On Thu, 23 Jan 2003, eric nguyen wrote: > Hi, > > I have assigned the task of setting up a wireless network for my company > > and I am wondering that I use too much "security" for the wireless.
Here are some thoughts. Maybe the CCIE isn't so much of a moron. Because I will state that you do have way too much overhead with all that encryption and it will not scale well at all. What I built some time ago used plain old open accesspoints connected to a switch that was connected to a VPN concentrator. Then on the VPN concentrator we had IPSec running. The clients would use an IPSec client on their laptops/handhelds and then connect to the network over the IPSec tunnel. I would suggest having a PIX behind this just for security concerns. But if you just encrypt every piece of traffic with IPSec you have a product that scales from laptops to handhelds without requiring special client applications. The other advantage is that only IPSec authenticated computers can communicate over the wireless to both the Internet and to the corporate network. In addition, you can use some slick DHCP configs over the IPSec to create multiple "private" networks overtop of the wireless that terminate at the VPN concentrator and they can access through the firewall to only what they need. I would really suggest looking at a PKI infastructure for the IPSec too, that will increase security and simplify roll-out. Hope this gives you some ideas, Andrew --- http://www.andrewsworld.net/ ICQ: 2895251 Cisco Certified Network Associate "Learn from the mistakes of others. You won't live long enough to make all of them yourself." Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=61702&t=61685 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
