We have an Untangle server with WAN and LAN interfaces. It is used as a router, DHCP server with IP address 192.168.1.1.
A client of ours asked us to set up an IPSEC tunnel. Instead of using the Untangle server, I set up another router with IP address 192.168.1.254. DHCP is not enabled in this router.
Both routers are connected to the core router so I can either use 192.168.1.1 or 192.168.1.254 (hard coded) as a gateway. If I use 192.168.1.254 as a gateway, then I bypass 192.168.1.1 Untangle server.
Our client required us to use non-RFC 1918 IP addresses for the IPSEC tunnel. I used 203.X.X.64/26 for the Local Group in the IPSEC tunnel and then added a Multiple subnet setting in the 192.168.1.254 router using 203.X.X.64/26 subnet. I added a static route in Untangle for target 203.X.X.64/26 with gateway of 192.168.1.254.
I then changed my workstation's IP address to 203.X.X.65 and gateway of 203.X.X.64 so that I am allowed to see the servers on the remote (client) network thru the tunnel. My workstation can see and connect to all the 192.168.1.1/24 network (our internal lan) as well as the internet.
What I am trying to figure out is if it is possible to add another subnet in Untangle so that I can hardcode the workstations required to connect to the tunnel with 203.X.X.64/26 ip addresses and gateway of 203.X.X.64. I want the workstations to pass thru the Untangle firewall instead of bypassing it.
Is that possible? If yes, how can I do it?
Appreciate your comments.
Thanks.
A client of ours asked us to set up an IPSEC tunnel. Instead of using the Untangle server, I set up another router with IP address 192.168.1.254. DHCP is not enabled in this router.
Both routers are connected to the core router so I can either use 192.168.1.1 or 192.168.1.254 (hard coded) as a gateway. If I use 192.168.1.254 as a gateway, then I bypass 192.168.1.1 Untangle server.
Our client required us to use non-RFC 1918 IP addresses for the IPSEC tunnel. I used 203.X.X.64/26 for the Local Group in the IPSEC tunnel and then added a Multiple subnet setting in the 192.168.1.254 router using 203.X.X.64/26 subnet. I added a static route in Untangle for target 203.X.X.64/26 with gateway of 192.168.1.254.
I then changed my workstation's IP address to 203.X.X.65 and gateway of 203.X.X.64 so that I am allowed to see the servers on the remote (client) network thru the tunnel. My workstation can see and connect to all the 192.168.1.1/24 network (our internal lan) as well as the internet.
What I am trying to figure out is if it is possible to add another subnet in Untangle so that I can hardcode the workstations required to connect to the tunnel with 203.X.X.64/26 ip addresses and gateway of 203.X.X.64. I want the workstations to pass thru the Untangle firewall instead of bypassing it.
Is that possible? If yes, how can I do it?
Appreciate your comments.
Thanks.