ZyXEL Communications ZyWALL 1000 User Manual
Chapter 20 IPSec VPN
ZyWALL USG 1000 User’s Guide
306
20.4 VPN Gateway Screens
You use the VPN Gateway summary screen to look at the VPN gateways you have set up, and
you use the VPN Gateway Add/Edit screen to create or to edit VPN gateways.
you use the VPN Gateway Add/Edit screen to create or to edit VPN gateways.
20.4.1 IKE SA Overview
The IKE SA provides a secure connection between the ZyWALL and remote IPSec router.
Source NAT
This translation hides the source address of computers in the remote network.
Source
Select the address object that represents the original source address (or select
Create Object to configure a new one). This is the address object for the remote
network. The size of the original source address range (Source) must be equal to
the size of the translated source address range (SNAT).
Destination
Select the address object that represents the original destination address (or
select Create Object to configure a new one). This is the address object for the
local network.
SNAT
Select the address object that represents the translated source address (or select
Create Object to configure a new one). This is the address that hides the original
source address. The size of the original source address range (Source) must be
equal to the size of the translated source address range (SNAT).
Destination
NAT
This translation forwards packets (for example, mail) from the remote network to a
specific computer (for example, the mail server) in the local network.
#
This field is a sequential value, and it is not associated with a specific NAT record.
However, the order of records is the sequence in which conditions are checked
and executed.
Original IP
Select the address object that represents the original destination address. This is
the address object for the remote network.
Mapped IP
Select the address object that represents the desired destination address. For
example, this is the address object for the mail server.
Protocol
Select the protocol required to use this translation. Choices are: TCP, UDP, or All.
Original Port
This field is available if the protocol is TCP or UDP. Enter the original destination
port or range of original destination ports. The size of the original port range must
be the same size as the size of the mapped port range.
Mapped Port
This field is available if the protocol is TCP or UDP. Enter the translated
destination port or range of translated destination ports. The size of the original
port range must be the same size as the size of the mapped port range.
Add icon
This column contains icons to add, move, and remove NAT records.
To add a NAT record, click the Add icon at the top of the column.
To move a NAT record, click the Move to N icon next to the record, and then type
To add a NAT record, click the Add icon at the top of the column.
To move a NAT record, click the Move to N icon next to the record, and then type
the row number to which you want to move it. The records are renumbered
automatically.
To remove a NAT record, click the Remove icon next to the record. The ZyWALL
To remove a NAT record, click the Remove icon next to the record. The ZyWALL
confirms that you want to delete the NAT record before doing so.
OK
Click OK to save your changes back to the ZyWALL.
Cancel
Click Cancel to exit this screen without saving.
Table 92 VPN > IPSec VPN > VPN Connection > Manual Key > Edit (continued)
LABEL
DESCRIPTION