Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Problem with multi homing and NAT (multiple WAN ip address, Kerio VMware appliance)
  •  
f.boldori

Messages: 7
Karma: 0
Send a private message to this user
Hello,
i'm migrating kerio control from a physical machine to a virtual appliance in out esxi Datacenter and meanwhile i want to clear the firewall rules recreating them using multiple wan ip address (we have 4 ip address available)
some infomration:
Kerio VM connect to the internet and to the lan via VLANs. The routing is made on a layer3 switch where kerio vm is the default gw route. Kerio has 2 vlan interface: WAN 999 that is a layer2 vlan that connect it directly to our isp router and VLAN10 that is the LAN side. Kerio VM has manually routes to let it know where are the other vlans subnet.
Internet with this configuration is working and all my client in all the vlans had connectivity.
IPs:
KERIO WAN IP1: 194.243.xxx.AAA IP2 194.243.xxx.BBB IP3 194.243.xxx.CCC IP4 194.243.xxx.DDD (same order on kerio vm)
KERIP IP LAN: 10.0.10.1

Now my aim is to dedicate a wan ip address to my exchange machine (IP2) Let user exit the internet via IP3, leave IP1 address only for VPN access and IP4 for future use.
Exchange:
I've tried multihoming, creating a rules with source any, destination IP2, services all the exchange plus HTTP plus HTTPS, source NAT enabled with specified IP address (i put IP2, this is to exit from the same IP2 address)and enabling destionation nat with the ip address of the local exchange machine (10.0.10.80)

But client from the outside cannot reach the exchange machine and if open a browser on the exchange machine to check what is the wan address the page always report that is IP1

User Browsing:
how i can let them exit to the internet via IP3???

Any hint???

  •  
Brian Carmichael (Kerio)

Messages: 559
Karma: 55
Send a private message to this user

Brian Carmichael
Senior Technical Marketing Engineer | Kerio
Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
  •  
Brian Carmichael (Kerio)

Messages: 559
Karma: 55
Send a private message to this user

Brian Carmichael
Senior Technical Marketing Engineer | Kerio
Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
  •  
f.boldori

Messages: 7
Karma: 0
Send a private message to this user
Yes but is not working.
Source NAT with specified ip address does not work. The machine continue to go outside from IP1 (the first ip address of the WAN interface), not IP2.
  •  
f.boldori

Messages: 7
Karma: 0
Send a private message to this user
And for the Internet Access (NAT) rule, if i set destination: IP3 instead of Internet Interfaces, web access is denied.

[Updated on: Mon, 29 August 2016 18:25]

  •  
Brian Carmichael (Kerio)

Messages: 559
Karma: 55
Send a private message to this user
Make sure you have assigned the IP address to the network interface. If you're having issues with the configuration you should reach out to our support team as they can review your configuration.

Brian Carmichael
Senior Technical Marketing Engineer | Kerio
Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
  •  
f.boldori

Messages: 7
Karma: 0
Send a private message to this user
How can i reach out support team? i see that the ticket system has been deprecated.
Support doesn't exist for italy and i can't find any email address (maybe is just me...)
  •  
Brian Carmichael (Kerio)

Messages: 559
Karma: 55
Send a private message to this user
The support contact info is available here http://www.kerio.com/support/technical-support
Otherwise you can try to continue here in the forums and describe separately your outgoing and incoming rules but it would be much easier and more efficient to go through the support process.

Brian Carmichael
Senior Technical Marketing Engineer | Kerio
Stay Connected Anytime, Anywhere. Discover Kerio Cloud!
Previous Topic: Kerio VPN cant connect from IP public
Next Topic: My firewall doesn't detect the newest update
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sun Dec 11 10:58:26 CET 2016

Total time taken to generate the page: 0.00475 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.