On Fri, 9 Mar 2001, Anton Rager wrote:
We have deployed a very similar mechanism as highlighted below in a
network now. I haven't started testing the strength of the solution but
the VPN-1 from Nortel seems to work pretty well, except for all the dammed
filters.
## We're recommending that security minded customers put
## their wireless AP in their DMZ, and use an IPSec
## client from the wireless workstation into a VPN
## appliance for internal network access. This setup puts
## the wireless traffic outside the private network, and
## only allows access into it via IPSec tunnels. It also
## prevents wireless users from accessing your internal
## network un-encrypted.
##
## So -- worst case: someone can snoop/inject traffic
## into your wireless network, but they will only get
## internet access. More paranoid users could create an
## additonal zone [2nd DMZ] with just the wireless AP
## and a VPN server in it. This would limit
## snooping/injection to just that isolated network
## zone.....unless they supply the proper IPSec
## credentials.
##
## My pitch is a Nortel Networks Contivity VPN Switch
## with our Contivity extranet client, but I'm a bit
## biased;) Other VPN solutions could accomplish the
## same thing.
--
wasim_at_expertsystems.net - islamabad, pk - gsm +92300508070 - pgp 0x2EF7F636
Received on Mar 12 2001
Intro
