I have a pair of Cisco CSS 11503 boxes with a ap-kal-pinglist applied to both virtual routers, as a Critical Service, on the Primary CSS. When a link goes down, the VRRP fails over all traffic to the Secondary, as expected, but there is an issue with two particular VIPs. These VIPs have Source Groups configured, like below:
add destination service XYZ_Server_1
add destination service XYZ_Server_2
vip address 10.10.3.25
add destination service ABC_Server_1
add destination service ABC_Server_2
vip address 10.10.3.24
Once a failover occurs, the VIPs are unreachable via a browser. I have also seen 1 VIP OK and 1 VIP not, but never both working. At times, when I failback to the Primary, the VIPs are OK again. The services are reachable via a browser during this issue.