Figure 197 Vpn Example: Nat For Inbound And Outbound Traffic - ZyXEL Communications Unified Security Gateway ZyWALL 300 User Manual

• Source address in outbound packets - this translation is necessary if you want the
ZyWALL to route packets from computers outside the local network through the IPSec
SA.
• Source address in inbound packets - this translation hides the source address of computers
in the remote network.
• Destination address in inbound packets - this translation is used if you want to forward
packets (for example, mail) from the remote network to a specific computer (like the mail
server) in the local network.
Each kind of translation is explained below. The following example is used to help explain
each one.

Figure 197 VPN Example: NAT for Inbound and Outbound Traffic

20.1.2.2.1 Source Address in Outbound Packets (Outbound Traffic, Source NAT)
This translation lets the ZyWALL route packets from computers that are not part of the
specified local network (local policy) through the IPSec SA. For example, in
page 295, you have to configure this kind of translation if you want computer M to establish a
connection with any computer in the remote network (B). If you do not configure it, the
remote IPSec router may not route messages for computer M through the IPSec SA because
computer M's IP address is not part of its local policy.
To set up this NAT, you have to specify the following information:
• Source - the original source address; most likely, computer M's network.
• Destination - the original destination address; the remote network (B).
• SNAT - the translated source address; the local network (A).
20.1.2.2.2 Source Address in Inbound Packets (Inbound Traffic, Source NAT)
You can set up this translation if you want to change the source address of computers in the
remote network. To set up this NAT, you have to specify the following information:
• Source - the original source address; the remote network (B).
ZyWALL USG 300 User's Guide
Chapter 20 IPSec VPN
Figure 197 on
295