Hi guys
I am new in MT (v9.6)
I was make a vrrp cluster with two eth interfaces
(outside and inside)
My problem is the vip in outside. I want use it
for incoming ipsec vpn connections.
The local peer (MT) has vip of outside interface
I was make default route for remote peers ip address (real)
with pref source the vip of outside iinterface, so that is
no need to make two peers in remote location.
First i watch that a connection tracking monitor is not
track the ipsec connection only tcp/udp
Second i watch after failback, the backup node is trying
to connect in remote peer with own ip address because
the vip address is taking by primary node again.
remote site local site
10.0.0.x → Cisco 192.168.1.4 ------> MT vip 192.168.0.4 → lan
remote peer 192.168.0.4 remote peer 192.168.1.4
MT BOX-1 192.168.0.2
MT BOX-2 192.168.0.3
For first time anything working right (the cisco sees the vip of MT)
After failover the MT BOX-2 trying and connecting with source ip
192.168.0.4 its ok.
After failback starts the errors (MT BOX 2 remain to trying connecting
with its own ip 192.168.0.2 because the vip it taken by primary)
and the connection fail. It must to power off the second MT, and
the connection was established.
My question is this scenario is working ?
Thanks