The firewall esp nat enable command enables the ESP NAT function.
The undo firewall esp nat enable command disables the ESP NAT function.
In a scenario where the FW serves as a NAT device in the middle of an IPSec tunnel, if the devices at the two ends of the tunnel do not support the NAT traversal function, you must configure the ESP NAT function on the FW so that ESP packets can properly pass.
By default, the ESP NAT function is disabled.
In the ESP NAT configuration, ensure that devices at both ends of the IPSec tunnel have the NAT traversal function disabled.