ZyXEL Communications ZyWALL 1000 2.2.4Interface to Interface (To VPN Tunnel), 2.2.2Interface to Interface (To/From ZyWALL), 2.2.1 Interface to Interface (Through ZyWALL)

		Chapter 2 Features and Applications
	Table 4 Packet Flow Key
	AC	Application Classifier is the Application Protocol (AP) layer-7 classifier.

	DNAT	Destination NAT


	Routing	Routing includes policy routes, interface routing, static routes and load balancing
		for example.


	FW	Firewall (Through ZyWALL)

	zFW	Firewall (To ZyWALL)

	IDP	Intrusion Detection & Protection

	ADP	Anomaly Detection and Protection

	AP	Application Patrol


	CF	Content Filtering


	SNAT	Source NAT

	IPSec D/E	VPN Decryption/Encryption

	BWM	Bandwidth Management

	RM	Remote Management (System)

	AV	Anti-Virus

2.2.1 Interface to Interface (Through ZyWALL)

Ethernet -> VLAN -> Encap -> ALG -> AC -> DNAT-> Routing -> FW -> AC -> IDP -> AV-

>AP -> CF -> SNAT -> BWM -> Encap -> VLAN -> Ethernet

2.2.2Interface to Interface (To/From ZyWALL)

To: Ethernet -> VLAN -> Encap -> ALG -> AC -> DNAT -> Routing -> zFW -> ADP -> RM

From: RM -> Routing -> BWM -> Encap -> VLAN -> Ethernet

2.2.3 Interface to Interface (From VPN Tunnel)

This example shows the flow from a VPN tunnel though the ZyWALL, not to the ZyWALL or to another VPN tunnel (VPN concentrator).

Ethernet -> VLAN -> Encap -> ALG -> AC -> DNAT-> Routing -> zFW -> IPSec D -> ALG -> AC -> DNAT-> Routing -> FW -> AC -> IDP -> AV -> AP -> CF -> -> SNAT -> BWM -

>Encap -> VLAN -> Ethernet

2.2.4Interface to Interface (To VPN Tunnel)

This example shows the flow to a VPN tunnel from a source other than the ZyWALL or another VPN tunnel (VPN concentrator).

	59
ZyWALL USG 1000 User’s Guide	59