Connecting a Branch Office appliance to an AWS Gateway

To connect Branch Office 2 appliance to the gateway (see "Use Case 1"), edit its WAN3 parameters by completing the Cloud Gateways panel.

1

From the stack of Cloud Gateways names, select one AWS gateway.

There are two types of AWS managed gateways:

•

VGW: a Virtual Private Gateway is a resource associated with a VPC (Virtual Private Cloud in AWS) that provides connectivity to this VPC (through site-to-site VPN or Direct Connect).

•

TGW: a Transit Gateway is a resource associated with VPCs in the same region and acts as a hub providing:

- connectivity between remote sites and these VPCs (through site-to-site VPN or Direct Connect),

- routing between these VPCs,

- routing with VPCs that are associated with other Transit Gateways (possibly in other regions)

An AWS Cloud gateway name includes:

•

the Cloud access type, AWS in this case

•

the Cloud access name

•

the name of the AWS region where it is deployed

•

the gateway name in AWS (if it exists) and its type, VGW or TGW

•

or the gateway ID in AWS (vgw-xxxxx or tgw-xxxxx)

The SD-WAN Orchestrator retrieves the AS number of the Cloud gateway and displays it beside the gateway name. The AS number of the Cloud gateway:

•

must not be included in the AS number range (see Advanced Configuration > Overlay routing)

•

or must be defined as an exclusion

•

and should be different from any other appliance ASN in the domain

2

Since PSK is the only authentication type currently supported, the SD-WAN Orchestrator automatically generates a pre-shared key. This authentication type requires a WAN interface public IP address to be specified.

3

When there are several Cloud gateways, you can enter Preference values to define the priority of tunnels to route the traffic. The highest Preference value implies priority. The default value is 100.

For Transit Gateways (TGW) only

When you select a TGW gateway, the SD-WAN Orchestrator retrieves the list of transit gateway route tables. For every route table, its name and ID are specified.

4

You can enable VPN Acceleration and define the Associated Route Table and Propagated Route Tables. Transit Gateway route tables are objects that enable network segmentation, i.e. they define whether attachments can communicate with one another.

•

Associated Route Table: select the route table by default for association or use the None option.

•

Propagated Route Tables: select one or more route table(s) for propagation.

For all the Gateways

5

Update your settings. Two connections are defined and the two matching tunnels are set up on the appliance.

Note: You can edit or delete a Cloud connection at any time.