ZyWALL 2WG Support Notes
All contents copyright (c) 2006 ZyXEL Communications Corporation. 254
F28. Single, Range, Subnet, which types of IP address does ZyWALL support in
VPN/IPSec?
All ZyWALL series support single, range, and subnet configuration for VPN IPSec. In other words, you
can specify a single PC, a range of PCs or even a network of PCs to utilize the VPN/IPSec service.
F29. Does ZyWALL support IPSec pass-through?
Yes, ZyWALL can support IPSec pass-through. ZyWALL series don't only support IPSec/VPN gateway, it
can also be a NAT router supporting IPSec pass-through.
If the VPN connection is initiated from the security gateway behind ZyWALL, no configuration is
necessary for neither NAT nor Firewall.
If the VPN connection is initiated from the security gateway outside of ZyWALL, NAT port forwarding
and Firewall forwarding are necessary.
To configure NAT port forwarding, please go to WEB interface, Setup/ "NAT", put the secure gateway's
IP address in default server.
To configure Firewall forwarding, please go to WEB interface, Setup/Firewall, select Packet Direction to
WAN to LAN, and create a firewall rule the forwards IKE(UDP:500).
F30. Can ZyWALL behave as a NAT router supporting IPSec pass through and an IPSec
gateway simultaneously?
No, ZyWALL can't support them simultaneously. You need to choose either one. If ZyWALL is to support
IPSec pass through, you have to disable the VPN function on ZyWALL. To disable it, you can either
deactivate each VPN rule or issue a CI command, "IPSec switch off".
G. PKI FAQ
G01. Basic Cryptography concept
Encryption and decryption are two major operations involved in cryptography. Whenever we would
like to send some secret over an insecure media, such as Internet, we may encrypt the secret before
sending it out. The receiver thus needs the corresponding decryption key to recover the encrypted
secrete. We need to have keys for both encryption and decryption. The key used to encrypt data is
called the encryption key, and the key for decryption is called the decryption key.
Cryptography can be categorized into two types, symmetric and asymmetric cryptography. For
symmetric cryptography, the encryption key is the same with the decryption. Otherwise, we the