IPsec VPN enables secure connections between:
  • On-premises data centers and cloud VPCs/VNets
  • Different cloud provider environments (multi-cloud)
  • Branch offices and cloud resources
  • Third-party networks and your cloud infrastructure

Encryption and Authentication

Aviatrix IPsec VPN supports industry-standard encryption and authentication:
  • IKEv1 and IKEv2 - Internet Key Exchange protocols for secure key establishment
  • AES-256 - Advanced Encryption Standard with 256-bit keys
  • SHA-256/SHA-384/SHA-512 - Secure Hash Algorithm options for integrity verification
  • Pre-shared keys (PSK) and certificate-based authentication

High Availability

IPsec VPN tunnels can be configured with high availability options:
  • Active-active tunnel configurations
  • Automatic failover between primary and backup tunnels
  • Health monitoring and automatic tunnel recovery

Architecture

Aviatrix IPsec VPN integrates with the overall network architecture through:
  1. Aviatrix Gateways - Act as VPN endpoints in the cloud
  2. Site2Cloud connections - Managed IPsec tunnels to external networks
  3. Transit Gateways - Central hub for aggregating VPN connections

Use Cases

Hybrid Cloud Connectivity

Connect your on-premises infrastructure to cloud resources securely using IPsec tunnels. This enables workload migration, disaster recovery, and hybrid application deployments.

Multi-Cloud Networking

Establish secure connections between different cloud providers (AWS, Azure, GCP, OCI) using IPsec VPN when native cloud interconnect options are not available or cost-effective.

Partner and Customer Connectivity

Securely connect with partners, customers, or third-party services that require encrypted network connectivity to your cloud environment.

Next Steps

To configure IPsec VPN connections in your Aviatrix environment:
  1. Ensure your Aviatrix Controller and Gateways are deployed
  2. Gather the required information from your remote network (peer IP, pre-shared key, network CIDRs)
  3. Create a Site2Cloud connection in CoPilot or via Terraform
  4. Verify tunnel status and test connectivity
For detailed configuration instructions, refer to the Aviatrix documentation on Site-to-Cloud connections.