ZyXEL Communications ZyWall USG 50-H Series User Manual page 263

Figure 195 NAT 1:1 Example Virtual Server
LAN1
192.168.1.21
The wan2 interface has a different IP address than 1.1.1.1, so in order for the ZyWALL
gateway to be able to do ARP resolution correctly, you need to create a wan2 virtual server
entry. In the Network > Virtual Server screen, click the + symbol and create a new virtual
server entry as shown next. This entry maps TCP port 25 (SMTP) traffic coming to IP address
1.1.1.1 on wan2 to the IP address of the SMTP server (192.168.1.21 defined in the
LAN_SMTP object). In this example the SMTP server also uses port 25, so the Mapped Port
is set to 25. The following sections describe how to manually configure corresponding policy
routes for NAT 1:1 mapping and loopback so the options to have the ZyWALL automatically
create them are not selected here.
Figure 196 Create a Virtual Server
NAT 1:1 Policy Route
This section sets up a policy route for the traffic coming from the LAN1 SMTP server to the
ZyWALL's lan1 interface. It changes the source address from 192.168.1.21 to 1.1.1.1. This is
also called Source NAT (SNAT). It sends the traffic out through the wan2 interface.
ZyWALL USG 50-H User's Guide
Destination 192.168.1.21
NAT
SMTP
Chapter 14 Virtual Servers
Destination 1.1.1.1
SMTP
263