ZyXEL Communications ZYWALL SSL 10 Support Notes page 62
Integrated ssl-vpn appliance
Hide thumbs
Also See for ZYWALL SSL 10:
- User manual (100 pages) ,
- Quick start manual (97 pages) ,
- Specifications (6 pages)
Table of Contents
Advertisement
1) UDP 500 (IKE) must be forwarded to ZyWALL to accept incoming VPN connection
from peer VPN gateway or client.
2) If Firewall is running on the same NAT router, make sure a firewall rule is configured to
allow IKE/IPSec (AH/ESP) traffic to pass-through.
Configuration on Local ZyWALL
WAN->WAN1 or WAN2
VPN->VPN Rule (IKE) on ZyWALL
3
VPN->VPN Rule (IKE) on ZyWALL
3) On ZyWALL, enable "NAT Traversal" no matter if the front NAT router supports NAT
Traversal (IPSec pass-through) or not. With this option enabled, ZyWALL can detect if
it is placed behind NAT when peer VPN entity also support NAT Traversal function. If
yes, the IPSec traffic will be encapsulated in UDP packet to avoid traversal problem on
NAT routers.
4) Under VPN->Gateway Policy-> Gateway Policy Information configure the private
IP address as "My Address" on local ZyWALL gateway (behind NAT router).
All contents copyright (c) 2006 ZyXEL Communications Corporation.
ZyWALL SSL 10 Support Notes
Configuration on Peer VPN gateway
4
VPN->VPN Rule (IKE) on ZyWALL
5
6
62
Advertisement
Table of Contents
