ZyXEL Communications USG40 User Manual page 374

• Destination - the original destination address; the local network (A).
• SNAT - the translated source address; a different IP address (range of addresses) to hide the
original source address.
Destination Address in Inbound Packets (Inbound Traffic, Destination NAT)
You can set up this translation if you want the ZyWALL/USG to forward some packets from the
remote network to a specific computer in the local network. For example, in
373, you can configure this kind of translation if you want to forward mail from the remote network
to the mail server in the local network (A).
You have to specify one or more rules when you set up this kind of NAT. The ZyWALL/USG checks
these rules similar to the way it checks rules for a security policy. The first part of these rules define
the conditions in which the rule apply.
• Original IP - the original destination address; the remote network (B).
• Protocol - the protocol [TCP, UDP, or both] used by the service requesting the connection.
• Original Port - the original destination port or range of destination ports; in
373, it might be port 25 for SMTP.
The second part of these rules controls the translation when the condition is satisfied.
• Mapped IP - the translated destination address; in
mail server in the local network (A).
• Mapped Port - the translated destination port or range of destination ports.
The original port range and the mapped port range must be the same size.
IPSec VPN Example Scenario
Here is an examplea site-to-site IPSec VPN scenario.
Figure 244 IPSec VPN Example
LAN
192.168.1.0/24
Chapter 19 IPSec VPN
1.2.3.4
ZyWALL/USG Series User's Guide
374
Figure 243 on page 373, the IP address of the
2.2.2.2
172.16.1.0/24
Figure 243 on page
Figure 243 on page
LAN