Hello to all,
i have a question about configuring secure NAT and DHCP.
I have installed Softether on a Server. This Server is installed in our DMZ.
IP of Server is 192.168.1.13/24
our Firewall has IP 192.168.1.1. Clients have to use 192.168.1.1 as Gateway for accessing internal LAN subnets.
I have no DHCP Server in DMZ installed.
Now i want to use split tunnelling. VPN Clients should use only VPN for traffic to internal Servers.
I have to enable secure NAT and configure the virtual DHCP Server.
But which IP to use for the virtual NIC and DHCP Server on the softether Server?
Do i Need to use one IP from 192.168.1.X/24 for the virtual NIC (same IP range the softether Server resides)?
And DHCP Server is distributing IP ´from 192.168.1.X range (for example 192.168.1.20 - 100)?
Default configuration for secure NAT is 192.168.30.1 for virtual NIC.
Do i have to disable the "virtual NAT" in this Scenario?
Thank you
Regards
Secure NAT configuration
-
- Posts: 137
- Joined: Mon Mar 24, 2014 3:59 am
Re: Secure NAT configuration
> But which IP to use for the virtual NIC and DHCP Server on the softether Server?
Use any RFC1918 address block that does not conflict with the LAN or internal routes.
Remember that the SecureNAT gateway address is used privately by SoftEther within the virtual hub and is not actually bound to an interface on the host.
> Do i Need to use one IP from 192.168.1.X/24 for the virtual NIC (same IP range the softether Server resides)?
No, that would be good only for an L2 bridge configuration.
Use any RFC1918 address block that does not conflict with the LAN or internal routes.
Remember that the SecureNAT gateway address is used privately by SoftEther within the virtual hub and is not actually bound to an interface on the host.
> Do i Need to use one IP from 192.168.1.X/24 for the virtual NIC (same IP range the softether Server resides)?
No, that would be good only for an L2 bridge configuration.
-
- Posts: 2458
- Joined: Mon Feb 24, 2014 11:03 am
Re: Secure NAT configuration
> Do i Need to use one IP from 192.168.1.X/24 for the virtual NIC (same IP range the
> softether Server resides)?
Yes.
> Do i have to disable the "virtual NAT" in this Scenario?
Yes. Have you created a localbridge, haven't you?
> softether Server resides)?
Yes.
> Do i have to disable the "virtual NAT" in this Scenario?
Yes. Have you created a localbridge, haven't you?