For non IPsec experts documentation is not clear regarding :
- NAT-Traversal in “IPsec VPN” settings (page 69)
- IPsec NAT-T in “Service Passthrough” (page 141)
Regarding the first one you write page 69: The NAT-Traversal option should be enabled if your system is behind a NAT router. I think you mean “remote peer system” ? Do you suppose (regarding the location of this setting) that peplink will be one of the peer ? Could you clarify ?
Regarding the other option page 141, you write:
- This field is for enabling the support of IPsec NAT-T Passthrough. UDP ports 500, 4500 and 10000 are monitored by default.
- You may add more custom data ports that your IPsec system uses by checking the box Define custom ports. If the VPN contains IPsec Site-to-Site VPN traffic, you have to check the box Route IPsec Site-to-Site VPN and choose the WAN connection to route the traffic to.
- If you have IPsec Site-to-Site VPN traffic routed, check the Route IPsec Site-to-Site VPN option and select a WAN to force routing such traffic to the specified WAN.
Should this box be checked when you set a simple “IPsec VPN” in the peplink (Balance 20 or 30), the other peer being external ? Is Site-to-Site only define peplink “Site-to-Site VPN” or all kind of site-to-site IPsec traffic ?