Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Routing separate LAN with own internet access (I need to create separate LAN with unmanaged internet access)
  •  
Velimir Ikalovic

Messages: 7
Karma: 0
Send a private message to this user
Hi everybody,
I'm using Kerio winroute/control for many years, but now I have something very specific to do.
Recently our company got design department with very specific needs for internet access, and current setup with Kerio Control 7.4.2 as router/firewall is not meeting their needs. At the same time they need access to corporate LAN and vice versa.
They have problem with their webmail logging out during typing long emails, and joomla admin sites logging out after short time. I decided to put them on separate internet link that is dedicated only to them, and to keep them connected to our LAN too. ATM we can't afford buying additional hardware but need to stick with what we have:
- server with MS 2003 and Kerio Control and multiple NICs
- corporate LAN is on 192.168.0.0/24 with gateway 192.168.0.xxx
- Internet link 1 with ISP router connected to KC server
- Internet link 2 with ISP router with rudimentary options transferred to Design Department switch, default gateway there is 192.168.1.1 and DHCP scope is 192.168.1.0/24
- KC server is linked to their switch too (192.168.1.200 static, that NIC is in local trusted together with corp LAN NIC)

First I leaved ISP router 2 as DHCP, but realised that I can't setup custom routes.
Then I tried to set the KC as DHCP with this options:
- scope 192.168.1.0/24
- default gateway 192.168.1.1
- dns 192.168.1.1
- static route 192.168.0.0/24 gateway 192.168.1.200

but when I tried to tracert 192.168.0.x it still went to 192.168.1.1

then I tried to configure that static route with gateway 192.168.0.xxx (IP of KC nic on corp lan) with same effect.

when I type route print on design computer it shows route in the table but it is not using it, but goes to default system route (192.168.1.1)

it sounds complicated but wiring is actualy very simple:

corp LAN --- 192.168.0.xxx KC 192.168.1.200 ---- design LAN --- 192.168.1.1 Internet access

corp internet access is on KC and it is not needed by design crew, they just need to access network printers and shared folders in corp LAN

I hope someone will be able to help me out.
thanks in advance
  •  
ICT and Me

Messages: 940

Karma: 53
Send a private message to this user
Hi Velimir,

I attached a png file with some rules of our Control.
We don't have multiple LAN but we use LAN and VLAN's.
Our guest WiFi is VLAN 10 and use only xDSL line. We are using Cable internet.

At one of our customers we have two WAN and two LAN, like you want.
And it is setup the same way like our VLAN's.

please look at the png file.

  • Attachment: example.png
    (Size: 110.28KB, Downloaded 596 times)

ICT and Me
Carlo Turk
The Netherlands
www.ictandme.nl
  •  
Velimir Ikalovic

Messages: 7
Karma: 0
Send a private message to this user
seeing from .png, both WAN's at your's site and your customer's site are connected to Control's NICs?

my trouble is that WAN for designers is out of Control's control, and it is so rudimentary that I can't set the route in that huawei router we have from telecom.
  •  
ICT and Me

Messages: 940

Karma: 53
Send a private message to this user
Hi Velimir,

Yes, indeed both WAN is on this site that is normal. We have cable modems directly connect to Control NIC (Public IP) but the xDSL lines are Routers so internal IP numbers. Routers are NAT/port forwarded. We have Huawei Router and forward all traffic to fixed IP of Control.

ICT and Me
Carlo Turk
The Netherlands
www.ictandme.nl
Previous Topic: Very, very slow internet browsing/download, 8.2.x
Next Topic: Very slow browsing via SSL-VPN
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Thu Oct 19 10:47:10 CEST 2017

Total time taken to generate the page: 0.00924 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.