Educause Security Discussion mailing list archives
Re: FW: [mobility] FW: FW: Wireless Security/Support
From: Michael Lymbery <mlymbery () SCU EDU AU>
Date: Thu, 21 Apr 2005 22:32:22 +1000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thanks for that James. I did suggest using two SSIDs (originally for a different reason - to have staff and student access) but it was decided that this was not an option (too confusing for users?). Thanks again Michael james sankar wrote:
Hi Micheal Tim Chown, has replied to your query via the tf-mobility list hosted by TERENA, please see below Best Regards James Sankar ---------------------------------------------------- Network Engineer - Middleware AARNet Pty Ltd Canberra, Australia Tel: +61 2 6222 3530 (main switchboard) Fax: +61 2 6222 3535 -----Original Message----- From: Tim Chown [mailto:tjc () ecs soton ac uk] Sent: Wednesday, 20 April 2005 6:44 PM To: james sankar Subject: Re: [mobility] FW: FW: [SECURITY] Wireless Security/Support Aha - an official aarnet address, nice :) He could deploy both with the new Cisco AP code that broadcasts 2 SSIDs? Tim On Wed, Apr 20, 2005 at 12:25:10PM +1000, james sankar wrote:Hi Mobilities, Could anyone answer Michael's question below related to the debate on VPN / WPA that was raised on the educause security list? Thanks in advance James ----------------------------------------------------- Network Engineer - Middleware AARNet Pty Ltd Canberra, Australia Tel: +61 2 6222 3530 (main switchboard) Fax: +61 2 6222 3535 -----Original Message----- From: Michael Lymbery [mailto:mlymbery () scu edu au] Sent: Wednesday, 20 April 2005 12:11 PM To: james sankar Subject: Re: FW: [SECURITY] Wireless Security/Support
Sure thing Thanks James james sankar wrote:Hi MichaelCould I pass the email onto the Terena Mobility list in Europe as there has been a lot of debate recently on WPA and they have experience with VPN too and I'm sure they could provide the answers you are looking for.Best RegardsJames Sankar ----------------------------------------------------- Network Engineer - Middleware AARNet Pty Ltd Canberra, AustraliaTel: +61 2 6222 3530 (main switchboard) Fax: +61 2 6222 3535 -----Original Message----- From: Michael Lymbery [mailto:mlymbery () SCU EDU AU] Sent: Tuesday, 19 April 2005 10:42 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Wireless Security/SupportI have been designing our wireless networking architecture at SCU and we have gone through the obligatory VPN or WPA debate. We had settled on VPN for a variety of reasons but just recently I was asked to re-evaluate WPA.As part of the VPN design I included a transparent proxy/web server to provide the function of allowing a user to connect to the wireless network without a tunnel. Then when they try to browse the transparent proxy would redirect them to a web page HOWTO on connecting which would contain a pre-configured VPN client and connection instructions. To do this we would have the client, tranparent proxy and VPN interface on the same subnet. The transparent proxy would deliver DHCP addresses with itself as the default gateway in order to catch all outgoing web-requests without having the transparent proxy inline. When the VPN client connects it does so directly (doesn't need to be routed as it is on the same subnet) thus bypassing the transparent-proxy for VPN access. This is all great for the VPN design but I have not found a similar method of doing so if I was to use WPA.We are using Cisco Aironet APs if that is helpful. So to re-phrase, I would like to know if anybody else has a similar support system in place (transparent proxy with help pages) being used in conjunction with WPA infrastructure. My apologies if I am posting this on the wrong list, just let me know and I will be on my way.Thanks Michael********** Participation and subscription information for this EDUCAUSEDiscussionGroup discussion list can be found at http://www.educause.edu/groups/. -- Michael Lymbery Network Engineer Information Technology and Telecommunication Services Southern Cross University PO Box 157 Lismore NSW 2480 Ph: 61 2 6620 3549 Fax: 61 2 6620 3033 Email: mlymbery () scu edu au http://www.scu.edu.au
- -- Michael Lymbery Network Engineer Information Technology and Telecommunication Services Southern Cross University PO Box 157 Lismore NSW 2480 Ph: 61 2 6620 3549 Fax: 61 2 6620 3033 Email: mlymbery () scu edu au http://www.scu.edu.au -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCZ51OuuXh/DTCOHURApMiAJ0baFccBf59xhSZeDdYvGUnZgDoIgCeMJxn wZejf8OlCJlAx49+irP/U9Y= =pMyY -----END PGP SIGNATURE----- ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
Current thread:
- FW: [mobility] FW: FW: Wireless Security/Support james sankar (Apr 20)
- <Possible follow-ups>
- Re: FW: [mobility] FW: FW: Wireless Security/Support Michael Lymbery (Apr 21)