ZyXEL Communications ISG50 User Manual
Chapter 6 Configuration Basics
ISG50 User’s Guide
96
2
Policy Routes: These are the user-configured policy routes. Configure policy routes to send
packets through the appropriate interface or VPN tunnel. See
packets through the appropriate interface or VPN tunnel. See
for more on
policy routes.
3
1 to 1 and Many 1 to 1 NAT: These are the 1 to 1 NAT and many 1 to 1 NAT rules. If a private
network server will initiate sessions to the outside clients, create a 1 to 1 NAT entry to have the
ISG50 translate the source IP address of the server’s outgoing traffic to the same public IP address
that the outside clients use to access the server. A many 1 to 1 NAT entry works like multiple 1 to 1
NAT rules. It maps a range of private network servers that will initiate sessions to the outside
clients to a range of public IP addresses. See
network server will initiate sessions to the outside clients, create a 1 to 1 NAT entry to have the
ISG50 translate the source IP address of the server’s outgoing traffic to the same public IP address
that the outside clients use to access the server. A many 1 to 1 NAT entry works like multiple 1 to 1
NAT rules. It maps a range of private network servers that will initiate sessions to the outside
clients to a range of public IP addresses. See
for more.
4
Auto VPN Policy: The ISG50 automatically creates these routing entries for the VPN rules.
Disabling the IPSec VPN feature’s Use Policy Route to control dynamic IPSec rules option
moves the routes for dynamic IPSec rules up above the policy routes (see
Disabling the IPSec VPN feature’s Use Policy Route to control dynamic IPSec rules option
moves the routes for dynamic IPSec rules up above the policy routes (see
).
5
Static and Dynamic Routes: This section contains the user-configured static routes and the
dynamic routing information learned from other routers through RIP and OSPF. See
dynamic routing information learned from other routers through RIP and OSPF. See
for more information.
6
Default WAN Trunk: For any traffic coming in through an internal interface, if it does not match
any of the other routing entries, the ISG50 forwards it through the default WAN trunk. See
any of the other routing entries, the ISG50 forwards it through the default WAN trunk. See
for how to select which trunk the ISG50 uses as the default.
7
Main Routing Table: The default WAN trunk is expected to be used for any traffic that did not
match any earlier routing entries.
match any earlier routing entries.
6.5.2 NAT Table Checking Flow
The checking flow is from top to bottom. As soon as the packets match an entry in one of the
sections, the ISG50 stops checking the packets against the NAT table and moves on to bandwidth
management.
sections, the ISG50 stops checking the packets against the NAT table and moves on to bandwidth
management.
Figure 70
NAT Table Checking Flow