Kerio Tech KERIO WINROUTE FIREWALL 6 User Manual

Chapter 23

Kerio VPN

304

5.

Create a passive end of the VPN tunnel (the server of the branch office uses a dynamic IP

address). Specify the remote endpoint’s fingerprint by the fingerprint of the certificate of

the branch office VPN server.

Figure 23.20

Headquarter — definition of VPN tunnel for a filial office

6.

Customize traffic rules according to the restriction requirements.

•

In the Local Traffic rule, remove all items except those belonging to the local

network of the company headquarters, i.e. except the firewall and LAN 1 and

LAN 2

.

•

Define (add) the VPN clients rule which will allow VPN clients to connect to LAN 1

and to the network of the branch office (via the VPN tunnel).

•

Create the Branch office rule which will allow connections to services in LAN 1.

•

Add the Company headquarters rule allowing connections from both headquar-

ters subnets to the branch office network..