ZyXEL Communications 200 Series User Manual

Chapter 20 IPSec VPN

ZyWALL USG 100/200 Series User’s Guide

359

Related Settings

Add this VPN
connection to
IPSec_VPN zone.

Select this check box to add the VPN connection policy to the IPSec_VPN
security zone. Any security rules or settings configured for the IPSec_VPN
security zone will also apply to this VPN connection policy.

More Settings/Less
Settings

Click this button to show or hide the Inbound/Outbound traffic NAT fields.

Inbound/Outbound
traffic NAT

Outbound Traffic

Source NAT

This translation hides the source address of computers in the local network. It
may also be necessary if you want the ZyWALL to route packets from
computers outside the local network through the IPSec SA.

Source

Select the address object that represents the original source address (or select
Create Object to configure a new one). This is the address object for the
computer or network outside the local network. The size of the original source
address range (Source) must be equal to the size of the translated source
address range (SNAT).

Destination

Select the address object that represents the original destination address (or
select Create Object to configure a new one). This is the address object for the
remote network.

SNAT

Select the address object that represents the translated source address (or
select Create Object to configure a new one). This is the address object for the
local network. The size of the original source address range (Source) must be
equal to the size of the translated source address range (SNAT).

Inbound Traffic

Source NAT

This translation hides the source address of computers in the remote network.

Source

Select the address object that represents the original source address (or select
Create Object to configure a new one). This is the address object for the
remote network. The size of the original source address range (Source) must
be equal to the size of the translated source address range (SNAT).

Destination

Select the address object that represents the original destination address (or
select Create Object to configure a new one). This is the address object for the
local network.

SNAT

Select the address object that represents the translated source address (or
select Create Object to configure a new one). This is the address that hides the
original source address. The size of the original source address range (Source)
must be equal to the size of the translated source address range (SNAT).

Destination NAT

This translation forwards packets (for example, mail) from the remote network
to a specific computer (for example, the mail server) in the local network.

#

This field is a sequential value, and it is not associated with a specific NAT
record. However, the order of records is the sequence in which conditions are
checked and executed.

Original IP

Select the address object that represents the original destination address. This
is the address object for the remote network.

Mapped IP

Select the address object that represents the desired destination address. For
example, this is the address object for the mail server.

Protocol

Select the protocol required to use this translation. Choices are: TCP, UDP, or
All.

Table 116 VPN > IPSec VPN > VPN Connection > Edit (continued)

LABEL

DESCRIPTION