Kerio Tech KERIO WINROUTE FIREWALL 6 User Manual

Chapter 23

Kerio VPN

298

The server (default gateway) of the headquarters uses the public IP address 63.55.21.12 (DNS

name is newyork.company.com), the server of the branch office uses a dynamic IP address

assigned by DHCP.

The local network of the headquarters consists of two subnets, LAN 1 and LAN 2. The head-

quarters uses the company.com DNS domain.

The network of the branch office consists of one subnet only (LAN). The branch office

filial.company.com

.

Figure

23.13

provides a scheme of the entire system, including IP addresses and the VPN

tunnels that will be built.

Figure 23.13

Example — interconnection of the headquarter and

a filial office by VPN tunnel (connection of VPN clients is possible)

Suppose that both networks are already deployed and set according to the figure and that the

Internet connection is available.

Traffic between the network of the headquarters, the network of the branch office and VPN

clients will be restricted according to the following rules:

1.

VPN clients can connect to the LAN 1 and to the network of the branch office.

2.

Connection to VPN clients is disabled for all networks.

3.

Only the LAN 1 network is available from the branch office. In addition to this, only the

WWW, FTP and Microsoft SQL services are available.

4.

No restrictions are applied for connections from the headquarters to the branch office

network.

5.

LAN 2

is not available to the branch office network nor to VPN clients.