Kerio Tech Firewall6 Network Router User Manual


 
Chapter 21 Kerio VPN
304
HINT: Use the 255.255.255.255 network mask to define a route to a certain host.
This can be helpful for example when a route to a host in the demilitarized zone at
the VPN server’s side is being added.
21.2 Configuration of VPN clients
The following conditions must be met to enable connection of remote clients to local
networks via encrypted channels:
The Kerio VPN Client must be installed at remote clients (for detailed description,
refer to a stand-alone document, Kerio VPN Client User Guide).
Users whose accounts are used for authentication to Kerio VPN Client must possess
rights enabling them connect to the VPN server in WinRoute (see chapter 13.113.1).
Connection to the VPN server from the Internet as well as communication between
VPN clients must be allowed by traffic rules.
Note: Remote VPN clients connecting toWinRoute are included toward the number of
persons using the license (see chapters 4 and 4.6). Be aware of this fact when deciding
what license type should be bought (or whether an upgrade to a higher number of users
should be bought).
Basic configuration of traffic rules for VPN clients
Figure 21.6 Common traffic rules for VPN clients
The first rule allows communication between the firewall, local network and VPN
clients.
The second rule allows connection to the VPN server in WinRoute from the Internet.
To restrict the number of IP addresses from which connection to the VPN server will
be allowed, edit the Source entry.
By default, the Kerio VPN service is defined for TCP and UDP protocols, port 4090. If
the VPN server is running at another port, this service must be redefined.