Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » VPN Server behind Kerio
  •  
Baguk

Messages: 17
Karma: 0
Send a private message to this user
Dear All,

I have a VPN (RRAS on Windows Server 2012 R2) Server in LAN with IP 10.0.2.2. The server is connected via IKEv2 to some remote network (10.1.0.0/16). I can connect from the server itself properly to the remote network and access remote resources, such SSH or RDP. So I can conclude that the VPN bridge itself working properly.

The IP of the server is also entered under Kerio Control Static Routes: 10.1.0.0 - 255.255.0.0 with Gateway Address 10.0.2.2. So the trafic to remote network expected to be routed through this server.

So far everything OK, I can also successfully ping remote resources from other computers in LAN - which means at least ICMP works. I can also see the routing (traceroute) from LAN to remote network goes properly and reach remote destination host. However, I can not access resources on the remote network, such as RDP. Interesting is, that TCP connection first also seems to be established, so RDP client changes from "Connecting" to "Configuring remote session" - but than it fails by timeout. For me it's some kind of package filtering on Kerio Control. So my question is - what can I do to enable protocols such as RDP or SSH from any computer in LAN to remote network via this additional VPN gateway on 10.0.2.2?

Thank you!
  •  
Baguk

Messages: 17
Karma: 0
Send a private message to this user
One more addition:

If I add route to a local computer:

route add 10.1.0.0 mask 255.255.0.0 10.0.2.2 - I can access remote resources from this computer. So for me it's now obviosly related to any settings in Kerio Control.

My question: what have I to do additionaly to just adding static route in Kerio to enable this route for all computers in LAN?
  •  
Baguk

Messages: 17
Karma: 0
Send a private message to this user
As I got no answer to the topic, here is the solution:

To provide access of remote resources from local network, a new Trafic Rule has to be defined. You can create IP Address Group for remote network (IP Addresses Group) and optionally for local network, than to create a traffic rule with source = LAN and destination your remote net IP group, than you can select particular protocols or Any and Full Cone NAT. That's all, remote resources are available from the LAN. Issue solved.
  •  
ICT and Me

Messages: 927

Karma: 53
Send a private message to this user
Why are you using the VPN from windows while Control supports IPsec?
If you Control is the Gateway/Router is the best to use Control as the only one. Use IPsec VPN on the Control to make VPN tunnels between your networks.
Control is able to connect to other IPsec supporting devices.

ICT and Me
Carlo Turk
The Netherlands
www.ictandme.nl
  •  
Baguk

Messages: 17
Karma: 0
Send a private message to this user
Hi ICT and me,

Unfortunately Kerio Control does not support IKEv2, which is a de-facto standard in many serious environments. As soon Kerio will support it, surely I will be able to decomission this RRAS, which is used only for this purpose.
Previous Topic: Kerio Control 9.0.0 beta 1 is ready for testing.
Next Topic: VPN Client Access in China?
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Thu Mar 23 03:18:28 CET 2017

Total time taken to generate the page: 0.00904 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.