Anyone ever setup some cisco 3000 series' vpn concentrators in a load balancing config? I'm trying to, but am having problems with them communicating properly to negotiate who's the master and who's the slave. In a 2 node cluster, one of them determine's he's the master, and sees the other as a secondary peer. The other doesn't list any peers, yet sees both itself as secondary, and the virtual public cluster address as secondary but then tries to switch itself to master, then back to secondary.
The logs I'm seeing (sorry, don't have them on hand at the moment) are LBSSF messages about not receiving a HELLO from the master at (virtual cluster address), invalid VCA state transitions and things of those nature. Both the public and private interfaces of each concentrator are on the same subnets as the other, and they are able to ping each other. I am also not using encryption for the communication between the two. Using the standard udp 9023 (I believe) port that comes as default for that load balancing chatter. Both have been upgraded to the latest boot code and concentrator image (4.7.2 dated october 2005). Both the public and private interface filters have been modified to include allowing the VCA In/Out traffic necessary for load balancing.
I have not yet checked out any of the caveats for that version of the software image at cisco.com, but a cursory search of the messages I was seeing in the logs turned up nothing other than the basic config doc I already followed to set this up in the first place.