Is anyone here using link-based failover for their CAS setups? If so, 
what external IPs are you using for your Untrusted and Trusted-side 
Link-detect? The documentation to me, is confusing at best:

Choosing External IPs for Link-Based Failover
• Keep in mind that when the CAS initiates traffic, it will always send 
packets out of its untrusted
(eth1) interface except for packets destined to its default gateway. 
Therefore, when choosing an
external IP on trusted network for CAS to ping via the eth0 interface, 
choose any IP belonging to a
subnet other than the CAS subnet.
• When choosing an external IP on the untrusted network for CAS to ping 
via the eth1 interface:
– This IP has to exist on the CAS management subnet
– It cannot be the default gateway of the CAS
– The CAS will send these ping packets out of the eth1 interface
– Verify whether Set Management VLAN ID is enabled for the eth1 
interface. If this option is
not enabled, CAS will send traffic out untagged on the eth1 interface. 
The switch will determine
whether these packets should be received on its native VLAN. Therefore, 
on the untrusted
interface, ensure that the native VLAN is being forwarded.
– The external IP address will be in the CAS management subnet, but on 
the untrusted side, the
traffic will be going out from the CAS in the native VLAN; hence ensure 
the native VLAN is
being forwarded towards the external IP device.

Thanks in advance,

-- 
--Homer Manila
Network Security Administrator
OIT, American University
202-885-2209