Kerio Tech KERIO WINROUTE FIREWALL 6 User Manual

Page 300

Advertising
background image

Chapter 23

Kerio VPN

300

6.

In traffic rules, allow traffic between the local network, remote network and VPN clients

and set desirable access restrictions. In this network configuration, all desirable restric-

tions can be set at the headquarter’s server. Therefore, only traffic between the local

network and the VPN tunnel will be enabled at the filial’s server.

7.

Test reachability of remote hosts from each local network. To perform the test, use the

ping

and tracert system commands. Test availability of remote hosts both through IP

addresses and DNS names.

If a remote host is tested through IP address and it does not respond, check configuration

of the traffic rules or/and find out whether the subnets do not collide (i.e. whether the

same subnet is not used at both ends of the tunnel).

If an IP address is tested successfully and an error is reported (Unknown host) when a cor-

responding DNS name is tested, then check configuration of the DNS.

The following sections provide detailed description of the Kerio VPN configuration both for

the headquarter and the filial offices.

Headquarters configuration

1.

Install WinRoute (version 6.0.0 or later) at the headquarter’s default gateway (“server”).

2.

Use Network Rules Wizard (see chapter

7.1

) to configure the basic traffic policy in WinRoute.

To keep the example as simple as possible, it is supposed that the access from the local

network to the Internet is not restricted, i.e. that access to all services is allowed in step 4.

Figure 23.14

Headquarters — no restrictions are applied to accessing the Internet from the LAN

Advertising