Hi All,
I have a need to configure a VIP on an IPSec VTI, however, when I do this, I cannot see this VIP in the ipsecX interface, nor can I use the VIP in a (S/D)NAT policy. The configured VIP also does not respond to ICMP from the LAN (when an allow all policy exists on the LAN).
Are VIPs on VTI with the new IPSec implementation supported?
Any pointers will be greatly appreciated.
Thanks
The IPSec Virtual Tunnel Interface (VTI) is a route-based interface. Packets are first routed into the tunnel and then encrypted/decrypted. VIP requires NAT on the first interface that receives packets, which VTI cannot meet.