Wireless hot-spot

sc · ‎01-04-2011

Hi,

I am going o create a wireless hot-spot in a small compagny. My plan is to connect a Linksys wireless-N router to the DMZ port of the RVL200 router.

It is intended that users on the wireless network should use the VPN on RVL200 to gain access to the internal network, just as they would do if they were out of office.

Users of the wireless network must not have access to the internal network through LAN, as there will also be guests accessing the wireless network.

Do i need to configure V-LAN or routing.

Only one external IP is at hand

Could i use the default gateway for the WAN connection on the wireless router ?

b.garczynski · ‎01-04-2011

Svend,

I am not sure about the functionality or feature set of the Linksys, but it would be easiest to configure two separate SSIDs, one for production data use with WPA2 AES encryption and the other as either an open SSID or a well known PSK. You must then tie each SSID to a specific port on the Linksys and cable the guest SSID to the DMZ of your firewall and the production SSID to your internal network. I would recommend using PEAP or EAP-TLS on the production SSID if at all possible as the PSK tends to leak out over time and it is not easily changed. If you like you could place the wireless and wired networks in separate VLANs/Subnets but this is not required. I think this option will be much cleaner than some type of "hair-pin" VPN configuration. I am also assuming that your DMZ is in a separate subnet and therefore at least the guest SSID is in a unique subnet that does not route on the internal LAN.

Thanks,