From the message on the concentrator that the user is authenticated I would believe that it is getting part way through the negotiation, but then something fails.
I faced a situation recently that might be somewhat similar. We found that there was a small detail that was different in the way that the client was configured from the way that the concentrator was configured. Can you check the details of how your clients and concentrator are configured?
Am I correct in assuming that your concentrator is one of the Cisco 3000 series of concentrators? If so I believe that there is a way to achieve what you describe. Have the users configure their client with the address of A as the concentrator. In the configuration of the groups on the concentrator there is an option to specify a backup concentrator and to push that information to the client. So configure A to specify B as the backup concentrator and to push that to the clients. When you do this the client will attempt to connec to A. If the connection to A fails then the client will attempt to connect to B.
In the concentrator, under configuration, choose the User Management tab, and then choose the Groups option. This should open a page which displays the groups that are configured. Choose the group that you want to configure and click on modify. This should open the configuration of the group. Click the Client Config tab which should bring up options about the client. One of these options is IPSec Backup Servers. In that option there is a pull down menu and you would select the option for Use List Below and input the address of the concentrator which will be the backup.
At that point the concentrator should begin to push to the clients the configured backup server. After you make the change remember to save the config.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...