Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Virtual Network Hyper-V
  •  
dominic

Messages: 12
Karma: 0
Send a private message to this user
Hello.
I need to configure setup described in the attached image.

Hyper-V host is behind Kerio Control Box.
In simple words I need to have virtual network (for virtual machines on physical server) separate from main LAN (kerio + physical server).
Virtual machines should have internet access.

Thank you very much in advance.

  • Attachment: VL.jpg
    (Size: 23.87KB, Downloaded 272 times)

[Updated on: Wed, 14 October 2015 18:19]

  •  
Brian (GFI/Kerio)

Messages: 778
Karma: 79
Send a private message to this user
You need to create a new virtual switch in Hyper-V. Then you need to associate a network interface with that virtual switch. Then you need to edit the Kerio Control virtual machine and add a new network interface and associate it with the network interface that associates to the new switch. This video may help https://vimeo.com/136164699

Brian Carmichael
Instructional Content Architect
  •  
dominic

Messages: 12
Karma: 0
Send a private message to this user
I own kerio control box. Sorry, I haven't mentioned it
So the question is about Kerio control box.

Hyper-V host is behind Kerio Control Box.
  •  
Brian (GFI/Kerio)

Messages: 778
Karma: 79
Send a private message to this user
I assume you are connecting a port (e.g., 4) on the Kerio Control Box directly to a port on the Hyper-V server. In Kerio Control, in the Interfaces configuration click on the "Manage ports". There you can separate port 4 from the LAN switch so that it functions as a stand along interface. Then you can create unique traffic rules for that network. These articles should help.
http://kb.kerio.com/product/kerio-control/server-configurati on-kerio-control/configuring-network-interfaces-1333.html#se ct-ethports
http://kb.kerio.com/product/kerio-control/security/configuri ng-demilitarized-zone-dmz-347.html

Brian Carmichael
Instructional Content Architect
  •  
dominic

Messages: 12
Karma: 0
Send a private message to this user
Thank you very much.

And what if I need to make a few separate LANs connected to this interface (e.g. port 4)?

for example: 192.168.1.0, 192.168.2.0, 192.168.3.0 to port 4

[Updated on: Wed, 14 October 2015 20:07]

  •  
Brian (GFI/Kerio)

Messages: 778
Karma: 79
Send a private message to this user
You can assign multiple IP addresses / Subnets to an Interface.

Brian Carmichael
Instructional Content Architect
  •  
dominic

Messages: 12
Karma: 0
Send a private message to this user
1. I think I can't assign different IPs for this interface (like 192.168.2.1 and 192.168.3.1) at once.
2. I added my PORT 4 to Local/trusted interfaces and I can't even ping my 192.168.2.1 assigned port 4. Sad

-------------------------------------

Is it possible to make my scenario come true with help of VLAN?

  •  
Brian (GFI/Kerio)

Messages: 778
Karma: 79
Send a private message to this user
Yes, you can assign multiple IPs and subnets to an interface. Just click the 'Define Additional IP Addresses" button.

Brian Carmichael
Instructional Content Architect
  •  
Brian (GFI/Kerio)

Messages: 778
Karma: 79
Send a private message to this user
Regarding the ping attempts, you probably need a rule allowing access from the Port 4 network to the Firewall.

Brian Carmichael
Instructional Content Architect
  •  
dominic

Messages: 12
Karma: 0
Send a private message to this user
OK
1. Made Port 4 act as standalone interface.
2. Assigned 192.168.2.255 address (255.255.255.0 netmask) to Port 4 in kerio control.
3. Port 4 connected with patch cord to Port of Physical server.
4. Assigned 192.168.2.2 address (255.255.255.0 netmask) to Physical Server Port.
5. Made a rule which allows access from Port 4 to the firewall = no ping from 192.168.2.2 to 192.168.2.255.
6. Made a rule which allows access from port 4 and 192.168.2.0/24 subnet to any destanation = no ping from 192.168.2.2 to 192.168.2.255.
  •  
Brian (GFI/Kerio)

Messages: 778
Karma: 79
Send a private message to this user
You assigned a broadcast address to the interface. You should use for example 192.168.2.1.

Brian Carmichael
Instructional Content Architect
  •  
dominic

Messages: 12
Karma: 0
Send a private message to this user
thnx. my fault, sorry.

OK.
1. PORT 4: 192.168.2.1 netmask: 255.255.255.0
2. Physical server port: 192.168.2.2 netmask: 255.255.255.0
3. Test Rule allows any traffic from port 4 and 192.168.2.0/24 subnet to any destination.

------------------------------
What gateway should be in Port 4 interface properties?
What gateway should be in 192.168.2.2 properties? 192.168.2.1? (with this settings physical server can't ping outside internet resources).

UPDATE: browsing from 192.168.2.2 working and ping to site doesn't.
Strange )
What can make ping stop?

Test Rule:
PING source: any; destination: any; service: ping; allow

If I disable this rule everything working.

[Updated on: Thu, 15 October 2015 00:25]

  •  
Brian (GFI/Kerio)

Messages: 778
Karma: 79
Send a private message to this user
Port 4 should have no gateway because it's a local interface. Your rule needs to have source NAT to allow internet access. Easiest option is to add the port 4 network to the default "Internet access" rule, in addition to the "Local traffic" rule.

Brian Carmichael
Instructional Content Architect
Previous Topic: Update 8.6.2 Active Directory
Next Topic: Traffic with Apple Notification Service
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sat Nov 18 13:20:51 CET 2017

Total time taken to generate the page: 0.00521 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.