Well, I had an opportunity to make a connection between a NATed WRV200 and another WRV200 and yet another RV042. The nated WRV200 does have the NAT Traversal function disabled, but the NAT router it is connected through does support IPSec passthrough and it does redirect ports 500 and 4500 to the NATed WRV200. The good side of this set is it possible to construct a VPN tunnel from both the NATed router and the remote one. And the remote WRV200 is able to accept multiple tunnels from other NATed the same way WRV200. But, here is a different situation. I have a WRV200 on a ADSL line with dynamic public IP. And, there are two other NATed WRV200 routers. Unluckily the NAT router they are hidden behind does not have the IPSec passthrough function, and does not have the ports 500 and 4500 redirected. As the result I can not construct a VPN tunnel without turning the NAT Traversal on in the WRV200 connected through ADSL. It is possible to turn the NAT Traversal function in just one tunnel, only. So, I can not construct two tunnels with NATed WRV200 routers in the same time. Another downside is, the NAT traversal function does accept the tunnels with the security group set as the whole local LAN range. So, it is not possible to construct a tunnel for just a subset of the local LAN IP range. In other words, I found impossible to: - construct two tunnels from NATed WRV200 devices to one WRV200 with NAT traversal function turned on. - construct a tunnel with a security group set to be just a subset of the LAN IP range of a WRV200 with the NAT traversal function turned on.