Appendices : Device Configuration : Address configuration for connected devices

Address configuration for connected devices
Table D.7 lists the related topics the administrator needs to understand when doing the planning and implementation of the private IP addresses and provides links to where they are documented.
A private subnet must be created for each IP address range used by the connected devices.
Private subnet(s) should use IP addresses from one of the three IP address ranges reserved for use on internal networks.
Even if virtual IP addresses are used (as described below), the planned real IP address for each device must be either configured manually as a static IP address or configured as a fixed address in the OnBoard appliance’s DHCP server dhcp.conf configuration file.
A virtual network may be created in the following cases:
To hide a device’s private IP addresses from non-administrative users who are not configured for native IP access.
When it is desired that multiple non-contiguous private subnets be supported by a single network route (or, in the case of IPSec, a single tunnel) on the client for VPN or native IP access. This would be the case when connected devices are already configured using IP addresses from multiple address ranges and it is not feasible to change previously-defined device IP addresses.
Any user who needs native IP access to the OnBoard appliance needs to create a named VPN connection profile, then to create a VPN tunnel to the OnBoard appliance before enabling native IP. The requirements for creating the VPN tunnel and the IP addresses to use vary depending on whether IPSec or PPTP is being used.