Is NAT/BINAT for psec thoroughly tested?
I need to ask this as 2.1 is pretty fresh and the NAT/BINAT option is new. There is always a risk that a new function doesn't work 100%.
So, can I be sure that IPsec with NAT works if the configuration is correct?
I have helped customers configure it since the feature first hit the tree and it's worked well. There isn't much to go wrong especially with binat. many:1 NAT works but only with connection going in the outbound direction. binat works fine with connections in or out.