Kerio Tech Firewall6 Network Router User Manual


 
Chapter 21 Kerio VPN
326
Figure 21.28 Filial office VPN server configuration
For a detailed description on the VPN server configuration, refer to chapter 21.1.
5. Create an active endpoint of the VPN tunnel which will connect to the headquar-
ters server (newyork.company.com). Use the fingerprint of the VPN server of the
headquarters as a specification of the fingerprint of the remote SSL certificate.
At this point, connection should be established (i.e. the tunnel should be created).
If connected successfully, the Connected status will be reported in the Adapter info
column for both ends of the tunnel. If the connection cannot be established, we
recommend you to check the configuration of the traffic rules and test availability
of the remote server in our example, the ping newyork.company.com command
can be used at the branch office server.
Note: If a collision of VPN network and the remote network is detected upon creation
of the VPN tunnel, select an appropriate free subnet and specify its parameters at
the VPN server (see Step 4).
For detailed information on how to create VPN tunnels, see chapter
21.3.
6. Add the new VPN tunnel into the Local Traffic rule. It is also possible to remove
the Dial-In interface and the VPN clients group from this rule (VPN clients are not
allowed to connect to the branch office).