Create a Post
Showing results for 
Search instead for 
Did you mean: 
Jump to solution

Routing not working towards VTI

We have a HA cluster that requires a new AWS VPN connection. The tunnel comes up and we can ping across the VTI's no issues.😁

However when adding a route to the remote VTI interface the route does not show up on the gaia routing table.😫


So for example the tunnel interfaces are

ClusterIP -  vpnt11 = and we can ping

ClusterIP - vpnt12 = and we can ping


If we add a static route

#set static-route nexthop gateway address o

and look at output of...

#show route destination

the output shows the nexthop as following the default Internet route.  (---not the VTI---)

I thought about perhaps overlapping encryption domains clashing so added a temporary routes to different addresses (non private) and they have the same result- they dont show in the routing table towards the VTI.


I then remade the vpn with BGP enabled at AWS.


BGP would not establish with an error - "unable to find interfaces to reach this peer"  (even though I can ping the peer)


I enabled multihop and then BGP established. (even though I can ping the peer as a connected interface😂)


If I look at the routes I am learning from the BGP relationship it appears that the next hop is the default gw and not the / (ie not the bgp peer IP's).


What can cause this ?

How can I resolve this ?


(have remade the vpn twice - also recreated it on the AWS side since you cant swap from static to bgp without deleting- very strange- again vpn is up - bgp is allowed and seen decrypted on the vpn correctly - can ping inside the vti)


Look forward to any thoughts.

GW is R80.20 



0 Kudos
7 Replies
This widget could not be displayed.