ZyXEL Vantage CNM User Guide - Page 150
Device Operation > Device Configuration > Security > VPN > VPN Rules, > Network
View all ZyXEL Vantage CNM manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 150 highlights
Chapter 6 Device Security Settings Table 51 Device Operation > Device Configuration > Security > VPN > VPN Rules (IKE) > Network Policy Add/Edit (continued) LABEL DESCRIPTION Active Enable this feature to have the device use virtual (translated) IP addresses for the local network for the VPN connection. You do not configure the Local Network fields when you enable virtual address mapping. Mapping Type Virtual address mapping allows local and remote networks to have overlapping IP addresses. Virtual address mapping (NAT over IPSec) translates the source IP addresses of computers on your local network to other (virtual) IP addresses before sending the packets to the remote IPSec router. This translation hides the source IP addresses of computers in the local network. Select One-to-One to translate a single (static) IP address on your LAN to a single virtual IP address. Select Many-to-One to translate a range of (static) IP addresses on your LAN to a single virtual IP address. Many-to-one rules are for traffic going out from your LAN, through the VPN tunnel, to the remote network. Use port forwarding rules to allow incoming traffic from the remote network. Select Many One-to-One to translate a range of (static) IP addresses on your LAN to a range of virtual IP addresses. Virtual Address Mapping Rule If you are configuring a Many-to-One rule, click this button to go to a screen where you can configure port forwarding for your VPN tunnels. The VPN network policy port forwarding rules let the device forward traffic coming in through the VPN tunnel to the appropriate IP address. Private Starting IP Specify the IP addresses of the devices behind the device that can Address use the VPN tunnel. When you select One-to-One in the Type field, enter the (static) IP address of a computer on the LAN behind your device. When you select Many-to-One or Many One-to-One in the Type field, enter the beginning (static) IP address in a range of computers on the LAN behind your device. Private Ending IP Address When you select Many-to-One or Many One-to-One in the Type field, enter the ending (static) IP address in a range of computers on the LAN behind your device. Virtual Starting IP Enter the (static) IP addresses that represent the translated private Address IP addresses. These must correspond to the remote IPSec router's configured remote IP addresses. When you select One-to-One or Many-to-One in the Type field, enter an IP address as the translated IP address. Many-to-one rules are only for traffic going to the remote network. Use port forwarding rules to allow incoming traffic from the remote network. When you select Many One-to-One in the Type field, enter the beginning IP address of a range of translated IP addresses. 150 Vantage CNM User's Guide