ZyXEL Communications 91-009-073003B 6.4.2NAT Table Checking Flow

Chapter 6 Configuration Basics

4Auto VPN Policy: The ZyWALL automatically creates these routing entries for the VPN rules. Disabling the IPSec VPN feature’s Use Policy Route to control dynamic IPSec rules option moves the routes for dynamic IPSec rules up above the policy routes (see Section 23.2 on page 378).

5Static and Dynamic Routes: This section contains the user-configured static routes and the dynamic routing information learned from other routers through RIP and OSPF. See Chapter 13 on page 281 for more information.

6Default WAN Trunk: For any traffic coming in through an internal interface, if it does not match any of the other routing entries, the ZyWALL forwards it through the default WAN trunk. See Section 12.2 on page 276 for how to select which trunk the ZyWALL uses as the default.

7Main Routing Table: The default WAN trunk is expected to be used for any traffic that did not match any earlier routing entries.

6.4.2NAT Table Checking Flow

The checking flow is from top to bottom. As soon as the packets match an entry in one of the sections, the ZyWALL stops checking the packets against the NAT table and moves on to bandwidth management.

Figure 54 NAT Table Checking Flow

1SNAT defined in the policy routes.

21 to 1 SNAT (including Many 1 to 1) is also included in the NAT table.

3NAT loopback is now included in the NAT table instead of requiring a separate policy route.