23.6 Example of a more complex Kerio VPN configuration
311
The headquarters uses the DNS domain company.com, filials use subdomains
santaclara.company.com and newyork.company.com. Configuration of individual
local networks and the IP addresses used are shown in the figure.
Figure23.30 Exampleof a VPN configuration — a company with two filials
Common method
The following actions must be taken in all local networks (i.e. in the main office and both
filials):
1. WinRoute in version 6.1.0 or higher must be installed at the default gateway. Older
versions do not allow setting of routing for VPN tunnels. Therefore, they cannot be used
for this VPN configuration (see figure 23.30).
Note: For each installation of WinRoute, a separate license for corresponding number of
users is required! For details see chapter 4.
2. Configure and test connection of the local network to the Internet. Hosts in the local net-
work must use the WinRoute host’s IP address as the default gateway and as the primary
DNS server.
If it is a new (clean) WinRoute installation, it is possible to use the traffic rule wizard (refer
to chapter 7.1).
For detailed description of basic configuration of WinRoute and of the local network, refer
to the Kerio WinRoute Firewall — Step By Step document.
3. In configuration of the DNS module, set DNS forwarding rules for domains of the other
filials. This enables to access hosts in the remote networks by using their DNS names
(otherwise, it is necessary to specify remote hosts by IP addresses).