I've recently "syncronised" the configuration of our 2 3020 boxes using http://www.cisco.com/en/US/customer/products/hw/vpndevc/ps2284/products_tech_note09186a008050643e.shtml
The only differences I can see in the config now is the IP addressing, hostnames, and master/backup1. However, during a failover test, none of our remote VPN3002 hardware clients will establish connection to the secondardy concentrator when it is active. L2L sessions do come up however. Just the remote sessions from the HW clients fail.
Any help would be great.