ZyXEL Communications 2WG User Manual

ZyWALL 2WG Support Notes

All contents copyright (c) 2006 ZyXEL Communications Corporation.

252

F21. Will ZyXEL support Secure Remote Management?

Yes, we will support it and we are working on it currently.

F22. Does ZyWALL VPN support NetBIOS broadcast?

Yes, the ZyWALL does support NetBIOS broadcast over VPN.

F23. Is the host behind NAT allowed to use IPSec?

NAT Condition

Supported IPSec Protocol

VPN Gateway embedded NAT

AH tunnel mode, ESP tunnel mode

VPN client/gateway behind NAT

*

ESP tunnel mode

NAT in Transport mode

None

* The NAT router must support IPSec pass through. For example, for ZyWALL NAT routers, IPSec pass

through is supported since ZyNOS 3.21. The default port and the client IP have to be specified in NAT

menu Server Setup.

F24. How do I configure ZyWALL with NAT for internal servers?

Generally, without IPSec, to configure an internal server for outside access, we need to configure the

server private IP and its service port in NAT Server Table.

However, if both NAT and IPSec is enabled in ZyWALL, the edit of the table is necessary only if the

connection is a non-secure connections. For secure connections, none NAT server settings are required

since private IP is reachable in the VPN case.

For example:

host----ZyWALL(NAT)----ADSL Modem----Internet----Secure host

\

\

Non-secure host

F25. I am planning my ZyWALL behind a NAT router. What do I need to know?

Some tips for this:

The NAT router must support to pass through IPSec protocol. Only ESP tunnel mode is possible to work

in NAT case. In the NAT router is ZyWALL NAT router supporting IPSec pass through, default port and

the ZyWALL WAN IP must be configured in NAT Server Table.

WAN IP of the NAT router is the tunneling endpoint for this case, not the WAN IP of ZyWALL.