[vpn] wep

Stephen Hope Stephen.Hope at energis.com
Wed Jun 5 07:56:14 EDT 2002 

Pete,

Don't dismiss the Cisco stuff out of hand - sometimes they do get the costs
right. You could use cisco firewall, routers, or VPN appliances.

The Cisco 506E and 515E firewalls would be my choice, since they have the
tools to do what you want - which box to choose depends on the number of
users and activity across the link. 

Router examples are such as 1721 or 2650 with hardware encryption, or the
VPN3015 for VPN boxes.

The VPN boxes are the easiest to use and configure - routers most general
utility and flexibility, and the firewalls probably the most secure - your
choice. 

The routers and VPN boxes have optional hardware acceleration, so would give
you the option to choose the price performance you need. PIX used to be the
same but the "E" models have encryption hardware as standard (so long as you
spec that on the order).

A couple of points:

The wireless link runs at effective speed of 5 to 8 Mbps half duplex, so you
will need hardware encryption support. A lot of the low end kit is designed
for a 512k WAN limit from ADSL or cable.

If you want the sites to be separate broadcast domains, then you need
something that understands routing (and all the protocols you use) - this
should be a given for IP with any of the solutions that have been suggested
- almost any others will need a good router.

You may need some specialised routing functions, such as DHCP forwarding. 

If you have a WAN you may need OSPF etc, or some static routes to resolve
the rest of the network topology.

When you put it in, you will find that you need to re-address at least 1
building.

Good luck

Stephen

-----Original Message-----
From:	Pete Jacob [mailto:pjacob at ftmc.com]
Sent:	Monday, June 03, 2002 5:29 PM
To:	vpn at securityfocus.com
Subject:	[vpn] wep

 << File: ATT120498.txt >> << File: ATT120499.txt >> Hello~
I was wondering if anyone knew of a good solution to help my problem...
I have an external wireless connection to an office across the street using 
a Breeze com 802.11B
technology... but the equipment will only use a 40bit WEP key.
I would like to accomplish the following:
1. treat both sites as a different broadcast domains
2. have some sort of magical box that will provide some sort of magical 
vpn/3des encryption, and have two ether net ports
in it, one to connect to the network another to connect to the wireless 
network, then back at the remote site it
would do the same...

I was thinking that Cisco probably makes what I need but since I am only a 
lowly ccna it might be
to difficult to configure, and too costly.
I also think I should be able to do this with a pee cea, and two nics... 
but this sounds like a bad idea.


Thanks~
Pete.


********************************************************************************************************
This e-mail is from Energis plc, 50 Victoria Embankment, London, EC4Y 0DE, United 
Kingdom, No: 2630471.

This e-mail is confidential to the addressee and may be privileged. The views 
expressed are personal and do not necessarily reflect those of Energis. If you are not 
the intended recipient please notify the sender immediately by calling our switchboard on 
+44 (0) 20 7206 5555 and do not disclose to another person or use, copy or forward 
all or any of it in any form.

********************************************************************************************************


VPN is sponsored by SecurityFocus.com

More information about the VPN mailing list