Can't connect via L2TP to Astaro behind NAT

I'm trying to set up an Astaro Security Gateway to allow remote access using L2TP over IPSec.  This particular appliance is behind a link-balancing router which is connected to two T1s for redundancy.  Because of this, it is NATed and has the non-real-world IP 192.168.1.2.  When I try to connect to the VPN, I am unable to establish a connection.  The IPSec log looks like this:

2007:09:04-18:53:37 (none) pluto[9093]: packet from 66.253.***.***:500: received Vendor ID payload [RFC 3947]

2007:09:04-18:53:37 (none) pluto[9093]: packet from 66.253.***.***:500: ignoring Vendor ID payload [4df37928e9fc4fd1b3262170d515c662]

2007:09:04-18:53:37 (none) pluto[9093]: packet from 66.253.***.***:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02]

2007:09:04-18:53:37 (none) pluto[9093]: packet from 66.253.***.***:500: ignoring Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n]

2007:09:04-18:53:37 (none) pluto[9093]: "D_REF_fhfigmAdGI_1"[13] 66.253.***.*** #7: responding to Main Mode from unknown peer 66.253.***.***

2007:09:04-18:53:37 (none) pluto[9093]: "D_REF_fhfigmAdGI_1"[13] 66.253.***.*** #7: ignoring Vendor ID payload [KAME/racoon]

2007:09:04-18:53:37 (none) pluto[9093]: "D_REF_fhfigmAdGI_1"[13] 66.253.***.*** #7: NAT-Traversal: Result using RFC 3947: both are NATed

2007:09:04-18:53:38 (none) pluto[9093]: "D_REF_fhfigmAdGI_1"[13] 66.253.***.*** #7: Peer ID is ID_IPV4_ADDR: '192.168.10.239'

2007:09:04-18:53:38 (none) pluto[9093]: "D_REF_fhfigmAdGI_1"[14] 66.253.***.*** #7: deleting connection "D_REF_fhfigmAdGI_1" instance with peer 66.253.***.*** {isakmp=#0/ipsec=#0}

2007:09:04-18:53:38 (none) pluto[9093]: | NAT-T: new mapping 66.253.***.***:500/4500)

2007:09:04-18:53:38 (none) pluto[9093]: "D_REF_fhfigmAdGI_1"[14] 66.253.***.***:4500 #7: sent MR3, ISAKMP SA established

2007:09:04-18:53:39 (none) pluto[9093]: "D_REF_fhfigmAdGI_1"[14] 66.253.***.***:4500 #7: cannot respond to IPsec SA request because no connection is known for 64.119.***.***/32===192.168.1.2:4500:17/1701...66.253.***.***:4500[192.168.10.239]:17/%any==={192.168.10.239/32}

2007:09:04-18:53:39 (none) pluto[9093]: "D_REF_fhfigmAdGI_1"[14] 66.253.***.***:4500 #7: sending encrypted notification INVALID_ID_INFORMATION to 66.253.***.***:4500

2007:09:04-18:53:42 (none) pluto[9093]: "D_REF_fhfigmAdGI_1"[14] 66.253.***.***:4500 #7: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x4d5fe6aa (perhaps this is a duplicated packet)

2007:09:04-18:53:42 (none) pluto[9093]: "D_REF_fhfigmAdGI_1"[14] 66.253.***.***:4500 #7: sending encrypted notification INVALID_MESSAGE_ID to 66.253.***.***:4500

2007:09:04-18:53:45 (none) pluto[9093]: "D_REF_fhfigmAdGI_1"[14] 66.253.***.***:4500 #7: Quick Mode I1 message is unacceptable because it uses a previously used Message ID 0x4d5fe6aa (perhaps this is a duplicated packet)

2007:09:04-18:53:45 (none) pluto[9093]: "D_REF_fhfigmAdGI_1"[14] 66.253.***.***:4500 #7: sending encrypted notification INVALID_MESSAGE_ID to 66.253.***.***:4500

2007:09:04-18:53:47 (none) pluto[9093]: "D_REF_fhfigmAdGI_1"[14] 66.253.***.***:4500 #7: received Delete SA payload: deleting ISAKMP State #7

2007:09:04-18:53:47 (none) pluto[9093]: "D_REF_fhfigmAdGI_1"[14] 66.253.***.***:4500: deleting connection "D_REF_fhfigmAdGI_1" instance with peer 66.253.***.*** {isakmp=#0/ipsec=#0}

I am particularly curious about the line in bold.  Is the unit not responding to the connection request because it doesn't recognize the real-world IP (which is forwarded to it via NAT by the link-balancer), or is there something else that I'm overlooking?  

Thanks for your help.

This thread was automatically locked due to age.