VIP (IP Alias) on VTI

Started by hpsn, October 20, 2025, 03:16:43 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
October 20, 2025, 03:16:43 AM
Hi All,

I have a need to configure a VIP on an IPSec VTI, however, when I do this, I cannot see this VIP in the ipsecX interface, nor can I use the VIP in a (S/D)NAT policy. The configured VIP also does not respond to ICMP from the LAN (when an allow all policy exists on the LAN).

Are VIPs on VTI with the new IPSec implementation supported?

Any pointers will be greatly appreciated.

Thanks

Today at 09:08:31 AM #1
The IPSec Virtual Tunnel Interface (VTI) is a route-based interface. Packets are first routed into the tunnel and then encrypted/decrypted. VIP requires NAT on the first interface that receives packets, which VTI cannot meet.
Print
Go Up Pages1
User actions