When an IPSEC NAT tunnel is created I believe the UDP500 tunnel establishes first then after the UDP4500 tunnel to send the headers, initially. You can configure the MT to use a different IPSEC port in IPSEC Peers. Is it possible to configure the MT to send the IPSEC NAT info on a port other than UDP4500? Can a dst-nat rule be applied to the outgoing UDP4500 tunnel to change the destination UDP port number?
Thanks..