02-14-2020 08:35 AM - edited 02-14-2020 12:10 PM
Has anyone found a better work around than switching to an IPSEC solution? The type of setup I have requires BGP and I can't lose that functionality. These sites need internet access and the only way to include traffic sourced from the VTI and out to the internet is to perform an any,outside global nat to include the VTI.
02-10-2023 02:51 PM
I saw this referenced in another forum/article. The suggested workaround is to set your NAT destination interface to ANY.
nat (if-name, ANY)
This resolved my issue with VTI tunnels utilizing BGP and I was able to access resources on the other side.
09-21-2023 03:42 PM
Thanks for posting this...fixed my issue immediately upon deployment. Saved me several more hours of work!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide