Transit Gateway to External Devices Workflow

This document describes the workflow to connect an Aviatrix Transit Gateway to an external (or third party) router or firewall.

Deploying a Transit Gateway

If you have not launched an Aviatrix Transit Gateway, then follow the instructions for deploying an Aviatrix Transit Gateway in the Multicloud Transit Network Workflow.

Setting up the External Device Connection

  1. In CoPilot, navigate to Networking > Connectivity > External Connections (S2C) tab.

  2. Click + External Connection.

  3. Select one of the following from the Connect Public Cloud to area:

Download the External Connection Configuration

If you are connecting an Aviatrix gateway and an on-premises router or firewall, Aviatrix can generate a configuration file that you can apply to your remote router or firewall. The configuration file contains the Aviatrix gateway tunnel details, such as the Public IP address, VPC/VNet CIDR, pre-shared key, and encryption algorithm. You can download the configuration file and then import the details to your remote router or firewall to configure the other end of the VPN tunnel.

After creating an external connection, to download an external connection configuration:

  1. In Aviatrix CoPilot, go to Networking > Connectivity > External Connections (S2C) tab.

  2. On the External Connections (S2C) tab, locate the connection you created and click the vertical ellipsis vertical ellipsis icon icon on the right side of the row.

  3. Select the following values:

    • Vendor: Select your remote site device. Select Generic for anything that is not an Aviatrix gateway. If you are connecting two Aviatrix gateways, you select Aviatrix as the vendor.

    • Platform and Software:

      • If you selected a Generic vendor, the Platform field is populated as Generic, and the Software field is populated with Vendor Independent.

      • If you selected the Aviatrix vendor, the Platform field is populated with UCC, and the Software version is 1.0.

      • If you selected a specific hardware vendor (such as Cisco), select from the available platforms belonging to that vendor are displayed in the Platform field (ISR, ASR, and CSR are for Cisco routers), and the Software field is populated with the related software version.

  4. Click Download.

Configuring the External Device

Use the information provided in the configuration file to configure the on-prem device with IPsec tunnel and BGP.

See:

Disconnect the External Connection

To disconnect an external connection:

  1. In Aviatrix CoPilot, go to Networking > Connectivity > External Connections (S2C) tab.

  2. In the table, locate the external connection and click the Delete icon delete icon on the right side of the row.

  3. To confirm that you want to delete the external connection, click Delete.

    The external connection is deleted.