Kerio Tech Firewall6 User Manual

Chapter 23

Kerio VPN

324

networks). Configuration of VPN with redundant routes (typically in case of a company with

two or more filials) is described in chapter

23.6

.

Note: This example describes a more complicated pattern of VPN with access restrictions for

individual local networks and VPN clients. An example of basic VPN configuration is provided

in the Kerio WinRoute Firewall — Step By Step Configuration document.

Specification

Supposing a company has its headquarters in New York and a branch office in London. We

intend to interconnect local networks of the headquarters by a VPN tunnel using the Kerio

VPN. VPN clients will be allowed to connect to the headquarters network.

The server (default gateway) of the headquarters uses the public IP address 63.55.21.12 (DNS

name is newyork.company.com), the server of the branch office uses a dynamic IP address

assigned by DHCP.

The local network of the headquarters consists of two subnets, LAN 1 and LAN 2. The head-

quarters uses the company.com DNS domain.

The network of the branch office consists of one subnet only (LAN). The branch office

filial.company.com

.

Figure

23.12

provides a scheme of the entire system, including IP addresses and the VPN

tunnels that will be built.

Figure 23.12

Example — interconnection of the headquarter and

a filial office by VPN tunnel (connection of VPN clients is possible)