 Re: failover nat-problem
So if you've got different MAC addresses in the proxy ARP configuration on both firewalls, then how does the upstream router know that you've failed over? Won't it still have the primary system's MAC addresses stored in its ARP cache?
If you suspect it's an ARP issue, then have you checked out the routers ARP cache? Looked at traffic on the wire with tcpdump -e? |