ZyXEL Communications USG 2000 Manual De Usuario
Chapter 6 Configuration Basics
ZyWALL USG 2000 User’s Guide
101
• You do not need to set up policy routes for 1:1 NAT entries.
• You can create Many 1:1 NAT entries to translate a range of private network
• You can create Many 1:1 NAT entries to translate a range of private network
addresses to a range of public IP addresses
• Static and dynamic routes have their own category.
Even with these changes, you can still use an existing configuration file from the
previous version.
previous version.
6.4.2 Routing Table Checking Flow Enhancements
When the ZyWALL receives packets it defragments them and applies destination
NAT. Then it examines the packets and determines how to route them. The
following figure shows how the ZLD 2.20 firmware’s routing table compares with
the earlier 2.1x firmware’s routing table.The checking flow is from top to bottom.
As soon as the packets match an entry in one of the sections, the ZyWALL stops
checking the packets against the routing table and moves on to the other checks,
for example the firewall check.
NAT. Then it examines the packets and determines how to route them. The
following figure shows how the ZLD 2.20 firmware’s routing table compares with
the earlier 2.1x firmware’s routing table.The checking flow is from top to bottom.
As soon as the packets match an entry in one of the sections, the ZyWALL stops
checking the packets against the routing table and moves on to the other checks,
for example the firewall check.
Figure 65 Routing Table Checking Flow Enhancements
1
Direct-connected Subnets: The ZyWALL first checks to see if the packets are
destined for an address in the same subnet as one of the ZyWALL’s interfaces. You
can override this and have the ZyWALL check the policy routes first by enabling
the policy route feature’s Use Policy Route to Override Direct Route option
(see
destined for an address in the same subnet as one of the ZyWALL’s interfaces. You
can override this and have the ZyWALL check the policy routes first by enabling
the policy route feature’s Use Policy Route to Override Direct Route option
(see
).