Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
413
Views
0
Helpful
2
Replies

wireless and VPN

gaban
Level 1
Level 1

‎10-14-2002 10:29 AM - edited ‎02-21-2020 12:07 PM

We are going to deploy Wireless on our LAN. Beside the suggested Cisco policy for securing wireless we also want to to secure it with VPN. Has anybody done this that can point me where to start. We have a 3000 concentrator, can I user the external interface for this? THanks.

Our Wlan is on an internal network vlan 252 and our lan is the is on different vlans. internal network is 10.13.xxx.xxx/24

thanks.

Labels:
0 Helpful
2 Replies 2

nick.garigliano
Level 1
Level 1

‎10-17-2002 04:14 AM

We just implemented the LEAP thing ourselves. My management also wanted to bring everything through our 3000 Concentrator but I managed to convince them that this was way overkill, not to mention an administrative and political nightmare. I could just imagine the number of support calls we would get when users are confronted with two different prompts. WHat happens when their VPN connection gets terminated for no good reason?

In addition you are now running LAN speed connections with IPSec through your concentrator. I wouldn't want to try this unless I had at least a 3030 with multiple SEP cards. One other thing is that VLAN's are not a security feature. It is possible to hop VLANs (Cisco has a doc out there somewhere concerning this. It isn't easy but they specifically stay not to consider a VLAN a security barrier).

Most of the hype about WEP being insecure has to do with implementations that do not use any encryption at all, but most magazine certified IT people don't get past the headlines anyway. While in theory 802.11b WEP can be cracked it isn't easy. And I have yet to see any reports of someone cracking a correctly implemented Cisco LEAP setup. It would much easier for a hacker to root a box in your DMZ (or internal network if you have holes in your firewall to them).

I basically put it that if they feel that wireless is that much of a threat then it needs to turned off.

0 Helpful

gaban
Level 1
Level 1
In response to nick.garigliano

‎10-17-2002 01:14 PM

thanks for the reply. We do have the acs and leap working and Also VPN but you do have to login twice. We are now trying certificates so users wouldn't have to login twice. I agree the more complex it is the more problems of supporting it. Hopefully our VPN will hold up. I have posed this questio to ou cisco SE. We will Accessing application via Citrix so it will very Thin. I don't know how much overhead IPSEC will be.

Thanks again.

0 Helpful
Customers Also Viewed These Support Documents