Hi Zach.
Ah great news!
I noticed your email before the weekend but didn't have a chance to
reply. Please you worked it out.
The remote network routes I use don't point at the local inside CARP IP
but instead at the local inside physical IP (each firewalls own IP just
to set the source).
Yea setting the NAT fixed some of the issues for us with communicating
with the firewalls themselves.. Restrict the NAT rule if you like so
you only NAT to the internal CARP IP when trying to talk to either the
firewalls physical IPs. No need to NAT for traffic to the rest of the
LAN as that only ever replies back to the CARP IP as the GW etc..
Cheers, andy.
On Mon 10 Mar 2014 16:25:59 GMT, Zach Leslie wrote:
Hope this helps,
Thanks, Andy. Once I removed the routes for the remote network point to
the internal carp interface, everything works like I expect. Super
stable. Thanks for your time. I'll mess with the NAT for monitoring
soonish and see if I can get that working.