Configure BGP between the PCG and the service appliance over the IPSec VPN tunnel.

You set up BGP neighbors on the IPSec VPN tunnel interface that you established between PCG and the service appliance. See Configure BGP for more details.

You need to configure BGP similarly on your service appliance. See documentation for your specific service in the public cloud for details.

Next, set up route redistribution as follows:

  • The PCG advertises its default route (0.0.0.0/0) to the service appliance.
  • The service appliance advertises the VSIP to the PCG. This is the same IP address which is used when registering the service. See Create the Service Definition and a Corresponding Virtual Endpoint.
    Note: If your service appliance is deployed in a High Availability pair, advertise the same VSIP from both service appliances.

Procedure

  1. Navigate to Networking > Tier-0 Gateways .
  2. Select the auto-created tier-0 gateway for your Transit VPC/VNet named like cloud-t0-vpc-6bcd2c13 and click Edit.
  3. Click the number or icon next to BGP Neighbors under the BGP section.
  4. Note these configurations:
    Option Description
    IP Address

    Use the IP address configured on the service appliance tunnel interface for the VPN between the PCG and the service appliance.

    Remote AS Number This number must match the AS number of the service appliance in your public cloud.
    Route Filter Set an Out Filter to advertise the default route (0.0.0.0/0) from the PCG to service appliance.
  5. From the Route Redistribution section, enable static routes on tier-0 gateway.

What to do next

Set up Redirection Rules