Important Notice: Our web hosting provider recently started charging us for additional visits, which was unexpected. In response, we're seeking donations. Depending on the situation, we may explore different monetization options for our Community and Expert Contributors. It's crucial to provide more returns for their expertise and offer more Expert Validated Answers or AI Validated Answers. Learn more about our hosting issue here.

Can the ZyWALL NAT handle IPSec packets sent by the VPN gateway behind ZyWALL?

0
Posted

Can the ZyWALL NAT handle IPSec packets sent by the VPN gateway behind ZyWALL?

0

Yes, the ZyWALL’s NAT can handle IPSec ESP Tunneling mode. We know when packets go through NAT, NAT will change the source IP address and source port for the host. To pass IPSec packets, NAT must understand the ESP packet with protocol number 50, replace the source IP address of the IPSec gateway to the router’s WAN IP address. However, NAT should not change the source port of the UDP packets which are used for key managements. Because the remote gateway checks this source port during connections, the port thus is not allowed to be changed.

Related Questions

What is your question?

*Sadly, we had to bring back ads too. Hopefully more targeted.