Kerio Tech KERIO WINROUTE FIREWALL 6 User Manual

Page 308

Advertising
background image

Chapter 23

Kerio VPN

308

certificate provided by a certification authority is available).

Note: A free subnet which has been selected is now specified automatically in the VPN

network and Mask entries.

Figure 23.27

Filial office — VPN server configuration

For a detailed description on the VPN server configuration, refer to chapter

23.1

.

5.

Create an active endpoint of the VPN tunnel which will connect to the headquarters server

(newyork.company.com). Use the fingerprint of the VPN server of the headquarters as a

specification of the fingerprint of the remote SSL certificate.

At this point, connection should be established (i.e. the tunnel should be created). If

connected successfully, the Connected status will be reported in the Adapter info column

for both ends of the tunnel. If the connection cannot be established, we recommend you

to check the configuration of the traffic rules and test availability of the remote server

— in our example, the ping newyork.company.com command can be used at the branch

office server.

Note: If a collision of VPN network and the remote network is detected upon creation of

the VPN tunnel, select an appropriate free subnet and specify its parameters at the VPN

server (see Step 4).

For detailed information on how to create VPN tunnels, see chapter

23.3

.

6.

Add the new VPN tunnel into the Local Traffic rule. It is also possible to remove the Dial-In

interface and the VPN clients group from this rule (VPN clients are not allowed to connect

to the branch office).

Advertising