Hello all.. I've got a couple of (hopefully!) quick questions regarding a wireless VPN.
I have set up a pix to terminate a VPN for our wireless users, to keep all their network traffic secure. It looks vaguely like this: <<----------VPN--------------->> Laptop ---> Access Point ---> Pix ---> Switch ---> Server 172.16.0.1 10.1.1.11 The laptop is running the Cisco Secure VPN Client (3.5), and when the VPN is connected, the Pix assigns the addresses 10.0.0.90-10.0.0.99 to VPN users for the internal (wired) network. When the traffic gets to the Pix, the VPN is terminated there, and there is no encryption on the wired part of the network. My theory is that if anyone is sitting out in the car park with a laptop with a wireless card, they can associate to the access point all they like, but if they are not authorised VPN users, the Pix will drop their traffic, and thus, stop them from getting into the internal (wired) network. Questions are: 1. Can someone in the car park crack into a VPN users laptop somehow, and then get into the network (ie, bypass the pix and connect via the other laptop? 2. If I ping from the server, to 10.0.0.90 (the VPN user), I get a response. Should this be so? Thanks in advance.. Clinton McDonald CCNA
