Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Bridging Lans
  •  
jonowar

Messages: 2
Karma: 0
Send a private message to this user
Hi, Ive been playing for a while to try and get this setup working.
Currently I'm using the trial of KWF, and will be getting my boss to buy it asap!

I'm trying to acheive the following configuration, but having problems (probably with static routes?) getting it all working.


Branch 1:

KWF Server LAN IF: 192.168.1.1
KWF Internet IP: 84.92.213.208
KWF VPN IP: 192.168.50.1

Branch computers use the dhcp range 192.168.1.20-100

This Pc: 192.168.1.11 (dhcp reservation)

Branch 2:

KWF Server LAN IP: 192.168.2.1
KWF Iternet IP: 80.229.2.213
KWF VPN IP: 192.168.50.2
Branch pcs use dhcp range 192.168.2.20-100


The tests:

Branch 1 server can ping Branch 2 Server using 192.168.50.2
Branch 1 Ping 192.168.2.1 times out
Branch 1 ping 192.168.2.x times out

Branch 2 ping branch 1 192.168.50.1 ok
Branch 2 ping 192.168.1.1 times out
branch 2 ping 192.168.1.11 times out

This pc (192.168.1.11) ping branch 1 server ok
this pc ping 192.168.50.1 ok
this pc ping 192.168.50.2 times out

I have "Worthing Lan" defined as 192.168.1.0/255.255.255.0,
"Lancing Lan" is 192.168.2.0/255.255.255.0
Traffic policys are set on both servers for

Source Destination Service Allow?
Worthing Lan Lancing Lan Any Yes

Lancing Lan Worthing Lan Any Yes


As this did not solve the problem, i added to following static routes (on branch 1).

network 192.168.2.0/255.255.255.0 default gateway 192.168.1.1
and on branch 2
network 192.168.1.0/255.255.255.0 def gateway 192.168.2.1


The overall goal is so that branch 1 can freely access branch 2 and vice versa.
We should also be able to accept vpn clients at either branch, and give them full access to both networks.

Thanks in advance for your help,

Lock Smith & Barrel
www.locksmithandbarrel.co.uk
  •  
Kerio_ktrumbull

Messages: 597
Karma: 2
Send a private message to this user
Please ensure that none of your LAN interfaces have default gateways specified. Only your internet interfaces should have default gateways specified.

Kevin Trumbull
Kerio Technical Support Team Leader
http://support.kerio.com
  •  
jonowar

Messages: 2
Karma: 0
Send a private message to this user
Just to confirm,
is that no default gateways at all, or just in the static route setup?

Currently my clients are also told about the gateway by dhcp.
  •  
Kerio_ktrumbull

Messages: 597
Karma: 2
Send a private message to this user
No default gateways on the LAN interface(s) within Windows. Go into the TCP/IP properties for your LAN interface(s) and be sure that there is no default gateway specified. The reason I mentioned that is because you mentioned the following, which might indicate that you have default gateways specified on the LAN interface(s):
Quote:

network 192.168.2.0/255.255.255.0 default gateway 192.168.1.1
and on branch 2
network 192.168.1.0/255.255.255.0 def gateway 192.168.2.1


You should only specify a default gateway on your WAN interface (normally the default gateway given to you by your ISP).

Kevin Trumbull
Kerio Technical Support Team Leader
http://support.kerio.com
  •  
scadet7

Messages: 16
Karma: 0
Send a private message to this user
Here is a few things to look at.
1.)At location 1 can pc's ping the vpn address of 192.168.50.1 as well as .50.2?
2.) If not you need to setup a rule that would allow them too since this would not server as the means to allow traffice between the pc's behnd the firwall to talk to each other.
3.) Once you can get that part to work then you can you would have to set up a route at location 1 telling it to route traffic to 192.168.2.0/24 via 192.168.50.1
and the same from the location 2 192.168.1.0/24 via 192.168.50.2

Hopefully that should get you going all the other default KWF routes should remain as is and you should be fine.
Previous Topic: bandwith limiter?!?
Next Topic: Turn of the DHCP
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Mon Nov 20 01:29:00 CET 2017

Total time taken to generate the page: 0.00444 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.