ZyWALL 2WG Support Notes
All contents copyright (c) 2006 ZyXEL Communications Corporation. 252
F21. Will ZyXEL support Secure Remote Management?
Yes, we will support it and we are working on it currently.
F22. Does ZyWALL VPN support NetBIOS broadcast?
Yes, the ZyWALL does support NetBIOS broadcast over VPN.
F23. Is the host behind NAT allowed to use IPSec?
NAT Condition Supported IPSec Protocol
VPN Gateway embedded NAT AH tunnel mode, ESP tunnel mode
VPN client/gateway behind NAT* ESP tunnel mode
NAT in Transport mode None
* The NAT router must support IPSec pass through. For example, for ZyWALL NAT routers, IPSec pass
through is supported since ZyNOS 3.21. The default port and the client IP have to be specified in NAT
menu Server Setup.
F24. How do I configure ZyWALL with NAT for internal servers?
Generally, without IPSec, to configure an internal server for outside access, we need to configure the
server private IP and its service port in NAT Server Table.
However, if both NAT and IPSec is enabled in ZyWALL, the edit of the table is necessary only if the
connection is a non-secure connections. For secure connections, none NAT server settings are required
since private IP is reachable in the VPN case.
For example:
host----ZyWALL(NAT)----ADSL Modem----Internet----Secure host
\
\
Non-secure host
F25. I am planning my ZyWALL behind a NAT router. What do I need to know?
Some tips for this:
The NAT router must support to pass through IPSec protocol. Only ESP tunnel mode is possible to work
in NAT case. In the NAT router is ZyWALL NAT router supporting IPSec pass through, default port and
the ZyWALL WAN IP must be configured in NAT Server Table.
WAN IP of the NAT router is the tunneling endpoint for this case, not the WAN IP of ZyWALL.