Site2Cloud With Customized SNAT

This tech note demonstrates how to create a Site2Cloud connection between two VPCs by using a VGW and an Aviatrix gateway. The Aviatrix gateway also serves as a Source NAT device and translates source IP of traffic initiated from a peering VPC to an IP address selected by users.

Environment Requirements

There are two VPCs as illustrated in the diagram below. VPC-1’s CIDR is 10.0.0.0/16 and VPC-2’s CIDR is 172.19.0.0/16. The Site2Cloud connection is between a VGW in VPC-1 and an Aviatrix gateway in VPC-2.

s2c-snat

We will also configure customized SNAT at the Aviatrix gateway, which translates the source IP of traffic initiated from VPC-1 (10.0.0.0/16) to a user selected IP address (192.168.1.10 in this example). In this way, VPC-2 VMs will see all packets from VPC-1 with the same source IP address (192.168.1.10).

Steps to Configure Site2Cloud Connection and SNAT

  • Step 1: Install an Aviatrix gateway in VPC-2.

Download and install the Aviatrix Gateways by following the instructions on the Aviatrix Gateway landing page.

Don’t select "Enable SNAT" when creating the new gateway in VPC-2.

  • Step 2: Create a Site2Cloud connection between a VGW in VPC-1 and an Aviatrix gateway in VPC-2.

In the Aviatrix terminology, Site2Cloud is the name of the feature that enables connections from one site (or datacenter) to other sites (including cloud environments).

Please follow the instructions in Connecting Aviatrix Gateway to AWS Virtual Private Gateway to create the Site2Cloud connection.

  • Step 3: Update VPC-1 Route Tables at AWS portal

Update VPC-1 route tables to ensure that traffic destinating to VPC-2 (172.19.0.0/16) takes the VGW as "Target":

Field Value

Destination

172.19.0.0/16

Target

VGW ID

  • Step 4: Configure Customized SNAT at the Aviatrix gateway

a. Log into the Controller and go to the Gateway page.

b. Select the Aviatrix gateway created in VPC-2.

s2c-snat1

c. Click Edit and go to Source NAT.

d. Select Customized SNAT.

e. Configure the following SNAT rule.

Field Value

Source CIDR

VPC-1 CIDR (10.0.0.0/16)

Source Port

Leave it blank

Destination CIDR

VPC-2 CIDR (172.19.0.0/16)

Destination Port Protocol all

Leave it blank

Interface

eth0

Mark

Leave it blank

SNAT IPs

User selected IP (192.168.1.10)

SNAT Port

Leave it blank

s2c-snat2

f. Click Save and Enable SNAT.

Test Site2Cloud Connection and SNAT

a. Go to the "Site2Cloud" page and verify that the Site2Cloud connection status is "Up".

s2c-snat3

b. Pings from an Ubuntu VM in VPC-1 to another Ubuntu VM in VPC-2.

c. Turn on "tcpdump icmp -n" at the Ubuntu VM in VPC-2. Verify the source IP of the pings is 192.168.1.10.