Re: [fw-wiz] Off Topic: 802.11 Dongles

From: Victor B. Williams (
Date: 08/15/03

  • Next message: Mikael Olsson: "Re: [fw-wiz] NAT for a simple network"
    Date: Fri, 15 Aug 2003 08:11:58 -0500 (CDT)


    I can answer your last question.

    The Cisco VPN clients work like long as you have a 3000
    series concentrator or a PIX acting as the VPN server. The provide
    the same access for Linux and Windows hosts. The Linux client isn't
    GUI like the Windows one...but all the settings are identical, and the
    operation is identical. We have both deployed and it's been the only
    solution that satifies all OS'es. There's also a MAX OS X client.

    Crispin Cowan said:
    > wrote:
    >>This is a little off topic, but something that could benifit all...
    >> Our
    >>laptop users are pushing for wireless, we'd rather not have to
    >> support every
    >>dongle thats out there. We're thinking compromize, we buy the dongle
    >> and
    >>set it up, the end user matches the WEP setting on their WAP.
    > I'm not sure what you mean by "dongle", other than "brand of WiFi
    > card"
    > perhaps?
    > In any case, WEP is useless; easy to crack.
    > What we deployed:
    > * put the WAP outside the firewall, on its own subnet where it
    > can't
    > sniff DMZ traffic
    > * no WEP
    > * casual drive-by users can access the internet, but only have
    > about
    > as much leverage on our LAN as Internet users in Bombay
    > * for access to internal LAN services, make the wireless users use
    > a
    > VPN, just like remote users do
    > This network architecture seems to surprise a lot of people, who keep
    > wishing for a level 2 security solution that will work. Conversely,
    > I've
    > always been surprised at the desire for level 2 security: I always act
    > as if the attacker is clamped to my personal ethernet port, and only
    > send encrypted traffic if it matters at all. Use level 3 crypto if it
    > matters.
    > Of course, that does raise a problem that we haven't solved: what is a
    > good VPN/IPSec solution that works for both Windows and Linux clients?
    > I
    > know, FreeSWAN, but it's flaky, and taking up a lot of our admin's
    > time
    > trying to debug it.
    > Crispin
    > --
    > Crispin Cowan, Ph.D.
    > Chief Scientist, Immunix
    > _______________________________________________
    > firewall-wizards mailing list

    "Real men don't even use monitors! I've just got a guy that can draw
    real fast."

    Victor Williams
    Network Architect
    Election Systems & Software
    (402) 970-1100

    This e-mail transmission and any documents, files or previous e-mail
    messages attached to it may contain information that is confidential,
    protected by the attorney/client or other privileges, and may
    constitute non-public information. It is intended to be conveyed only
    to the designated recipient(s) named above. Any unauthorized use,
    reproduction, forwarding, distribution or other dissemination of this
    transmission is strictly prohibited and may be unlawful. If you are
    not an intended recipient of this e-mail transmission, please notify
    the sender by return e-mail and permanently delete any record of this
    transmission. Your cooperation is appreciated.

    firewall-wizards mailing list

  • Next message: Mikael Olsson: "Re: [fw-wiz] NAT for a simple network"

    Relevant Pages

    • RE: SBS VPN connects but no shares..
      ... VPN clients can no longer access internal resources after you install ... Windows Server 2003 Service Pack 1 on a computer that is running ISA Server ... How to configure a VPN connection to your corporate network in Windows XP ...
    • Re: Consider offline files and VPN domain joined clients.
      ... Everything seems to be going well after a few quirks with adding the vpn connected client computers to the domain. ... The server and server clients is connected to teh internets through a gigabit network, the vpn clients connects to the server from an 8 Mbit connection. ...
    • Re: Unable to access hosts by name across a PPTP VPN connection
      ... How many remote clients ... Home) will only accept one incoming VPN connection at a time using the ... network and as new machines are used as VPN clients. ...
    • RE: VPN issue
      ... I understand that you cannot initialize the VPN ... Could you please let me know if this is a Premium SBS server box with ISA ... To support the PPTP VPN clients behind the ISA server, ...
    • Re: SBS VPN Strengthening
      ... to my other clients, so a software only configuation would be preferred. ... Have SBS 2003 along with Server 2003 at various sites, ... each location and they would establish the VPN between those offices. ... connect to remote offices you could use a hub and spoke method VPN or use ...