ZyXEL Communications 91-009-073003B manual 93

Chapter 6 Configuration Basics

of the sections, the ZyWALL stops checking the packets against the routing table and moves on to the other checks, for example the firewall check.

Figure 53 Routing Table Checking Flow

1Direct-connected Subnets: The ZyWALL first checks to see if the packets are destined for an address in the same subnet as one of the ZyWALL’s interfaces. You can override this and have the ZyWALL check the policy routes first by enabling the policy route feature’s Use Policy Route to Override Direct Route option (see Section 13.1 on page 281).

2Policy Routes: These are the user-configured policy routes. Configure policy routes to send packets through the appropriate interface or VPN tunnel. See Chapter 13 on page 281 for more on policy routes.

31 to 1 and Many 1 to 1 NAT: These are the 1 to 1 NAT and many 1 to 1 NAT rules. If a private network server will initiate sessions to the outside clients, create a 1 to 1 NAT entry to have the ZyWALL translate the source IP address of the server’s outgoing traffic to the same public IP address that the outside clients use to access the server. A many 1 to 1 NAT entry works like multiple 1 to 1 NAT rules. It maps a range of private network servers that will initiate sessions to the outside clients to a range of public IP addresses. See Section 17.2.1 on page 324 for more.