Kerio Tech KERIO WINROUTE FIREWALL 6 User Manual
Page 308
Chapter 23
Kerio VPN
308
certificate provided by a certification authority is available).
Note: A free subnet which has been selected is now specified automatically in the VPN
network and Mask entries.
Figure 23.27
Filial office — VPN server configuration
For a detailed description on the VPN server configuration, refer to chapter
5.
Create an active endpoint of the VPN tunnel which will connect to the headquarters server
(newyork.company.com). Use the fingerprint of the VPN server of the headquarters as a
specification of the fingerprint of the remote SSL certificate.
At this point, connection should be established (i.e. the tunnel should be created). If
connected successfully, the Connected status will be reported in the Adapter info column
for both ends of the tunnel. If the connection cannot be established, we recommend you
to check the configuration of the traffic rules and test availability of the remote server
— in our example, the ping newyork.company.com command can be used at the branch
office server.
Note: If a collision of VPN network and the remote network is detected upon creation of
the VPN tunnel, select an appropriate free subnet and specify its parameters at the VPN
server (see Step 4).
For detailed information on how to create VPN tunnels, see chapter
.
6.
Add the new VPN tunnel into the Local Traffic rule. It is also possible to remove the Dial-In
interface and the VPN clients group from this rule (VPN clients are not allowed to connect
to the branch office).