Chapter 30 IPSec VPN
ZyWALL USG Series User’s Guide
639
NAT for Inbound and Outbound Traffic
The Zyxel Device can translate the following types of network addresses in IPSec SA.
• Source address in outbound packets - this translation is necessary if you want the Zyxel Device to
route packets from computers outside the local network through the IPSec SA.
• Source address in inbound packets - this translation hides the source address of computers in the
remote network.
• Destination address in inbound packets - this translation is used if you want to forward packets (for
example, mail) from the remote network to a specific computer (like the mail server) in the local
network.
Each kind of translation is explained below. The following example is used to help explain each one.
Figure 443 VPN Example: NAT for Inbound and Outbound Traffic
Source Address in Outbound Packets (Outbound Traffic, Source NAT)
This translation lets the Zyxel Device route packets from computers that are not part of the specified
local network (local policy) through the IPSec SA. For example, in Figure 443 on page 639, you have to
configure this kind of translation if you want computer M to establish a connection with any computer in
the remote network (B). If you do not configure it, the remote IPSec router may not route messages for
computer M through the IPSec SA because computer M’s IP address is not part of its local policy.
To set up this NAT, you have to specify the following information:
• Source - the original source address; most likely, computer M’s network.
• Destination - the original destination address; the remote network (B).
• SNAT - the translated source address; the local network (A).
Source Address in Inbound Packets (Inbound Traffic, Source NAT)
You can set up this translation if you want to change the source address of computers in the remote
network. To set up this NAT, you have to specify the following information:
To Next Page
Loading...
