Re: FW: [mobility] FW: FW: Wireless Security/Support

[Michael Lymbery <mlymbery () SCU EDU AU>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Thanks for that James.  I did suggest using two SSIDs (originally for
a different reason - to have staff and student access) but it was
decided that this was not an option (too confusing for users?).

Thanks again
Michael
james sankar wrote:

> Hi Micheal
>
> Tim Chown, has replied to your query via the tf-mobility list
> hosted by TERENA, please see below
>
> Best Regards
>
> James Sankar ----------------------------------------------------
> Network Engineer - Middleware AARNet Pty Ltd Canberra, Australia
>
> Tel: +61 2 6222 3530 (main switchboard) Fax: +61 2 6222 3535
>
> -----Original Message----- From: Tim Chown
> [mailto:tjc () ecs soton ac uk] Sent: Wednesday, 20 April 2005 6:44 PM
> To: james sankar Subject: Re: [mobility] FW: FW: [SECURITY]
> Wireless Security/Support
>
> Aha - an official aarnet address, nice :)
>
> He could deploy both with the new Cisco AP code that broadcasts 2
> SSIDs?
>
> Tim
>
> On Wed, Apr 20, 2005 at 12:25:10PM +1000, james sankar wrote:
>
> > Hi Mobilities,
> >
> > Could anyone answer Michael's question below related to the
> > debate on VPN / WPA that was raised on the educause security
> > list?
> >
> > Thanks in advance
> >
> > James
> >
> > ----------------------------------------------------- Network
> > Engineer - Middleware AARNet Pty Ltd Canberra, Australia
> >
> > Tel: +61 2 6222 3530 (main switchboard) Fax: +61 2 6222 3535
> >
> > -----Original Message----- From: Michael Lymbery
> > [mailto:mlymbery () scu edu au] Sent: Wednesday, 20 April 2005 12:11
> > PM To: james sankar Subject: Re: FW: [SECURITY] Wireless
> > Security/Support

> Sure thing
>
> Thanks James
>
> james sankar wrote:
>
> > Hi Michael
>
> > Could I pass the email onto the Terena Mobility list in Europe as
> > there has been a lot of debate recently on WPA and they have
> > experience with VPN too and I'm sure they could provide the
> > answers you are looking for.
>
> > Best Regards
>
> > James Sankar
> > ----------------------------------------------------- Network
> > Engineer - Middleware AARNet Pty Ltd Canberra, Australia
>
> > Tel: +61 2 6222 3530 (main switchboard) Fax: +61 2 6222 3535
> > -----Original Message----- From: Michael Lymbery
> > [mailto:mlymbery () SCU EDU AU] Sent: Tuesday, 19 April 2005 10:42
> > PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY]
> > Wireless Security/Support
>
> > I have been designing our wireless networking architecture at SCU
> > and we have gone through the obligatory VPN or WPA debate. We
> > had settled on VPN for a variety of reasons but just recently I
> > was asked to re-evaluate WPA.
>
> > As part of the VPN design I included a transparent proxy/web
> > server to provide the function of allowing a user to connect to
> > the wireless network without a tunnel. Then when they try to
> > browse the transparent proxy would redirect them to a web page
> > HOWTO on connecting which would contain a pre-configured VPN
> > client and connection instructions. To do this we would have the
> > client, tranparent proxy and VPN interface on the same subnet.
> > The transparent proxy would deliver DHCP addresses with itself as
> > the default gateway in order to catch all outgoing web-requests
> > without having the transparent proxy inline. When the VPN client
> > connects it does so directly (doesn't need to be routed as it is
> > on the same subnet) thus bypassing the transparent-proxy for VPN
> > access. This is all great for the VPN design but I have not found
> > a similar method of doing so if I was to use WPA.
>
> > We are using Cisco Aironet APs if that is helpful. So to
> > re-phrase, I would like to know if anybody else has a similar
> > support system in place (transparent proxy with help pages) being
> > used in conjunction with WPA infrastructure. My apologies if I
> > am posting this on the wrong list, just let me know and I will be
> > on my way.
>
> > Thanks Michael
>
> ********** Participation and subscription information for this
> EDUCAUSE
>
> > Discussion
>
> Group discussion list can be found at
> http://www.educause.edu/groups/.
>
>
>
>
> -- Michael Lymbery Network Engineer
>
> Information Technology and Telecommunication Services Southern
> Cross University PO Box 157 Lismore NSW 2480
>
> Ph: 61 2 6620 3549 Fax: 61 2 6620 3033 Email: mlymbery () scu edu au
> http://www.scu.edu.au


- --
Michael Lymbery
Network Engineer

Information Technology and Telecommunication Services
Southern Cross University
PO Box 157 Lismore NSW 2480

Ph:  61 2 6620 3549
Fax: 61 2 6620 3033
Email: mlymbery () scu edu au
http://www.scu.edu.au
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCZ51OuuXh/DTCOHURApMiAJ0baFccBf59xhSZeDdYvGUnZgDoIgCeMJxn
wZejf8OlCJlAx49+irP/U9Y=
=pMyY
-----END PGP SIGNATURE-----

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.