Chapter 21 Kerio VPN
336
5. Create a passive endpoint of the VPN tunnel connected to the London filial. Use
the fingerprint of the VPN server of the London filial office as a specification of the
fingerprint of the remote SSL certificate.
Figure 21.39 Headquarter — definition of VPN tunnel for the London filial
On the Advanced tab, select the Use custom routes only option and set routes to the
subnets at the remote endpoint of the tunnel (i.e. in the London filial).
Warning: In case that the VPN configuration described here is applied see fig-
ure 21.31) it is not recommended to use automatically provided routes! In case
of an automatic exchange of routes, the routing within the VPN is not be ideal (for
example, any traffic between the headquarters and the Paris filial office is routed via