1. Home
  2. Wireless Networking
  3. Diagram Wirless VPN Gateway

Diagram Wirless VPN Gateway

No. It's an unreadable muddle. Try doing the diagram again, this time without tabs. My guess is you have TABS=4 spaces set, while most readers display 8 spaces. You might also want to fill in some of the missing numbers like make and model of existing equipment, number of users, approximate bandwidth, and type of internet connection (speed).

You also missed my point about where the VPN is going to be terminated. Are you going to terminate it at the: 1. Wireless access point 2. Added VPN gateway router between wireless and wired networks. 3. Existing unspecified model Cisco internet gateway router. 4. ISP if they provide the service. 5. Corporate firewall.

Since you want to use a VPN router as a gateway to your home LAN, you cannot use the existing unspecified model Cisco gateway to control access. All it currently does is control access to the internet. It assumes that a user already has access to your LAN. So, you need to add a VPN router between the insecure wireless network and your secure wired network. Note that you will have two networks. The wireless network that's assumed to be insecure, and the protected wired LAN. The purpose of a (vpn) router is to glue these two networks together.

How are you going to "allow" only pre-defined users to access your wireless access point and *THEN* use a VPN to get to your LAN? The VPN controls access to your wired LAN, not to the wireless WLAN.

Also, one minor problem. Let's pretend that an evil user gets onto your wireless network by cracking the WEP key but cannot get into your VPN. There's nothing to stop this evil user from either using your access point as their private game network repeater, or precipitateing a wireless denial of service attack. Actually, some access points have "client to client protection" features which will prevent the use as a client to client repeater. My point is that this evil user is already on your wireless network even if they did not successfully authenticate with the VPN router. Methinks it would be best to keep them off the access point in the first place. However, if you don't mind hosting a private game network with your access point, then adding a VPN router should be more than adequate security.

Reply to
Jeff Liebermann
Loading thread data ...

Hi All and thanks for your responses.

Let me go into more detail. I have a Cisco SOHO router/firewall connected to the Internet and I have two hubs connected to the Cisco router.

My idea after reading Jeff Liebermann idea is to add wireless access points to the office and enable preshared key, these APs will then be connected to the new VPN gateway which I hope will only allow vpn tunnels thorough it and on to my LAN.

This is my idea in a diagram I hope it explains more.

Internet

| |

Cisco Soho Router/Firewall

| | |

| | |

| | |

| HUB1 HUB2

VPN Gateway | Pc and Laptop

| Pc's and Server

|

Wireless Access Point

¬ ¬

Laptops with Vpn Client software or Built in Xp Client

You both mentioned me binning my Firewall but I would like to keep it.

Does the above diagram make any sense?

My intention is only to allow Predefined laptops on to the Wireless access point and then VPN on to my LAN

Thanks both for those URL I will check them out.

With Thanks John

Reply to
news.cable.ntlworld.com

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.