All -
I have a question regarding the design of a guest anchor configuration using a WiSM. In all of the designs that I've seen thus far, the controller is physically resident in the immediate area of the device providing the DMZ (ASA, ISA, router with firewall, etc.). If you've got a 4400 or 5500, that's pretty easy and reasonable. What about a 6k with a WiSM? I don't expect my customer to move a 6k into that space if they don't have the room or are not using that 6k solely for the purpose of a guest anchor. So how would you implement a WiSM physically separate and still terminate that tunnel through the firewall? I don't see how you could do it, and I would probably terminate the tunnel on the WiSM where it is, and then either use policy routing to point it to the DMZ and/or build a GRE tunnel if it still must be tunneled. Thoughts?
Regards,
Scott