TMS zl Management and Configuration Guide ST.1.1.100226
5-43
Network Address Translation
NAT Examples
Figure 5-26. Using an Exclude NAT Policy
In this example, the IPsec policy traffic selector for a site-to-site VPN specifies
traffic between VLAN 20 and a remote network (192.168.4.0/22). An existing
NAT policy selects all internal traffic that is destined to the External zone and
translates the source address to the TMS zl Module’s external address
(172.19.44.44). Because the remote network is reached through the External
zone, the two policies overlap.
The steps below explain only how to configure a NAT policy to exclude the
VPN traffic from translation. For more information on setting up the VPN and
necessary firewall policies, see Chapter 7: “Virtual Private Networks.”
To configure the NAT exclusion policy for this example, follow these steps:
1. Create a single-entry network address object called VLAN20 that con-
tains 10.20.0.0/16. (See “Named Objects and Their Uses” in Chapter 4:
“Firewall“ for instructions.)
2. Create another single-entry network address object called RemoteClients
that contains 192.168.4.0/22.