Hi Stuart,
On Fri, Oct 3, 2008 at 1:46 PM, Stuart Henderson <[EMAIL PROTECTED]>wrote: > On 2008-10-03, Marco Matarazzo <[EMAIL PROTECTED]> wrote: > > Communication between vlan[1-3] and vlan[4-6] fails, because traffic > > originating from i.e. vlan1 and going to vlan4 does not get routed to > FW2, > > but remains on FW1 (since the vlan being up creates the local route, even > if > > the corresponding carp interface is down). > > You could try only having an address on the carp interfaces, not the > vlan interfaces, then use OSPF to announce to the other firewall... > I'm actually already using OSPF to announce the routes to the border routers which in turn use eBGP to the upstreams and iBGP between them.The firewalls are also using ospf between them. In the past I tried to setup the vlans without an address (it'd be very convenient too, since I'd not lose two more addresses per vlan!) but then had problems with ospf which refused to announce the routes, and always had the feeling that it was not supported. If that works, it would resolve all my problems! I'm going to experiment with it! ;) Thanks, ]\/[arco -- I'm Winston Wolf, I solve problems.
