SafeLinx Client addressing for the VPN
An MNI reserves an IP address in a subnet as its own and this address is the SafeLinx Server's point-of-presence on your organization's wired LAN network. How that IP address is assigned and how IP traffic is routed are determined by MNI configuration options.
Review the following MNI configuration options:
- Use an externally located DHCP server
- All SafeLinx Client addresses for this MNI are assigned by using an external dynamic host
configuration protocol (DHCP) server. The DHCP server on your organization's LAN assigns addresses
that are routable within the organization's LAN. This option requires minimal network configuration,
but also requires that the DHCP server can be accessed from the SafeLinx Server.
Requesting addresses from a DHCP server can add a significant delay to the time it takes a SafeLinx Client to log in. The SafeLinx Server would be blocked and waiting for responses from the DHCP server, which can result in login and logout delays. Do not use this option in a large production environment.
- Use a private subnet and create a NAT resource based on DHCP requested addresses
- SafeLinx Client addresses are assigned from the range of addresses defined by the IP address and
subnet.
To route IP traffic to the organization's LAN, the SafeLinx Server obtains a pool of IP addresses from a DHCP server within the organization's LAN and performs network address translation that uses this pool of addresses. Traffic is routed in the intranet with the NAT addresses obtained from the DHCP server.
- Use a private subnet
- SafeLinx Client addresses are assigned from the range of addresses defined by the IP address and subnet mask fields listed in the following table. This option requires that computers on your organization's LAN are able to route traffic to this subnetwork by using the SafeLinx Server's IP address on the LAN. This task requires that your organization's routers are updated to associate the SafeLinx Server's IP address with the subnetwork.
Resource description | Gather your information here |
---|---|
Type and name of network interface, for example, Ethernet (eth0) or IEEE 802.3 | |
IP address - the unique 32-bit IP address for the MNI | |
Subnet mask - the bit-wise subnet mask applied to the IP address and defines the range of addresses for the MNI |
There are three private IP network ranges that are not routable over the Internet. If you choose to use an address that is not globally unique, you can select from these network ranges when choosing an IP address and subnet mask to be used for the MNI.
Class | Network range | Subnet mask |
---|---|---|
A | 10.0.0.0 through 10.255.255.255 | 255.0.0.0 |
B | 172.16.0.0 through 172.31.0.0 | 255.240.0.0 |
C | 192.168.0.0 through 192.168.255.0 | 255.255.0.0 |
If you do not have an external DHCP server available, you need to define a private IP address range. Either create a network address translation resource or define static routes on all destination computers. In this case, you need to install the SafeLinx Server, then use SafeLinx Administrator to create the MNI.
If you do not want to define static routes on all destination computers, create a network address translator (NAT) resource and assign it to the MNI. See the SafeLinx Administrator's Guide for more information.