Edge Transit Gateway External Connection Workflow

This document describes how to connect an Edge gateway in hybrid or multicloud environment to an on-premises remote device, such as a remote router or firewall that terminate VPN connection.

Configuration Workflow

To build an external connection (S2C) between an Edge gateway and an external remote device, you need to configure one side of the tunnel connection on the Edge gateway and the other side of the tunnel connection on the remote device.

To create an external connection:

  1. Configure the tunnel on the Edge gateway.

  2. Download the Edge gateway tunnel configuration file.

  3. Configure the tunnel on the remote device.

  4. Verify the connection is up.

Configure the Tunnel on the Edge Gateway

For BGP connection to the remote device, configure the tunnel using one of the options below:

Download the External Connection Configuration

If you are connecting an Aviatrix gateway and an on-premises router or firewall, Aviatrix can generate a configuration file that you can apply to your remote router or firewall. The configuration file contains the Aviatrix gateway tunnel details, such as the Public IP address, VPC/VNet CIDR, pre-shared key, and encryption algorithm. You can download the configuration file and then import the details to your remote router or firewall to configure the other end of the VPN tunnel.

After creating an external connection, to download an external connection configuration:

  1. In Aviatrix CoPilot, go to Networking > Connectivity > External Connections (S2C) tab.

  2. On the External Connections (S2C) tab, locate the connection you created and click the vertical ellipsis vertical ellipsis icon icon on the right side of the row.

  3. Select the following values:

    • Vendor: Select your remote site device. Select Generic for anything that is not an Aviatrix gateway. If you are connecting two Aviatrix gateways, you select Aviatrix as the vendor.

    • Platform and Software:

      • If you selected a Generic vendor, the Platform field is populated as Generic, and the Software field is populated with Vendor Independent.

      • If you selected the Aviatrix vendor, the Platform field is populated with UCC, and the Software version is 1.0.

      • If you selected a specific hardware vendor (such as Cisco), select from the available platforms belonging to that vendor are displayed in the Platform field (ISR, ASR, and CSR are for Cisco routers), and the Software field is populated with the related software version.

  4. Click Download.

Configure the Tunnel on the Remote Device

On the external remote device, configure the other end of the tunnel by using the Edge gateway’s connection details provided in the configuration file which you downloaded. If you need to download the configuration file, refer to Download the External Connection Configuration.

Verify the Connection Status

To verify the connection status:

  1. In CoPilot, go to Diagnostics > Cloud Routes > External Connections tab.

  2. In the table, locate the connection that you created. The Status should be Established.

If the connection is not established, you can run diagnostics to perform an analysis or review logs.

To troubleshoot issues with BGP connections, you can go to Diagnostics > Diagnostics Tools > BGP Diagnostics tab and run BGP commands to retrieve BGP information from the Edge Transit Gateway.

Disconnect the External Connection

To disconnect an external connection:

  1. In Aviatrix CoPilot, go to Networking > Connectivity > External Connections (S2C) tab.

  2. In the table, locate the external connection and click the Delete icon delete icon on the right side of the row.

  3. To confirm that you want to delete the external connection, click Delete.

    The external connection is deleted.