21.5 Example of Kerio VPN configuration: company with a filial office
321
5. Create a passive end of the VPN tunnel (the server of the branch office uses a dy-
namic IP address). Specify the remote endpoint’s fingerprint by the fingerprint of
the certificate of the branch office VPN server.
Figure 21.20 Headquarter — definition of VPN tunnel for a filial office
6. Customize traffic rules according to the restriction requirements.
• In the Local Traffic rule, remove all items except those belonging to the local
network of the company headquarters, i.e. except the firewall and LAN 1 and
LAN 2.
• Define (add) the VPN clients rule which will allow VPN clients to connect to LAN 1
and to the network of the branch office (via the VPN tunnel).