|
pc
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Wireless SolutionI have been tasked in my company to implement Wireless LAN solution. The
current wireless solution is very secure but very cumbersome to use. We are currently using a bluesocket box as the gateway and ssh client for encryption. An ideal solution must be 1) Easy to implement 2) Seemless to the user 3) Simplifies daily operation and management 4) Secure 5) Employee satisfaction Any suggestion will be greatly appreciated Ken Endeley <kenende***@lycos.com> wrote in news:110ieeie9tf6220
@corp.supernews.com: Show quote > I have been tasked in my company to implement Wireless LAN solution. I've been looking into the same thing for my company and have come up The > current wireless solution is very secure but very cumbersome to use. We > are currently using a bluesocket box as the gateway and ssh client for > encryption. > > An ideal solution must be > > 1) Easy to implement > 2) Seemless to the user > 3) Simplifies daily operation and management > 4) Secure > 5) Employee satisfaction > > > Any suggestion will be greatly appreciated > almost empty handed. We're trying to give wi-fi access to a conference room of a hotel. And Security is our #1 concern. Besides registering MAC addresses, changing the WEP daily, or giving out Wi-Fi adapters to wireless users, there just isn't another solution that I know of. I'm not to familiar with PPoE, but it was suggested (and then shot down) by my ISP. So it might be something to look into. I was trying to find a wi-fi AP or Router with something similar to VLAN support, but unfortunately, from what i've found, i don't think one exists...anybody know of anything? Smowk Smowk <Smowk***@Yahoo.com> wrote:
>Ken Endeley <kenende***@lycos.com> wrote: In what way is it "cumbersome" to use?> >> I have been tasked in my company to implement Wireless LAN solution. The >> current wireless solution is very secure but very cumbersome to use. We >> are currently using a bluesocket box as the gateway and ssh client for Is cumbersome use the only problem with that combination?>> encryption. >> An ideal solution must be Just like "cumbesome to use", those are fairly subjective or>> >> 1) Easy to implement >> 2) Seemless to the user >> 3) Simplifies daily operation and management >> 4) Secure >> 5) Employee satisfaction ambiguous. To some degree they are also contradictory, in that to do one makes another one hard (e.g., "Secure" definitely makes *all* of the others more difficult, if not impossible). >> Any suggestion will be greatly appreciated Provide more specifics, but narrow each discussion to one partof it. Rather than ask for a book, or even a chapter, ask about one page... >I've been looking into the same thing for my company and have come up There are some possible physical security measures for such a>almost empty handed. We're trying to give wi-fi access to a conference >room of a hotel. And Security is our #1 concern. Besides registering >MAC addresses, changing the WEP daily, or giving out Wi-Fi adapters to >wireless users, there just isn't another solution that I know of. situation that you might not realize. It depends on the layout of the room, and what surrounds it though, so I can't give specifics as opposed to a general concept. If you provide coverage in a room by placing two AP's in diagonally opposite corners, using highly directional antennas and with the power output reduced to the point where each AP's coverage only extends about 3/4's of the way across the room... it all but eliminate outside monitoring from the other side of those particular walls. To experiment with that a bit, locate an AP in a corner. (It's antenna should be just about 4" from the walls, or closer.) But first tape aluminum foil to the walls and ceiling or floor, in overlapping layers for about 10 feet in every direction. Reduce the output of the AP to 4 mW. Then use a laptop to see how far across the room you can still make a connection, and also try it on the other side of that wall. If done right, the only signal found on the other side of the wall will be reflections off items in the room, and the range will be extremely short. If you can't lower the power enough (or at all), buy "pads" in various sizes to put between the AP and the antenna. Each 3 dB of pad is the same as reducing the power in half. It should be fairly easy to reduce the range to 20 feet, for example. Of course that is impossible to implement perfectly. And depends very much on the physical characteristics of the room and the building it is in. The person who engineers it does have to understand antennas, and have appropriate equipment to positively determine the actual effectiveness. >I'm not to familiar with PPoE, but it was suggested (and then shot down) >by my ISP. So it might be something to look into. > >I was trying to find a wi-fi AP or Router with something similar to VLAN >support, but unfortunately, from what i've found, i don't think one >exists...anybody know of anything? > >Smowk -- Floyd L. Davidson <http://web.newsguy.com/floyd_davidson> Ukpeagvik (Barrow, Alaska) fl***@barrow.com fl***@barrow.com (Floyd L. Davidson) wrote in
Show quote news:878y5y313r.fld@barrow.com: I'm talking about providing VLAN support to the users on the network inside > > There are some possible physical security measures for such a > situation that you might not realize. It depends on the layout > of the room, and what surrounds it though, so I can't give > specifics as opposed to a general concept. > > If you provide coverage in a room by placing two AP's in > diagonally opposite corners, using highly directional antennas > and with the power output reduced to the point where each AP's > coverage only extends about 3/4's of the way across the room... > it all but eliminate outside monitoring from the other side of > those particular walls. > > To experiment with that a bit, locate an AP in a corner. (It's > antenna should be just about 4" from the walls, or closer.) But > first tape aluminum foil to the walls and ceiling or floor, in > overlapping layers for about 10 feet in every direction. Reduce > the output of the AP to 4 mW. Then use a laptop to see how far > across the room you can still make a connection, and also try it > on the other side of that wall. If done right, the only signal > found on the other side of the wall will be reflections off > items in the room, and the range will be extremely short. If > you can't lower the power enough (or at all), buy "pads" in > various sizes to put between the AP and the antenna. Each 3 dB > of pad is the same as reducing the power in half. It should be > fairly easy to reduce the range to 20 feet, for example. > > Of course that is impossible to implement perfectly. And > depends very much on the physical characteristics of the room > and the building it is in. The person who engineers it does > have to understand antennas, and have appropriate equipment to > positively determine the actual effectiveness. > the building, and security between them. not so much as outside people... smowk anything further? Smowk <Smowk***@Yahoo.com> wrote:
> Start thinking about "outside people".>I'm talking about providing VLAN support to the users on the network inside >the building, and security between them. not so much as outside people... > >smowk > >anything further? -- Floyd L. Davidson <http://web.newsguy.com/floyd_davidson> Ukpeagvik (Barrow, Alaska) fl***@barrow.com fl***@barrow.com (Floyd L. Davidson) wrote in news:87r7jq1k6y.fld@barrow.com: well, if we're able to provide VLAN support and separate the "inside people", > Smowk <Smowk***@Yahoo.com> wrote: >> >>I'm talking about providing VLAN support to the users on the network inside >>the building, and security between them. not so much as outside people... >> >>smowk >> >>anything further? > > Start thinking about "outside people". > we'll definately have the capability to keep out the "outside people". So i'm not too worried about that. If we can't get a WiFi VLAN configuration though, we'll scrap the whole idea. Its not a wireless router, but you can always just add an AP to it for
wireless. Check out the ZyWALL2 SPI Firewall Security Router with built in VPN Server. http://www.tigerdirect.com/applications/SearchTools/item-details.asp?EdpNo=1205693&CatId=1409&SRCCODE=INKQUIGO&CMP=KNC-INKTOMI Show quote "Smowk" <Smowk***@Yahoo.com> wrote in message news:Xns95F7E5F3817DESmowkieBandit@216.196.97.131... > fl***@barrow.com (Floyd L. Davidson) wrote in > news:87r7jq1k6y.fld@barrow.com: > >> Smowk <Smowk***@Yahoo.com> wrote: >>> >>>I'm talking about providing VLAN support to the users on the network >>>inside >>>the building, and security between them. not so much as outside >>>people... >>> >>>smowk >>> >>>anything further? >> >> Start thinking about "outside people". >> > > well, if we're able to provide VLAN support and separate the "inside > people", > we'll definately have the capability to keep out the "outside people". So > i'm not too worried about that. > > If we can't get a WiFi VLAN configuration though, we'll scrap the whole > idea.
Show quote
"Ken Endeley" <kenende***@lycos.com> wrote in message 0. How many APs and usersnews:110ieeie9tf6220@corp.supernews.com... > I have been tasked in my company to implement Wireless LAN solution. The > current wireless solution is very secure but very cumbersome to use. We > are currently using a bluesocket box as the gateway and ssh client for > encryption. > > An ideal solution must be > > 1) Easy to implement > 2) Seemless to the user > 3) Simplifies daily operation and management > 4) Secure > 5) Employee satisfaction 1. Do you allready have APs or are you planning on replacing them. 2 Do you want thin or smart APs if replacing, aka full remote management 3 What kind of authentication do you currently use? 4. Any QoS specs, video, voice? 5. Need Vlan Tagging? 6. What user OS, standardized or many? 7. How easily satisfied are the employees? 8. Do you plan on keeping the Bluesocket? No smarts on Bluesocket capabilities so some of the above may be covered. Airhead wrote:
Show quote > "Ken Endeley" <kenende***@lycos.com> wrote in message Aswers> news:110ieeie9tf6220@corp.supernews.com... > >>I have been tasked in my company to implement Wireless LAN solution. > > The > >>current wireless solution is very secure but very cumbersome to use. > > We > >>are currently using a bluesocket box as the gateway and ssh client > > for > >>encryption. >> >>An ideal solution must be >> >>1) Easy to implement >>2) Seemless to the user >>3) Simplifies daily operation and management >>4) Secure >>5) Employee satisfaction > > > 0. How many APs and users > 1. Do you allready have APs or are you planning on replacing them. > 2 Do you want thin or smart APs if replacing, aka full remote > management > 3 What kind of authentication do you currently use? > 4. Any QoS specs, video, voice? > 5. Need Vlan Tagging? > 6. What user OS, standardized or many? > 7. How easily satisfied are the employees? > 8. Do you plan on keeping the Bluesocket? No smarts on Bluesocket > capabilities so some of the above may be covered. > 1) 10 AP altogether (5 a site) 2) Yes. We are planning to retire the current Orinoco AP 3) Currently NT4 domain authentication via the bluesocket box. 4) No current Qos, video or voice. Be nice to have with new solution 5) If it is beneficial yes 6) W2k and XP sp2 7) Good seemless solution ----- 100% user satisfaction 8) No really Ken Endeley wrote:
Show quote > I have been tasked in my company to implement Wireless LAN solution. Consider doing it the safe, easy and secure way...> The current wireless solution is very secure but very cumbersome to > use. We are currently using a bluesocket box as the gateway and ssh > client for encryption. > > An ideal solution must be > > 1) Easy to implement > 2) Seemless to the user > 3) Simplifies daily operation and management > 4) Secure > 5) Employee satisfaction > > > Any suggestion will be greatly appreciated VPN (Virtual Private Network) server on your network, and VPN client software (on CD/Diskette/and in a directory that is not part of the VPN so people can get to it and download it), or pre-installed on machines you supply at work. Even allows people to "tunnel into" your network from public Hotspots/hotels/home etc. Works on some PDA's that support wireless too. We sell VPN servers and client software, (so I can't suggest any without it sounding like an ad), but generically I can tell you we have VPN servers that hook into an existing network for about $2800 dollars, and the client software (used on the laptops/notebooks/pda's etc, is anywhere from free to $20). Have to laugh, cause your ideal solutions #1-#5, are what we have in our ad :) Know how to search the internet? (use www.search.com and search for VPN Server) PS.. Another line from our ad "So easy and simple, your boss will love you" Show quote :)
Show quote
"Peter Pan" <Marcs1102NOSPAM@HotmailNOSPAM.com> wrote in with a vpn server, wouldn't the people who connect to the wifi access point news:36te9pF57qol3U1@individual.net: > Consider doing it the safe, easy and secure way... > VPN (Virtual Private Network) server on your network, and VPN client > software (on CD/Diskette/and in a directory that is not part of the VPN > so people can get to it and download it), or pre-installed on machines > you supply at work. > Even allows people to "tunnel into" your network from public > Hotspots/hotels/home etc. > Works on some PDA's that support wireless too. > > We sell VPN servers and client software, (so I can't suggest any without > it sounding like an ad), but generically I can tell you we have VPN > servers that hook into an existing network for about $2800 dollars, and > the client software (used on the laptops/notebooks/pda's etc, is > anywhere from free to $20). > Have to laugh, cause your ideal solutions #1-#5, are what we have in our > ad >:) > > Know how to search the internet? (use www.search.com and search for VPN > Server) > > PS.. Another line from our ad "So easy and simple, your boss will love > you" >:) still be able to browse each other's network neighborhood, they just wouldn't be able to get to the internet without the client software? i'm worried about netbios transmissions between people on the wifi. is there a VPN WiFI router and a client that would only allow those who have the client to connect to the WiFi? And once connected to the WiFi, would i be able to browse network neighborhood? Or ping local IPs? just have printer and file sharing disabled.
Show quote "Smowk" <Smowk***@Yahoo.com> wrote in message news:Xns95F7E727490A9SmowkieBandit@216.196.97.131... > "Peter Pan" <Marcs1102NOSPAM@HotmailNOSPAM.com> wrote in > news:36te9pF57qol3U1@individual.net: > > >> Consider doing it the safe, easy and secure way... >> VPN (Virtual Private Network) server on your network, and VPN client >> software (on CD/Diskette/and in a directory that is not part of the VPN >> so people can get to it and download it), or pre-installed on machines >> you supply at work. >> Even allows people to "tunnel into" your network from public >> Hotspots/hotels/home etc. >> Works on some PDA's that support wireless too. >> >> We sell VPN servers and client software, (so I can't suggest any without >> it sounding like an ad), but generically I can tell you we have VPN >> servers that hook into an existing network for about $2800 dollars, and >> the client software (used on the laptops/notebooks/pda's etc, is >> anywhere from free to $20). >> Have to laugh, cause your ideal solutions #1-#5, are what we have in our >> ad >>:) >> >> Know how to search the internet? (use www.search.com and search for VPN >> Server) >> >> PS.. Another line from our ad "So easy and simple, your boss will love >> you" >>:) > > > with a vpn server, wouldn't the people who connect to the wifi access > point > still be able to browse each other's network neighborhood, they just > wouldn't be able to get to the internet without the client software? > > i'm worried about netbios transmissions between people on the wifi. is > there a VPN WiFI router and a client that would only allow those who have > the client to connect to the WiFi? And once connected to the WiFi, would > i > be able to browse network neighborhood? Or ping local IPs? "Robert Jacobs" <rjacobs0spamfree@pacbell.net> wrote in news:yQfOd.22837 $uc.10548@trnddc09:> just have printer and file sharing disabled. That was pretty much what I thought. just tell the people that its an unsecured network, and to make sure they didn't have any of their important files shared. it's for a hotel conference room by the way smowk Smowk wrote:
Show quote > "Peter Pan" <Marcs1102NOSPAM@HotmailNOSPAM.com> wrote in Depends on what you use and how it's set up (at the client end).> news:36te9pF57qol3U1@individual.net: > > >> Consider doing it the safe, easy and secure way... >> VPN (Virtual Private Network) server on your network, and VPN client >> software (on CD/Diskette/and in a directory that is not part of the >> VPN so people can get to it and download it), or pre-installed on >> machines you supply at work. >> Even allows people to "tunnel into" your network from public >> Hotspots/hotels/home etc. >> Works on some PDA's that support wireless too. >> >> We sell VPN servers and client software, (so I can't suggest any >> without it sounding like an ad), but generically I can tell you we >> have VPN servers that hook into an existing network for about $2800 >> dollars, and the client software (used on the >> laptops/notebooks/pda's etc, is anywhere from free to $20). >> Have to laugh, cause your ideal solutions #1-#5, are what we have in >> our ad >> :) >> >> Know how to search the internet? (use www.search.com and search for >> VPN Server) >> >> PS.. Another line from our ad "So easy and simple, your boss will >> love you" >> :) > > > with a vpn server, wouldn't the people who connect to the wifi access > point still be able to browse each other's network neighborhood, they > just wouldn't be able to get to the internet without the client > software? > > i'm worried about netbios transmissions between people on the wifi. > is there a VPN WiFI router and a client that would only allow those > who have the client to connect to the WiFi? And once connected to > the WiFi, would i be able to browse network neighborhood? Or ping > local IPs? We usually create two seperate icons on lap/desktops (one for connect to the system with VPN, another to connect to any hotspot not using VPN).. Again, the other stuff/settings can be done any way you prefer, we have some people that set it up so they have very tight security, and others that set it up so it it open to other stuff, but still very tight to the CO VPN server. If nothing else, do the search and look at some of the sites that pop up.. It will give you a lot more information than I can type here.. Some of them even have free demo software to try it out for a limited time with your own system/server (or with theirs if you don't have a server yet). One thing I can say for sure, check it out, you will never go back to those bandaids like WEP/WPA etc...
Show quote
"Peter Pan" <Marcs1102NOSPAM@HotmailNOSPAM.com> wrote in there's not really a server involved anywhere, just a router to the internet. news:36tgepF566helU1@individual.net: > If nothing else, do the search and look at some of the sites that pop > up.. It will give you a lot more information than I can type here.. Some > of them even have free demo software to try it out for a limited time > with your own system/server (or with theirs if you don't have a server > yet). > > One thing I can say for sure, check it out, you will never go back to > those bandaids like WEP/WPA etc... > > > > > > anybody know of any wifi router with a vpn server/client setup built in? Most wireless routers support VPN. Atleast the newer ones.
Show quote "Smowk" <Smowk***@Yahoo.com> wrote in message news:Xns95F7EDF4B9FC2SmowkieBandit@216.196.97.131... > "Peter Pan" <Marcs1102NOSPAM@HotmailNOSPAM.com> wrote in > news:36tgepF566helU1@individual.net: > > >> If nothing else, do the search and look at some of the sites that pop >> up.. It will give you a lot more information than I can type here.. Some >> of them even have free demo software to try it out for a limited time >> with your own system/server (or with theirs if you don't have a server >> yet). >> >> One thing I can say for sure, check it out, you will never go back to >> those bandaids like WEP/WPA etc... >> >> >> >> >> >> > > there's not really a server involved anywhere, just a router to the > internet. > > anybody know of any wifi router with a vpn server/client setup built in?
Show quote
> "Smowk" <Smowk***@Yahoo.com> wrote in message Robert Jacobs wrote:> news:Xns95F7EDF4B9FC2SmowkieBandit@216.196.97.131... >> "Peter Pan" <Marcs1102NOSPAM@HotmailNOSPAM.com> wrote in >> news:36tgepF566helU1@individual.net: >> >> >>> If nothing else, do the search and look at some of the sites that >>> pop up.. It will give you a lot more information than I can type >>> here.. Some of them even have free demo software to try it out for >>> a limited time with your own system/server (or with theirs if you >>> don't have a server yet). >>> >>> One thing I can say for sure, check it out, you will never go back >>> to those bandaids like WEP/WPA etc... >>> >>> >>> >>> >>> >>> >> >> there's not really a server involved anywhere, just a router to the >> internet. >> >> anybody know of any wifi router with a vpn server/client setup built >> in? > Most wireless routers support VPN. Atleast the newer ones. Note that almost all SUPPORT it... but none (that I know of) will actually > act as a VPN server.. If your AP supports wireless, it can pass the tunnel on to your network, but there still has to be a VPN server somewhere to pass it on to. "Robert Jacobs" <rjacobs0spamfree@pacbell.net> wrote in news:opgOd.23960 $uc.16222@trnddc03:> Most wireless routers support VPN. Atleast the newer ones. not vpn to another router, but vpn to clients on the wifi networkSmowk wrote:
Show quote > "Peter Pan" <Marcs1102NOSPAM@HotmailNOSPAM.com> wrote in Don't know of any off hand..There is however software that runs on the > news:36tgepF566helU1@individual.net: > > >> If nothing else, do the search and look at some of the sites that pop >> up.. It will give you a lot more information than I can type here.. >> Some of them even have free demo software to try it out for a >> limited time with your own system/server (or with theirs if you >> don't have a server yet). >> >> One thing I can say for sure, check it out, you will never go back to >> those bandaids like WEP/WPA etc... >> >> >> >> >> >> > > there's not really a server involved anywhere, just a router to the > internet. > > anybody know of any wifi router with a vpn server/client setup built > in? computers you already have (unfortunately about $2200). We went the separate box way to make it easy and transparent (plug it in to an ethernet port on your AP/router etc, and you have a VPN server installed in seconds on your existing network(and/or a few more minutes to set custom security settings). Can be used as an internal VPN server, and/or if you tie to the internet, can also be used for secure external access to your network. Didn't say it was the free way of doing your #1-#5, just very quick/easy/secure.
Show quote
"Peter Pan" <Marcs1102NOSPAM@HotmailNOSPAM.com> wrote in Cisco Aironet 1300 supports VLAN on the wifi clients. news:36tia1F54c7tjU1@individual.net: > Don't know of any off hand..There is however software that runs on the > computers you already have (unfortunately about $2200). We went the > separate box way to make it easy and transparent (plug it in to an > ethernet port on your AP/router etc, and you have a VPN server installed > in seconds on your existing network(and/or a few more minutes to set > custom security settings). Can be used as an internal VPN server, and/or > if you tie to the internet, can also be used for secure external access > to your network. > > Didn't say it was the free way of doing your #1-#5, just very > quick/easy/secure. > > > you can setup multiple ssid's which each cant see each other. i'd have to create 50 or so ssid's and then just keep track of which ones are in use. maybe changing them every month or so. hmmmm...lemme look into this Smowk wrote:
Show quote > "Peter Pan" <Marcs1102NOSPAM@HotmailNOSPAM.com> wrote in Yes, it like lots of other AP's, allow VPN stuff to pass through, but they > news:36tia1F54c7tjU1@individual.net: > >> Don't know of any off hand..There is however software that runs on >> the computers you already have (unfortunately about $2200). We went >> the separate box way to make it easy and transparent (plug it in to >> an ethernet port on your AP/router etc, and you have a VPN server >> installed in seconds on your existing network(and/or a few more >> minutes to set custom security settings). Can be used as an internal >> VPN server, and/or if you tie to the internet, can also be used for >> secure external access to your network. >> >> Didn't say it was the free way of doing your #1-#5, just very >> quick/easy/secure. >> >> >> > > Cisco Aironet 1300 supports VLAN on the wifi clients. > > you can setup multiple ssid's which each cant see each other. i'd > have to create 50 or so ssid's and then just keep track of which ones > are in use. maybe changing them every month or so. hmmmm...lemme > look into this do NOT provide VPN SERVER services... You absolutely positively need a VPN server somewhere.
Show quote
"Peter Pan" <Marcs1102NOSPAM@HotmailNOSPAM.com> wrote in that doesn't have anything to do with VPN, it's got VLAN support on the news:36to4mF5119ogU1@individual.net: > Smowk wrote: >> "Peter Pan" <Marcs1102NOSPAM@HotmailNOSPAM.com> wrote in >> news:36tia1F54c7tjU1@individual.net: >> >>> Don't know of any off hand..There is however software that runs on >>> the computers you already have (unfortunately about $2200). We went >>> the separate box way to make it easy and transparent (plug it in to >>> an ethernet port on your AP/router etc, and you have a VPN server >>> installed in seconds on your existing network(and/or a few more >>> minutes to set custom security settings). Can be used as an internal >>> VPN server, and/or if you tie to the internet, can also be used for >>> secure external access to your network. >>> >>> Didn't say it was the free way of doing your #1-#5, just very >>> quick/easy/secure. >>> >>> >>> >> >> Cisco Aironet 1300 supports VLAN on the wifi clients. >> >> you can setup multiple ssid's which each cant see each other. i'd >> have to create 50 or so ssid's and then just keep track of which ones >> are in use. maybe changing them every month or so. hmmmm...lemme >> look into this > > Yes, it like lots of other AP's, allow VPN stuff to pass through, but they > do NOT provide VPN SERVER services... You absolutely positively need a VPN > server somewhere. > > wireless LAN. still haven't looked into it (i slept instead), but i believe this should work. wish me luck smowk In article <Xns95F7EDF4B9FC2SmowkieBandit@216.196.97.131>, Smowk
<Smowk***@Yahoo.com> wrote: > there's not really a server involved anywhere, just a router to the internet. linksys wrv54g.> > anybody know of any wifi router with a vpn server/client setup built in? alternately, any wireless router with a linksys befsx41 or befvp41. these are around $100 (less for the sx41). nospam <nospam@nospam.invalid> wrote in
Show quote news:080220052122353226%nospam@nospam.invalid: These are for connecting 2 routers together at different locations via VPN, > In article <Xns95F7EDF4B9FC2SmowkieBandit@216.196.97.131>, Smowk > <Smowk***@Yahoo.com> wrote: > >> there's not really a server involved anywhere, just a router to the >> internet. >> >> anybody know of any wifi router with a vpn server/client setup built >> in? > > linksys wrv54g. > > alternately, any wireless router with a linksys befsx41 or befvp41. > these are around $100 (less for the sx41). > not for separating local traffic via VLAN or local VPN. completely off topic Smowk <Smowk***@Yahoo.com> wrote in
news:Xns95F855E35AB2BSmowkieBandit@216.196.97.131: Can't you hook your "internal" lan as an outside connect. Thus you're > These are for connecting 2 routers together at different locations via > VPN, not for separating local traffic via VLAN or local VPN. > > completely off topic connecting the WiFi lan to the secure lan via VPN? It should work. -- Lucas Tam (REMOVEn***@rogers.com) Please delete "REMOVE" from the e-mail address when replying. http://members.ebay.com/aboutme/coolspot18/ Lucas Tam <REMOVEn***@rogers.com> wrote in news:Xns95F9C020DB8Fnntprogerscom@
140.99.99.130: > Smowk <Smowk***@Yahoo.com> wrote in nope> news:Xns95F855E35AB2BSmowkieBandit@216.196.97.131: > >> These are for connecting 2 routers together at different locations via >> VPN, not for separating local traffic via VLAN or local VPN. >> >> completely off topic > > Can't you hook your "internal" lan as an outside connect. Thus you're > connecting the WiFi lan to the secure lan via VPN? It should work. > Smowk <Smowk***@Yahoo.com> wrote in news:Xns95F7EDF4B9FC2SmowkieBandit@
216.196.97.131: > anybody know of any wifi router with a vpn server/client setup built in? Zyxel has several.Or a Linksys Router with Sveasoft firmware. -- Lucas Tam (REMOVEn***@rogers.com) Please delete "REMOVE" from the e-mail address when replying. http://members.ebay.com/aboutme/coolspot18/ Lucas Tam <REMOVEn***@rogers.com> wrote in news:Xns95F9BB4DEA75nntprogerscom@
140.99.99.130: > Smowk <Smowk***@Yahoo.com> wrote in news:Xns95F7EDF4B9FC2SmowkieBandit@ These are all for connecting to a VPN server across the internet> 216.196.97.131: > >> anybody know of any wifi router with a vpn server/client setup built in? > > Zyxel has several. > > Or a Linksys Router with Sveasoft firmware. > NOT LOCALLY!!!!!! And they only provide VLAN support for the 5 HARDWARE ports on the router, not the WiFi connection!!! lol i'm guessing there is no options... Smowk <Smowk***@Yahoo.com> wrote in
news:Xns95F7E727490A9SmowkieBandit@216.196.97.131: You would implement a protocol filter on the AP level.> with a vpn server, wouldn't the people who connect to the wifi access > point still be able to browse each other's network neighborhood, they > just wouldn't be able to get to the internet without the client > software? Show quote > i'm worried about netbios transmissions between people on the wifi. > is there a VPN WiFI router and a client that would only allow those > who have the client to connect to the WiFi? And once connected to the > WiFi, would i be able to browse network neighborhood? Or ping local > IPs? > -- Lucas Tam (REMOVEn***@rogers.com) Please delete "REMOVE" from the e-mail address when replying. http://members.ebay.com/aboutme/coolspot18/ Lucas Tam <REMOVEn***@rogers.com> wrote in news:Xns95F9B802630Cnntprogerscom@
140.99.99.130: Show quote > Smowk <Smowk***@Yahoo.com> wrote in which protocol?> news:Xns95F7E727490A9SmowkieBandit@216.196.97.131: > > >> with a vpn server, wouldn't the people who connect to the wifi access >> point still be able to browse each other's network neighborhood, they >> just wouldn't be able to get to the internet without the client >> software? > > You would implement a protocol filter on the AP level. > > >> i'm worried about netbios transmissions between people on the wifi. >> is there a VPN WiFI router and a client that would only allow those >> who have the client to connect to the WiFi? And once connected to the >> WiFi, would i be able to browse network neighborhood? Or ping local >> IPs? >> > > > Smowk <Smowk***@Yahoo.com> wrote in news:Xns95F95921B2E62SmowkieBandit@
216.196.97.131: > which protocol? You could filter NetBios. Cisco's Aironet APs seem to allow you to do this.http://www.cisco.com/en/US/products/hw/wireless/ps4570/products_configurati on_guide_chapter09186a0080209252.html -- Lucas Tam (REMOVEn***@rogers.com) Please delete "REMOVE" from the e-mail address when replying. http://members.ebay.com/aboutme/coolspot18/ Peter Pan wrote:
Show quote > Ken Endeley wrote: I am hoping to move away from havinfg to install any IPsec client the > >>I have been tasked in my company to implement Wireless LAN solution. >>The current wireless solution is very secure but very cumbersome to >>use. We are currently using a bluesocket box as the gateway and ssh >>client for encryption. >> >>An ideal solution must be >> >>1) Easy to implement >>2) Seemless to the user >>3) Simplifies daily operation and management >>4) Secure >>5) Employee satisfaction >> >> >>Any suggestion will be greatly appreciated > > > Consider doing it the safe, easy and secure way... > VPN (Virtual Private Network) server on your network, and VPN client > software (on CD/Diskette/and in a directory that is not part of the VPN so > people can get to it and download it), or pre-installed on machines you > supply at work. > Even allows people to "tunnel into" your network from public > Hotspots/hotels/home etc. > Works on some PDA's that support wireless too. > > We sell VPN servers and client software, (so I can't suggest any without it > sounding like an ad), but generically I can tell you we have VPN servers > that hook into an existing network for about $2800 dollars, and the client > software (used on the laptops/notebooks/pda's etc, is anywhere from free to > $20). > Have to laugh, cause your ideal solutions #1-#5, are what we have in our ad > :) > > Know how to search the internet? (use www.search.com and search for VPN > Server) > > PS.. Another line from our ad "So easy and simple, your boss will love you" > :) > > > > > users machines > Normally you don't have to, (it's built into most op syss/browsers/etc like > I am hoping to move away from havinfg to install any IPsec client the > users machines my XP/ie Win2003/PDA Desktop/Win NT etc), there are however some out there that don't have it built in (think linux or palm os may be that way), don't know what you have, so I didn't want to make any absolute statements about needing it or not. You may want to look at what you have/use, it may already be in there, and you don't have to do anything. Ken Endeley <kenende***@lycos.com> wrote in
news:110k8nmg7o67d4f@corp.supernews.com: If you want secure you'll have to use IPSec. Or possible WPA, but not all > I am hoping to move away from havinfg to install any IPsec client the > users machines machines support WPA. -- Lucas Tam (REMOVEn***@rogers.com) Please delete "REMOVE" from the e-mail address when replying. http://members.ebay.com/aboutme/coolspot18/
Show quote
Ken Endeley <kenende***@lycos.com> wrote in message news:<110ieeie9tf6220@corp.supernews.com>... Have you looked at using WPA with radius authentcation? (such as the> I have been tasked in my company to implement Wireless LAN solution. The > current wireless solution is very secure but very cumbersome to use. We > are currently using a bluesocket box as the gateway and ssh client for > encryption. > > An ideal solution must be > > 1) Easy to implement > 2) Seemless to the user > 3) Simplifies daily operation and management > 4) Secure > 5) Employee satisfaction > > > Any suggestion will be greatly appreciated MS IAS) If you are using both w2k and windows xp I guess you need to find a client that has supports for w2k, one I know is MultiNetwork Manager from http://www.globesoft.com HTH /Mike Mike wrote:
Show quote > Ken Endeley <kenende***@lycos.com> wrote in message news:<110ieeie9tf6220@corp.supernews.com>... No i haven't. But this is the king of solution i am really looking for. > >>I have been tasked in my company to implement Wireless LAN solution. The >>current wireless solution is very secure but very cumbersome to use. We >>are currently using a bluesocket box as the gateway and ssh client for >>encryption. >> >>An ideal solution must be >> >>1) Easy to implement >>2) Seemless to the user >>3) Simplifies daily operation and management >>4) Secure >>5) Employee satisfaction >> >> >>Any suggestion will be greatly appreciated > > > Have you looked at using WPA with radius authentcation? (such as the > MS IAS) > If you are using both w2k and windows xp I guess you need to find a > client that has supports for w2k, one I know is MultiNetwork Manager > from http://www.globesoft.com > > HTH > /Mike Simple and secure.
Show quote
Ken Endeley <kenende***@lycos.com> wrote in message news:<110ledff7b2s9df@corp.supernews.com>... if you are interested, have a look at> Mike wrote: > > Ken Endeley <kenende***@lycos.com> wrote in message news:<110ieeie9tf6220@corp.supernews.com>... > > > >>I have been tasked in my company to implement Wireless LAN solution. The > >>current wireless solution is very secure but very cumbersome to use. We > >>are currently using a bluesocket box as the gateway and ssh client for > >>encryption. > >> > >>An ideal solution must be > >> > >>1) Easy to implement > >>2) Seemless to the user > >>3) Simplifies daily operation and management > >>4) Secure > >>5) Employee satisfaction > >> > >> > >>Any suggestion will be greatly appreciated > > > > > > Have you looked at using WPA with radius authentcation? (such as the > > MS IAS) > > If you are using both w2k and windows xp I guess you need to find a > > client that has supports for w2k, one I know is MultiNetwork Manager > > from http://www.globesoft.com > > > > HTH > > /Mike > > No i haven't. But this is the king of solution i am really looking for. > Simple and secure. "Enterprise Deployment of Secure 802.11 Networks Using Microsoft Windows" http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/ed80211.mspx it describes how to set up the IAS > > No i haven't. But this is the king of solution i am really looking for. FWIW, there is nothing magic about IAS. You can do the radius server for > > Simple and secure. > > if you are interested, have a look at > "Enterprise Deployment of Secure 802.11 Networks Using Microsoft Windows" > http://www.microsoft.com/technet/prodtechnol/winxppro/deploy/ed80211.mspx > it describes how to set up the IAS 802.1x with FreeRadius on a Linux box. In other words, free. -- Joe Matuscak Rohrer Corporation 717 Seville Road Wadsworth, OH 44281  |
|||||||||||||||||||||||
Other interesting topics