|
| Chapter 20 IPSec VPN |
| Table 116 VPN > IPSec VPN > VPN Connection > Edit (continued) | |
| LABEL | DESCRIPTION |
| Related Settings |
|
|
|
|
| Add this VPN | Select this check box to add the VPN connection policy to the IPSec_VPN |
| connection to | security zone. Any security rules or settings configured for the IPSec_VPN |
| IPSec_VPN zone. | security zone will also apply to this VPN connection policy. |
|
|
|
| More Settings/Less | Click this button to show or hide the Inbound/Outbound traffic NAT fields. |
| Settings |
|
|
|
|
| Inbound/Outbound |
|
| traffic NAT |
|
|
|
|
| Outbound Traffic |
|
|
|
|
| Source NAT | This translation hides the source address of computers in the local network. It |
|
| may also be necessary if you want the ZyWALL to route packets from |
|
| computers outside the local network through the IPSec SA. |
|
|
|
| Source | Select the address object that represents the original source address (or select |
|
| Create Object to configure a new one). This is the address object for the |
|
| computer or network outside the local network. The size of the original source |
|
| address range (Source) must be equal to the size of the translated source |
|
| address range (SNAT). |
|
|
|
| Destination | Select the address object that represents the original destination address (or |
|
| select Create Object to configure a new one). This is the address object for the |
|
| remote network. |
|
|
|
| SNAT | Select the address object that represents the translated source address (or |
|
| select Create Object to configure a new one). This is the address object for the |
|
| local network. The size of the original source address range (Source) must be |
|
| equal to the size of the translated source address range (SNAT). |
|
|
|
| Inbound Traffic |
|
|
|
|
| Source NAT | This translation hides the source address of computers in the remote network. |
|
|
|
| Source | Select the address object that represents the original source address (or select |
|
| Create Object to configure a new one). This is the address object for the |
|
| remote network. The size of the original source address range (Source) must |
|
| be equal to the size of the translated source address range (SNAT). |
|
|
|
| Destination | Select the address object that represents the original destination address (or |
|
| select Create Object to configure a new one). This is the address object for the |
|
| local network. |
|
|
|
| SNAT | Select the address object that represents the translated source address (or |
|
| select Create Object to configure a new one). This is the address that hides the |
|
| original source address. The size of the original source address range (Source) |
|
| must be equal to the size of the translated source address range (SNAT). |
| Destination NAT | This translation forwards packets (for example, mail) from the remote network |
|
| to a specific computer (for example, the mail server) in the local network. |
|
|
|
| # | This field is a sequential value, and it is not associated with a specific NAT |
|
| record. However, the order of records is the sequence in which conditions are |
|
| checked and executed. |
|
|
|
| Original IP | Select the address object that represents the original destination address. This |
|
| is the address object for the remote network. |
|
|
|
| Mapped IP | Select the address object that represents the desired destination address. For |
|
| example, this is the address object for the mail server. |
|
|
|
| Protocol | Select the protocol required to use this translation. Choices are: TCP, UDP, or |
|
| All. |
|
|
|
| 359 |
ZyWALL USG 100/200 Series User’s Guide | |
|
|