Filter
Top Products
Chapter 20 IPSec VPN
ZyWALL 110/310/1100 Series User’s Guide
313
Figure 192 VPN Example: NAT for Inbound and Outbound Traffic
Source Address in Outbound Packets (Outbound Traffic, Source NAT)
This translation lets the ZyWALL route packets from computers that are not part of the specified
local network (local policy) through the IPSec SA. For example, in Figure 192 on page 313, you
have to configure this kind of translation if you want computer M to establish a connection with any
computer in the remote network (B). If you do not configure it, the remote IPSec router may not
route messages for computer M through the IPSec SA because computer M’s IP address is not part
of its local policy.
To set up this NAT, you have to specify the following information:
• Source - the original source address; most likely, computer M’s network.
• Destination - the original destination address; the remote network (B).
• SNAT - the translated source address; the local network (A).
Source Address in Inbound Packets (Inbound Traffic, Source NAT)
You can set up this translation if you want to change the source address of computers in the remote
network. To set up this NAT, you have to specify the following information:
• Source - the original source address; the remote network (B).
• Destination - the original destination address; the local network (A).
• SNAT - the translated source address; a different IP address (range of addresses) to hide the
original source address.
Destination Address in Inbound Packets (Inbound Traffic, Destination NAT)
You can set up this translation if you want the ZyWALL to forward some packets from the remote
network to a specific computer in the local network. For example, in Figure 192 on page 313, you
can configure this kind of translation if you want to forward mail from the remote network to the
mail server in the local network (A).