- Kerio WinRoute Firewall Administrator's Guide

21.4 Exchange of routing information

311

Figure 21.11 Common traﬃc rules for VPN tunnel

21.4 Exchange of routing information

An automatic exchange of routing information (i.e. of data informing about routes to

local subnets) is performed between endpoints of any VPN tunnel (or between the VPN

server and a VPN client). thus, routing tables at both sides of the tunnel are still kept

updated.

Routing conﬁguration options

Under usual circumstances, it is not necessary to deﬁne any custom routes — particular

routes will be added to the routing tables automatically when conﬁguration is changed

at any side of the tunnel (or at the VPN server). However, if a routing table at any side of

the VPN tunnel includes invalid routes (e.g. speciﬁed by the administrator), these routes

are also interchanged. This might make traﬃc with some remote subnets impossible

and overload VPN tunnel by too many control messages.

A similar problem may occur in case of a VPN client connecting to the WinRoute’s VPN

server.

To avoid the problems just described, it is possible to go to the VPN tunnel deﬁnition

dialog (see chapter

21.3) or to the VPN server settings dialog (refer to chapter 21.1) to

set which routing data will be used and deﬁne custom routes.

Kerio VPN uses the following methods to pass routing information:

• Routes provided automatically by the remote endpoint (set as default) — routes to

remote networks are set automatically with respect to the information provided by

the remote endpoint. If this option is selected, no additional settings are necessary

unless problems regarding invalid routes occur (see above).

• Both automatically provided and custom routes — routes provided automatically are

complemented by custom routes deﬁned at the local endpoint. In case of any colli-