ZyXEL Communications ZYWALL USG 20 Manual page 424

Chapter 23 IPSec VPN
NAT for Inbound and Outbound Traffic
The ZyWALL can translate the following types of network addresses in IPSec SA.
• Source address in outbound packets - this translation is necessary if you want
the ZyWALL to route packets from computers outside the local network through
the IPSec SA.
• Source address in inbound packets - this translation hides the source address of
computers in the remote network.
• Destination address in inbound packets - this translation is used if you want to
forward packets (for example, mail) from the remote network to a specific
computer (like the mail server) in the local network.
Each kind of translation is explained below. The following example is used to help
explain each one.
Figure 250 VPN Example: NAT for Inbound and Outbound Traffic
Source Address in Outbound Packets (Outbound Traffic, Source NAT)
This translation lets the ZyWALL route packets from computers that are not part of
the specified local network (local policy) through the IPSec SA. For example, in
Figure 250 on page
computer M to establish a connection with any computer in the remote network
(B). If you do not configure it, the remote IPSec router may not route messages
for computer M through the IPSec SA because computer M's IP address is not part
of its local policy.
To set up this NAT, you have to specify the following information:
• Source - the original source address; most likely, computer M's network.
424
424, you have to configure this kind of translation if you want
ZyWALL USG 20/20W User's Guide