Peplink to Cisco VPN Crypto Maps

A recent project came across my desk that involves replacement of a Cisco ASA 5505 with a Peplink Balance 20. I am interested in taking on this project, but have many curiosities related to VPN connectivity and implementing a Cisco-like router configuration on the Balance 20.

Of particular interest, the existing ASA has a site-to-site VPN that uses multiple ACLs and a Crypto Map configuration for connecting to multiple back-end networks (6 to be exact). Cisco ESP-AES-256-SHA tunnel with PSK, AES-256, and SHA1 is a no-brainer, but configuring the Crypto Mapping to the 6 back-end networks has me puzzled. In addition, the existing ASA router has “EXEMPT” firewall NAT rules that address the same 6 back-end networks.

Traditionally, I would place six back-end networks in the Remote Networks entry of the IPsec VPN profile and call it a day. For some reason that hasn’t worked. I made numerous attempts at creating “EXEMPT” NAT rules but still coming up empty.

Can anyone explain:

  1. Is there a Peplink equivalent to Cisco Crypto Map entries and where to make them?

  2. Is there ESP built in to VPN profiles on Peplink?

Thanks for any feedback!