ZyXEL Communications 2 Plus User Manual
Chapter 14 IPSec VPN
ZyWALL 2 Plus User’s Guide
271
avoid overlapping local and remote network IP addresses. See
how the ZyWALL handles overlapping local and remote network IP addresses.
14.6.2 Virtual Address Mapping
Virtual address mapping (NAT over IPSec) changes the source IP addresses of packets from
your local devices to virtual IP addresses before sending them through the VPN tunnel.
your local devices to virtual IP addresses before sending them through the VPN tunnel.
14.6.2.1 Avoiding Overlapping Local And Remote Network IP Addresses
If both IPSec routers support virtual address mapping, you can access devices on both
networks, even if their IP addresses overlap. You map the ZyWALL’s local network addresses
to virtual IP addresses and map the remote IPSec router’s local IP addresses to other (non-
overlapping) virtual IP addresses.
The following diagram shows an example of using virutal address mapping to avoid
overlapping local and remote IP addresses. You can set up virtual address mapping on both
IPSec routers to allow computers on network X to access network X and network Y computers
with the same IP address.
networks, even if their IP addresses overlap. You map the ZyWALL’s local network addresses
to virtual IP addresses and map the remote IPSec router’s local IP addresses to other (non-
overlapping) virtual IP addresses.
The following diagram shows an example of using virutal address mapping to avoid
overlapping local and remote IP addresses. You can set up virtual address mapping on both
IPSec routers to allow computers on network X to access network X and network Y computers
with the same IP address.
• You set ZyWALL A to change the source IP addresses of packets from local network X
(192.168.1.2 to 192.168.1.4) to virtual IP addresses 10.0.0.2 to 10.0.0.4 before sending
them through the VPN tunnel.
them through the VPN tunnel.
• You set ZyWALL B to change the source IP addresses of packets from the remote
network Y (192.168.1.2 to 192.168.1.27) to virtual IP addresses 172.21.2.2 to 172.21.2.27
before sending them through the VPN tunnel.
before sending them through the VPN tunnel.
• On ZyWALL A, you specify 172.21.2.2 to 172.21.2.27 as the remote network. On
ZyWALL B, you specify 10.0.0.2 to 10.0.0.4 as the remote network.
Figure 179 Virtual Mapping of Local and Remote Network IP Addresses
Computers on network X use IP addresses 192.168.1.2 to 192.168.1.4 to access local network
devices and IP addresses 172.21.2.2 to 172.21.2.27 to access the remote network devices.
Computers on network Y use IP addresses 192.168.1.2 to 192.168.1.27 to access local
network devices and IP addresses 10.0.0.2 to 10.0.0.4 to access the remote network devices.
devices and IP addresses 172.21.2.2 to 172.21.2.27 to access the remote network devices.
Computers on network Y use IP addresses 192.168.1.2 to 192.168.1.27 to access local
network devices and IP addresses 10.0.0.2 to 10.0.0.4 to access the remote network devices.