Chapter 23
Kerio VPN
296
2.
Traffic rules set by this method allow full IP communication between the local network,
remote network and all VPN clients. For access restrictions, define corresponding traffic
rules (for local traffic, VPN clients, VPN tunnel, etc.). Examples of traffic rules are provided
in chapter
23.4 Exchange of routing information
An automatic exchange of routing information (i.e. of data informing about routes to local
subnets) is performed between endpoints of any VPN tunnel (or between the VPN server and
a VPN client). Thus, routing tables at both sides of the tunnel are always kept up-to-date.
Routing configuration options
Under usual circumstances, it is not necessary to define any custom routes — particular routes
will be added to the routing tables automatically when configuration is changed at any side
of the tunnel (or at the VPN server). However, if a routing table at any side of the VPN tunnel
includes invalid routes (e.g. specified by the administrator), these routes are also interchanged.
This might make traffic with some remote subnets impossible and overload VPN tunnel by too
many control messages.
A similar problem may occur in case of a VPN client connecting to the
WinRoute’s
VPN server.
To avoid the problems just described, it is possible to go to the VPN tunnel definition dialog
(see chapter
) or to the VPN server settings dialog (refer to chapter
) to set which
routing data will be used and define custom routes.
Kerio VPN
uses the following methods to pass routing information:
•
Routes provided automatically by the remote endpoint
(set as default) — routes to
remote networks are set automatically with respect to the information provided by
the remote endpoint. If this option is selected, no additional settings are necessary
unless problems regarding invalid routes occur (see above).
•
Both automatically provided and custom routes
— routes provided automatically are
complemented by custom routes defined at the local endpoint. In case of any colli-
sions, custom routes are used as prior. This option easily solves the problem where
a remote endpoint provides one or more invalid route(s).
•
Custom routes only
— all routes to remote networks must be set manually at the local
endpoint of the tunnel. This alternative eliminates adding of invalid routes provided
by a remote endpoint to the local routing table. However, it is quite demanding from
the administrator’s point of view (any change in the remote network’s configuration
requires modification of custom routes).
Summary of Contents for KERIO WINROUTE FIREWALL 6
Page 1: ...Kerio WinRoute Firewall 6 Administrator s Guide Kerio Technologies s r o...
Page 157: ...12 3 Content Rating System Kerio Web Filter 157 Figure 12 7 Kerio Web Filter rule...
Page 247: ...19 4 Alerts 247 Figure 19 14 Details of a selected event...
Page 330: ...Chapter 23 Kerio VPN 330 Figure 23 55 The Paris filial office VPN server configuration...
Page 368: ...368...