CiscoSecure ACS RADIUS replication failed

[pop_alex]

Hi there,
Can anyone help me to figure this out - how to make database
replication works across two firewall? Our company have one
Check Point firewall cluster, installed with RainWall and the other is just a
stand alone firewall. I had three radius servers which installed with
CiscoSecure ACS V3.2. Two radius servers
are behind the clustered firewall, while another radius server
located behind standalone Check Point firewall in other network.

The radius-1 initiates the replication process to both radius-2 and
radius3 by sending an encrypted data to both of them on port 2002 as
mentioned by Cisco. Three radius servers are using pre-shared secret
key for database replication between it. When the replication process
initiates by the primary radius server to third servers, the
replication data are somehow being 'modified'when it passed through
both firewall before it reached the 3rd server. The third radius
servers reported the replication being denied because shared secret
keys is wrong. The primary radius server reported that the receiving
servers (radius3) rejected the replication. But both radius-1 and radius-2 servers are
succesfully replicate since both of it is in the same subnet or
network. I'm not sure whether the clustered firewall has got to do
with this problem, and I could not identify which part of firewall
'modified' the replication packet, either Check Point Firewall or the
RainWall.

Thank you in advance for those whose help me.

Regards,
Al