Dynamic Virtual Tunnel Interfaces (VTIs) are designed to work with dynamic routing protocols like BGP, rather than static routes. In a Hub-Spoke topology with dynamic VTIs, the inability to select the dynamic VTI interface for static routing in the GUI is likely by design, not a bug.
Dynamic VTIs are created on-demand and are not persistent interfaces. This makes them unsuitable for static routing, which requires a stable, always-present interface, The hub uses a virtual template for dynamic instantiation of IPsec interfaces. Each VPN session generates a unique virtual access interface, making it impractical to configure static routes for these temporary interfaces. Here is the link
If you need to test connectivity without using BGP, consider these options.
Use IKEv2 to push routes: Configure the route set interface command in your IKEv2 authorization policy to advertise routes over the VTI Here and Here
Use a loopback interface: Create a loopback interface with the IP address you want to use for the tunnel, then use ip unnumbered on the virtual template to borrow this IP. You might be able to create a static route to this loopback Here
For testing purposes only, you could configure a static VTI on the hub instead of a dynamic VTI, which would allow you to set static routes Here
please do not forget to rate.
