Kerio Tech Firewall6 User Manual
Page 321
23.3 Interconnection of two private networks via the Internet (VPN tunnel)
321
Connection establishment
Active endpoints automatically attempt to recover connection whenever they detect that the
corresponding tunnel has been disconnected (the first connection establishment is attempted
immediately after the tunnel is defined and upon clicking the Apply button in Configuration
→ Interfaces, i.e. when the corresponding traffic is allowed — see below).
VPN tunnels can be disabled by the Disable button. Both endpoints should be disabled while
the tunnel is being disabled.
Note: VPN tunnels keeps their connection (by sending special packets in regular time intervals)
even if no data is transmitted. This feature protects tunnels from disconnection by other
firewalls or network devices between ends of tunnels.
Traffic Policy Settings for VPN
Once the VPN tunnel is created, it is necessary to allow traffic between the LAN and the network
connected by the tunnel and to allow outgoing connection for the Kerio VPN service (from
the firewall to the Internet). If basic traffic rules are already created by the wizard (refer to
chapter
), simply add a corresponding VPN tunnel into the Local Traffic rule and the Kerio
VPN service to the Firewall traffic. The resulting traffic rules are shown at figure
.
Figure 23.10
Traffic Policy Settings for VPN
Note:
1.
To keep examples in this guide as simple as possible, it is supposed that the Firewall traffic
rule allows to access any service at the firewall (see figure
). Under these conditions,
it is not necessary to add the Kerio VPN service to the rule.