Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Kerio Control <=> Windows 7 IPsec instructions (Instructions how to setup IPsec VPN on Kerio Control 8.4 and Windows 7)
  •  
tomislav.parcina

Messages: 39
Karma: -2
Send a private message to this user
Can someone please send instructions how to configure IPsec VPN between Kerio Control 8.4 and Windows 7.

I have been trying to configure it, but it doesn't work.

Thank you in advance and best regards.

--
Tomislav Parčina
  •  
tomislav.parcina

Messages: 39
Karma: -2
Send a private message to this user
There are no instructions how to do this?

--
Tomislav Parčina
  •  
Brian Carmichael (Kerio)

Messages: 681
Karma: 69
Send a private message to this user
You can use the Kerio VPN client on Windows 7. This will achieve a secure, persistent tunnel between the Windows 7 computer and the network protected by Kerio Control. http://kb.kerio.com/product/kerio-control/vpn/configuring-ke rio-vpn-client-1303.html

Brian Carmichael
Senior Technical Marketing Engineer | Kerio
Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
  •  
tomislav.parcina

Messages: 39
Karma: -2
Send a private message to this user
Brian Carmichael (Kerio) wrote on Fri, 19 December 2014 18:07
You can use the Kerio VPN client on Windows 7. This will achieve a secure, persistent tunnel between the Windows 7 computer and the network protected by Kerio Control. http://kb.kerio.com/product/kerio-control/vpn/configuring-ke rio-vpn-client-1303.html


Hi Brian,

thank you for your reply. I'm really looking for instructions how to setup IPsec VNP and not Kerio VPN. Since you are working for Kerio, I'm sure you have some. So please share the knowledge with me and the rest of forum users (131 view so far).

Thank you in advance on your reply and best regards.

--
Tomislav Parčina
  •  
Brian Carmichael (Kerio)

Messages: 681
Karma: 69
Send a private message to this user
The Kerio VPN client works very well and is easy to setup. Is there a reason you cannot use it?

Brian Carmichael
Senior Technical Marketing Engineer | Kerio
Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
  •  
tomislav.parcina

Messages: 39
Karma: -2
Send a private message to this user
Brian Carmichael (Kerio) wrote on Tue, 23 December 2014 21:19
The Kerio VPN client works very well and is easy to setup. Is there a reason you cannot use it?


Is the policy of Kerio that no question should be answered directly?

Every time I head some problem with one of Kerio products, I always head to explain why I would like to use something that product was suppose to support.

Does Kerio Control support IPsec VPN? If yes, please give me step-by-step instructions how to set it up between Windows 7 and Kerio Control.

If Kerio Control doesn't support IPsec VPN, then please tell me so. Don't make me explain why I would like to do something.

Thank you in advance and best regards.

--
Tomislav Parčina
  •  
ksnyder

Messages: 557
Karma: 36
Send a private message to this user
Hi Tomislav. See the attached screenshot.

Control:
- Preshared key and MS-CHAP V2 enabled

Win7:
- L2TP, MS-CHAP V2, and preshared key

./fa/3711/0/


Ken Snyder
  •  
tomislav.parcina

Messages: 39
Karma: -2
Send a private message to this user
Dear ksnyder,

thank you for your reply.

I have configured Windows 7 machine and Kerio Control according your instructions, but I'm still unable to establish IPsec VPN connection.

Can you please inform me how to troubleshoot this? How can I see on Kerio Control what is going on and why connection isn't established?

Best regards.

--
Tomislav Parčina
  •  
ksnyder

Messages: 557
Karma: 36
Send a private message to this user
Hi Tomislav,

Sorry to hear that you weren't able to successfully establish a connection via IPSec. If you still want to troubleshoot this yourself, please visit the Kerio Knowledge Base and familiarize yourself with using our log files.

That said, I can't stress enough that Kerio has gone to painstaking efforts to eliminate the complications associated with Windows and IPSec VPN connections by providing a piece of lightweight and secure client software that simply requires your userid and password in order to establish a VPN connection. We've done this as a service to our customers and partners because time = money and wasted time = wasted money. Many of our customers are small businesses with minimial IT resources who can't afford to waste time or money and they come to Kerio because we try our best to make the administration and use of our products easy and hassle-free. Overall, we succeed at this and the Kerio VPN connection is a shining example of this. The user experience is better, the configuration is faster and less complicated, there's zero headache, and the end-result is the same with the Kerio VPN as it is with IPSec.

Ken Snyder
  •  
tomislav.parcina

Messages: 39
Karma: -2
Send a private message to this user
Dear ksnyder,

thank you for your reply.

I'll take time and when I dig out from logs what's the problem, I'll come back.

Thank you for pointing me to the Kerio VPN connection, we are using it and it works great. Just please understand that there are times when it can't be used (like when we are not allowed to install any extra software). And I simply need to achieve functionality that Kerio Control has (IPsec).

Best regards.

--
Tomislav Parčina
  •  
tomislav.parcina

Messages: 39
Karma: -2
Send a private message to this user
In Debug log I have dumped captured packets to a file. I can see that my computer and Kerio Control are communicating, and packets are:
Security Association
Key Exchange
Identification
Hash

So, for some reason they never get to send ESP.

ksnyder, can you shine some light on this?

--
Tomislav Parčina
  •  
ksnyder

Messages: 557
Karma: 36
Send a private message to this user
Hi Tomislav,

Thanks for explaining your situation. As a member of the sales team, it does help to have that understanding as to why you might need to use IPsec rather than the Kerio VPN client.

Unfortunately, the best I can do at this point is steer you back toward the screen shots within my previous post: http://forums.kerio.com/mv/msg/28486/118344/#msg_118344

Do you have rules in your traffic policy that permit VPN Clients to access Internet Interfaces and another rule that permits VPN Clients to access Firewall/TrustedLocal/VPNClients/VPNTunnels?


Ken Snyder
  •  
tomislav.parcina

Messages: 39
Karma: -2
Send a private message to this user
Dear ksnyder,

thank you for your reply.

Unfortunately those instructions don't work for me. I have those rules, in my firewall.

Best regards.

--
Tomislav Parčina
  •  
ICT and Me

Messages: 936

Karma: 53
Send a private message to this user
Dear Tomislav,

All the setting that Ken has given above are correct.
We are using both VPN options. Kerio VPN client or IPsec for W7, W8, W10, Linux and Android based systems.

Inbound rule for IPsec VPN:
Name : IPsec VPN service Inbound
Source : Any
Destination : Firewall
Service : IPsec Services
IP version : IPv4
Action : Allow
Inspector : None

This is it. And it works.

ICT and Me
Carlo Turk
The Netherlands
www.ictandme.nl
tomislav.parcina

Messages: 39
Karma: -2
Send a private message to this user
Dear ICT and Me,

can you please inform me about your network layout. Does your Kerio Control have public or privite IPv4 address?

Best regards.

--
Tomislav Parčina
Previous Topic: ticket system agressiveness
Next Topic: Guest interface
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Mon Jun 26 14:14:19 CEST 2017

Total time taken to generate the page: 0.00524 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.