Our firewall has multiple site-to-site VPN's as well as it supports Remote Access VPN (using an ASA). A number of RA users who are coming behind a PAT'd address are unable to VPN in, after doing some research I am seeing that a line needs to be added on both firewalls, ie:
isakmp nat-traversal 20
I fear though that this will "hurt" the site-to-site VPN based on this document:
section : Enabling IPsec over NAT-T
Is there any problem enabling this command on the firewall without harming any of the site-to-site VPN's or even RA VPN's?