User's Manual

Chapter 20 IPSec VPN

ZyWALL USG 100/200 Series User’s Guide

382

Figure 266 VPN Example: NAT for Inbound and Outbound Traffic

Source Address in Outbound Packets (Outbound Traffic, Source NAT)

This translation lets the ZyWALL route packets from computers that are not part of the

specified local network (local policy) through the IPSec SA. For example, in Figure 266 on

page 382, you have to configure this kind of translation if you want computer M to establish a

connection with any computer in the remote network (B). If you do not configure it, the

remote IPSec router may not route messages for computer M through the IPSec SA because

computer M’s IP address is not part of its local policy.

To set up this NAT, you have to specify the following information:

• Source - the original source address; most likely, computer M’s network.

• Destination - the original destination address; the remote network (B).

• SNAT - the translated source address; the local network (A).

Source Address in Inbound Packets (Inbound Traffic, Source NAT)

You can set up this translation if you want to change the source address of computers in the

remote network. To set up this NAT, you have to specify the following information:

• Source - the original source address; the remote network (B).

• Destination - the original destination address; the local network (A).

• SNAT - the translated source address; a different IP address (range of addresses) to hide

the original source address.

Destination Address in Inbound Packets (Inbound Traffic, Destination NAT)

You can set up this translation if you want the ZyWALL to forward some packets from the

remote network to a specific computer in the local network. For example, in Figure 266 on

page 382, you can configure this kind of translation if you want to forward mail from the

remote network to the mail server in the local network (A).