Ok, let's take the following diagram.
I want to extend the subnet 192.168.20.0 /24 which in behind HUB to another location, over the Internet in the same time, I want to be able to access Lo0 220.127.116.11 via the existing GW of network, which works just fine locally in the HUB/HQ .
I have port2 which is the GW for devices in that subnet 192.168.20.1 /24.
I've configured VxLAN over IPsec between the devices, where I created ( leaving aside the actual ipsec config ) :
- on Spoke-1 a software switch of phase1 intf and port2 as members; ( ignore port3 on Spoke-1 )
- on HUB a software switch of phase1 intf and port3 as members;
- port3 is connected to the switch on a port which is in mode access in the corresponding VLAN with the other devices
- from VPC6 ( 192.168.20.200 /24 ) i can reach the devices in the same network
- from VPC6 I can reach the GW
- I can exist the network via the GW
This is what I've done and works as intended.