ZyXEL Communications ZYWALL SSL 10 Support Notes page 61
Integrated ssl-vpn appliance
Hide thumbs
Also See for ZYWALL SSL 10:
- User manual (100 pages) ,
- Quick start manual (97 pages) ,
- Specifications (6 pages)
Table of Contents
Advertisement
ZyWALL SSL 10 Support Notes
Gateway).
NAT routers sit on the border between private and public (Internet) networks, converting
private addresses in each IP packet into legally registered public ones. NAT is commonly
supported by Internet access routers that sit at the network edge. However, IPSec is
NAT-sensitive protocol which means modification on IPSec traffic may cause failure of
VPN connection.
By far the easiest way to combine IPSec and NAT is to completely avoid these problems by
locating IPSec endpoints in public address space. This can be accomplished in two ways:
1) Perform NAT on a device located behind IPSec gateway
2) Use an IPSec gateway for both IPSec (VPN) and NAT (Internet Access).
However, in some situation, it is inevitable to locate IPSec gateway in public IP address and
it must be placed behind the NAT router. For example, the NAT router has a different
interface (e.g. leased line, ISDN) which are not supported by IPSec gateway. This example
gives some guideline for configuring ZyWALL behind NAT router.
61
All contents copyright (c) 2006 ZyXEL Communications Corporation.
Advertisement
Table of Contents
