Aviatrix Gateway to Azure VPN Gateway

This guide helps you to configure Site2Cloud IPsec tunnels between an Aviatrix Gateway and an Azure Virtual Network Gateway (VNG).

Configuration Workflow

Before you start, make sure you have the latest software by checking the Dashboard. If an alert message displays, click Upgrade to download the latest software.

  1. In Aviatrix CoPilot, go to Cloud Fabric > Gateways to create one non-VPN gateway.

  2. At the Azure portal, go to the Virtual network gateways page. Fill in the following information to create a new Virtual Network Gateway:

    Name

    Enter an Azure VPN gateway name (e.g. Azure-VPN-GW)

    Gateway

    type: VPN

    VPN type

    Policy-based

    SKU

    Basic

    Location

    Select a desired location

    Virtual network

    Select a desired VNet

  3. Once the virtual network gateway is provisioned, record its public IP address.

  4. In CoPilot, go to Networking > Connectivity > External Connections (S2C).

  5. Click +External Connection.

  6. Create a Static Policy-Based (Unmapped) external connection.

  7. Once the Site2Cloud connection is created, select the same connection on the External Connections (S2C) page.

  8. Click the vertical ellipsis 25 menu and select Download Configuration.

  9. The Download Configuration dialog displays. Select the following values for each specific field:

    • Vendor: Generic

    • Platform: Generic

    • Software: Vendor Independent

  10. Click Download.

  11. Collect the following information from the downloaded configuration template:

    Pre-Shared Key from #1 Internet Key Exchange Configuration

    Aviatrix Gateway Public IP from #3

    Tunnel Interface Configuration

    Cloud Network(s) from the Subnets section of #3

    Tunnel Interface Configuration

  12. At the Azure portal, go to the Local network gateways page. Enter the following information to create a local network gateway:

    Name

    Enter a local gateway name (e.g. AVX-GW)

    IP address

    Enter the Aviatrix Gateway’s public IP collected at Step 6

    Address space

    Enter the "Cloud Network" CIDR collected at Step 6

    Configure

    Unmark this checkbox

    BGP settings

  13. At Azure portal, go to Virtual network gateways page and select the gateway created at Step 2.

  14. Select "Connections" from "Settings". Enter the following information to create a connection:

    Name

    Enter a VPN connection name (e.g. Azure-AVX-S2C)

    Connection type

    Select Site-to-site (IPsec)

    Virtual network gateway

    Select the VPN gateway created at Step 2

    Local network gateway

    Select the local gateway created at Step 7

    Shared key (PSK)

    Enter the pre-shared key collected at Step 6

Troubleshooting

To check a tunnel state, go to the Networking > Connectivity > External Connections (S2C) tab. There should be a green dot next to the name of the external connection.

To troubleshoot a tunnel state, go to Diagnostics > Diagnostic Tools > Connectivity Diagnostics.