Overview
While trying to connect Kerio Phone to Kerio Control firewall, the specific configuration should be performed. In this particular scenario, Kerio Phone is accessed through Kerio VPN client from an external endpoint and Kerio Operator is connected to Kerio Control via LAN.
The web access for Kerio Phone local users simply times out and cannot be reached.
This article provides information on how to configure both Kerio Control and Kerio Operator settings to resolve such problems.
Solution
Kerio Operator is connected both to the ISP router (marked as yellow) and Kerio Control firewall. The exact network diagram is the following:
Kerio Operator Network configuration is using advanced Gateway settings.
Important: Kerio Operator has NAT enabled (Operator is behind a firewall) checkbox. For more information, please refer to Configuring NAT in Kerio Operator.
In this case, the gateway on the Operator side is matching Kerio Control Ethernet interface IP.
Kerio Operator Routing Table should propagate 2 network interfaces/routes (Ethernet and VoIP).
Kerio Control Traffic Rules should have Kerio Operator services allowing access to the Internet.
Source: Ethernet
Destination: <Public_router_IP>
Services: Kerio Operator services
Action: Allow
Translation: MAP <Kerio_Operator_local_IP>
VPN access is possible using standard pre-configured Traffic Rules.
Kerio Control DNS hosts table has a custom entry configured for the Kerio Operator server.