ZyXEL Communications 2WG User Manual
Page 47
ZyWALL 2WG Support Notes
All contents copyright (c) 2006 ZyXEL Communications Corporation.
47
placed behind the NAT router. For example, the NAT router has a different interface (e.g. leased line,
ISDN) which are not supported by IPSec gateway. This example gives some guideline for configuring
ZyWALL behind NAT router.
1) UDP 500 (IKE) must be forwarded to ZyWALL to accept incoming VPN connection from peer VPN
gateway or client.
2) If Firewall is running on the same NAT router, make sure a firewall rule is configured to allow
IKE/IPSec (AH/ESP) traffic to pass-through.
VPN->VPN Rule (IKE) on ZyWALL
VPN->VPN Rule (IKE) on ZyWALL
Configuration on Peer VPN gateway
Configuration on Local ZyWALL
VPN->VPN Rule (IKE) on ZyWALL
WAN->WAN1 or WAN2
3
4
5
6
3) On ZyWALL, enable “NAT Traversal” no matter if the front NAT router supports NAT Traversal
(IPSec pass-through) or not. With this option enabled, ZyWALL can detect if it is placed behind NAT