[vpn] wep

Ryan Malayter rmalayter at bai.org
Mon Jun 3 16:43:55 EDT 2002 

You use shared-secret (or even certificate-based) IKE and form an IPsec
tunnel between the two firewalls.

So yes, the firewall is open, but only to authenticated and encrypted
traffic coming from the other firewall.

I'm not sure what you think the internet or PPTP has to do with any of
this, since neither Windows nor the internet were mentioned in Pete's
initial post.

	-ryan-

-----Original Message-----
From: Kenneth Erickson [mailto:erickskl at yahoo.com] 
Sent: Monday, June 03, 2002 2:14 PM
To: Ryan Malayter
Subject: RE: [vpn] wep


Dear Ryan,
I don't understand this.  If the wireless Access
Points are outside the firewall then you would have to
open the firewall to let their traffic through.  Then
you would have to authenicate to the server.  Wouldn't
it be easier to have ppptp over internet?

--- Ryan Malayter <rmalayter at bai.org> wrote:
> You need to assume that the wireless link is
> completely compromised. So
> you treat it like you would the public Internet: you
> firewall it. Any of
> the combo firewall/vpn devices out there will work
> for you at 802.11B
> speeds, when set up like this:
> 
> NetworkA<-->Firewall<-->Breezecom
>                         //
>                 Breezecom<-->FireWall<-->NetworkB
> 
> 
> Buying two Netgear FVS318 would probably let you do
> this for less than
> $300 in hardware costs. If you have more than 253
> nodes on either side
> of the network, you'll need something bigger and
> better.
> 
> All you need to do is configure the network and
> Ipsec settings on each
> device, and plug the breezecom stuff into the
> internet/WAN ports on the
> firewalls.
> 
> Regards,
> :::Ryan Malayter
> :::Network Engineer
> :::Bank Administration Institute
> :::Chicago, Illinois, USA
> :::PGP Key: http://www.malayter.com/pgp-public.txt
> 
> 
> 
> -----Original Message-----
> From: Pete Jacob [mailto:pjacob at ftmc.com] 
> Sent: Monday, June 03, 2002 11:29 AM
> To: vpn at securityfocus.com
> Subject: [vpn] wep
> 
> 
> Hello~
> I was wondering if anyone knew of a good solution to
> help my problem...
> I have an external wireless connection to an office
> across the street
> using 
> a Breeze com 802.11B
> technology... but the equipment will only use a
> 40bit WEP key.
> I would like to accomplish the following:
> 1. treat both sites as a different broadcast domains
> 2. have some sort of magical box that will provide
> some sort of magical 
> vpn/3des encryption, and have two ether net ports
> in it, one to connect to the network another to
> connect to the wireless 
> network, then back at the remote site it
> would do the same...
> 
> I was thinking that Cisco probably makes what I need
> but since I am only
> a 
> lowly ccna it might be
> to difficult to configure, and too costly.
> I also think I should be able to do this with a pee
> cea, and two nics...
> 
> but this sounds like a bad idea.
> 
> 
> Thanks~
> Pete.
> 
> VPN is sponsored by SecurityFocus.com
> 


__________________________________________________
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com

VPN is sponsored by SecurityFocus.com

More information about the VPN mailing list