FW: [mobility] FW: FW: Wireless Security/Support

[james sankar <james.sankar () AARNET EDU AU>]

Hi Micheal

Tim Chown, has replied to your query via the tf-mobility list hosted by
TERENA, please see below

Best Regards

James Sankar
----------------------------------------------------
Network Engineer - Middleware
AARNet Pty Ltd
Canberra, Australia
 
Tel: +61 2 6222 3530 (main switchboard)
Fax: +61 2 6222 3535

-----Original Message-----
From: Tim Chown [mailto:tjc () ecs soton ac uk] 
Sent: Wednesday, 20 April 2005 6:44 PM
To: james sankar
Subject: Re: [mobility] FW: FW: [SECURITY] Wireless Security/Support

Aha - an official aarnet address, nice :)

He could deploy both with the new Cisco AP code that broadcasts 2 SSIDs?

Tim

On Wed, Apr 20, 2005 at 12:25:10PM +1000, james sankar wrote:
> Hi Mobilities,
>
> Could anyone answer Michael's question below related to the debate on
> VPN / WPA that was raised on the educause security list?
>
> Thanks in advance
>
> James
>
> -----------------------------------------------------
> Network Engineer - Middleware
> AARNet Pty Ltd
> Canberra, Australia
>  
> Tel: +61 2 6222 3530 (main switchboard)
> Fax: +61 2 6222 3535
>
> -----Original Message-----
> From: Michael Lymbery [mailto:mlymbery () scu edu au] 
> Sent: Wednesday, 20 April 2005 12:11 PM
> To: james sankar
> Subject: Re: FW: [SECURITY] Wireless Security/Support
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>  
> Sure thing
>
> Thanks James
>
> james sankar wrote:
>
> > Hi Michael
> >
> > Could I pass the email onto the Terena Mobility list in Europe as
> > there has been a lot of debate recently on WPA and they have
> > experience with VPN too and I'm sure they could provide the answers
> > you are looking for.
> >
> > Best Regards
> >
> > James Sankar -----------------------------------------------------
> > Network Engineer - Middleware AARNet Pty Ltd Canberra, Australia
> >
> > Tel: +61 2 6222 3530 (main switchboard) Fax: +61 2 6222 3535
> > -----Original Message----- From: Michael Lymbery
> > [mailto:mlymbery () SCU EDU AU] Sent: Tuesday, 19 April 2005 10:42 PM
> > To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Wireless
> > Security/Support
>
> > I have been designing our wireless networking architecture at SCU
> > and we have gone through the obligatory VPN or WPA debate. We had
> > settled on VPN for a variety of reasons but just recently I was
> > asked to re-evaluate WPA.
> >
> > As part of the VPN design I included a transparent proxy/web server
> > to provide the function of allowing a user to connect to the
> > wireless network without a tunnel. Then when they try to browse
> > the transparent proxy would redirect them to a web page HOWTO on
> > connecting which would contain a pre-configured VPN client and
> > connection instructions. To do this we would have the client,
> > tranparent proxy and VPN interface on the same subnet. The
> > transparent proxy would deliver DHCP addresses with itself as the
> > default gateway in order to catch all outgoing web-requests without
> > having the transparent proxy inline. When the VPN client connects
> > it does so directly (doesn't need to be routed as it is on the same
> > subnet) thus bypassing the transparent-proxy for VPN access. This
> > is all great for the VPN design but I have not found a similar
> > method of doing so if I was to use WPA.
> >
> > We are using Cisco Aironet APs if that is helpful. So to
> > re-phrase, I would like to know if anybody else has a similar
> > support system in place (transparent proxy with help pages) being
> > used in conjunction with WPA infrastructure. My apologies if I am
> > posting this on the wrong list, just let me know and I will be on
> > my way.
> >
> > Thanks Michael
>
> **********
> Participation and subscription information for this EDUCAUSE
Discussion
> Group discussion list can be found at http://www.educause.edu/groups/.
>
>
>
>
> - --
> Michael Lymbery
> Network Engineer
>
> Information Technology and Telecommunication Services
> Southern Cross University
> PO Box 157 Lismore NSW 2480
>
> Ph:  61 2 6620 3549
> Fax: 61 2 6620 3033
> Email: mlymbery () scu edu au
> http://www.scu.edu.au
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.1 (MingW32)
> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
>  
> iD8DBQFCZboauuXh/DTCOHURAgqXAJ9TJDx8+G7Md1PZRz1bdVxGvSlDnACeKGeK
> L3IgCMwlROyrz5R4PF0zin0=
> =BJXw
> -----END PGP SIGNATURE-----

-- 
Tim/::1

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.