Good to know that! ;-)
Would you mind sharing with me the final topology? It would be interesting for me to find out if this is what I have in my mind.
Unlike Cisco IOS/ASA, you don't need to create ACLs manually to allow VPN traffic. Just setting up the tunnel will automatically allow and NAT exempt such traffic.
Regarding the disappeared NAT-T setting, that is indeed weird. Not sure if the reboot ...
That setup is supposed to work, so you might want to try again. Otherwise you can also back up the config file and open a support case to check where the problem is.