How do I setup my ZyWALL for routing IPSec packets over NAT?
For outgoing IPSec tunnels, no extra setting is required. For forwarding the inbound IPSec ESP tunnel, A ‘Default’ server set in menu 15 is required. It is because NAT makes your LAN appear as a single machine to the outside world. LAN users are invisible to outside users. So, to make an internal server for outside access, we must specify the service port and the LAN IP of this server in Menu 15. Thus NAT is able to forward the incoming packets to the requested service behind NAT and the outside users access the server using the ZyWALL’s WAN IP address. So, we have to configure the internal IPSec as a default server (unspecified service port) in menu 15 when it acts a server gateway.