23.5 Example of Kerio VPN configuration: company with a filial office
297
Routes provided automatically
Unless any custom routes are defined, the following rules apply to the interchange of routing
information:
•
default routes as well as routes to networks with default gateways are not exchanged
(default gateway cannot be changed for remote VPN clients and/or for remote end-
points of a tunnel),
•
routes to subnets which are identical for both sides of a tunnel are not exchanged
(routing of local and remote networks with identical IP ranges is not allowed).
•
other routes (i.e. routes to local subnets at remote ends of VPN tunnels excluding the
cases described above, all other VPN and all VPN clients) are exchanged.
Note:
As implied from the description provided above, if two VPN tunnels are created, com-
munication between these two networks is possible. The traffic rules can be configured so that
connection to the local network will be disabled for both these remote networks.
Update of routing tables
Routing information is exchanged:
•
when a VPN tunnel is connected or when a VPN client is connected to the server,
•
when information in a routing table at any side of the tunnel (or at the VPN server) is
changed,
•
periodically, every 10 minutes. The timeout starts upon each update (regardless of
the update reason).
23.5 Example of Kerio VPN configuration: company with a filial office
This chapter provides a detailed exemplary description on how to create an encrypted tunnel
connecting two private networks using the
Kerio VPN
.
This example can be easily customized. The method described can be used in cases where no
redundant routes arise by creating VPN tunnels (i.e. multiple routes between individual private
networks). Configuration of VPN with redundant routes (typically in case of a company with
two or more filials) is described in chapter
Note:
This example describes a more complicated pattern of VPN with access restrictions for
individual local networks and VPN clients. An example of basic VPN configuration is provided
in the
Kerio WinRoute Firewall — Step By Step Configuration
document.
Specification
Supposing a company has its headquarters in New York and a branch office in London. We
intend to interconnect local networks of the headquarters by a VPN tunnel using the
Kerio
VPN
. VPN clients will be allowed to connect to the headquarters network.
Содержание KERIO WINROUTE FIREWALL 6
Страница 1: ...Kerio WinRoute Firewall 6 Administrator s Guide Kerio Technologies s r o...
Страница 157: ...12 3 Content Rating System Kerio Web Filter 157 Figure 12 7 Kerio Web Filter rule...
Страница 189: ...14 4 URL Groups 189 Description The item s description comments and notes for the administrator...
Страница 247: ...19 4 Alerts 247 Figure 19 14 Details of a selected event...
Страница 330: ...Chapter 23 Kerio VPN 330 Figure 23 55 The Paris filial office VPN server configuration...
Страница 368: ...368...