 Re: failover nat-problem
i didn't know about the -e switch from tcpdump, thanks - this helps a lot.
unfortunately i don't have access to the router, but while sniffing the packets exactly what you said happend:
when i do a manual failover, the returning packets are still sent to the previous active firewall.
i'm a little confused now: the mac-address of the cluster-ip gets changed within a second, but what happens with the mac-entries for nat?
please enlighten me! thanks. |