Exchange of routing information, 4 exchange of routing information – Kerio Tech Firewall6 User Manual

Page 322

Advertising
background image

Chapter 23

Kerio VPN

322

Figure 23.11

Common traffic rules for VPN tunnel

2.

Traffic rules set by this method allow full IP communication between the local network,

remote network and all VPN clients. For access restrictions, define corresponding traffic

rules (for local traffic, VPN clients, VPN tunnel, etc.). Examples of traffic rules are provided

in chapter

23.5

.

23.4 Exchange of routing information

An automatic exchange of routing information (i.e. of data informing about routes to local

subnets) is performed between endpoints of any VPN tunnel (or between the VPN server and

a VPN client). thus, routing tables at both sides of the tunnel are still kept updated.

Routing configuration options

Under usual circumstances, it is not necessary to define any custom routes — particular routes

will be added to the routing tables automatically when configuration is changed at any side

of the tunnel (or at the VPN server). However, if a routing table at any side of the VPN tunnel

includes invalid routes (e.g. specified by the administrator), these routes are also interchanged.

This might make traffic with some remote subnets impossible and overload VPN tunnel by too

many control messages.

A similar problem may occur in case of a VPN client connecting to the WinRoute’s VPN server.

To avoid the problems just described, it is possible to go to the VPN tunnel definition dialog

(see chapter

23.3

) or to the VPN server settings dialog (refer to chapter

23.1

) to set which

routing data will be used and define custom routes.

Kerio VPN uses the following methods to pass routing information:

Routes provided automatically by the remote endpoint (set as default) — routes to

remote networks are set automatically with respect to the information provided by

the remote endpoint. If this option is selected, no additional settings are necessary

unless problems regarding invalid routes occur (see above).

Both automatically provided and custom routes — routes provided automatically are

complemented by custom routes defined at the local endpoint. In case of any colli-

Advertising
Popular Brands
Popular manuals