If a route is necessary for the OnBoard appliance and the user’s workstation to exchange packets, a route can be specified by setting one or both of the Right and Left nexthop parameters to the IP address of a host route and selecting
Add and route as the boot action. This should be configured by the OnBoard appliance’s administrator and the configuration should be shared with the user. Once packets can be exchanged between the OnBoard appliance and the user’s workstation, IPSec automatically creates the routes needed to get packets flowing through an IPSec VPN tunnel, so neither the user nor the administrator need to create routes to support IPSec VPN tunnels to devices.
If a network or host route is needed to enable communications between the user’s workstation and the OnBoard appliance, the user must manually add the route on the user’s workstation before creating the PPTP VPN tunnel.
In addition, the user must manually create a static route after the PPTP connection is established to inform the workstation that the device to be contacted is at the other end of the point-to-point link. The route must include the PPTP address assigned to the OnBoard appliance, which the user can discover by running the ifconfig or ipconfig command.
For example, to communicate with all devices on a private subnet whose IP address is 192.168.4.0, when the network mask is 255.255.255.0 and the PPTP-assigned IP address for the OnBoard appliance is 192.168.2.1, the following route would be needed:
To communicate with three devices on a virtual network whose IP address is 172.20.0.0, whose network mask is 255.255.0.0 via the OnBoard appliance and PPTP has assigned to the OnBoard appliance the IP address 192.168.2.1, the user would need to configure a route like the one shown in the following example:
If a virtual network is configured, the user needs to only add a single network route to the virtual network. Check with the OnBoard appliance’s administrator about which routes you need to configure to connect to the devices for which you are authorized.
Creating a default route on the user’s workstation to the OnBoard appliance is not a viable approach. The route would cause the loss of DNS and other local services (such as Internet and mail service) for the user’s workstation.