Yes, you cannot do replication between two ACS servers that are using NATted IP addresses. The secret key plus the AAA server IP address is the authentcation function, so if the AAA server IP is different, the authentication will fail. Using NAT for replication is not yet supported and will not work.