Example of a more complex kerio vpn configuration – Kerio Tech Firewall6 User Manual

Page 337

Advertising
background image

23.6 Example of a more complex Kerio VPN configuration

337

6.

Add the new VPN tunnel into the Local Traffic rule. It is also possible to remove the Dial-In

interface and the VPN clients group from this rule (VPN clients are not allowed to connect

to the branch office).

Figure 23.30

Filial office — final traffic rules

Note: It is not necessary to perform any other customization of traffic rules. The required

restrictions should be already set in the traffic policy at the server of the headquarters.

VPN test

Configuration of the VPN tunnel has been completed by now. At this point, it is recommended

to test availability of the remote hosts from each end of the tunnel (from both local networks).

For example, the ping or/and tracert operating system commands can be used for this

testing. It is recommended to test availability of remote hosts both through IP addresses and

DNS names.

If a remote host is tested through IP address and it does not respond, check configuration

of the traffic rules or/and find out whether the subnets do not collide (i.e. whether the same

subnet is not used at both ends of the tunnel).

If an IP address is tested successfully and an error is reported (Unknown host) when a corre-

sponding DNS name is tested, then check configuration of the DNS.

23.6 Example of a more complex Kerio VPN configuration

In this chapter, an example of a more complex VPN configuration is provided where redundant

routes arise between interconnected private networks (i.e. multiple routes exist between two

networks that can be used for transfer of packets).

The only difference of Kerio VPN configuration between this type and VPN with no redundant

routes (see chapter

23.5

) is setting of routing between endpoints of individual tunnels. In

such a case, it is necessary to set routing between individual endpoints of VPN tunnels by

hand. Automatic route exchange is inconvenient since Kerio VPN uses no routing protocol and

the route exchange is based on comparison of routing tables at individual endpoints of the

VPN tunnel (see also chapter

23.4

). If the automatic exchange is applied, the routing will not

be ideal!

For better reference, the configuration is here described by an example of a company with

a headquarters and two filial offices with their local private network interconnected by VPN

Advertising
Popular Brands
Popular manuals