Kerio Tech KERIO WINROUTE FIREWALL 6 User Manual

Chapter 23

Kerio VPN

306

In this case, it would be meaningless to create rules for the Kerio VPN server and/or the

Kerio Clientless SSL-VPN, since the server uses a dynamic public IP address). Therefore,

leave these options disabled in step 5.

Figure 23.23

A filial — it is not necessary to create rules for the Kerio VPN server

This step will create rules for connection of the VPN server as well as for communication

of VPN clients with the local network (through the firewall).

Figure 23.24

Filial office — default traffic rules for Kerio VPN

When the VPN tunnel is created, customize these rules according to the restriction re-

quirements (Step 6).

3.

Customize DNS configuration as follows:

•

In the WinRoute’s DNS module configuration, enable DNS forwarder (forwarding

of DNS requests to other servers).

•

Enable the Use custom forwarding option and define rules for names in the

filial.company.com

domain. Specify the server for DNS forwarding by the IP

address of the remote firewall host’s interface (i.e. interface connected to the

local network at the other end of the tunnel).

•

Set the IP address of this interface (192.168.1.1) as a primary DNS server for the

WinRoute host’s interface connected to the local network.