Manualshelf

User`s guide

ManualsBrandsKerio ManualsSoftwareWeb Filter EDU, 100 user add-on
11121314151617181920
Chapter 4 Interconnection of the headquarters and branch offices
20
The headquarters uses IP addresses 192.168.1.x with the network mask 255.255.255.0 and
with DNS domain company.com. The branch office uses IP addresses 10.1.1.x with network
mask 255.255.255.0 and with the subdomain filial.company.com.
4.1 Headquarters configuration
1. In WinRoute under Configuration / Interfaces select a VPN server, open its settings dialog
and enable it.
Note: A free subnet which has been selected for VPN is now specified automatically in the
VPN network and Mask entries. There is no reason to change the network.
Use the Edit SSL certificate button to create an SSL certificate with the name of the corre-
sponding server (e.g. kwf.company.com). This certificate is used for identification of the
VPN server.
Note: It is recommended to later replace this generated certificate with a certificate autho-
rized by a reliable public certification authority.
2. Create a passive endpoint of the VPN tunnel (the office’s server uses a dynamic IP address
therefore there must be the active endpoint of the tunnel at the office). Specify the
remote endpoint SSL certificate’s fingerprint by the fingerprint of the certificate of the
branch office VPN server.
3. Complete the Local Traffic rule (created by the Network Rules Wizard see chapter
2.4)
with the VPN tunnel.
Name Source Destination Service Action Translation
Local Traffic Firewall
All VPN clients
Tunnel to the office
Trusted / local
Firewall
All VPN clients
Tunnel to the office
Trusted / local
Any Allow
Table 4.1 Headquarters — the Local Traffic rule
4. In the configuration of the DNS Forwarder (refer to chapter 2.6), enable the Use custom
forwarding. Define rules for the filial.company.com domain. Specify the server for
DNS forwarding by the IP address of the remote firewall host’s interface (i.e. interface
connected to the local network at the other end of the tunnel).
Domain / Network DNS server(s)
10.1.1.0 / 255.255.255.0 10.1.1.1
filial.company.com 10.1.1.1
Table 4.2 Headquarters — DNS forwarding configuration