Knowledge Base

Enter model number to find the articles related product applications, FAQ and user experience..

When creating 1:1 NAT rules for local hosts, these local hosts become unreachable through VPN IPSec.

When creating 1:1 NAT rules for local hosts, these local hosts become unreachable through VPN IPSec.

However, if using Virtual Server as the NAT type, there is no such problem.

Why is this the case?

The virtual server function is a "port forwarding" function.

The 1:1 NAT function is "forwarding all traffic" to the local server.

When using "1:1NAT", the traffic can't pass through to the tunnel because all traffic passes through the WAN interface.

In "packet flow explore", the priority of 1-1 SNAT is higher than site to sitesite-to-site VPN when 1:1 NAT is enabled.

To solve this problem, please reorganize the order of the routing priority.

For legacy models with ZLD 3.30 platform, use the following CLI command.

ip route control-virtual-server-rules activate

For new USG/ZyWALL series with ZLD 4.13, enable "Use Static-Dynamic Route to Control 1-1 NAT Route" on GUI.

Then the priority of Site To Site VPN becomes higher than 1-1 NAT route.

SUBMIT

Question Profile

LANGUAGE:

ARTICLE ID:015118

TYPE:Spec. Info

FIRMWARE:4.13 patch 1; 3.30 patch 7

VOTES:8

TECHNOLOGY:

MODEL:USG100-PLUS,USG110,USG1100 (view more model name)

Still have trouble with your device? Contact Zyxel technology support team directly!

Contact Zyxel Support

Product Registration

Technical Support

Download Library

Forum

Warranty

Video

Education Center

Announcements