We are running a ZTNA service where user connections are proxied through VM appliances in our DMZ. In order to push from our DC to user endpoints, these appliances are assigned IP pools which they use as essentially a NAT pool. A random IP is then assigned to a user's connection and used to push traffic initiated from the DC to that user's machine through the connector. The connector server runs proprietary software that runs on kubernetes.

I have limited ACI experience, but after meeting with my network team they have informed me that ACI has limited ability to route to an endpoint (as opposed to an actual network gateway device) in this manner. Apparently a host route would have to be pushed out in ACI for each individual IP address within the NAT pool and obviously there is a limit to that because of TCAM space.

I was wondering if anyone had experienced something similar and solutioned for it. I have attached an image below to hopefully explain a bit better.