Wireless VPNs

Stephen Hope shope at energis-eis.co.uk
Mon Jul 16 06:24:47 EDT 2001 

Phil,

a list of issues which came up with some stuff we were involved in. We were
only doing "raw" wireless for LAN access in enterprise environments, rather
than VPN on top of wireless.

We were working with Cisco Aeronet gear, but i suspect these points are more
general.

1.	Op sys integration - the wireless drivers were awkward to integrate
into Win 95, especially in laptops already set up to use Xircom 100 M
Ethernet. Much less hassle with Win 98.

2.	Op sys stability - again Win 95 can have tantrums when the wireless
link vanishes and applications loose their connections - seems to be a
general problem that the op sys and apps make assumptions about connections
not vanishing during use, and dont recover well.....

3.	Roaming needs layer 2 connectivity between the access points. 1
customer wants their developers to be able to roam throughout a campus, but
also just replaced an ATM backbone with a "pure" layer 3 switched campus.
The roaming requirement means the wireless points need a single VLAN smeared
over the campus, spanning tree to control the backbone resilience and loops,
and generally doesnt fit into the layer 3 backbone design. It doesnt help
that there are 2 manufacturers equipment involved, and no common VLANs
across campus...

NB - the developers have found that they can take a laptop into a separate
cafeteria on the other side of a public road and get a working link there
(not enough meeting rooms) - but the security team didnt like the
implications for security outside the building structure.

4.	Dead spots. Things that have caused issues with coverage are:

building design (get much better signal coverage along the girders in the
floor / ceiling / wall rather than at 45 degree lines).

metalwork - computer rooms and storage racking seem to give problems.

i didnt have any trouble with gold film coated windows, but that may depend
on the amount of glass.

Generally, i have been pleasantly surprised about the way this stuff works -
i expected more problems with black magic than we got in practise.

regards

Stephen

Stephen Hope C. Eng, Network Consultant, shope at energis-eis.co.uk,
Energis Integration Services Ltd, WWW: http://www.energis-eis.co.uk
Carrington Business Park, Carrington, Manchester , UK. M31 4ZU
Tel: +44 (0)161 776 4194 Mob: +44 (0)7767 256 180 Fax: +44 (0)161 776
4189


> -----Original Message-----
> From: Phil Cox [mailto:Phil.Cox at SystemExperts.com]
> Sent: 13 July 2001 04:44
> To: vpn at securityfocus.com
> Subject: Wireless VPNs
> 
> 
> All,
> 
> I am doing research on Wireless VPN's. In particular I am looking for
> problems that people are having to overcome when developing and/or
> implementing them. I can only really think of the following, 
> and am looking
> for any others that folks have seen:
> 
> - Resources (CPU, Memory) on handhelds
> - "Lossy"ness of wireless networks
> - Lack of ability of deployed devices to support VPN clients 
> (i.e., old
> phones and handhelds)
> 
> Any thoughts about problems, and potential solutions are appreciated.
> 
> Also, I would be very interested in any implementations that 
> you use, and
> why you like them (or not).
> 
> Any and all comments are appreciated.
> 
> Phil
> 
> 
> VPN is sponsored by SecurityFocus.com
> 

VPN is sponsored by SecurityFocus.com

More information about the VPN mailing list