Accessing vision client through NAT when backup server present

Is it possible to access a vision client behind NAT?

USER => firewall (10.0.6.26/24) => primary server (10.7.1.200/24)
Where port 8088 and 8043 are forwarded (DNAT) from 10.0.6.26 to 10.7.1.200:8088/8043

My gut says yes. What about when a backup server is involved?
Same architecture as above, but add 10.7.1.201 as the backup server.
Now, there is no direct way for the USER to access 10.7.1.201, as the NAT rules are port specific and cannot be mapped to more than one host on the LAN (10.7.1.0/24) side.

The symptom is that the client launcher will see the gateway and can add the applications to the list, but when you go to launch it, it connects for a split second (verified with tcpdump on primary) and then bails out.

What can be done about this? I don’t need the USER to have access to the backup in order to run off the primary. The user is just read only for occasional monitoring purposes.

Did you ever find a solution for this?

I don't think there's a solution. A client to a redundant pair needs to be able to reach both gateways.

Thank you, Phil! We’ll explore a more direct connection.

Just saw this pop up on my email. I haven't specifically revisited this issue, but an appropriate solution would be to get rid of NAT and properly route the traffic.
Even if the routes have to be manually configured on the client (due to no control of gateway), it's still worth it and will work out of the box.