ZyWALL 5/35/70 Series User’s Guide

Server: This type allows you to specify inside servers of different services behind the NAT to be accessible to the outside world although, it is highly recommended that you use the DMZ port for these servers instead.

Note: Port numbers do not change for One-to-One and Many-One-to-One NAT

mapping types.

The following table summarizes these types.

Table 125 NAT Mapping Types

TYPE

IP MAPPING

SMT ABBREVIATION

 

 

 

One-to-One

ILA1ÅÆ IGA1

1-1

 

 

 

Many-to-One (SUA/PAT)

ILA1ÅÆ IGA1

M-1

 

ILA2ÅÆ IGA1

 

 

 

 

 

 

Many-to-Many Overload

ILA1ÅÆ IGA1

M-M Ov

 

ILA2ÅÆ IGA2

 

 

ILA3ÅÆ IGA1

 

 

ILA4ÅÆ IGA2

 

 

 

 

 

 

Many-One-to-One

ILA1ÅÆ IGA1

M-1-1

 

ILA2ÅÆ IGA2

 

 

ILA3ÅÆ IGA3

 

 

 

 

 

 

Server

Server 1 IPÅÆ IGA1

Server

 

Server 2 IPÅÆ IGA1

 

 

Server 3 IPÅÆ IGA1

 

 

 

 

22.2 Using NAT

Note: You must create a firewall rule in addition to setting up SUA/NAT, to allow traffic from the WAN to be forwarded through the ZyWALL.

22.2.1 SUA (Single User Account) Versus NAT

SUA (Single User Account) is a ZyNOS implementation of a subset of NAT that supports two types of mapping, Many-to-Oneand Server. The ZyWALL also supports Full Feature NAT to map multiple global IP addresses to multiple private LAN IP addresses of clients or servers using mapping types. Select either SUA or Full Feature in NAT Overview.

Selecting SUA means (latent) multiple WAN-to-LAN and WAN-to-DMZ address translation. That means that computers on your DMZ with public IP addresses will still have to undergo NAT mapping if you’re using SUA NAT mapping. If this is not your intention, then select Full Feature NAT and don’t configure NAT mapping rules to those computers with public IP addresses on the DMZ.

Chapter 22 Network Address Translation (NAT)

374