Hi All,

I've got an issue with BGP not connecting on a Firepower FTD through a VTI tunnel.  The tunnel is up and I can ping the other end, I've got BGP configured to several peers internally and on DMZ's that work just fine, but on the VTI, I get this in the log:-

%FTD-7-710005: TCP request discarded from 10.121.0.1/33651 to tun1:10.121.0.101/179

I've added in an access run that says any/any tcp/179, but still nothing.

CLI show's I've got a route to the peer, but it's still dropping it:-

> show bgp neighbors 10.121.0.1

BGP neighbor is 10.121.0.1, vrf single_vf, remote AS 65534, external link
Description: SecureBoundary Tunnel 1
BGP version 4, remote router ID 0.0.0.0
BGP state = Idle
Neighbor sessions:
0 active, is not multisession capable (disabled)
Default minimum time between advertisement runs is 30 seconds

For address family: IPv4 Unicast
BGP table version 420, neighbor version 1/420
Output queue size : 0
Index 0
Sent Rcvd
Prefix activity: ---- ----
Prefixes Current: 0 0
Prefixes Total: 0 0
Implicit Withdraw: 0 0
Explicit Withdraw: 0 0
Used as bestpath: n/a 0
Used as multipath: n/a 0

Outbound Inbound
Local Policy Denied Prefixes: -------- -------
Total: 0 0
Number of NLRIs in the update sent: max 0, min 0

Address tracking is enabled, the RIB does have a route to 10.121.0.1
Connections established 0; dropped 0
Last reset never
External BGP neighbor not directly connected.
Transport(tcp) path-mtu-discovery is disabled
Graceful-Restart is disabled
No active TCP connection

Has anyone got any thoughts?

Best, Leigh