Chapter 20 IPSec VPN
ZyWALL ATP Series User’s Guide
414
• Source - the original source address; the remote network (B).
• Destination - the original destination address; the local network (A).
• SNAT - the translated source address; a different IP address (range of addresses) to hide the original
source address.
Destination Address in Inbound Packets (Inbound Traffic, Destination NAT)
You can set up this translation if you want the Zyxel Device to forward some packets from the remote
network to a specific computer in the local network. For example, in Figure 283 on page 413, you can
configure this kind of translation if you want to forward mail from the remote network to the mail server in
the local network (A).
You have to specify one or more rules when you set up this kind of NAT. The Zyxel Device checks these
rules similar to the way it checks rules for a security policy. The first part of these rules define the
conditions in which the rule apply.
• Original IP - the original destination address; the remote network (B).
• Protocol - the protocol [TCP, UDP, or both] used by the service requesting the connection.
• Original Port - the original destination port or range of destination ports; in Figure 283 on page 413, it
might be port 25 for SMTP.
The second part of these rules controls the translation when the condition is satisfied.
• Mapped IP - the translated destination address; in Figure 283 on page 413, the IP address of the mail
server in the local network (A).
• Mapped Port - the translated destination port or range of destination ports.
The original port range and the mapped port range must be the same size.
IPSec VPN Example Scenario
Here is an example site-to-site IPSec VPN scenario.
Figure 284 Site-to-site IPSec VPN Example
To Next Page
Loading...
