Kerio Tech Firewall6 User Manual

23.6 Example of a more complex Kerio VPN configuration

361

6.

Create

an

active

endpoint

of

the

tunnel

connected

to

London

(server

gw-london.company.com

).

Use the fingerprint of the VPN server of the London

filial office as a specification of the fingerprint of the remote SSL certificate.

Figure 23.62

The Paris filial office — definition of VPN tunnel for the London filial office

On the Advanced tab, select the Use custom routes only option and set routes to London’s

local networks.

Like in the previous step, check whether the tunnel has been established successfully, and

check reachability of remote private networks (i.e. of local networks in the London filial).

7.

Add the new VPN tunnels into the Local Traffic rule. It is also possible to remove the

Dial-In interface and the VPN clients group from this rule (VPN clients are not allowed to