Force IPSec traffic over SFC?

Hi all - I’ve got SFC running on a B One and successfully route certain traffic over the SFC vpn using the “Route by Cloud Application”. But I’ve also seen outgoing non-peplink IPSec traffic that I want to route over SFC. I’ve added outbound policies for UDP 500/4500 but they don’t route traffic over SFC as expected. Wondering if that’s by design or if anyone has advice?

Thanks

Assuming you did all the rest of the config right, did you disable NAT traversal ? It is under advanced/service passthrough

image

That was it. Thank you.