I have a couple of SMB 1500 devices setup for various home users. We set these devices up with the ability to sit on their private network at home so the appliance is setup as a DAIP gateway with a private DHCP address from their home network on the WAN interface of the SMB (did this to make it easy on the end use so they can just plug in the device at home and flexibility to move the device around).
Once they get plugged in, IPSEC VPN is configured and it will create a tunnel to the main site and have connectivity.
One limitation I found on the appliance itself - I'd like to send services such as DNS, NTP, ICMP from the appliance itself down the tunnel using the LAN IP of the appliance instead of the WAN IP. Currently, those requests are trying to be sent down the tunnel using the WAN IP which could be any private IP on the home user's network. I don't want to define the user's home networks as part of the encryption domain so if there is some kind of workaround to use the SMB's LAN IP to send those requests, that'd be great. Any ideas on this?