Cloud Edge Secure Access Getting Started Guide

Download PDF
Technical Documentation > Cloud Edge Secure Access Getting Started Guide > Networks > Connecting Infrastructure > Connect Cloud Resources > Amazon AWS > AWS Transit Gateway

AWS Transit Gateway

This article describes how to connect multiple VPCs using a single Site-to-Site connection like AWS Transit Gateway (unlike the AWS Virtual Gateway which requires one Site-to-Site connection per VPC). Inter-region Transit Gateway peering is available in US East (N. Virginia), US East (Ohio), US West (Oregon), EU (Ireland), and EU (Frankfurt) while currently in other regions TG is restricted to a single region.

The choice between Transit Gateway or a simple Virtual Gateway depends on your AWS architecture. If you are not sure, we encourage you to visit AWS's official documentation.

Please follow the steps below:

  • Create the Transit Gateway & Transit Gateway attachments

  • Configuring the tunnel in the AWS Console

  • Configuring the tunnel on the SonicWallCloud Edge web platform

  • Configuring the routing in the AWS Console

  • Configuring the routing on the SonicWallCloud Edge web platform

Create the Transit Gateway & Transit Gateway attachments

Create the Transit Gateway

  1. Go to the VPC section in the AWS Console.

    360004436499mceclip6.png

  2. Under the left panel, click on Transit Gateways

  3. On the top pane, click on Create transit gateway

  4. Fill in the following information:

    • Name tag - Insert the name of the Transit Gateway

    • You can keep the default parameters for the rest of the attributes

  5. Click on Create transit gateway.

Create the Transit Gateway attachments

Create the Transit Gateway VPC attachments

  1. On the left pane, click on Transit Gateway Attachments

  2. On the top pane, click on Create transit gateway attachment

  3. Fill in the following information and click on Create transit gateway attachment:

    • Name Tag - Insert the name of the Transit Gateway Attachment
    • Transit gateway ID - Pick the newly created Transit gateway
    • Attachment Type - VPC
    • VPC ID - Select the relevant VPC
    • You can keep the default parameters for the rest of the attributes

Repeat the above process for each of the VPCs that you would like to gain access to.

Create the Transit Gateway VPN attachment

  1. On the top pane, click on Create transit gateway attachment.

  2. Fill in the following information and click on Create transit gateway attachment:

    • Transit gateway ID - Pick the newly created Transit gateway
    • Attachment Type - VPN
    • Customer Gateway - New
    • IP address - This should be obtained within the SonicWall Cloud Edge Panel, under the relevant Gateway Name

    • BGP ASN: Leave default values

    • Routing Options: Static

    • Keep the default values for the rest of the attributes

    • Click on Create transit gateway attachment

    This may take several minutes.

    In case you have 2 VPCs, this is how your Transit gateway attachments section should look like

Configuring the tunnel in the AWS Console

  1. On the left pane, under Virtual Private Network (VPN), click on Site-to-Site VPN Connections

  2. Pick the newly created Transit Gateway VPN connection record

  3. On the top pane, click on Download Configuration

  4. A pop-up will appear, choose the following and click on Download

    • Vendor - Strongswan

    • Platform - Ubuntu 16.04

    • Software - Strongswan 5.5.1+

    • Ike Version - Ikev1

  5. Open the configuration file that you have downloaded and copy the following attributes.

    • Endpoint - Copy the 2nd IP (marked in red)

    • PSK - Marked in yellow, remember to omit the quotation marks

Configuring the tunnel in the platform

  1. Navigate to your SonicWall Cloud Edge web platform.

  2. On the left pane, click on Networks and select the name of the network in which you'd like to set the tunnel.

  3. Locate the desired gateway, select the three-dotted menu (...), select Add Tunnel

  4. A pop-up will appear, choose IPSec Site-2-Site Tunnel and click on Continue

  5. Fill in the following information and click on Add Tunnel:

    • Name - Enter the name of the tunnel
    • Shared Secret - Paste the PSK value from the downloaded file (marked in yellow)

    • Public IP & Remote ID - Paste the 2nd IP from the downloaded file (marked in red)

    • SonicWall Cloud Edge Gateway Proposal Subnets: by default, this should be set to 10.255.0.0/16.

    • Remote Gateway Proposal Subnets: 0.0.0.0/0 or specify according to your customized settings.

  7. At the Advanced Settings section fill in the following information:

    • IKE Version: V1
    • IKE Lifetime: 8h
    • Tunnel Lifetime: 1h
    • Dead Peer Detection Delay: 10s
    • Dead Peer Detection Timeout: 30s
    • Encryption(Phase 1): aes128
    • Encryption(Phase 2): aes128
    • Integrity (Phase 1): sha1
    • Integrity (Phase 2): sha1
    • Diffie-Hellman Groups (Phase 1): 2
    • Diffie-Hellman Groups (Phase 2): 2

    This may take several minutes, you can move on to the next step.

Configuring the routing on AWS

  1. Go to the VPC section in the AWS Console. Under Transit Gateways, select Transit Gateway Route Tables.

  2. Select the relevant Transit Gateway Route Table record

  3. On the bottom, click on Propagations

  4. Verify that all of the Transit Gateway Attachments are included, if you have 2 VPCs, this is how it should look like -

    In case one of the Transit Gateway Attachments is missing, click on "Create propagation" and add the missing record

  5. On the bottom, click on Associations

  6. Verify that all of the Transit Gateway Attachments are included (same as step #4)

  7. On the bottom, near the Propagations tab, click on Routes

  8. Click on Create static route and fill in the following:

    • CIDR - Insert your SonicWall Cloud Edge subnet, to find your SonicWall Cloud Edge network subnet perform the following:

      • Open your SonicWall Cloud Edge web platform
      • On the left pane click on "Networks" --> "Networks"
      • Select your network
      • Select the three-dotted menu (...) next to the Network
      • Click on "Edit Network"

    • Choose attachment - Choose the VPN attachment

    If you have 2 VPCs, this is how it should look like

  9. On the left pane, under Virtual Private Cloud, click on "Route Tables"

  10. Select the Route Table for one of the attached VPCs

  11. On the bottom, click on Routes

  12. Click on Edit Routes, a new window will appear, click on Add route and fill in the following:

    • Destination= Your SonicWall Cloud Edge network subnet

      • The value in the above screenshot it's just an example, to find your SonicWall Cloud Edge network subnet perform the following:

        • Open your SonicWall Cloud Edge web platform

        • On the left pane click on "Networks" --> "Networks"

        • Select your network

        • Select the three-dotted menu (...) next to the Network

        • Click on "Edit Network"

    • Target = Choose Transit Gateway & pick the relevant Transit Gateway

  13. Click on Save changes
  14. Repeat steps 10-12 for other attached VPCs

Configuring the routing on SonicWall Cloud Edge

  1. Open your SonicWall Cloud Edge web platform
  2. On the left pane click on "Networks" --> "Networks"
  3. Select your network
  4. Select the three-dotted menu (...) next to the Network

  5. Click on Route Table

  6. On the top right corner, click on Add Route
  7. A pop-up will appear, fill in the following and click on Apply Configuration:

  • Tunnel - Choose the relevant tunnel

  • Subnet - Add the CIDRs of the attached VPCs (The VPCs to which you'd like to gain access)

Was This Article Helpful?

Help us to improve our support portal

Yes! Not Really

Techdocs Article Helpful form

  • Hidden
  • Hidden

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.
  • Hidden
  • Hidden