Aviatrix Site2Cloud Virtual Appliance

Similar documents
Aviatrix Virtual Appliance

Configuring Aviatrix Encryption

Transit Network VPC. AWS Reference Deployment Guide. Last updated: May 10, Aviatrix Systems, Inc. 411 High Street Palo Alto, CA USA

AWS Remote Access VPC Bundle

Configuring User VPN For Azure

Configuring VNet Peering For Azure

Configuring VPC Peering For AWS

CloudN Startup Guide. Version Copyright Aviatrix Systems, Inc. All rights reserved. Aviatrix Systems Page 0

ARCSERVE UDP CLOUD DIRECT DISASTER RECOVERY APPLIANCE VMWARE

aviatrix_docs Documentation

A Reference Design. VPN user access and VPC networking. Version Copyright Aviatrix Systems, Inc. All rights reserved.

Docker Container Access Reference Design

XenServer Agility Plug-in

If you re not using Microsoft Hyper-V 2012, your screens may vary.

Silver Peak EC-V and Microsoft Azure Deployment Guide

HySecure Quick Start Guide. HySecure 5.0

How to Deploy a VHD Virtual Test Agent Image in Azure

Implementing Infoblox Data Connector 2.0

VPN Solutions for Zerto Virtual Replication to Azure. IPSec Configuration Guide

Required Virtual Interface Maps to... mgmt0. virtual network = mgmt0 wan0. virtual network = wan0 mgmt1. network adapter not connected lan0

ECDS MDE 100XVB Installation Guide on ISR G2 UCS-E and VMWare vsphere Hypervisor (ESXi)

A: SETTING UP VMware Horizon

VMware Cloud on AWS Operations Guide. 18 July 2018 VMware Cloud on AWS

Microsoft Hyper-V Hypervisor/ vsphere Hypervisor. Quick Start Guide. Microsoft Hyper-V. Hypervisor/ vsphere Hypervisor - 1 -

Deploy the Firepower Management Center Virtual On the AWS Cloud

CA Agile Central Administrator Guide. CA Agile Central On-Premises

Proxy Protocol Support for Sophos UTM on AWS. Sophos XG Firewall How to Configure VPN Connections for Azure

Setup Guide: TeraVM on Microsoft Azure. TeraVM Version 11.4

Cisco Stealthwatch Cloud. Stealthwatch Cloud Free Trial Guide

TCPWave DDI Virtual Machine Installation Guide

Pexip Infinity and Google Cloud Platform Deployment Guide

VMware Content Gateway to Unified Access Gateway Migration Guide

VMware Cloud on AWS Getting Started. 18 DEC 2017 VMware Cloud on AWS

Cisco IMC Supervisor Installation Guide for VMware vsphere and Microsoft Hyper-V, Release 2.0

VPN Solutions for Zerto Virtual Replication to Azure. SoftEther Installation Guide

NSX-T Data Center Migration Coordinator Guide. 5 APR 2019 VMware NSX-T Data Center 2.4

EdgeConnect for Amazon Web Services (AWS)

Establishing secure connectivity between Oracle Ravello and Oracle Cloud Infrastructure Database Cloud ORACLE WHITE PAPER DECEMBER 2017

GX-V. Quick Start Guide. VMware vsphere / vsphere Hypervisor. Before You Begin SUMMARY OF TASKS WORKSHEET

XenApp 7.x on Oracle Cloud Infrastructure

<Hot>Table 1.1 lists the Infoblox vnios for Azure appliance models that are supported for this release. # of vcpu Cores. TE-V Yes

How to Configure VNET peering with the F-Series Firewall

MCR Google Cloud Partner Interconnect

VMware Tunnel Guide Deploying the VMware Tunnel for your AirWatch environment

AWS VPC Cloud Environment Setup

Lenovo ThinkAgile XClarity Integrator for Nutanix Installation and User's Guide

SymantecTM Desktop and Laptop Option. Symantec DLO s Storage in Cloud (Amazon Web Services)

Pulse Connect Secure Virtual Appliance on Amazon Web Services

Infoblox Trinzic V-x25 Series Appliances for AWS

SUSE Cloud Admin Appliance Walk Through. You may download the SUSE Cloud Admin Appliance the following ways.

NetScaler Analysis and Reporting. Goliath for NetScaler Installation Guide v4.0 For Deployment on VMware ESX/ESXi

How to Deploy an AMI Test Agent in Amazon Web Services

IBM Spectrum Protect Plus Version Installation and User's Guide IBM

Deploying and Provisioning the Barracuda CloudGen WAF in the Classic Microsoft Azure Management Portal

All rights reserved. All trademarks are the property of their respective owners.

Setting Up Resources in VMware Identity Manager (SaaS) Modified 15 SEP 2017 VMware Identity Manager

Load Balancing FreePBX / Asterisk in AWS

vcloud Director User's Guide 04 OCT 2018 vcloud Director 9.5

TECHNICAL WHITE PAPER - FEBRUARY VMware Site Recovery for VMware Cloud on AWS Evaluation Guide TECHNICAL WHITE PAPER

CA Agile Central Installation Guide On-Premises release

Veritas Desktop and Laptop Option 9.1 Qualification Details with Cloud Service Providers (Microsoft Azure and Amazon Web Services)

Pexip Infinity and Amazon Web Services Deployment Guide

Policy Manager for IBM WebSphere DataPower 7.2: Configuration Guide

IaaS Integration for Multi- Machine Services. vrealize Automation 6.2

VMware AirWatch Integration with RSA PKI Guide

unisys Unisys Stealth(cloud) for Amazon Web Services Deployment Guide Release 2.0 May

VMware Enterprise Systems Connector Installation and Configuration. JULY 2018 VMware Identity Manager 3.2 VMware Identity Manager VMware AirWatch 9.

Virtual Private Cloud. User Guide. Issue 03 Date

Load Balancing RSA Authentication Manager. Deployment Guide v Copyright Loadbalancer.org, Inc

Configuring AWS for Zerto Virtual Replication

Videoscape Distribution Suite Software Installation Guide

Immersion Day. Getting Started with Amazon RDS. Rev

If you re not using VMware vsphere Client 4.1, your screens may vary. ITEM Example s Values Your Values

Cloud Services. Introduction

F5 DDoS Hybrid Defender : Setup. Version

Product Version 1.1 Document Version 1.0-A

CONFIGURING BASIC MACOS MANAGEMENT: VMWARE WORKSPACE ONE OPERATIONAL TUTORIAL VMware Workspace ONE

Creating your Virtual Data Centre

VMware Workspace ONE Quick Configuration Guide. VMware AirWatch 9.1

The Balabit s Privileged Session Management 5 F5 Azure Reference Guide

Securing VMware NSX MAY 2014

VMware AirWatch Integration with SecureAuth PKI Guide

Installing the Cisco Virtual Network Management Center

Load Balancing Microsoft OCS Deployment Guide v Copyright Loadbalancer.org

SECURE Gateway with Microsoft Azure Installation Guide. Version Document Revision 1.0

If you re not using Microsoft Hyper-V 2012, your screens may vary.

Configuring CloudN using ESXi 5.0 or later (EST mode)

IaaS Configuration for Cloud Platforms

vcloud Director User's Guide

Infoblox Installation Guide. vnios for Amazon Web Services

IaaS Integration for Multi-Machine Services

VMware Identity Manager Connector Installation and Configuration (Legacy Mode)

SymantecTM Desktop and Laptop Option. Symantec DLO s Storage in Cloud (Amazon Web Services)

How to Deploy the Barracuda NG Firewall in an Amazon Virtual Private Cloud

Pulse Policy Secure. Identity-Based Admission Control with Check Point Next-Generation Firewall Deployment Guide. Product Release 9.0R1 Document 1.

OnCommand Cloud Manager 3.2 Deploying and Managing ONTAP Cloud Systems

Getting Started Guide. VMware NSX Cloud services

NetApp Cloud Volumes Service for AWS

Microsoft Azure Configuration. Azure Setup for VNS3

VMware Identity Manager Cloud Deployment. DEC 2017 VMware AirWatch 9.2 VMware Identity Manager

Transcription:

Aviatrix Site2Cloud Virtual Appliance Configuration Guide Last updated: October 18, 2016 Aviatrix Systems, Inc. 4555 Great America Pkwy Santa Clara CA 95054 USA http://www.aviatrix.com Tel: +1 844.262.3100

TABLE OF CONTENTS 1 Overview...1 1.1 Use Cases...1 1.1.1 On-Premise IPSec Termination...1 1.1.2 Cloud IPSec Termination...2 1.1.3 Connecting Networks with Overlapping CIDRs...2 2 Configuration Workflow...4 2.1 Prerequisites...4 2.1.1 For On-Premise IPSec Termination...4 2.1.2 For Cloud IPSec Termination...4 2.1.3 For Connecting Networks with Overlapping CIDRs...5 2.2 Configuration...5 2.2.1 For On-Premise IPSec Termination...6 2.2.2 For Cloud IPSec Termination...7 2.2.3 For Connecting Networks with Overlapping CIDRs...8 2.3 Troubleshooting...9 3 Appendix Support... 10 3.1 Aviatrix Support... 10

1 Overview Aviatrix is a next generation cloud networking solution built from the ground up for the public cloud. It simplifies the way you enable site to cloud, user to cloud and cloud to cloud secure connectivity and access. The Aviatrix solution requires no new hardware and deploys in minutes. The Aviatrix solution comprise of two components and a Controller. This configuration provides step by step instructions on how to deploy the Aviatrix Site2Cloud virtual appliance for IPSec termination. 1.1 Use Cases 1.1.1 On-Premise IPSec Termination In this use case, there is a need to connect a remote on-premise site to the cloud. Instead of configuring the IPSec termination on the edge device, which may put tier 1 applications at risk, an Aviatrix virtual appliance can be deployed on premise to terminate the IPSec tunnel. With this approach, no changes are needed on the edge device. The IPSec tunnel configuration is exported from the cloud Aviatrix controller and then is imported into the on-premise Aviatirx virtual appliance. AWS VPC / Azure VNet / GCP NET Remote On-Premise Site Edge Device Benefits 1. Quick and Easy to deploy up and running within minutes. 2. No changes on edge device 3. Supports popular hypervisors VMWare and Hyper-V 4. Supports all major public cloud providers (AWS, Azure, GCP) 5. No exchange of public cloud credentials is needed. 6. Central management with alerting and auditing Page 1 of 12

1.1.2 Cloud IPSec Termination In this use case, the remote site is another cloud network and there is a need to connect the two cloud networks together. What makes this situation unique is that the cloud networks may not necessarily belong to the same owner. For example, a SaaS provider have deployed their application in the cloud. This application needs to a customer s LDAP system or database, which is deployed in the customer s own cloud network. With the Aviatrix solution, the SaaS provider can export the IPSec configuration information from their system and provide it to their customer, which then can import it into their system. ACCOUNT 1: AWS VPC / Azure VNet / GCP NET Remote site - ACCOUNT 2: AWS VPC / Azure VNet / GCP NET Benefits 1. Quick and Easy to deploy up and running within minutes. 2. Supports all major public cloud providers (AWS, Azure, GCP) 3. No exchange of public cloud credentials is needed. 4. Central management with alerting and auditing 1.1.3 Connecting Networks with Overlapping CIDRs This use case is the same as the previous two use cases, except the source and destination networks have overlapping CIDRs (IP addresses). Page 2 of 12

AWS VPC / Azure VNet / GCP NET Remote On-Premise Site Edge Device CIDR: 10.1.0.0/16 CIDR: 10.1.0.0/16 SOURCE DESTINATION ACCOUNT 1: AWS VPC / Azure VNet / GCP NET Remote site - ACCOUNT 2: AWS VPC / Azure VNet / GCP NET CIDR: 10.1.0.0/16 CIDR: 10.1.0.0/16 SOURCE DESTINATION Benefits In additions to the benefits noted in the previous two use cases 1. Support overlapping IP addresses (source or destination) 2. No need to re-ip existing network 3. Easy to deploy SaaS cookie cutter networks. Page 3 of 12

2 Configuration Workflow 2.1 Prerequisites The prerequisites vary depending on the desired use case (see previous section). Please review the following before configuration the Site2Cloud IPSec tunnel. 2.1.1 For On-Premise IPSec Termination In this deployment, the Aviatrix gateway will be deployed on-premise for the IPSec termination. AWS VPC / Azure VNet / GCP NET Remote On-Premise Site Edge Device SOURCE DESTINATION Confirm and check the following: 1. Make sure the hypervisor that you re using is supported a. VMWare ESXi 5.0 or later b. Windows 2012 R2 or later Hyper-V 2. On the source side, make sure the and a terminating gateway is deployed and running. 3. For the on-premise virtual appliance a. Requires a static IP address (internal) b. Requires access to a DNS server c. Requires outbound ports i. TCP 443 ii. UDP 4500 & 500 4. Create static route for cloud network a. In order for on-premise devices to reach the cloud network, they must be routed to the virtual appliance. 2.1.2 For Cloud IPSec Termination In this deployment, the Aviatrix gateway will be deployed in the cloud for IPSec termination. Page 4 of 12

ACCOUNT 1: AWS VPC / Azure VNet / GCP NET Remote site - ACCOUNT 2: AWS VPC / Azure VNet / GCP NET SOURCE DESTINATION Confirm and check the following: 1. On the source and destination side, make sure the Aviatrix controllers and gateways are deployed and running. 2.1.3 For Connecting Networks with Overlapping CIDRs In order to overcome the overlapping CIDR, a virtual CIDR is setup on both the source and destination Aviatrix gateway. Endpoints in the source and destination networks will communicate with each other over the virtual CIDR. Chose a virtual CIDR that does not overlap with your existing environment. AWS VPC / Azure VNet / GCP NET Remote On-Premise Site Edge Device CIDR: 10.1.0.0/16 Virtual CIDR: 10.21.0.0/16 Virtual CIDR: 10.22.0.0/16 CIDR: 10.1.0.0/16 SOURCE DESTINATION ACCOUNT 1: AWS VPC / Azure VNet / GCP NET Remote site - ACCOUNT 2: AWS VPC / Azure VNet / GCP NET CIDR: 10.1.0.0/16 Virtual CIDR: 10.21.0.0/16 Virtual CIDR: 10.22.0.0/16 CIDR: 10.1.0.0/16 SOURCE DESTINATION 2.2 Configuration Page 5 of 12

2.2.1 For On-Premise IPSec Termination Step 1 Deploy the Aviatrix Virtual Appliance 1. Download the virtual appliance for your hypervisor. Download 2. Import the virtual appliance into your virtualization environment 3. Once the virtual appliance boots up, login to the CLI console. The default login is admin / Aviatrix123# 4. Use the following command to configure the static IP address on the virtual appliance: setup_interface_static_address ip_address subnet_mask default_gateway primar_dns secondary_dns Example: setup_interface_static_address 10.1.1.2 255.255.255.0 10.1.1.1 8.8.8.8 8.8.4.4 5. Login to the virtual appliance web GUI. The default URL is: https://static_ip_address Default login is: admin / static_ip_address (i.e. 10.1.1.2) The system will prompt for a recovery email address and then prompt you to change the default password. The virtual appliance will initialize after the password change. Afterwards, login to the console with the new password. 6. Update the License key. Click Settings > License. Under Customer ID, enter in your customer ID and click Save. If you don t have one, contact Aviatrix at support@aviatrix.com. 7. Done. Step 2 Setup Site2Cloud connection on Source Side 1. Login to the on the source side. 2. Click Site2Cloud -> +Add New a. VPC ID/VNet Name Select the network for the IPSec termination b. Connection Type Unmapped c. Connection Name Type in a name of the connection d. Remote Gateway IP Address This is the public IP that your on-premise virtual appliance uses to reach the internet. e. Primary Gateway Select the gateway on the source side (cloud) that will terminate the IPSec f. Remote Subnet Type in the network on the on-premise side. If there are more than one network, use a comma (i.e. 172.31.1.0/24,172.31.2.0/24) g. Local Subnet Type in the network on the cloud side. If there are more than one network, use a comma (i.e. 172.31.1.0/24,172.31.2.0/24). Page 6 of 12

h. Pre-shared Key Leave blank 3. Click Ok. 4. After the connection is created, click on it and then download the configuration file a. Vendor Aviatrix b. Platform UCC c. Software 1.0 5. Save the file to a convenient location 6. Done Step 3 Import the configuration file to the virtual appliance 1. Login the virtual appliance s web GUI 2. Click Site2Cloud > +Add New a. Click the Import button on the lower right hand corner b. Select the configuration file that you saved in the previous step c. Verify that the information is correct 3. Click OK. 4. Done Congratulations. The configuration is complete. Please allow up to 2 for the tunnel to come up. 2.2.2 For Cloud IPSec Termination Step 1 Setup Site2Cloud connection on source side 1. Login to the on the source side. 2. Click Site2Cloud -> +Add New a. VPC ID/VNet Name Select the network for the IPSec termination b. Connection Type Unmapped c. Connection Name Type in a name of the connection d. Remote Gateway IP Address This is the public IP of the Aviatrix gateway on the destination side that will terminate the IPSec. e. Primary Gateway Select the gateway on the source side (cloud) that will terminate the IPSec f. Remote Subnet Type in the network on the destination side. If there are more than one network, use a comma (i.e. 172.31.1.0/24,172.31.2.0/24) g. Local Subnet Type in the network on the source side. If there are more than one network, use a comma (i.e. 172.31.1.0/24,172.31.2.0/24). h. Pre-shared Key Leave blank 3. Click Ok. Page 7 of 12

4. After the connection is created, click on it and then download the configuration file a. Vendor Aviatrix b. Platform UCC c. Software 1.0 5. Save the file to a convenient location 6. Done Step 2 Import the configuration file on the destination side 1. Login the on the destination side. 2. Click Site2Cloud > +Add New a. Click the Import button on the lower right hand corner b. Select the configuration file that you saved in the previous step c. Verify that the information is correct 3. Click OK. 4. Done Congratulations. The configuration is complete. Please allow up to 2 for the tunnel to come up. 2.2.3 For Connecting Networks with Overlapping CIDRs If you are deploying the Aviatrix gateway on site, please see the above section on how to Deploy the Aviatrix Virtual Appliance for your hypervisor. The rest of the instructions are the same and are as follow: Step 1 Setup Site2Cloud connection on source side 7. Login to the on the source side. 8. Click Site2Cloud -> +Add New a. VPC ID/VNet Name Select the network for the IPSec termination b. Connection Type Mapped c. Connection Name Type in a name of the connection d. Remote Gateway IP Address This is the public IP of the Aviatrix gateway on the destination side that will terminate the IPSec. e. Primary Gateway Select the gateway on the source side (cloud) that will terminate the IPSec f. Remote Subnet (Real) Type in the real network on the destination side. If there are more than one network, use a comma (i.e. 172.31.1.0/24,172.31.2.0/24). In this example, the subnet is 10.1.0.0/16 g. Remote Subnet (Virtual) - Type in the virtual network on the destination side. In this example, the subnet is 10.22.0.0/16 h. Local Subnet (Real) Type in the real network on the source side. In this example, the subnet is 10.1.0.0/16 Page 8 of 12

i. Local Subnet (Virtual) Type in the virtual network on the source side. Since the real and virtual networks are the same in this example, just type in 10.21.0.0/16 again. j. Pre-shared Key Leave blank 9. Click Ok. 10. After the connection is created, click on it and then download the configuration file a. Vendor Aviatrix b. Platform UCC c. Software 1.0 11. Save the file to a convenient location 12. Done Step 2 Import the configuration file on the destination side 5. Login the on the destination side. 6. Click Site2Cloud > +Add New a. Click the Import button on the lower right hand corner b. Select the configuration file that you saved in the previous step c. Verify that the information is correct 7. Click OK. 8. Done 2.3 Troubleshooting Tunnel status can be checked from the Controller. From the Controller GUI: 1. Click Site2Cloud -> Diagnostics 2. Select the following: a. VPC ID / VNet / NET = Select the network that your gateway is in b. Connection = Select the connection you want to troubleshoot c. Gateway = Select the gateway that is terminating the tunnel d. Action = Select the diagnostics that you want to see 3. Click OK. Page 9 of 12

3 Appendix Support 3.1 Aviatrix Support Standard: 8x5 Enterprise Phone Support, email support, product-specific knowledge-base and user forum is included. For Additional levels of support and support offers please visit: www.aviatrix.com/support Page 10 of 12

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback