Kerio Tech Firewall6 Network Router User Manual


 
21.6 Example of a more complex Kerio VPN configuration
331
If the remote endpoint of the tunnel has already been defined, check whether the
tunnel was created. If not, refer to the Error log, check fingerprints of the certificates
and also availability of the remote server.
6. Follow the same method to define a tunnel and set routing to the other remote
network.
7. Allow traffic between the local and the remote networks. To allow any traffic, just
add the created VPN tunnels to the Source and Destination items in the Local traf-
fic rule. Access restrictions options within VPN are described by the example in
chapter 21.5.
8. Test reachability of remote hosts in both remote networks. To perform the test, use
the ping and tracert system commands. Test availability of remote hosts both
through IP addresses and DNS names.
If a remote host is tested through IP address and it does not respond, check config-
uration of the traffic rules or/and find out whether the subnets do not collide (i.e.
whether the same subnet is not used at both ends of the tunnel).
If an IP address is tested successfully and an error is reported (Unknown host) when
a corresponding DNS name is tested, then check configuration of the DNS.
The following sections provide detailed description of the Kerio VPN configuration both
for the headquarter and the filial offices.
Headquarters configuration
1. Install WinRoute (version 6.1.0 or higher) at the default gateway of the headquarters
network.
2. Use Network Rules Wizard (see chapter 6.1) to configure the basic traffic policy in
WinRoute. To keep the example as simple as possible, it is supposed that the access
from the local network to the Internet is not restricted, i.e. that access to all services
is allowed in step 4.
In step 5, select Create rules for Kerio VPN server. Status of the Create rules for Kerio
Clientless SSL-VPN option is irrelevant (this example does not include Clientless SSL-
VPN interface’s issues).
This step will create rules for connection of the VPN server as well as for communi-
cation of VPN clients with the local network (through the firewall).