Kerio Tech Firewall6 User Manual

23.6 Example of a more complex Kerio VPN configuration

357

3.

Customize DNS configuration as follows:

•

In configuration of the DNS Forwarder in WinRoute, specify DNS servers to which

DNS queries which are not addressed to the company.com domain will be for-

warded (primary and secondary DNS server of the Internet connection provider

by default).

Figure 23.57

The Paris filial office — DNS forwarder configuration

•

Enable the Use custom forwarding option and define rules for names in the

company.com

and filial1.company.com domains. Specify the server for DNS

forwarding by the IP address of the remote firewall host’s interface (i.e. interface

connected to the local network at the other end of the tunnel).

Figure 23.58

The Paris filial office — DNS forwarding settings

•

Set the IP address of this interface (172.16.1.1) as a primary DNS server for the

WinRoute host’s interface connected to the LAN 1 local network. It is not necessary

to set DNS at the interface connected to LAN 2.

•

Set the IP address 172.16.1.1 as a primary DNS server also for the other hosts.

4.

Enable the VPN server and configure its SSL certificate (create a self-signed certificate if no

certificate provided by a certification authority is available).