Kerio Tech KERIO WINROUTE FIREWALL 6 User Manual

Page 297

Advertising
background image

23.5 Example of Kerio VPN configuration: company with a filial office

297

Routes provided automatically

Unless any custom routes are defined, the following rules apply to the interchange of routing

information:

default routes as well as routes to networks with default gateways are not exchanged

(default gateway cannot be changed for remote VPN clients and/or for remote end-

points of a tunnel),

routes to subnets which are identical for both sides of a tunnel are not exchanged

(routing of local and remote networks with identical IP ranges is not allowed).

other routes (i.e. routes to local subnets at remote ends of VPN tunnels excluding the

cases described above, all other VPN and all VPN clients) are exchanged.

Note: As implied from the description provided above, if two VPN tunnels are created, com-

munication between these two networks is possible. The traffic rules can be configured so that

connection to the local network will be disabled for both these remote networks.

Update of routing tables

Routing information is exchanged:

when a VPN tunnel is connected or when a VPN client is connected to the server,

when information in a routing table at any side of the tunnel (or at the VPN server) is

changed,

periodically, every 10 minutes. The timeout starts upon each update (regardless of

the update reason).

23.5 Example of Kerio VPN configuration: company with a filial office

This chapter provides a detailed exemplary description on how to create an encrypted tunnel

connecting two private networks using the Kerio VPN.

This example can be easily customized. The method described can be used in cases where no

redundant routes arise by creating VPN tunnels (i.e. multiple routes between individual private

networks). Configuration of VPN with redundant routes (typically in case of a company with

two or more filials) is described in chapter

23.6

.

Note: This example describes a more complicated pattern of VPN with access restrictions for

individual local networks and VPN clients. An example of basic VPN configuration is provided

in the Kerio WinRoute Firewall — Step By Step Configuration document.

Specification

Supposing a company has its headquarters in New York and a branch office in London. We

intend to interconnect local networks of the headquarters by a VPN tunnel using the Kerio

VPN. VPN clients will be allowed to connect to the headquarters network.

Advertising
Popular Brands
Popular manuals