You won't be able to forward ESP. I suppose you could try a 1:1 NAT and set the forward rule to ANY... But I haven't tried this so I don't know if it would work, and you're effectively opening the whole box to the Internet, which isn't a great idea really. Bascially you're going to have ensure you have NAT-T enabled on your VPN links. You won't be able to do this without NAT-T.
... View more
