ZyXEL 35 用户指南
ZyWALL 35 Support Notes
All contents copyright (c) 2006 ZyXEL Communications Corporation.
325
K25. How do I configure ZyWALL with NAT for internal servers?
Generally, without IPSec, to configure an internal server for outside access, we need to configure the
server private IP and its service port in NAT Server Table.
However, if both NAT and IPSec is enabled in ZyWALL, the edit of the table is necessary only if the
connection is a non-secure connections. For secure connections, none NAT server settings are required
since private IP is reachable in the VPN case.
For example:
host----ZyWALL(NAT)----ADSL Modem----Internet----Secure host
\
\
Non-secure host
K26. I am planning my ZyWALL behind a NAT router. What do I need to know?
Some tips for this:
The NAT router must support to pass through IPSec protocol. Only ESP tunnel mode is possible to work
in NAT case. In the NAT router is ZyWALL NAT router supporting IPSec pass through, default port and
the ZyWALL WAN IP must be configured in NAT Server Table.
WAN IP of the NAT router is the tunneling endpoint for this case, not the WAN IP of ZyWALL.
If firewall is turned on in ZyWALL, you must forward IKE port in Internet interface.
If NAT are also enabled in ZyWALL, NAT server is required for non-secure connections, NAT server is
not required for secure connections and the physical private IP is used.
For example:
host----ZyWALL----NAT Router----Internet----Secure host
\
\
Non-secure host
K27. Where can I configure Phase 1 ID in ZyWALL?
Phase 1 ID can be configured in VPN setup menu as following..