![]() |
The administrative user performs configuration on the Network-Private subnets screen after deciding which addressing scheme to use, as discussed here and in more detail in Device Configuration.When an administrative user selects the Network-Private subnets menu option, the following screen appears.The administrator must define at least one subnet. In certain cases, the administrator may also need to define a virtual (DNAT) network.The administrator must define at least one subnet to enable devices that are connected to the OnBoard appliance’s private Ethernet ports to communicate on the Internet via the OnBoard appliance’s public IP address. Any number of private subnets may be configured.NOTE: The OnBoard appliance attempts to reach a device that does not have a private subnet assigned by attempting to contact it through the OnBoard appliance’s default route. Therefore, unless the OnBoard appliance administrator defines a public subnet and assigns it to each device, the device cannot be reached unless the device is on the public side of the OnBoard appliance. In almost all cases, devices are on the private side of the OnBoard appliance and therefore they are unreachable without a private subnet.When an administrative user clicks the Add Subnet button on the Network-Private Subnets Screen, the Private Subnet configuration dialog appears.
Devices use this address when communicating with the OnBoard appliance. The OnBoard appliance uses this address when communicating with devices. This address must be within the private subnet’s IP address range. The OnBoard appliance derives the range of addresses in the subnet from the OnBoard appliance side IP address and the subnet mask. The OnBoard appliance uses the specified information to create a route to the subnet in the OnBoard appliance’s routing table.The example in Figure 6.77 defines a private subnet name of net1, an OnBoard side IP address of 192.168.0.254 and a subnet netmask of 255.255.255.0. The private subnet address derived from this configuration is 192.168.0.0. Since the broadcast address is 192.168.0.255 (by convention) and the OnBoard’s address is 192.168.0.254, the administrator can assign an address between 192.168.0.1 and 192.168.0.253 when configuring a connected device.The administrator should define a virtual network based on Destination Network Address Translation (DNAT) in the following cases:
• When multiple non-contiguous private subnets must be supported by a single network route (or, in the case of IPSec, a single tunnel) on the client for VPN or native IP access. This would be the case when connected devices are already configured using IP addresses from multiple address ranges and it is not feasible to change previously-defined device IP addresses
•
IP address to assign to the OnBoard appliance from the virtual network’s address range. For example, if the virtual IP address of the network is 10.0.0.0, 10.0.0.254 would a valid IP address for the OnBoard appliance that could be entered here. Netmask (which is used in combination with the network address portion of the Address above to define the address range of the virtual network.
2.
3. Click the Add Subnet button. The Private Subnet configuration dialog appears.
5. Enter an IP address for the OnBoard appliance within the private subnet’s network address range in the Onboard side IP address field.
7. Click OK.
8. Click Save and apply changes.
2.
3. Under Virtual Network (DNAT) configuration, enter a virtual IP address to assign to the OnBoard appliance from the virtual network’s address range in the Address field.
5. Click Save and apply changes.