Chapter 20 IPSec VPN
Table 92 VPN > IPSec VPN > VPN Connection > Manual Key > Edit (continued)
LABEL | DESCRIPTION |
Source NAT | This translation hides the source address of computers in the remote network. |
|
|
Source | Select the address object that represents the original source address (or select |
| Create Object to configure a new one). This is the address object for the remote |
| network. The size of the original source address range (Source) must be equal to |
| the size of the translated source address range (SNAT). |
|
|
Destination | Select the address object that represents the original destination address (or |
| select Create Object to configure a new one). This is the address object for the |
| local network. |
|
|
SNAT | Select the address object that represents the translated source address (or select |
| Create Object to configure a new one). This is the address that hides the original |
| source address. The size of the original source address range (Source) must be |
| equal to the size of the translated source address range (SNAT). |
|
|
Destination | This translation forwards packets (for example, mail) from the remote network to a |
NAT | specific computer (for example, the mail server) in the local network. |
|
|
# | This field is a sequential value, and it is not associated with a specific NAT record. |
| However, the order of records is the sequence in which conditions are checked |
| and executed. |
|
|
Original IP | Select the address object that represents the original destination address. This is |
| the address object for the remote network. |
|
|
Mapped IP | Select the address object that represents the desired destination address. For |
| example, this is the address object for the mail server. |
|
|
Protocol | Select the protocol required to use this translation. Choices are: TCP, UDP, or All. |
|
|
Original Port | This field is available if the protocol is TCP or UDP. Enter the original destination |
| port or range of original destination ports. The size of the original port range must |
| be the same size as the size of the mapped port range. |
|
|
Mapped Port | This field is available if the protocol is TCP or UDP. Enter the translated |
| destination port or range of translated destination ports. The size of the original |
| port range must be the same size as the size of the mapped port range. |
|
|
Add icon | This column contains icons to add, move, and remove NAT records. |
| To add a NAT record, click the Add icon at the top of the column. |
| To move a NAT record, click the Move to N icon next to the record, and then type |
| the row number to which you want to move it. The records are renumbered |
| automatically. |
| To remove a NAT record, click the Remove icon next to the record. The ZyWALL |
| confirms that you want to delete the NAT record before doing so. |
|
|
OK | Click OK to save your changes back to the ZyWALL. |
|
|
Cancel | Click Cancel to exit this screen without saving. |
|
|
20.4 VPN Gateway Screens
You use the VPN Gateway summary screen to look at the VPN gateways you have set up, and you use the VPN Gateway Add/Edit screen to create or to edit VPN gateways.
20.4.1 IKE SA Overview
The IKE SA provides a secure connection between the ZyWALL and remote IPSec router.
306 |
| |
ZyWALL USG 1000 User’s Guide |
| |
|
|
|