Control behind firewalls with VPN [message #123790] |
Fri, 28 August 2015 13:17  |
Aleksandr
Messages: 4 Registered: October 2007
|
|
|
|
Our Kerio Control was connected directly to the Internet. Now we connected it through hardware firewall with VPN channel to second hardware firewall.
Clients of remote network behind a second firewall can ping second firewall, first firewall and Kerio Control external IP (interface from Kerio to first hardware firewall marked as "External/Internet" in Control). But clients cant ping or see computers in our main network behind Kerio Control.
How to configure Kerio so that remote clients can see computers on the network behind Kerio? Add routes? Mark external Kerio Control interface as "Internal"? Looks like both methods are not safe. If we allow any connections from first hardware firewall to network behind Control - its a security risk?
Now Kerio Control in the main acts as proxy, access restricting and traffic accounting device.
|
|
|
|
Re: Control behind firewalls with VPN [message #123819 is a reply to message #123801] |
Mon, 31 August 2015 10:11  |
Aleksandr
Messages: 4 Registered: October 2007
|
|
|
|
I'll try this, but it did not help.
Maybe the problem is that Service Discovery forwarding works only with Kerio VPN, but our VPN between hardware firewalls is IPsec VPN? We dont use Kerio VPN to connect from remote station to internal network (now - only to network behind first hardware firewall).
I may establish Kerio VPN connection from remote station to Kerio Control over VPN connection from one hardware firewall to another. But this is workaround, not solution. I want to make a connection from remote station to local network without Kerio VPN, using only VPN between hardware firewalls.
|
|
|