Руководство Пользователя для ZyXEL 35
ZyWALL 35 Support Notes
All contents copyright (c) 2006 ZyXEL Communications Corporation.
71
ISDN) which are not supported by IPSec gateway. This example gives some guideline for configuring
ZyWALL behind NAT router.
1) UDP 500 (IKE) must be forwarded to ZyWALL to accept incoming VPN connection from peer VPN
gateway or client.
2) If Firewall is running on the same NAT router, make sure a firewall rule is configured to allow
IKE/IPSec (AH/ESP) traffic to pass-through.
VPN->VPN Rule (IKE) on ZyWALL
VPN->VPN Rule (IKE) on ZyWALL
Configuration on Peer VPN gateway
Configuration on Local ZyWALL
VPN->VPN Rule (IKE) on ZyWALL
WAN->WAN1 or WAN2
3
4
5
6
3) On ZyWALL, enable “NAT Traversal” no matter if the front NAT router supports NAT Traversal
(IPSec pass-through) or not. With this option enabled, ZyWALL can detect if it is placed behind NAT
when peer VPN entity also support NAT Traversal function. If yes, the IPSec traffic will be