
21.6 Example of a more complex Kerio VPN configuration
This step will create rules for connection of the VPN server as well as for communi- cation of VPN clients with the local network (through the firewall).
Figure 21.46 The London filial office — default traffic rules for Kerio VPN
3.Customize DNS configuration as follows:
•In configuration of the DNS Forwarder in WinRoute, specify DNS servers to which DNS queries which are not addressed to the company.com domain will be for- warded (primary and secondary DNS server of the Internet connection provider by default).
Figure 21.47 The London filial office — DNS forwarder configuration
•Enable the Use custom forwarding option and define rules for names in the company.com and filial2.company.com domains. To specify the forwarding DNS server, always use the IP address of the WinRoute host’s inbound interface connected to the local network at the remote side of the tunnel.
•Set the IP address of this interface (172.16.1.1) as a primary DNS server for the WinRoute host’s interface connected to the LAN 1 local network. It is not necessary to set DNS at the interface connected to LAN 2.
•Set the IP address 172.16.1.1 as a primary DNS server also for the other hosts.