Connecting a Spoke appliance to an AWS Gateway
| 1 | From the main menu, select Appliances. |
| 2 | Select the appropriate Spoke appliance and click Edit Configuration. |
| 3 | Select the appropriate WAN interface in Router mode. |
| 4 | From the Tunnels -> Overlay stack, select the AWS gateway overlay that will establish the VPN tunnel. It is then displayed in the Applications Anywhere list. |
| 5 | Click Configure Tunnel. |
There are two types of AWS managed gateways:
| • | VGW: a Virtual Private Gateway is a resource associated with a VPC (Virtual Private Cloud in AWS) that provides connectivity to this VPC (through site-to-site VPN or Direct Connect). |
| • | TGW: a Transit Gateway is a resource associated with VPCs in the same region and acts as a hub providing: |
- connectivity between remote sites and these VPCs (through site-to-site VPN or Direct Connect),
- routing between these VPCs,
- routing with VPCs that are associated with other Transit Gateways (possibly in other regions)
An AWS Cloud gateway name corresponds to its name in AWS (if it exists) or its ID in AWS (vgw-xxxxx or tgw-xxxxx).
The SD-WAN Application retrieves the AS number of the Cloud gateway. The AS number of the Cloud gateway:
| • | must not be included in the AS number range |
| • | or must be defined as an exclusion |
| • | and should be different from any other appliance ASN in the domain |
Refer to "Overlay Routing ".
| 6 | Since PSK is the only authentication type currently supported, the SD-WAN Application automatically generates a pre-shared key. This authentication type requires a WAN interface public IP address to be specified. |
| 7 | When there are several Cloud gateways, you can enter Preference values to define the priority of tunnels to route the traffic. The highest Preference value implies priority. The default value is 100. |
For Transit Gateways (TGW) only
When you select a TGW gateway, the SD-WAN Application retrieves the list of transit gateway route tables. For every route table, its name and ID are specified.
| 8 | You can enable VPN Acceleration and define the Association Route Table and Propagation Route Tables. Transit Gateway route tables are objects that enable network segmentation, i.e. they define whether attachments can communicate with one another. |
| • | Association Route Table: select one of the route tables or none for association. |
| • | Propagation Route Tables: select several route tables or none for propagation. |
For all the Gateways
| 9 | Save your settings. Two connections are defined and the two matching tunnels are set up on the appliance. |
Note: You can edit or delete a Cloud connection at any time.