
Chapter 21 Kerio VPN
HINT: Use the 255.255.255.255 network mask to define a route to a certain host. This can be helpful for example when a route to a host in the demilitarized zone at the VPN server’s side is being added.
21.2 Configuration of VPN clients
The following conditions must be met to enable connection of remote clients to local networks via encrypted channels:
•The Kerio VPN Client must be installed at remote clients (for detailed description, refer to a
•Users whose accounts are used for authentication to Kerio VPN Client must possess rights enabling them connect to the VPN server in WinRoute (see chapter 13.113.1).
•Connection to the VPN server from the Internet as well as communication between VPN clients must be allowed by traffic rules.
Note: Remote VPN clients connecting toWinRoute are included toward the number of persons using the license (see chapters 4 and 4.6). Be aware of this fact when deciding what license type should be bought (or whether an upgrade to a higher number of users should be bought).
Basic configuration of traffic rules for VPN clients
Figure 21.6 Common traffic rules for VPN clients
•The first rule allows communication between the firewall, local network and VPN clients.
•The second rule allows connection to the VPN server in WinRoute from the Internet.
To restrict the number of IP addresses from which connection to the VPN server will be allowed, edit the Source entry.
By default, the Kerio VPN service is defined for TCP and UDP protocols, port 4090. If the VPN server is running at another port, this service must be redefined.