Messages

NVM, I figured it out. So this was my issue:

Whenever I created my VIP's, I was manually specifying to use VHID group 2 and group 3, clearly they weren't being used so it let me create them, but as soon as I did, I'd lose gateway reach-ability.

If I just hit the button to automatically select a VHID it worked, so that's a relief.

So, this is my setup:

Local Side:
two identical boxes with exact hardware configurations

LAN (CARP)
Customer WAN (CARP)
DMZ (CARP)
Private WAN 1
Private WAN 2
HA (Sync)

Remote Side:
two identical boxes with exact hardware configurations

LAN (CARP)
Private WAN 1 (CARP)
Private WAN 2 (CARP)
Public Wan

These sites are connected via point to point wireless bridges. Whenever I attempt to configure carp for Private Wan 1 or Private Wan 2 on the local side, as soon as I create the VIP I loose gateway connectivity from the perspective of the local side, pings fail, no denies in the logs. Remove the VIPs, and gateway reach-ability is restored.

Each FW has a "Private_Wan_1" and a "Private_Wan_2" interface.  So, Privatewan1 on the local side and privatewan1 on the remote side sit in the same broadcast domain, for simplicity sakes, it's a /24.

My gateways on the local side are setup as such:

Private_Wan_1_GW > CARP VIP on remote side.
Private_Wan_2_GW > CARP VIP on remote side.


I've been scratching my head on this for a while, and I've done quite a bit of digging and searching but I haven't really came across a fix, I am sure it's something simple that I have overlooked.  I've just offered a brief overview, if you need more details I can provide you with that and we can drill down more technically.