Changing HA-IP-Address over L3 Link
I got the following challenge I do not have a solution actually an dI appreciate any tips.
Referring to the Picture:
- Firewallcluster is connected to two Routers via L3 or L2 (with SVI) link
- If one Firewall fails (detected via HA link) the Ip-Address that is facing the routers (192.168.1.1) is MOVES from FW1 to FW2.
- As there is no L2 connectivity via the L3 conected routers this is kind of issue here.
- Work with IP sla tracks and inject the routes into the backbone with the "track" option. But the limit for IP SLA is 1second for an ICMP timeout. I want to implement subsecond here.
Does anyone has an Idea here?
Thanks in advance!