Kerio Tech KERIO WINROUTE FIREWALL 6 User Manual
Page 300
Chapter 23
Kerio VPN
300
6.
In traffic rules, allow traffic between the local network, remote network and VPN clients
and set desirable access restrictions. In this network configuration, all desirable restric-
tions can be set at the headquarter’s server. Therefore, only traffic between the local
network and the VPN tunnel will be enabled at the filial’s server.
7.
Test reachability of remote hosts from each local network. To perform the test, use the
ping
and tracert system commands. Test availability of remote hosts both through IP
addresses and DNS names.
If a remote host is tested through IP address and it does not respond, check configuration
of the traffic rules or/and find out whether the subnets do not collide (i.e. whether the
same subnet is not used at both ends of the tunnel).
If an IP address is tested successfully and an error is reported (Unknown host) when a cor-
responding DNS name is tested, then check configuration of the DNS.
The following sections provide detailed description of the Kerio VPN configuration both for
the headquarter and the filial offices.
Headquarters configuration
1.
Install WinRoute (version 6.0.0 or later) at the headquarter’s default gateway (“server”).
2.
Use Network Rules Wizard (see chapter
) to configure the basic traffic policy in WinRoute.
To keep the example as simple as possible, it is supposed that the access from the local
network to the Internet is not restricted, i.e. that access to all services is allowed in step 4.
Figure 23.14
Headquarters — no restrictions are applied to accessing the Internet from the LAN