Wireless Vpn Gateway

Hi

I have a small LAN that is connected to the Internet via a hardware
firewall.

I would like to add WIFI.

This is my idea; I need to find a wireless vpn gateway that will only let
authenticated users on to the LAN via vpn tunnels.

If I can not find a suitable wireless vpn gateway then the next best plan
would be a couple of access points connected to a vpn gateway. And then vpn
from the client laptops to the gateway and then on to the LAN.

Has anybody tried this? Please give me your suggestions.

Can anybody recommend any products, which can handle the above tasks?



Thanks
John

"news.cable.ntlworld.com" <(E-Mail Removed)> wrote in
news:scm0e.41942$(E-Mail Removed):

> Hi
>
> I have a small LAN that is connected to the Internet via a hardware
> firewall.

If you said that above, you most likely only have a NAT router with no FW
I suspect. If it doesn't meet the specs in the link for *What does a FW
do?*, then it's not a FW appliance.

http://www.vicomsoft.com/knowledge/r...irewalls1.html

WatchGuard, Cisco, Sonicwall, Snapgear are FW appliances.

http://www.homenethelp.com/web/explain/about-NAT.asp

D-Link, Netgear, Belkin, Linksys etc are NAT routers with FW like
features but don't have a FW.

>
> I would like to add WIFI.

That's a risk.

>
> This is my idea; I need to find a wireless vpn gateway that will only
> let authenticated users on to the LAN via vpn tunnels.

>
> If I can not find a suitable wireless vpn gateway then the next best
> plan would be a couple of access points connected to a vpn gateway.
> And then vpn from the client laptops to the gateway and then on to the
> LAN.


There must be two valid VPN end points in order for the VPN connection to
exist, whether that's a hardware to hardware or software to software VPN
connection.

>
> Has anybody tried this? Please give me your suggestions.
>
> Can anybody recommend any products, which can handle the above tasks?
>
You should look at low-end affordable FW appliances like the WatchGurad
SOHO 6tc or other manufactures above with VPN solutions.

You may be able to use a standalone wireless NAT router not in the secure
zone/private LAN and VPN into a FW appliance that has the safe
zone/private
LAN.

You may get beeter info that I can give you or you may want to ask at
comp.secuirty.firewalls.

Duane

On Wed, 23 Mar 2005 22:37:12 GMT, "news.cable.ntlworld.com"
<(E-Mail Removed)> wrote:

>I have a small LAN that is connected to the Internet via a hardware
>firewall.

Get ready to recycle your hardware firewall.

>I would like to add WIFI.
>This is my idea; I need to find a wireless vpn gateway that will only let
>authenticated users on to the LAN via vpn tunnels.

Welcome to the difference between authorized and authenticated.
Authorization is the WEP/WPA encryption puzzle found in most wireless
access points. Authentication is the RADIUS or WPA-PSK (pre-shared
key) authentication the proves the user is whom he claims to be. Once
you have authorized and authenticated, then you can start a VPN which
will add another layer of encryption and authentication.

Now that you're totally lost, may I humbly request how you're planning
to use this thing so that we can recommend the appropriate technology.
A VPN is a great way of insuring security. Obviously, one end of the
VPN tunnel is at the client wireless computah. However, the other end
can be in your wireless router, on your local LAN, at the ISP, or at
the destination router. Given infinite funds, you can probably do all
of these, but methinks most "small LAN" system are a bit more modest.
Also, prices on VPN routers vary radically with the number of
simultaneous tunnels. Most junk routers can do 2-10. The big boxes
can do thousands.

>If I can not find a suitable wireless vpn gateway then the next best plan
>would be a couple of access points connected to a vpn gateway. And then vpn
>from the client laptops to the gateway and then on to the LAN.

That's not very clear. Where exactly do you want the VPN to
terminate?

If you want to terminate it in the wireless access point or router,
see:
http://www.sonicwall.com/products/sohotzw.html
It's all in one box.

>Has anybody tried this? Please give me your suggestions.
>Can anybody recommend any products, which can handle the above tasks?

Most of the few corporate systems I've dealt with use a VPN to access
the corporate network. The VPN usually terminates at a big VPN router
at the corporate gateway. Nokia, Sonicwall, Cisco, etc all make these
boxes. You don't wanna know the prices.

The basic problem you're about to face is trying to find something
that will do everything in one box. This, methinks, is a mistake.
Seperate the functions and let each box do its job. The wireless
access should be through an access point (or a wireless router that's
setup as an access point). Your existing wired router goes away and
is replaced with a VPN router. For a really small system, DLink,
Netgear, and Linksys all make cheap VPN boxes that (sorta) work. The
client computahs get to install and setup IPSec VPN software.

If you don't wanna deal with terminating the VPN, many ISP's will
terminate the VPN for you and provide the necessary authorization and
authentication. The catch is that the clients need to be customers of
the ISP with a valid login/password. For example:
http://www.sonic.net/hotspots/config.shtml


--
# Jeff Liebermann 150 Felker St #D Santa Cruz CA 95060
# 831.336.2558 voice http://www.LearnByDestroying.com
# (E-Mail Removed)
# (E-Mail Removed) AE6KS

"news.cable.ntlworld.com" <(E-Mail Removed)> wrote in message
news:scm0e.41942$(E-Mail Removed)...
> Hi
>
> I have a small LAN that is connected to the Internet via a hardware
> firewall.
>

If you said that above, you most likely only have a NAT router with no FW I
suspect. If it doesn't meet the specs in the link for *What does a FW do?*,
then it's not a FW appliance.

http://www.vicomsoft.com/knowledge/r...irewalls1.html

WatchGuard, Cisco, Sonicwall, Snapgear are FW appliances.

http://www.homenethelp.com/web/explain/about-NAT.asp

D-Link, Netgear, Belkin, Linksys etc are NAT routers with FW like features
but don't have a FW.

> I would like to add WIFI.

That's a risk.

>
> This is my idea; I need to find a wireless vpn gateway that will only let
> authenticated users on to the LAN via vpn tunnels.

> If I can not find a suitable wireless vpn gateway then the next best plan
> would be a couple of access points connected to a vpn gateway. And then
> vpn
> from the client laptops to the gateway and then on to the LAN.

There must be two valid VPN end points in order for the VPN connection to
exist, whether that's a hardware to hardware or software to software VPN
connection.


> Has anybody tried this? Please give me your suggestions.
>
> Can anybody recommend any products, which can handle the above tasks?

You should look at low-end affordable FW appliances like the WatchGurad SOHO
6tc or other manufactures above with VPN solutions.



You may be able to use a standalone wireless NAT router not in the secure
zone/private LAN and VPN into a FW appliance that has the safe zone/private
LAN.



You may get beeter info that I can give you or you may want to ask at
comp.secuirty.firewalls.



Duane

Oh, I forgot that K-Cunt Troll return gun fire thing -- pardon me. ;-)

Sorry

Duane