Using the Web Manager : Web Manager Network Menu Options : Configuring private subnets and virtual networks

Configuring private subnets and virtual networks
The administrative user performs configuration on the Network-Private subnets screen after deciding which addressing scheme to use, as discussed here and in more detail in Device Configuration.
When an administrative user selects the Network-Private subnets menu option, the following screen appears.
Network-Private Subnets Screen
The administrator must define at least one subnet. In certain cases, the administrator may also need to define a virtual (DNAT) network.
Adding private subnets
The administrator must define at least one subnet to enable devices that are connected to the OnBoard appliance’s private Ethernet ports to communicate on the Internet via the OnBoard appliance’s public IP address. Any number of private subnets may be configured.
NOTE: The OnBoard appliance attempts to reach a device that does not have a private subnet assigned by attempting to contact it through the OnBoard appliance’s default route. Therefore, unless the OnBoard appliance administrator defines a public subnet and assigns it to each device, the device cannot be reached unless the device is on the public side of the OnBoard appliance. In almost all cases, devices are on the private side of the OnBoard appliance and therefore they are unreachable without a private subnet.
When an administrative user clicks the Add Subnet button on the Network-Private Subnets Screen, the Private Subnet configuration dialog appears.
Subnets are defined as described in the following table.
Devices use this address when communicating with the OnBoard appliance. The OnBoard appliance uses this address when communicating with devices. This address must be within the private subnet’s IP address range.
The OnBoard appliance derives the range of addresses in the subnet from the OnBoard appliance side IP address and the subnet mask. The OnBoard appliance uses the specified information to create a route to the subnet in the OnBoard appliance’s routing table.
Network-Private Subnets: Add Subnet Dialog
The example in Figure 6.77 defines a private subnet name of net1, an OnBoard side IP address of 192.168.0.254 and a subnet netmask of 255.255.255.0. The private subnet address derived from this configuration is 192.168.0.0. Since the broadcast address is 192.168.0.255 (by convention) and the OnBoard’s address is 192.168.0.254, the administrator can assign an address between 192.168.0.1 and 192.168.0.253 when configuring a connected device.
Configuring a virtual network (DNAT)
The administrator should define a virtual network based on Destination Network Address Translation (DNAT) in the following cases:
When multiple non-contiguous private subnets must be supported by a single network route (or, in the case of IPSec, a single tunnel) on the client for VPN or native IP access. This would be the case when connected devices are already configured using IP addresses from multiple address ranges and it is not feasible to change previously-defined device IP addresses
IP address to assign to the OnBoard appliance from the virtual network’s address range. For example, if the virtual IP address of the network is 10.0.0.0, 10.0.0.254 would a valid IP address for the OnBoard appliance that could be entered here.
To configure a private subnet:
1.
2.
Select the the Network-Private subnets menu option.
3.
Click the Add Subnet button. The Private Subnet configuration dialog appears.
4.
5.
6.
7.
8.
Click Save and apply changes.
To configure a virtual network:
1.
2.
Select the Network-Private subnets menu option.
3.
Under Virtual Network (DNAT) configuration, enter a virtual IP address to assign to the OnBoard appliance from the virtual network’s address range in the Address field.
4.
5.
Click Save and apply changes.