I have two Cisco VPN 3060 concentrator configured with load balancing sitting behind ASA firewall.
Concentrator A with public interface ip address is 184.108.40.206 -> static NAT to 220.127.116.11
Concentrator B with public interface ip address is 18.104.22.168 -> static NAT to 22.214.171.124
Load balancing is configured between these two concentrators with cluster ip address 126.96.36.199 -> static NAT to 188.8.131.52
I'm able to connect to the cluster ip address 184.108.40.206 when the vpn client reside on the 172.1.1.x subnet
(I adjusted the load balance settings to 0.0.0.0 since the client is behind the firewall.)
But when the vpn client connects from DSL it fails to connect to the NAT address of the cluster 220.127.116.11.
The vpn client is able to connect to the external/Nat addresses of Concentrator A and B.
The ASA firewall is set to allow 'all' IP inbound to the cluster IP 18.104.22.168.