no luck at misc@ but here's what I did:
copy ipsec.conf from fw1 to fw2 and
on both fw's.
I've established the VPN on fw1, demoted the carp, fw2 took over, the VPN continued working. Rebooted fw1 and did the same steps on fw2.
out of 200 ping packets through the VPN, we've lost 2x. Pretty good if you ask me.