Some tips for this application:
Generally, without IPSec, to configure an internal server for outside access, we need to configure the server private IP and its service port in SUA/NAT Server Table. The NAT router then will forward the incoming connections to the internal server according to the service port and private IP entered in SUA/NAT Server Table.
However, if both NAT and IPSec is enabled in P334w, the edit of the table is necessary only if the connection is a non-secure connections. For secure connections, none SUA server settings are required since private IP is reachable in the VPN case. Remember, IPSec is an IP-in-IP encapsulation, the internal IP header is not translated by NAT.
For example:
Internal Server----P334w(NAT+IPSec)-----ADSL Modem----Internet----Remote Network