Site2Cloud With Customized SNAT
This tech note demonstrates how to create a Site2Cloud connection between two VPCs by using a VGW and an Aviatrix gateway. The Aviatrix gateway also serves as a Source NAT device and translates source IP of traffic initiated from a peering VPC to an IP address selected by users.
Environment Requirements
There are two VPCs as illustrated in the diagram below. VPC-1’s CIDR is 10.0.0.0/16 and VPC-2’s CIDR is 172.19.0.0/16. The Site2Cloud connection is between a VGW in VPC-1 and an Aviatrix gateway in VPC-2.
We will also configure customized SNAT at the Aviatrix gateway, which translates the source IP of traffic initiated from VPC-1 (10.0.0.0/16) to a user selected IP address (192.168.1.10 in this example). In this way, VPC-2 VMs will see all packets from VPC-1 with the same source IP address (192.168.1.10).
Steps to Configure Site2Cloud Connection and SNAT
-
Step 1: Install an Aviatrix gateway in VPC-2.
Download and install the Aviatrix Gateways by following the instructions on the Aviatrix Gateway landing page.
Don’t select "Enable SNAT" when creating the new gateway in VPC-2.
-
Step 2: Create a Site2Cloud connection between a VGW in VPC-1 and an Aviatrix gateway in VPC-2.
In the Aviatrix terminology, Site2Cloud is the name of the feature that enables connections from one site (or datacenter) to other sites (including cloud environments). |
Please follow the instructions in Connecting Aviatrix Gateway to AWS Virtual Private Gateway to create the Site2Cloud connection.
-
Step 3: Update VPC-1 Route Tables at AWS portal
Update VPC-1 route tables to ensure that traffic destinating to VPC-2 (172.19.0.0/16) takes the VGW as "Target":
Field | Value |
---|---|
Destination |
172.19.0.0/16 |
Target |
VGW ID |
-
Step 4: Configure Customized SNAT at the Aviatrix gateway
a. Log into the Controller and go to the Gateway page.
b. Select the Aviatrix gateway created in VPC-2.
c. Click Edit and go to Source NAT.
d. Select Customized SNAT.
e. Configure the following SNAT rule.
Field | Value |
---|---|
Source CIDR |
VPC-1 CIDR (10.0.0.0/16) |
Source Port |
Leave it blank |
Destination CIDR |
VPC-2 CIDR (172.19.0.0/16) |
Destination Port Protocol all |
Leave it blank |
Interface |
eth0 |
Mark |
Leave it blank |
SNAT IPs |
User selected IP (192.168.1.10) |
SNAT Port |
Leave it blank |
f. Click Save and Enable SNAT.