Chapter 23
Kerio VPN
310
VPN test
Configuration of the VPN tunnel has been completed by now. At this point, it is recommended
to test availability of the remote hosts from each end of the tunnel (from both local networks).
For example, the
ping
or/and
tracert
operating system commands can be used for this
testing. It is recommended to test availability of remote hosts both through IP addresses and
DNS names.
If a remote host is tested through IP address and it does not respond, check configuration
of the traffic rules or/and find out whether the subnets do not collide (i.e. whether the same
subnet is not used at both ends of the tunnel).
If an IP address is tested successfully and an error is reported (
Unknown host
) when a corre-
sponding DNS name is tested, then check configuration of the DNS.
23.6 Example of a more complex Kerio VPN configuration
In this chapter, an example of a more complex VPN configuration is provided where redundant
routes arise between interconnected private networks (i.e. multiple routes exist between two
networks that can be used for transfer of packets).
The only difference of
Kerio VPN
configuration between this type and VPN with no redundant
routes (see chapter
) is setting of routing between endpoints of individual tunnels. In
such a case, it is necessary to set routing between individual endpoints of VPN tunnels by
hand. Automatic route exchange is inconvenient since
Kerio VPN
uses no routing protocol and
the route exchange is based on comparison of routing tables at individual endpoints of the
VPN tunnel (see also chapter
). If the automatic exchange is applied, the routing will not
be ideal!
For better reference, the configuration is here described by an example of a company with
a headquarters and two filial offices with their local private network interconnected by VPN
tunnels (so called triangle pattern). This example can be then adapted and applied to any
number of interconnected private networks.
The example focuses configuration of VPN tunnels and correct setting of routing between in-
dividual private networks (it does not include access restrictions). Access restrictions options
within VPN are described by the example in chapter
.
Specification
The network follows the pattern shown in figure
The server (default gateway) uses the fixed IP address
63.55.21.12
(DNS name is
gw-newyork.company.com
). The server of one filial uses the IP address
115.95.27.55
(DNS
name
gw-london.company.com
), the other filial’s server uses a dynamic IP address assigned
by the ISP.
Summary of Contents for KERIO WINROUTE FIREWALL 6
Page 1: ...Kerio WinRoute Firewall 6 Administrator s Guide Kerio Technologies s r o...
Page 157: ...12 3 Content Rating System Kerio Web Filter 157 Figure 12 7 Kerio Web Filter rule...
Page 247: ...19 4 Alerts 247 Figure 19 14 Details of a selected event...
Page 330: ...Chapter 23 Kerio VPN 330 Figure 23 55 The Paris filial office VPN server configuration...
Page 368: ...368...