I have a redundant firewall setup with carp interfaces on both sides of the firewall. I have a mirror of this setup in a 2nd location. Now im a little confused on how to set up the VPN. Do I use 1) the physical interfaces between the peers or 2) do I use the carp interface as the peers or 3)do I use both the physical and carp interfaces as the peers.
When trying to setup sasyncd in this sort of enviornment I cant get the slave firewall to establish an IKE session because of the ips of the peers. Can anyone give me any insight into this?