[vpn] Update to: Securing 802.11b in W2K environment?

dgillett at deepforest.org dgillett at deepforest.org
Tue Nov 13 09:55:16 EST 2001 

On 5 Nov 2001, at 14:55, Spencer, Mark (SUF) wrote:

> 6.) A suggestion that was offered by Kent Dallas was to place a
> hub between the cable modem and my outside NIC on the W2K gateway,
> and hanging the wireless solution off the hub, outside of my LAN. 
> I'm probably going to try that this week.  My question is, if I
> setup the Linksys WAP11 to serve up DHCP to my wireless clients,
> won't it serve up DHCP to ANY wireless client? Or would the WEP run
> over the DHCP functions providing some kind of authentication?  I
> guess a problem that is encountered is that my cable modem is tied
> to the MAC of my W2K gateway machine.  So the wireless clients need
> to connect to the access point on the hub, pass through the switch
> to my W2K machine, then back out via the Sygate application which
> is serving my NAT.  I think this packet forwarding with multiple
> interfaces, NAT, VPN, and wireless issues are going to make this
> somewhat murky. 

> ....  My question is, if I setup the Linksys WAP11 to serve up DHCP
> to my wireless clients, won't it serve up DHCP to ANY wireless
> client? 

  Yes, but since the cable modem is keyed to your Win2K machine's MAC 
address, all they can talk to is each other (limited interest) or the 
Win 2K machine -- which wants them to log in as VPN clients before it 
provides them with any other service, including access to the cable 
modem.

> ....  So the wireless clients need to connect to the access point
> on the hub, pass through the switch to my W2K machine, then back
> out via the Sygate application which is serving my NAT. 

  NO!!  The hub does NOT plug into the switch.  The WAP, the cable 
modem and the Win2K machine ("outside" NIC only -- currently plugged 
direct to cable modem) plug into the hub.  The hub and the switch are 
in separate subnets which connect only through the Win2K box.  The 
Win2K box is configured so that traffic from addresses in the WAP's 
DHCP scope is only accepted to establish and carry VPN tunnel 
traffic.

DG



VPN is sponsored by SecurityFocus.com

More information about the VPN mailing list