Aviatrix Virtual Appliance

Similar documents
Title: Setting Up A Site to Site VPN Between Microsoft Azure and the Corporate Network

Configuring IPsec VPN with a FortiGate and a Cisco ASA

TechNote. Configuring SonicOS for Amazon VPC

TechNote. Configuring SonicOS for MS Windows Azure

Configuring SonicOS for Microsoft Azure

How do I set up a branch office VPN tunnel with the Management Server?

How to Configure an Initial Installation of the VMware ESXi Hypervisor

F-SECURE MESSAGING SECURITY GATEWAY

ZyWALL USG-Series. How to setup a Site-to-site VPN connection between two ZyWALL USG series.

Configuring a FortiGate unit as an L2TP/IPsec server

MacroLan Azure cloud tutorial.

F-Secure Messaging Security Gateway. Deployment Guide

TechNote. Contents. Introduction. System Requirements. SRA Two-factor Authentication with Quest Defender. Secure Remote Access.

How To Configure L2TP VPN Connection for MAC OS X client

Using IPsec VPN to provide communication between offices

How To Establish IPSec VPN between Cyberoam and Microsoft Azure

How To Configure Syslog over VPN

Security Gateway Virtual Appliance R75.40

SonicWALL SRA Virtual Appliance Getting Started Guide

Biznet GIO Cloud Connecting VM via Windows Remote Desktop

Step by Step Guide to implement SMS authentication to F5 Big-IP APM (Access Policy Manager)

VX 9000E WiNG Express Manager INSTALLATION GUIDE

VXOA AMI on Amazon Web Services

How To Establish Site-to-Site VPN Connection. using Preshared Key. Applicable Version: onwards. Overview. Scenario. Site A Configuration

How To Create A Virtual Private Cloud In A Lab On Ec2 (Vpn)

Deploy XenApp 7.5 and 7.6 and XenDesktop 7.5 and 7.6 with Amazon VPC

Configuration Procedure

How to Configure a High Availability Cluster in Azure via Web Portal and ASM

Deployment Guide: Transparent Mode

ALOHA Load-Balancer. Virtual Appliance quickstart guide. Document version: v1.0. Aloha version concerned: v5.0.x

Virtual Appliance Setup Guide

How To Create A Virtual Private Cloud On Amazon.Com

If you re not using VMware vsphere Client 5.1, your screens may vary.

VMware vcloud Air Networking Guide

Common Services Platform Collector (CSPC) Self-Service - Getting Started Guide. November 2015

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Sonicwall Firewall.

How To - Deploy Cyberoam in Gateway Mode

GX-V. Quick Start Guide. VMware vsphere / vsphere Hypervisor. Before You Begin SUMMARY OF TASKS WORKSHEET

About the VM-Series Firewall

Setup Cisco Call Manager on VMware

LifeSize Transit Virtual Appliance Installation Guide June 2011

SSL VPN. Virtual Appliance Installation Guide. Virtual Private Networks

Technical White Paper

Setting Up Scan to SMB on TaskALFA series MFP s.

Virtual Data Centre. User Guide

Load Balancing Microsoft 2012 DirectAccess. Deployment Guide

Configuring IPsec VPN between a FortiGate and Microsoft Azure

Installing Intercloud Fabric Firewall

VELOCITY. Quick Start Guide. Citrix XenServer Hypervisor. Server Mode (Single-Interface Deployment) Before You Begin SUMMARY OF TASKS

Deploy Remote Desktop Gateway on the AWS Cloud

How to configure DVR and computer for running Remote Viewer via IP network

Product Version 1.0 Document Version 1.0-B

Creating a Client-To-Site VPN. BT Cloud Compute. The power to build your own cloud solutions to serve your specific business needs.

SILVER PEAK ACCELERATION WITH EMC VSPEX PRIVATE CLOUD WITH RECOVERPOINT FOR VMWARE VSPHERE

ASUS WL-5XX Series Wireless Router Internet Configuration. User s Guide

Network/VPN Overlap How-To with SonicOS 2.0 Enhanced Updated 9/26/03 SonicWALL,Inc.

Authentication Node Configuration. WatchGuard XTM

Creating a Gateway to Client VPN between Sidewinder G2 and a Mac OS X Client

Getting Started with Clearlogin A Guide for Administrators V1.01

Analyze Traffic with Monitoring Interfaces and Packet Forwarding

WEBTITAN CLOUD. User Identification Guide BLOCK WEB THREATS BOOST PRODUCTIVITY REDUCE LIABILITIES

VMWARE PROTECTION USING VBA WITH NETWORKER 8.1

Quick Start Guide Sendio Hosted

CommandCenter Secure Gateway

About the VM-Series Firewall

Virtual Appliance Setup Guide

Uila Management and Analytics System Installation and Administration Guide

CREATING AN IKE IPSEC TUNNEL BETWEEN AN INTERNET SECURITY ROUTER AND A WINDOWS 2000/XP PC

VoIPon Tel: +44 (0) Fax: +44 (0)

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

INTEGRATION GUIDE. DIGIPASS Authentication for Cisco ASA 5505

GX-V. Quick Start Guide. Microsoft Hyper-V Hypervisor. Before You Begin SUMMARY OF TASKS. Before You Begin WORKSHEET VIRTUAL GMS SERVER

GMS. 1 Create the virtual machine 2 Configure the virtual machine 3 Configure the virtual GMS server. Quick Start Guide. Microsoft Hyper-V Hypervisor

Creating a VPN with overlapping subnets

VCCC Appliance VMware Server Installation Guide

Step by step guide to implement SMS authentication to Cisco ASA Clientless SSL VPN and Cisco VPN

Workflow Guide. Establish Site-to-Site VPN Connection using Digital Certificates. For Customers with Sophos Firewall Document Date: November 2015

KeyControl Installation on Amazon Web Services

Rally Installation Guide

Syslog Server Configuration on Wireless LAN Controllers (WLCs)

Implementing Microsoft Windows Server Failover Clustering (WSFC) and SQL Server 2012 AlwaysOn Availability Groups in the AWS Cloud

Common Services Platform Collector 2.5 Quick Start Guide

AlienVault. Unified Security Management 5.x Configuring a VPN Environment

How To Establish IPSec VPN connection between Cyberoam and Mikrotik router

Setting up VMware ESXi for 2X VirtualDesktopServer Manual

RSA Authentication Manager 8.1 Virtual Appliance Getting Started

SHAREPOINT 2013 IN INFRASTRUCTURE AS A SERVICE

Release Notes. Pre-Installation Recommendations... 1 Platform Compatibility... 1 Known Issues... 2 Resolved Issues... 2 Troubleshooting...

Deploy the client as an Azure RemoteApp program

Virtual Appliances. Virtual Appliances: Setup Guide for Umbrella on VMWare and Hyper-V. Virtual Appliance Setup Guide for Umbrella Page 1

How to put the DVR online

Configuring SSH Sentinel VPN client and D-Link DFL-500 Firewall

Installing and Configuring vcloud Connector

Workspot Configuration Guide for the Cisco Adaptive Security Appliance

Networking Configurations for NetApp Cloud ONTAP TM for AWS

VPN Configuration of ProSafe Client and Netgear ProSafe Router:

Hands on Lab: Building a Virtual Machine and Uploading VM Images to the Cloud using Windows Azure Infrastructure Services

Getting Started Guide: Deploying Puppet Enterprise in Microsoft Azure

HP Helion Configuration

Barracuda Message Archiver Vx Deployment. Whitepaper

Transcription:

Aviatrix Virtual Appliance For Azure VPN Gateway Connection Configuration Guide Last updated: November 17, 2016 Aviatrix Systems, Inc. 4555 Great America Pkwy Santa Clara CA 95054 USA http://www.aviatrix.com Tel: +1 844.262.3100

TABLE OF CONTENTS 1 Overview...1 1.1 Use Case Azure VNET to Remote Site...1 2 Configuration Workflow...2 2.1 Prerequisites...2 2.2 Configuration...2 2.2.1 Step1 Deploy the Aviatrix Virtual Appliance...3 2.2.2 Step 2 Configure Azure Site to Site VPN Connection...3 2.2.3 Step 3 Configure Aviatrix Site-to-Cloud VPN Connection...4 3 Troubleshooting...6 3.1 Aviatrix Virtual Appliance Tunnel Status...6 3.2 Remote site static routes...6 3.3 Azure Instance Network Security Groups...6 4 Appendix Support...7 4.1 Aviatrix Support...7

1 Overview Aviatrix is a next generation cloud networking solution built from the ground up for the public cloud. It simplifies the way you enable site to cloud, user to cloud and cloud to cloud secure connectivity and access. The Aviatrix solution requires no new hardware and deploys in minutes. This configuration guide provides step by step instructions on how to deploy the Aviatrix virtual appliance for and Azure VPN gateway (site to site) connection. 1.1 Use Case Azure VNET to Remote Site In this use case, there is a need to connect a remote on-premise site to an Azure VNet. Instead of configuring the IPSec termination on the edge device, which may put tier 1 applications at risk, an Aviatrix virtual appliance can be deployed on premise to terminate the IPSec tunnel. With this approach, no changes are needed on the edge device. The IPSec tunnel configuration is configured directly on the Aviatrix virtual appliance. Below is an example of the solution can be deployed. Azure VNET Remote Site VNET CIDR: 10.30.0.0/16 Azure VPN Gateway Aviatrix Virtual Appliance SITE-2-SITE IPSEC 10.30.1.0/24 Gateway 10.30.0.0/24 Edge Device Users 10.16.0.0/16 192.168.50.0/24 Benefits 1. Quick and Easy to deploy up and running within minutes. 2. No changes on edge device 3. Supports popular hypervisors VMWare and Hyper-V 4. Supports all major public cloud providers (AWS, Azure, GCP) 5. No exchange of public cloud credentials is needed. Page 1 of 9

2 Configuration Workflow 2.1 Prerequisites Please review the following before configuring the VNet to site connection. Confirm and check the following: 1. Make sure you have a valid Azure subscription. 2. Make sure the hypervisor that you re using is supported a. VMWare ESXi 5.0 or later b. Windows 2012 R2 or later Hyper-V 3. The Aviatrix virtual appliance requires the following: a. A static IP address (internal) b. Requires access to a DNS server c. Requires outbound ports i. TCP 443 ii. UDP 4500 & 500 4. In the remote site, create static routes to Azure VNet. a. In order for devices in the remote site to reach the Azure VNet, they must be routed to the Aviatrix virtual appliance. 2.2 Configuration The following configuration setups are based on the example environment shown below. Please replace values accordingly for your setup. Azure VNET Remote Site VNET CIDR: 10.30.0.0/16 Azure VPN Gateway Aviatrix Virtual Appliance SITE-2-SITE IPSEC Edge Device 10.30.1.0/24 Gateway 10.30.0.0/24 Public IP 104.42.225.163 Public IP 207.47.51.61 10.16.0.0/16 Users 192.168.50.0/24 Page 2 of 9

2.2.1 Step1 Deploy the Aviatrix Virtual Appliance Step 1 Deploy the Aviatrix Virtual Appliance 1. Download the virtual appliance for your hypervisor. Download 2. Import the virtual appliance into your virtualization environment 3. Once the virtual appliance boots up, login to the CLI console. The default login is admin / Aviatrix123# 4. Use the following command to configure the static IP address on the virtual appliance: setup_interface_static_address ip_address subnet_mask default_gateway primar_dns secondary_dns Example: setup_interface_static_address 10.16.0.11 255.255.255.0 10.16.0.10 8.8.8.8 8.8.4.4 5. Login to the virtual appliance web GUI. The default URL is: https://static_ip_address Default login is: admin / static_ip_address (i.e. 10.16.0.11) The system will prompt for a recovery email address and then prompt you to change the default password. The virtual appliance will initialize after the password change. Afterwards, login to the console with the new password. 6. Update the License key. Click Settings > License. Under Customer ID, enter in your customer ID and click Save. If you don t have one, contact Aviatrix at support@aviatrix.com. 7. Done. 2.2.2 Step 2 Configure Azure Site to Site VPN Connection On the Azure side, a site to site VPN connection needs to be created. An Azure site to site VPN connection consist of the following components 1. VNET This defines the network within a VNET 2. Local Network Gateway This defines the network on the remote site 3. Virtual Network Gateway This defines a gateway where the VPN will terminate in Azure 4. Site-to-Site VPN Connection This definition puts everything together Step 2 Configure Azure Site to Site VPN Connection 1. Log into the Azure Portal Page 3 of 9

2. Create a VNET (or identify VNET you want to use for the site-2-site connection). In this example, we will use the following values: a. Address Space: 10.30.0.0/16 b. 1: 10.30.0.0/24 (for Gateway. This is a special subnet for the Azure VPN gateway) c. 2: 10.30.1.0/24 (for Compute instances) 3. Create a Local Network Gateway. In this example, we will use the following values: a. IP Address: 207.47.51.61 (this is the public IP of the edge device at the remote site) b. Address space: 10.16.0.0/16, 192.168.50.0/24 (these are subnets on the remote site) 4. Create a Virtual Network Gateway. Please note the following settings a. Gateway Type: VPN b. VPN Type: Policy-based (Aviatrix only supports policy-based at this time) c. Virtual Network: (chose your VNET) d. Public IP address: (chose a public IP or create a new one) 5. Create a Site-to-Site VPN Connection a. Click on the virtual network gateway from the previous step b. Navigate to Settings -> Connections, and click Add c. Please note the following settings i. Connection Type: Site-to-Site ii. Virtual Network Gateway: Select the gateway created in the previous step iii. Local network gateway: Select the local network gateway for the remote site iv. Shared Key: Type in a shared key d. Click Ok. 6. Done 2.2.3 Step 3 Configure Aviatrix Site-to-Cloud VPN Connection To complete the connection, we must define the VPN connection on the Aviatrix virtual appliance as well. Step 3 Aviatrix Site to Cloud Definition 1. Login to the Aviatrix Virtual Appliance. 2. Click Site2Cloud -> +Add New a. VPC ID/VNet Name Select Local b. Connection Type Unmapped c. Connection Name Type in a name of the connection d. Remote Gateway IP Address This is the public IP of the Azure VPN gateway e. Remote Type in the subnet on the Azure VNET side (i.e. 10.30.0.0/16). If there are more than one network, use a comma f. Local Type in the network on the remote site side (i.e. 10.16.0.0/16, 192.168.50.0/24). g. Pre-shared Key Type in the same shared key that was used for the Azure VPN gateway. h. Remote Gateway Type choose Azure VPN 3. Click Ok. 4. Done Page 4 of 9

Congratulations. The configuration is complete. Page 5 of 9

3 Troubleshooting Below are some troubleshooting tips w 3.1 Aviatrix Virtual Appliance Tunnel Status Tunnel status can be checked from the Controller. From the Controller GUI: 1. Click Site2Cloud -> Diagnostics 2. Select the following: a. VPC ID / VNet / NET = Select Local b. Connection = Select the connection you want to troubleshoot c. Action = Select the diagnostics that you want to see 3. Click OK. 3.2 Remote site static routes Make sure static routes are defined on your remote site to reach the Azure VNET. For example, in the below example, you will need to add a static route on the remote site Destination Next Hop 10.30.0.0/16 Aviatrix Virtual Appliance Azure VNET Remote Site VNET CIDR: 10.30.0.0/16 Azure VPN Gateway Aviatrix Virtual Appliance SITE-2-SITE IPSEC Edge Device 10.30.1.0/24 Gateway 10.30.0.0/24 Public IP 104.42.225.163 Public IP 207.47.51.61 10.16.0.0/16 Users 192.168.50.0/24 3.3 Azure Instance Network Security Groups Check and make sure your network security groups are configured properly for access from your remote site. By default, inbound access to Azure instances are restricted. Page 6 of 9

4 Appendix Support 4.1 Aviatrix Support Standard: 8x5 Enterprise Phone Support, email support, product-specific knowledge-base and user forum is included. For Additional levels of support and support offers please visit: www.aviatrix.com/support Page 7 of 9

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information