I am using VPN Concentrator 3030, with image 4.1.7.D. I configured remote access & LAN-to-LAN VPN on this concentrator. Now because of my remote access users have a problem to access VPN through NAT/PAT, I enable a NAT-T. (In Configuration | Tunneling and Security | IPSec | NAT Transparency). I open a UDP port 4500 on my firewall because My concentrator is behind the Firewall. Now my all the Remote access clients are working fine through NAT-T.
Also I have a some running LAN-to-LAN van connection, which is terminating on different peer devices (Router, Concentrator).. Now I didn't enable a NAT-T on any of the LAN-to-LAN Connection. But still my LAN-to-LAN connection is first trying to check the NAT devices. Why my LAN-to-LAN connection is first checking for NAT-T even I didn't enable NAT-T on LAN-to-LAN connection? Now beacuse of NAT-T, my LAN-to-LAN Connection is not able to established because NAT-T detect local device is behind the NAT. How can I resolve this problum? After disabling NAT-T my LAn-to-LAn VPN is working fine.
On the 3030 go to Configuration | Tunneling and Security | IPSec LAN-to-LAN | Add or Modify Screen and insure that the NAT-T option is not checked for all your lan-to-lan connections.
Let me know what you find.