Kerio Tech Firewall6 User Manual
Page 338
Chapter 23
Kerio VPN
338
tunnels (so called triangle pattern). This example can be then adapted and applied to any
number of interconnected private networks.
The example focuses configuration of VPN tunnels and correct setting of routing between in-
dividual private networks (it does not include access restrictions). Access restrictions options
within VPN are described by the example in chapter
Specification
The network follows the pattern shown in figure
Figure 23.31
Example of a VPN configuration — a company with two filials
The server (default gateway) uses the fixed IP address 63.55.21.12 (DNS name is
gw-newyork.company.com
). The server of one filial uses the IP address 115.95.27.55 (DNS
name gw-london.company.com), the other filial’s server uses a dynamic IP address assigned
by the ISP.
The
headquarters
uses
the
DNS
domain
company.com
,
filials
use
subdomains
santaclara.company.com
and newyork.company.com.
Configuration of individual
local networks and the IP addresses used are shown in the figure.
Common method
The following actions must be taken in all local networks (i.e. in the main office and both
filials):
1.
WinRoute in version 6.1.0 or higher must be installed at the default gateway. Older
versions do not allow setting of routing for VPN tunnels. Therefore, they cannot be used
for this VPN configuration (see figure