21.6 Example of a more complex Kerio VPN configuration
If the remote endpoint of the tunnel has already been defined, check whether the tunnel was created. If not, refer to the Error log, check fingerprints of the certificates and also availability of the remote server.
6.Follow the same method to define a tunnel and set routing to the other remote network.
7.Allow traffic between the local and the remote networks. To allow any traffic, just add the created VPN tunnels to the Source and Destination items in the Local traf- fic rule. Access restrictions options within VPN are described by the example in chapter 21.5.
8.Test reachability of remote hosts in both remote networks. To perform the test, use the ping and tracert system commands. Test availability of remote hosts both through IP addresses and DNS names.
If a remote host is tested through IP address and it does not respond, check config- uration of the traffic rules or/and find out whether the subnets do not collide (i.e. whether the same subnet is not used at both ends of the tunnel).
If an IP address is tested successfully and an error is reported (Unknown host) when a corresponding DNS name is tested, then check configuration of the DNS.
The following sections provide detailed description of the Kerio VPN configuration both for the headquarter and the filial offices.
Headquarters configuration
1.Install WinRoute (version 6.1.0 or higher) at the default gateway of the headquarters network.
2.Use Network Rules Wizard (see chapter 6.1) to configure the basic traffic policy in WinRoute. To keep the example as simple as possible, it is supposed that the access from the local network to the Internet is not restricted, i.e. that access to all services is allowed in step 4.
In step 5, select Create rules for Kerio VPN server. Status of the Create rules for Kerio Clientless
This step will create rules for connection of the VPN server as well as for communi- cation of VPN clients with the local network (through the firewall).