Hi Sorin,

Ya, I wouldn’t run the EdgeOS behind another NAT firewall/router, its really meant to be on the edge. It has its own firewall, dhcp, NATing, etc… and it works really well. Its possible to do it that way, but I wouldn’t, just complicates it for you.

Although I have setup PPTP type port forwarding/NAT’d to my inside Windows Server for easy client VPN access from outside, but the IPSEC AWS tunnel terminates on the edge with the EdgeRouter.

Most of my troubleshooting with VPN issues has been using the EdgeOS and a host inside my VPC and local LAN, watching routes, ping responses, and security groups. Once the tunnel is configure properly its rock solid, I’ve had zero issues since I wrote this article.