ZyXEL Communications ISG50 User Manual
Chapter 6 Configuration Basics
ISG50 User’s Guide
95
• Automatic SNAT and WAN trunk routing for traffic going from internal to external interfaces (you
don’t need to configure anything to all LAN to WAN traffic).
The ISG50 automatically adds all of the external interfaces to the default WAN trunk. External
interfaces include ppp and cellular interfaces as well as any Ethernet interfaces that are set as
external interfaces.
Examples of internal interfaces are any Ethernet interfaces that you configure as internal
interfaces.
The ISG50 automatically adds all of the external interfaces to the default WAN trunk. External
interfaces include ppp and cellular interfaces as well as any Ethernet interfaces that are set as
external interfaces.
Examples of internal interfaces are any Ethernet interfaces that you configure as internal
interfaces.
• A policy route can be automatically disabled if the next-hop is dead.
• You do not need to set up policy routes for IPSec traffic.
• Policy routes can override direct routes.
• You do not need to set up policy routes for 1:1 NAT entries.
• You can create Many 1:1 NAT entries to translate a range of private network addresses to a range
• You do not need to set up policy routes for IPSec traffic.
• Policy routes can override direct routes.
• You do not need to set up policy routes for 1:1 NAT entries.
• You can create Many 1:1 NAT entries to translate a range of private network addresses to a range
of public IP addresses
• Static and dynamic routes have their own category.
6.5.1 Routing Table Checking Flow
When the ISG50 receives packets it defragments them and applies destination NAT. Then it
examines the packets and determines how to route them. The checking flow is from top to bottom.
As soon as the packets match an entry in one of the sections, the ISG50 stops checking the packets
against the routing table and moves on to the other checks, for example the firewall check.
examines the packets and determines how to route them. The checking flow is from top to bottom.
As soon as the packets match an entry in one of the sections, the ISG50 stops checking the packets
against the routing table and moves on to the other checks, for example the firewall check.
Figure 69
Routing Table Checking Flow
1
Direct-connected Subnets: The ISG50 first checks to see if the packets are destined for an
address in the same subnet as one of the ISG50’s interfaces. You can override this and have the
ISG50 check the policy routes first by enabling the policy route feature’s Use Policy Route to
Override Direct Route option (see
address in the same subnet as one of the ISG50’s interfaces. You can override this and have the
ISG50 check the policy routes first by enabling the policy route feature’s Use Policy Route to
Override Direct Route option (see
).