I have two Cisco VPN 3060 concentrator configured with load balancing sitting behind ASA firewall.
Concentrator A with public interface ip address is 126.96.36.199 -> static NAT to 188.8.131.52
Concentrator B with public interface ip address is 184.108.40.206 -> static NAT to 220.127.116.11
Load balancing is configured between these two concentrators with cluster ip address 18.104.22.168 -> static NAT to 22.214.171.124
I'm able to connect to the cluster ip address 126.96.36.199 when the vpn client reside on the 172.1.1.x subnet
(I adjusted the load balance settings to 0.0.0.0 since the client is behind the firewall.)
But when the vpn client connects from DSL it fails to connect to the NAT address of the cluster 188.8.131.52.
The vpn client is able to connect to the external/Nat addresses of Concentrator A and B.
The ASA firewall is set to allow 'all' IP inbound to the cluster IP 184.108.40.206.