Kerio Tech KERIO WINROUTE FIREWALL 6 User Manual

23.6 Example of a more complex Kerio VPN configuration

311

The

headquarters

uses

the

DNS

domain

company.com

,

filials

use

subdomains

santaclara.company.com

and newyork.company.com.

Configuration of individual

local networks and the IP addresses used are shown in the figure.

Figure 23.30

Example of a VPN configuration — a company with two filials

Common method

The following actions must be taken in all local networks (i.e. in the main office and both

filials):

1.

WinRoute in version 6.1.0 or higher must be installed at the default gateway. Older

versions do not allow setting of routing for VPN tunnels. Therefore, they cannot be used

for this VPN configuration (see figure

23.30

).

Note: For each installation of WinRoute, a separate license for corresponding number of

users is required! For details see chapter

4

.

2.

Configure and test connection of the local network to the Internet. Hosts in the local net-

work must use the WinRoute host’s IP address as the default gateway and as the primary

DNS server.

If it is a new (clean) WinRoute installation, it is possible to use the traffic rule wizard (refer

to chapter

7.1

).

For detailed description of basic configuration of WinRoute and of the local network, refer

to the Kerio WinRoute Firewall — Step By Step document.

3.

In configuration of the DNS module, set DNS forwarding rules for domains of the other

filials. This enables to access hosts in the remote networks by using their DNS names

(otherwise, it is necessary to specify remote hosts by IP addresses).