ZyXEL Communications 1000 ユーザーズマニュアル
Chapter 6 Configuration Basics
ZyWALL USG 1000 User’s Guide
102
2
Policy Routes: These are the user-configured policy routes. Configure policy
routes to send packets through the appropriate interface or VPN tunnel. See
routes to send packets through the appropriate interface or VPN tunnel. See
for more on policy routes.
3
1 to 1 and Many 1 to 1 NAT: These are the 1 to 1 NAT and many 1 to 1 NAT
rules. If a private network server will initiate sessions to the outside clients, create
a 1 to 1 NAT entry to have the ZyWALL translate the source IP address of the
server’s outgoing traffic to the same public IP address that the outside clients use
to access the server. A many 1 to 1 NAT entry works like multiple 1 to 1 NAT rules.
It maps a range of private network servers that will initiate sessions to the outside
clients to a range of public IP addresses. See
rules. If a private network server will initiate sessions to the outside clients, create
a 1 to 1 NAT entry to have the ZyWALL translate the source IP address of the
server’s outgoing traffic to the same public IP address that the outside clients use
to access the server. A many 1 to 1 NAT entry works like multiple 1 to 1 NAT rules.
It maps a range of private network servers that will initiate sessions to the outside
clients to a range of public IP addresses. See
for
more.
4
Auto VPN Policy: The ZyWALL automatically creates these routing entries for the
VPN rules. Disabling the IPSec VPN feature’s Use Policy Route to control
dynamic IPSec rules option moves the routes for dynamic IPSec rules up above
the policy routes (see
VPN rules. Disabling the IPSec VPN feature’s Use Policy Route to control
dynamic IPSec rules option moves the routes for dynamic IPSec rules up above
the policy routes (see
).
5
Static and Dynamic Routes: This section contains the user-configured static
routes and the dynamic routing information learned from other routers through
RIP and OSPF. See
routes and the dynamic routing information learned from other routers through
RIP and OSPF. See
6
Default WAN Trunk: For any traffic coming in through an internal interface, if it
does not match any of the other routing entries, the ZyWALL forwards it through
the default WAN trunk. See
does not match any of the other routing entries, the ZyWALL forwards it through
the default WAN trunk. See
for how to select which
trunk the ZyWALL uses as the default.
7
Main Routing Table: In ZLD 2.20 the default WAN trunk is expected to be used
for any traffic that did not match any earlier routing entries but the main routing
table has been retained for backwards compatibility with earlier ZLD versions.
for any traffic that did not match any earlier routing entries but the main routing
table has been retained for backwards compatibility with earlier ZLD versions.
6.4.3 NAT Table Checking Flow
The ZyWALL’s NAT has been enhanced in ZLD version 2.20 and renamed from
virtual server. The following figure shows how the ZLD 2.20 firmware’s NAT table
compares with the earlier 2.1x firmware’s NAT table.The checking flow is from top
to bottom. As soon as the packets match an entry in one of the sections, the
virtual server. The following figure shows how the ZLD 2.20 firmware’s NAT table
compares with the earlier 2.1x firmware’s NAT table.The checking flow is from top
to bottom. As soon as the packets match an entry in one of the sections, the