Nat Application; Port Restricted Cone Nat; Figure 200 Nat Application With Ip Alias - ZyXEL Communications ZYWALL 2 PLUS User Manual

17.1.4 NAT Application

The following figure illustrates a possible NAT application, where three inside LANs (logical
LANs using IP alias) behind the ZyWALL can communicate with three distinct WAN
networks. More examples follow at the end of this chapter.

Figure 200 NAT Application With IP Alias

17.1.5 Port Restricted Cone NAT

ZyWALL ZyNOS version 4.00 and later uses port restricted cone NAT. Port restricted cone
NAT maps all outgoing packets from an internal IP address and port to a single IP address and
port on the external network. In the following example, the ZyWALL maps the source address
of all packets sent from internal IP address 1 and port A to IP address 2 and port B on the
external network. A host on the external network (IP address 3 and Port C for example) can
only send packets to the internal host if the internal host has already sent a packet to the
external host's IP address and port.
A server with IP address 1 and port A sends packets to IP address 3, port C and IP address 4,
port D. The ZyWALL changes the server's IP address to 2 and port to B.
Since 1, A has already sent packets to 3, C and 4, D, they can send packets back to 2, B and the
ZyWALL will perform NAT on them and send them to the server at IP address 1, port A.
Packets have not been sent from 1, A to 4, E or 5, so they cannot send packets to 1, A.
ZyWALL 2 Plus User's Guide
Chapter 17 Network Address Translation (NAT)
311