am having an issue connecting to an AVI VIP,
we have a rule that permits the src to connect to the segment the AVI VIP's reside. The SRC can connect to the AVI IP on the VIP range but not a VIP.
If I replace the segment in the rule with the subnet of the same segment then the src can connect to the VIP and the AVI IP on the VIP.
It's almost like NSX expects to know about the VIP and is dropping traffic to addresses on the segment it doesn't know about.
src: 10.1.1.10/27
dst: 10.20.20.200/27