Filter
Top Products
Chapter 20 IPSec VPN
ZyWALL 110/310/1100 Series User’s Guide
314
You have to specify one or more rules when you set up this kind of NAT. The ZyWALL checks these
rules similar to the way it checks rules for a firewall. The first part of these rules define the
conditions in which the rule apply.
• Original IP - the original destination address; the remote network (B).
• Protocol - the protocol [TCP, UDP, or both] used by the service requesting the connection.
• Original Port - the original destination port or range of destination ports; in Figure 192 on page
313, it might be port 25 for SMTP.
The second part of these rules controls the translation when the condition is satisfied.
• Mapped IP - the translated destination address; in Figure 192 on page 313, the IP address of the
mail server in the local network (A).
• Mapped Port - the translated destination port or range of destination ports.
The original port range and the mapped port range must be the same size.
IPSec VPN Example
Here is an example of configuring a site-to-site IPSec VPN.
Figure 193 IPSec VPN Example
ZyWALL X uses 1.2.3.4 as its public address, and remote IPSec router Y uses 2.2.2.2. Create the
VPN tunnel between the ZyWALL’s LAN subnet (192.168.1.0/24) and the LAN subnet behind the
peer IPSec router (172.16.1.0/24).
Set Up the VPN Gateway that Manages the IKE SA
In Configuration > VPN > IPSec VPN > VPN Gateway > Add, enable the VPN gateway and
name it (VPN_GW_EXAMPLE here). Set My Address to Interface and select a WAN interface. Set
Peer Gateway Address to Static Address and enter the remote IPSec router’s public IP address
(2.2.2.2 here) as the Primary. Set Authentication to Pre-Shared Key and enter 12345678. Click
OK.
192.168.1.0/24
172.16.1.0/24
1.2.3.4
2.2.2.2
LAN
LAN