Kerio Tech KERIO WINROUTE FIREWALL 6 User Manual
Page 304
Chapter 23
Kerio VPN
304
5.
Create a passive end of the VPN tunnel (the server of the branch office uses a dynamic IP
address). Specify the remote endpoint’s fingerprint by the fingerprint of the certificate of
the branch office VPN server.
Figure 23.20
Headquarter — definition of VPN tunnel for a filial office
6.
Customize traffic rules according to the restriction requirements.
•
In the Local Traffic rule, remove all items except those belonging to the local
network of the company headquarters, i.e. except the firewall and LAN 1 and
LAN 2
.
•
Define (add) the VPN clients rule which will allow VPN clients to connect to LAN 1
and to the network of the branch office (via the VPN tunnel).
•
Create the Branch office rule which will allow connections to services in LAN 1.
•
Add the Company headquarters rule allowing connections from both headquar-
ters subnets to the branch office network..