Transit Gateway to External Devices Workflow

This document describes the workflow to connect an Aviatrix Transit Gateway to an external (or third party) router or firewall.

Deploy a Transit Gateway

If you have not launched an Aviatrix Transit Gateway, then follow the instructions for deploying an Aviatrix Transit Gateway in the Multicloud Transit Network Workflow.

Set up the External Device Connection

To set up an external connection from a Transit Gateway to an external device, select one of the following:

  • BGP over IPsec: connect to an external device using IPsec tunneling protocol and Border Gateway Protocol (BGP) routing.

  • BGP over GRE: connect to an external device using GRE tunneling protocol and BGP routing.

  • BGP over LAN: connect to an external device using BGP routing without any tunneling protocol.

  • Static Route-Based (ActiveMesh): connect to an external device using IPsec tunneling protocol and Static Route configuration with full mesh peering from the primary and highly availalble (HA) gateway instances.

Download an External Connection Configuration

If you are connecting an Aviatrix gateway and an on-premises router or firewall, Aviatrix can generate a configuration file that you can apply to your remote router or firewall. The configuration file contains the Aviatrix gateway tunnel details, such as the Public IP address, VPC/VNet CIDR, pre-shared key, and encryption algorithm. You can download the configuration file and then import the details to your remote router or firewall to configure the other end of the VPN tunnel.

After creating an external connection, to download an external connection configuration:

  1. In Aviatrix CoPilot, go to Networking > Connectivity > External Connections (S2C) tab.

  2. On the External Connections (S2C) tab, locate the connection you created and click the vertical ellipsis vertical ellipsis icon icon on the right side of the row.

  3. Select the following values:

    • Vendor: Select your remote site device.

      • Select Generic for anything that is not an Aviatrix gateway.

      • Select Aviatrix, if you are connecting two Aviatrix gateways.

    • Platform and Software:

      • If you selected a Generic vendor, the Platform field is populated as Generic, and the Software field is populated with Vendor Independent.

      • If you selected the Aviatrix vendor, the Platform field is populated with UCC, and the Software version is 1.0.

      • If you selected a specific hardware vendor (such as Cisco), select from the available platforms belonging to that vendor are displayed in the Platform field (ISR, ASR, and CSR are for Cisco routers), and the Software field is populated with the related software version.

  4. Click Download.

Configure the External Device

Use the information provided in the configuration file to configure the other end of the tunnel on the remote router or firewall.

See:

Disconnect the External Connection

To disconnect an external connection:

  1. In Aviatrix CoPilot, go to Networking > Connectivity > External Connections (S2C) tab.

  2. In the table, locate the external connection and click the Delete icon delete icon on the right side of the row.

  3. To confirm that you want to delete the external connection, click Delete.

    The external connection is deleted.