How to setup Site to Site IPSEC VPN When Both Sites is Behind NAT

If you haven't figured it out yet, I would guess that SSL VPN is your best bet here.  Do you have the ability add port forwarding rules to the gateway routers?  If not, you may need to get creative.

Yes, i allready have SSL Site to Site VPN working.

The probleem i have with the SSL Site to Site VPN is that DNS is leaking. See this post: community.sophos.com/.../ssl-vpn-dns-leak

That is why i want to setup IPSEC to tunnel ip and dns request from site B.

Any Idea

I haven't tried this but you might be able to use a Dynamic DNS name on one of your locations and configure the main router in this location to have the UTM be a DMZ device (or at lease make sure all traffic is sent to the UTM).

You would still need to make manual adjustments since most likely your UTM will not be default "find" the real public WAN address.

It would be better if you could bridge one of the modems on one of the current locations so you don't have double-NAT on both locations.

Also you might be able to use UTM to UTM RED connection..... you will then also have to manually configure routing between A and B, but it might be easier to configure in your situation with double NAT on both sides.

Anyway you will want to configure at lease one main router to port forward to the UTM otherwise no traffic will ever reach the UTM.

Also you might be able to use UTM to UTM RED connection..... you will then also have to manually configure routing between A and B, but it might be easier to configure in your situation with double NAT on both sides.

Anyway you will want to configure at lease one main router to port forward to the UTM otherwise no traffic will ever reach the UTM.