Site2Cloud With Customized SNAT

This document demonstrates how to create a Site2Cloud connection between two VPCs by using a VGW and an Aviatrix gateway. The Aviatrix gateway also serves as a Source NAT device and translates source IPs of traffic initiated from a peering VPC to an IP address selected by users.

Environment Requirements

There are two VPCs as illustrated in the diagram below. The VPC-1 CIDR is 10.0.0.0/16 and the VPC-2 CIDR is 172.19.0.0/16. The Site2Cloud connection is between a VGW in VPC-1 and an Aviatrix gateway in VPC-2.

You will also configure customized SNAT at the Aviatrix gateway, which translates the source IP of traffic initiated from VPC-1 (10.0.0.0/16) to a user selected IP address (192.168.1.10 in this example). This way, VPC-2 VMs will see all packets from VPC-1 with the same source IP address (192.168.1.10).

Steps to Configure Site2Cloud Connection and SNAT

Install an Aviatrix gateway in VPC-2. Download and install the Aviatrix Gateways by following these instructions.

Follow the instructions in one of these documents to create an Unmapped external connection between a VGW in VPC-1 and an Aviatrix gateway in VPC-2.

Select the Generic Remote Gateway Type when you complete one of the above procedures. Any other Remote Gateways listed here are only valid with Controller version 6.7 or lower.

The Site2Cloud external connection feature enables connections from one site (or datacenter) to other sites (including cloud environments).

Update VPC-1 Route Tables at AWS portal to ensure that traffic with VPC-2 (172.19.0.0/16) as the destination takes the VGW as "Target":

Field Value

Destination

172.19.0.0/16

Target

VGW ID

Field	Value
Destination	172.19.0.0/16
Target	VGW ID

Configure Customized SNAT at the Aviatrix gateway.

In Aviatrix CoPilot, go to Cloud Fabric > Gateways > Spoke Gateways.
Select the Aviatrix gateway created in VPC-2.
On the Settings tab, expand the Network Address Translation (NAT) area.
Turn On Source NAT.
Select Customized SNAT.
Configure the following SNAT rule.

Field	Value
Source CIDR	VPC-1 CIDR (10.0.0.0/16)
Source Port	Leave it blank
Destination CIDR	VPC-2 CIDR (172.19.0.0/16)
Destination Port	Leave it blank
Protocol	all
Connection	None
Mark	Leave it blank
SNAT IPs	User selected IP (192.168.1.10)
SNAT Port	Leave it blank

Field

Value

Source CIDR

VPC-1 CIDR (10.0.0.0/16)

Source Port

Leave it blank

Destination CIDR

VPC-2 CIDR (172.19.0.0/16)

Destination Port

Leave it blank

Protocol

all

Connection

None

Mark

Leave it blank

SNAT IPs

User selected IP (192.168.1.10)

SNAT Port

Leave it blank

Click Save.
Slide Apply Route Entry On to commit the rule.

Test Site2Cloud Connection and SNAT

Go to Diagnostics > Cloud Routes > External Connections to verify that the external connection status is Up.
Ping from an Ubuntu VM in VPC-1 to another Ubuntu VM in VPC-2.
Turn on "tcpdump icmp -n" at the Ubuntu VM in VPC-2. Verify the source IP of the pings is 192.168.1.10.