The workaround will "work," but creates some other problems, and of course bloats your configs. As of 9.18(2), it's possible to add a loopback interface, to handle the management functions through VPN, not complete yet, but it's a start. Seems to w...
Same issue with a FPR-1010 in my lab with 9.18.2, it denies several services, and throws this into the log:106016: Deny IP spoof from (x.x.x.x) to y.y.y.y on interface outside.
Well, I've found on "solution."Since Cisco doesn't think this is important, I bought a couple of Juniper SRX's, these, remarkably, work just fine. Looks like a migration is on the way...
The workaround isn't really a workaround. Can confirm the issue on 9.16(2)14. When using monitoring, the "workaround" denies other traffic to inside interface, from the monitoring host. Also creating route-injection issues. It might work on very s...