|
pc
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Wireless Vpn Gateway
I have a small LAN that is connected to the Internet via a hardware firewall. I would like to add WIFI. This is my idea; I need to find a wireless vpn gateway that will only let authenticated users on to the LAN via vpn tunnels. If I can not find a suitable wireless vpn gateway then the next best plan would be a couple of access points connected to a vpn gateway. And then vpn from the client laptops to the gateway and then on to the LAN. Has anybody tried this? Please give me your suggestions. Can anybody recommend any products, which can handle the above tasks? Thanks John "news.cable.ntlworld.com" <news.ca***@ntlworld.com> wrote in If you said that above, you most likely only have a NAT router with no FW news:scm0e.41942$3A6.27879@newsfe1-gui.ntli.net: > Hi > > I have a small LAN that is connected to the Internet via a hardware > firewall. I suspect. If it doesn't meet the specs in the link for *What does a FW do?*, then it's not a FW appliance. http://www.vicomsoft.com/knowledge/reference/firewalls1.html WatchGuard, Cisco, Sonicwall, Snapgear are FW appliances. http://www.homenethelp.com/web/explain/about-NAT.asp D-Link, Netgear, Belkin, Linksys etc are NAT routers with FW like features but don't have a FW. > That's a risk.> I would like to add WIFI. > There must be two valid VPN end points in order for the VPN connection to > This is my idea; I need to find a wireless vpn gateway that will only > let authenticated users on to the LAN via vpn tunnels. > > If I can not find a suitable wireless vpn gateway then the next best > plan would be a couple of access points connected to a vpn gateway. > And then vpn from the client laptops to the gateway and then on to the > LAN. exist, whether that's a hardware to hardware or software to software VPN connection. > You should look at low-end affordable FW appliances like the WatchGurad > Has anybody tried this? Please give me your suggestions. > > Can anybody recommend any products, which can handle the above tasks? > SOHO 6tc or other manufactures above with VPN solutions. You may be able to use a standalone wireless NAT router not in the secure zone/private LAN and VPN into a FW appliance that has the safe zone/private LAN. You may get beeter info that I can give you or you may want to ask at comp.secuirty.firewalls. Duane :) On Wed, 23 Mar 2005 22:37:12 GMT, "news.cable.ntlworld.com"
<news.ca***@ntlworld.com> wrote: >I have a small LAN that is connected to the Internet via a hardware Get ready to recycle your hardware firewall.>firewall. >I would like to add WIFI. Welcome to the difference between authorized and authenticated.>This is my idea; I need to find a wireless vpn gateway that will only let >authenticated users on to the LAN via vpn tunnels. Authorization is the WEP/WPA encryption puzzle found in most wireless access points. Authentication is the RADIUS or WPA-PSK (pre-shared key) authentication the proves the user is whom he claims to be. Once you have authorized and authenticated, then you can start a VPN which will add another layer of encryption and authentication. Now that you're totally lost, may I humbly request how you're planning to use this thing so that we can recommend the appropriate technology. A VPN is a great way of insuring security. Obviously, one end of the VPN tunnel is at the client wireless computah. However, the other end can be in your wireless router, on your local LAN, at the ISP, or at the destination router. Given infinite funds, you can probably do all of these, but methinks most "small LAN" system are a bit more modest. Also, prices on VPN routers vary radically with the number of simultaneous tunnels. Most junk routers can do 2-10. The big boxes can do thousands. >If I can not find a suitable wireless vpn gateway then the next best plan That's not very clear. Where exactly do you want the VPN to>would be a couple of access points connected to a vpn gateway. And then vpn >from the client laptops to the gateway and then on to the LAN. terminate? If you want to terminate it in the wireless access point or router, see: http://www.sonicwall.com/products/sohotzw.html It's all in one box. >Has anybody tried this? Please give me your suggestions. Most of the few corporate systems I've dealt with use a VPN to access>Can anybody recommend any products, which can handle the above tasks? the corporate network. The VPN usually terminates at a big VPN router at the corporate gateway. Nokia, Sonicwall, Cisco, etc all make these boxes. You don't wanna know the prices. The basic problem you're about to face is trying to find something that will do everything in one box. This, methinks, is a mistake. Seperate the functions and let each box do its job. The wireless access should be through an access point (or a wireless router that's setup as an access point). Your existing wired router goes away and is replaced with a VPN router. For a really small system, DLink, Netgear, and Linksys all make cheap VPN boxes that (sorta) work. The client computahs get to install and setup IPSec VPN software. If you don't wanna deal with terminating the VPN, many ISP's will terminate the VPN for you and provide the necessary authorization and authentication. The catch is that the clients need to be customers of the ISP with a valid login/password. For example: http://www.sonic.net/hotspots/config.shtml -- # Jeff Liebermann 150 Felker St #D Santa Cruz CA 95060 # 831.336.2558 voice http://www.LearnByDestroying.com # je***@comix.santa-cruz.ca.us # je***@cruzio.com AE6KS "news.cable.ntlworld.com" <news.ca***@ntlworld.com> wrote in message If you said that above, you most likely only have a NAT router with no FW I news:scm0e.41942$3A6.27879@newsfe1-gui.ntli.net... > Hi > > I have a small LAN that is connected to the Internet via a hardware > firewall. > suspect. If it doesn't meet the specs in the link for *What does a FW do?*, then it's not a FW appliance. http://www.vicomsoft.com/knowledge/reference/firewalls1.html WatchGuard, Cisco, Sonicwall, Snapgear are FW appliances. http://www.homenethelp.com/web/explain/about-NAT.asp D-Link, Netgear, Belkin, Linksys etc are NAT routers with FW like features but don't have a FW. > I would like to add WIFI. That's a risk.> There must be two valid VPN end points in order for the VPN connection to > This is my idea; I need to find a wireless vpn gateway that will only let > authenticated users on to the LAN via vpn tunnels. > If I can not find a suitable wireless vpn gateway then the next best plan > would be a couple of access points connected to a vpn gateway. And then > vpn > from the client laptops to the gateway and then on to the LAN. exist, whether that's a hardware to hardware or software to software VPN connection. > Has anybody tried this? Please give me your suggestions. You should look at low-end affordable FW appliances like the WatchGurad SOHO > > Can anybody recommend any products, which can handle the above tasks? 6tc or other manufactures above with VPN solutions. You may be able to use a standalone wireless NAT router not in the secure zone/private LAN and VPN into a FW appliance that has the safe zone/private LAN. You may get beeter info that I can give you or you may want to ask at comp.secuirty.firewalls. Duane :) Oh, I forgot that K-c**t Troll return gun fire thing -- pardon me. ;-)
Sorry Duane ;) 
Other interesting topics
Where to Get Full Power Access Point
802.11b/g problems for apartment dwellers Parabolic reflector for Wi-Fi? Netgear ME 102 pass word needed IBM Access Connections -- HELP!! -- Cant log on my laptop anymore SMA Bulkead - tryiong to find on solwise - help Outlook and wireless intrusion detection software Evil Twin Attack For Sale: HP iPAQ Pocket PC H2210 With CompactFlash Cards and AllOther Kinds of Stuff--$100 Minimum! |
|||||||||||||||||||||||
