How Do I Configure P-662Hw-D With Nat For Internal Servers; I Am Planning My P-662Hw-D Behind A Nat Router. What Do I Need To Know; How Can I Keep A Tunnel Alive - ZyXEL Communications P-662HW-D Series Support Notes

802.11g wireless adsl2+ 4-port security gateway

Hide thumbs Also See for P-662HW-D Series:

Quick start manual (7 pages)

User manual (496 pages)

Brochure (2 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

page of 143

/ 143
Contents
Table of Contents
Bookmarks

Table of Contents

VPN client/gateway behind

NAT

NAT in Transport mode

* The NAT router must support IPSec pass through. For example, for

P-662HW-D SUA/NAT routers, the default port and the client IP have to be

specified in Web Configurator, Network -> NAT ->SUA Server Setup.

11. How do I configure P-662HW-D with NAT for internal servers?

Generally, without IPSec, to configure an internal server for outside access, we

need to configure the server private IP and its service port in SUA/NAT Server

Table.

However, if both NAT and IPSec is enabled in P-662HW-D, the edit of the

table is necessary only if the connection is a non-secure connection. For

secure connections, none SUA server settings are required since private IP is

reachable in the VPN case.

12. I am planning my P-662HW-D behind a NAT router. What do I need to

know?

Suppose: host----P-662HW-D----NAT Router----Internet----Secure host

Some tips for the configuration:

(1) The NAT router must support to pass through IPSec protocol. Only ESP

tunnel mode is possible to work in NAT case. Default port (UDP Port 500) and

the P-662HW-D's WAN IP must be configured in NAT Router's SUA/NAT

Server Table.

(2) On the Secure host side, WAN IP of the NAT router is the tunneling

endpoint for this case, not the WAN IP of P-662HW-D.

For example:

On P-662HW-D: My IP Address= P-662HW-D's WAN IP

Secure Gateway IP Address= Secure host's IP

On Secure host: My IP Address= Secure host's IP

Secure Gateway IP Address= NAT Router's WAN IP

13. How can I keep a tunnel alive?

To keep a tunnel alive, you can check "keep alive" option when configuring

your VPN tunnel. With this option, whenever phase 2 SA lifetime is due, IKE

negotiation procedure will be invoked automatically even without traffic to

make the connection stay.

But to reduce the consumption of system resource, if VPN tunnels get

P-662HW-D Series Support Notes

ESP tunnel mode

None

Table of Contents

How Do I Configure P-662Hw-D With Nat For Internal Servers; I Am Planning My P-662Hw-D Behind A Nat Router. What Do I Need To Know; How Can I Keep A Tunnel Alive - ZyXEL Communications P-662HW-D Series Support Notes

11. How do I configure P-662HW-D with NAT for internal servers?

13. How can I keep a tunnel alive?

Related Manuals for ZyXEL Communications P-662HW-D Series

Related Content for ZyXEL Communications P-662HW-D Series

Table of Contents