Wireless Vpn Gateway

Hi

I have a small LAN that is connected to the Internet via a hardware firewall.

I would like to add WIFI.

This is my idea; I need to find a wireless vpn gateway that will only let authenticated users on to the LAN via vpn tunnels.

If I can not find a suitable wireless vpn gateway then the next best plan would be a couple of access points connected to a vpn gateway. And then vpn from the client laptops to the gateway and then on to the LAN.

Has anybody tried this? Please give me your suggestions.

Can anybody recommend any products, which can handle the above tasks?

Thanks John

Reply to
news.cable.ntlworld.com
Loading thread data ...

"news.cable.ntlworld.com" wrote in news:scm0e.41942$ snipped-for-privacy@newsfe1-gui.ntli.net:

If you said that above, you most likely only have a NAT router with no FW I suspect. If it doesn't meet the specs in the link for *What does a FW do?*, then it's not a FW appliance.

formatting link
WatchGuard, Cisco, Sonicwall, Snapgear are FW appliances.

formatting link
D-Link, Netgear, Belkin, Linksys etc are NAT routers with FW like features but don't have a FW.

That's a risk.

There must be two valid VPN end points in order for the VPN connection to exist, whether that's a hardware to hardware or software to software VPN connection.

You should look at low-end affordable FW appliances like the WatchGurad SOHO 6tc or other manufactures above with VPN solutions.

You may be able to use a standalone wireless NAT router not in the secure zone/private LAN and VPN into a FW appliance that has the safe zone/private LAN.

You may get beeter info that I can give you or you may want to ask at comp.secuirty.firewalls.

Duane :)

Reply to
Duane Arnold

Get ready to recycle your hardware firewall.

Welcome to the difference between authorized and authenticated. Authorization is the WEP/WPA encryption puzzle found in most wireless access points. Authentication is the RADIUS or WPA-PSK (pre-shared key) authentication the proves the user is whom he claims to be. Once you have authorized and authenticated, then you can start a VPN which will add another layer of encryption and authentication.

Now that you're totally lost, may I humbly request how you're planning to use this thing so that we can recommend the appropriate technology. A VPN is a great way of insuring security. Obviously, one end of the VPN tunnel is at the client wireless computah. However, the other end can be in your wireless router, on your local LAN, at the ISP, or at the destination router. Given infinite funds, you can probably do all of these, but methinks most "small LAN" system are a bit more modest. Also, prices on VPN routers vary radically with the number of simultaneous tunnels. Most junk routers can do 2-10. The big boxes can do thousands.

That's not very clear. Where exactly do you want the VPN to terminate?

If you want to terminate it in the wireless access point or router, see:

formatting link
's all in one box.

Most of the few corporate systems I've dealt with use a VPN to access the corporate network. The VPN usually terminates at a big VPN router at the corporate gateway. Nokia, Sonicwall, Cisco, etc all make these boxes. You don't wanna know the prices.

The basic problem you're about to face is trying to find something that will do everything in one box. This, methinks, is a mistake. Seperate the functions and let each box do its job. The wireless access should be through an access point (or a wireless router that's setup as an access point). Your existing wired router goes away and is replaced with a VPN router. For a really small system, DLink, Netgear, and Linksys all make cheap VPN boxes that (sorta) work. The client computahs get to install and setup IPSec VPN software.

If you don't wanna deal with terminating the VPN, many ISP's will terminate the VPN for you and provide the necessary authorization and authentication. The catch is that the clients need to be customers of the ISP with a valid login/password. For example:

formatting link

Reply to
Jeff Liebermann

If you said that above, you most likely only have a NAT router with no FW I suspect. If it doesn't meet the specs in the link for *What does a FW do?*, then it's not a FW appliance.

formatting link
WatchGuard, Cisco, Sonicwall, Snapgear are FW appliances.

formatting link
D-Link, Netgear, Belkin, Linksys etc are NAT routers with FW like features but don't have a FW.

That's a risk.

There must be two valid VPN end points in order for the VPN connection to exist, whether that's a hardware to hardware or software to software VPN connection.

You should look at low-end affordable FW appliances like the WatchGurad SOHO

6tc or other manufactures above with VPN solutions.

You may be able to use a standalone wireless NAT router not in the secure zone/private LAN and VPN into a FW appliance that has the safe zone/private LAN.

You may get beeter info that I can give you or you may want to ask at comp.secuirty.firewalls.

Duane :)

Reply to
K-Cunt The People's Cunt

Oh, I forgot that K-Cunt Troll return gun fire thing -- pardon me. ;-)

Sorry

Duane ;)

Reply to
Duane Arnold

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.