Chapter 23 Kerio VPN
290
Note: Remote VPN clients connecting toWinRoute are included toward the number of persons
using the license (see chapters 4and 4.6). Be aware of this fact when deciding on what license
type should be purchased (or whether an add-on for upgrade to a higher number of users for
the license should be bought).
Hint:
VPN clients correctly connected to the firewall can be overviewed in the Administration Con-
sole, section Status →VPN clients. For details, see chapter 19.3.
Basic configuration of traffic rules for VPN clients
Figure23.7 Commontraffic rules for VPN clients
•The first rule allows connection to the VPN server in WinRoute from the Internet.
To restrict the number of IP addresses from which connection to the VPN server will
be allowed, edit the Source entry.
By default, the Kerio VPN service is defined for TCP and UDP protocols, port 4090. If
the VPN server is running at another port, this service must be redefined.
•The second rule allows communication between the firewall, local network and VPN
clients.
If the rules are set like this, all VPN clients can access local networks and vice versa (all local
hosts can communicate with all VPN clients). To restrict the type of network access available
to VPN clients, special rules must be defined. A few alternatives of the restrictions settings
within Kerio VPN are focused in chapter 23.5.
Note:
1. If the Network Rules Wizard is used to create traffic rules, the described rules can be gen-
erated automatically (including matching of VPN clients with the Source and Destination
items). To generate the rules automatically, select Yes, I want to use Kerio VPN in Step 5.
For details, see chapter 7.1.
2. For access to the Internet, VPN clients use their current Internet connections. VPN clients
are not allowed to connect to the Internet via WinRoute (configuration of default gateway
of clients cannot be defined).
3. For detailed information about traffic rules, refer to chapter 7.