Hi @Rob Ingram 

Ok makes sense,  So now when traffic is soutced from Inside Interface and needs to go through the VTI then I would not say Inside to Outside anymore it would be Inside to VTI and through the tunnel.?
Also my Nat rule would now be Inside to VTI and Outside to VTI, rather than Inside to Outside and Outside to Inside for other traffic.?

for the static routes would | i now say the gateway for the remote subnet is the remote VTI peer IP Address. ??
Thanks

@benolyndav correct.

You cannot write NAT rules for a Virtual Tunnel Interface (VTI), which are used in site-to-site VPN. Writing rules for the VTI's source interface will not apply NAT to the VPN tunnel. To write NAT rules that will apply to VPN traffic tunneled on a VTI, you must use "any" as the interface; you cannot explicitly specify interface names.

https://www.cisco.com/c/en/us/td/docs/security/secure-firewall/management-center/device-config/740/management-center-device-config-74/interfaces-settings-nat.html

Yes, for routing use the VTI tunnel IP address as the next hop or using a routing protocol.

Hi @Rob Ingram 
Would that be any to  any or    any to Outside in Nar rule ??

Thanks

@benolyndav EDIT: actually INSIDE to any. Ingress through the inside interface, egress via the Tunnel interface - NAT rules are bi-directional. Be as specific as possible in your NAT rule in regard to source/destination networks.

Hi @Rob Ingram 
Am I ok to DM You.??

Thanks

@benolyndav sure.

You can not use nameif of VTI in NAT' that separate from zone secuirty' you can use ""any"" instead

For static route 

The VTI tunnel IP of peer is use as next-hop not VTI tunnel IP of fpr.

Keep in minde that vti tunnel appear as direct connect link from fpr view.

MHM

NAT will be 

INSIDE to ANY <- if traffic is NAT to VTI interface 

MHM