Site2Cloud with NAT to fix Overlapping VPC Subnets

This document describes how to reach VMs in two overlapping subnets within three different VPCs.

Environment Description

There are three VPCs as illustrated in the diagram below.

  • VPC1: VPC CIDR - 10.3.0.0/16

  • VPC2: VPC CIDR - 172.29.0.0/16

  • VPC3: VPC CIDR - 10.3.0.0/16

s2c-overlapping

  • Both VPC1 and VPC3 have a subnet with the same CIDR (10.3.3.0/24).

  • VPC2 VMs need to access both VPC1 and VPC3 VMs in their 10.3.3.0/24 subnets.

  • Since VPC1 VMs may change their private IP addresses after some unplanned reboots, VPC2 VMs have to access them through DNS.

  • VPC2 VMs need to access VPC3 VMs through their private IP addresses.

To solve this overlapping subnet issue, you create four Site2Cloud connections:

  • Unmapped Site2Cloud connection between VPC1 and VPC2

  • Unmapped Site2Cloud connection between VPC2 and VPC1

  • Mapped Site2Cloud connection between VPC2 and VPC3

  • Mapped Site2Cloud connection between VPC3 and VPC2

Detailed configuration steps are illustrated below.

Configuring Site2Cloud Connections

First, install Aviatrix gateways in VPC1, VPC2, and VPC3. Follow these instructions.

Do not enable SNAT for the new gateways in these VPCs.

Configuring Connections Between VPC1 and VPC2

  1. Navigate to Networking > Connectivity > External Connections (S2C) and click +External Connection to create a Site2Cloud connection using the values for one of the below options.

  2. Substitute the following values (other settings are Off by default):

    • Local Gateway: Select the Aviatrix Gateway in VPC2

    • Remote Gateway Type: Aviatrix

    • Remote Gateway IP: Enter the public IP of the Aviatrix Gateway in VPC1

    • Remote Subnet CIDR(s): Enter VPC1 CIDR (10.3.0.0/16 in this case)

    • Leave Pre-Shared Key blank; this value will be auto-generated

  1. Save the Unmapped external connection.

  2. Create a second Unmapped external connection (using Static Route-Based (Unmapped) or Static Policy-Based (Unmapped)) and substitute the following values (other settings are Off by default):

    • Local Gateway: Select the Aviatrix Gateway in VPC1

    • Remote Gateway is the same (Aviatrix)

    • Remote Gateway IP: Enter the public IP of the Aviatrix Gateway in VPC2

    • Remote Subnet CIDR(s): Enter VPC2 CIDR (172.29.0.0/16 in this case)

    • Leave Pre-Shared Key blank

  3. Save the second Unmapped external connection.

Configuring Connections Between VPC2 and VPC3

  1. At Networking > Connectivity > External Connections (S2C) click +External Connection to create a mapped Site2Cloud connection from VPC2 to VPC3 using one of these options:

  2. Substitute the following values (other settings are Off by default):

    • Local Gateway: Select the Aviatrix Gateway in VPC2

    • Remote Gateway Type: Aviatrix

    • Remote Gateway IP: Enter the public IP of the Aviatrix Gateway in VPC3

    • Real Local Subnet CIDR(s): Enter VPC2 CIDR (172.29.0.0/16 in this case)

    • Virtual Local Subnet CIDR(s): Enter VPC2 CIDR again (172.29.0.0/16 in this case)

    • Real Remote Subnet CIDR(s): Enter VPC3 CIDR (10.3.0.0/16 in this case)

    • Virtual Remote Subnet CIDR(s): Enter the virtual CIDR (10.49.0.0/16 in this example)

    • Leave Pre-Shared Key blank; this value will be auto-generated

    For Remote Subnet, you map the real subnet CIDR (10.3.0.0/16) to the virtual subnet CIDR (10.49.0.0/16). The masks of both real and virtual subnets have to be the same (/16 in this case).

    The IP addresses in real and virtual subnets are a one-to-one mapping by translating 10.3.x.y to 10.49.x.y. For example, for VPC2 VM to reach 10.3.1.100 in VPC3, the VPC2 VM needs to use IP address 10.49.1.100.

    For Local Subnet, you don’t need to map the real subnet CIDR (172.29.0.0/16) to a different virtual subnet CIDR because 172.29.0.0/16 in VPC2 doesn’t conflict with any subnet in VPC1 or VPC3. 172.29.0.0/16 is used for both Real Local Subnet and Virtual Local Subnet.

  1. Save the first Mapped external connection.

  2. Create a second Mapped external connection using Static Route- or Policy-Based (Mapped).

  3. Substitute the following values (other settings are Off by default):

    • Local Gateway: select the Aviatrix Gateway in VPC3

    • Remote Gateway Type: Aviatrix

    • Remote Gateway IP: Enter the public IP of the Aviatrix Gateway in VPC2

    • Real Local Subnet CIDR(s): Enter VPC3 CIDR

    • Virtual Local Subnet CIDR(s): Enter VPC3 CIDR again

    • Real Remote Subnet CIDR(s): Enter VPC2 CIDR

    • Virtual Remote Subnet CIDR(s): Enter VPC2 CIDR

  4. Save the second Mapped external connection.

Testing the Site2Cloud Connection

Verify that the Site2Cloud connections are up by going to Diagnostics > Cloud Routes > External Connections.

To troubleshoot the connections, go to Diagnostics > Diagnostic Tools.