I've 2 different LANs.
First is the workgroup (Filial with net 192.168.10.0, server IP 192.168.10.1).
Other is the domain (Office with 192.168.1.0, server IP 192.168.1.1).
They're connected via two PCI-modems and KWFs with VPN.
Filial's modem IP 192.168.2.78.
Offices modem IP 192.168.2.77.
Filial uses as the gateway Office's KWF. The default gateway for Filial is IP 192.168.2.77. For all other hosts I installed DHCP server with default gateway 192.168.10.1 and DNS server 192.168.10.1;provider DNS.
On both KWF VPN server installed and enabled (Filial server uses net 172.26.72.0, Office - 172.26.73.0).
On the Office's KWF VPN Tunnel installed as the server (passive mode).
On the Filial KWF VPN is the client (active mode, connect to 192.168.2.77).
Certificates installed correctly.
DNS forwarding is tuned as it was described in the manual. But I didn't set Custom forwarding on both KWFs. If I set it (for net 192.168.10.0 forward to 192.168.10.1) KWF start to use all CPU (I don;t know why).
In the traffic policy of the Filial and Office I set up rules as it was described in the manual. Local traffic includes in the source and destination Firewall, Lan, Net->office, VPN clients, VPN tunnel; permit; no NAT. Permit for VPN services from office.
For Office. Local traffic. Source and destination: Firewall, Lan, Net->Filial, VPN clients, VPN tunnel; permit; no NAT. Permitn for VPN services from Filial.
Tunnel is connected.
As result on the Filial KWF doesn't use tunnel. Moreover I can't ping from Filial none IP in the Office. I don't see from Filial any hosts in the Office. But I can use http, pop, smtp, etc. via NAT rule.
If I use VPN Client on the host in the Filial I can ping all hosts, use all services (http, ftp, pop, etc) but I don't see host in the office and can't use sharning resources.
What can be reason of this trouble? And how I can solve it?
Kerio discussion forums are intended for open communication between forum
members and may contain information and material posted by members which may
be useful in learning about Kerio products. The discussion forums are not
intended to provide technical support for any specific product. Any
information implied or expressed in the discussion forums is that of the
posting member. Kerio is in no way responsible for the information posted in
the forums, or its accuracy. Kerio employees may participate in the
discussions, but their postings do not represent an offical position of the
company on any issues raised or discussed. Kerio reserves the right to
monitor and maintain the forums to promote free and accurate exchange of