3 example 3: general case – ZyXEL Communications ZYWALL10 User Manual

ZyWALL 10 Internet Security Gateway

NAT

6-17

6.4.3 Example 3: General Case

In this example, there are 3 IGAs from our ISP. There are many departments but two have their own FTP
server. All departments share the same router. The example will reserve one IGA for each department with
an FTP server and the other IGA is used by all. Now you map the FTP servers to the first two IGAs and the
other LAN traffic to the remaining IGA. Map the third IGA to an inside web server and mail server. Four
rules need to be configured, two bi-directional and two one directional as follows.
Rule 1.

Map the first IGA to the first inside FTP server for FTP traffic in both directions (1 : 1
mapping, giving both local and global IP addresses).

Rule 2.

Map the second IGA to our second inside FTP server for FTP traffic in both directions (1 : 1
mapping, giving both local and global IP addresses).

Rule 3.

Map the other outgoing LAN traffic to IGA3 (Many : 1 mapping).

Rule 4.

You also map your third IGA to the web server and mail server on the LAN. Type Server
allows you to specify multiple servers, of different types, to other machines behind NAT on the
LAN.

The example situation looks somewhat like this:

Figure 6-16 NAT Example 3

Step 1.

In this case you need to configure Address Mapping Set 1 from Menu 15.1 - Address Mapping
Sets. Therefore you must choose the Full Feature option from the Network Address
Translation field (in menu 4 or menu 11.3) in Figure 6-17.

Step 2.

Then enter 15 from the main menu.