Re: Wireless Access Point on external router?
- From: doucettea <doucettea@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 8 May 2007 14:18:01 -0700
So, WPA with PSKs will be enough? That's great news, and less of a headache.
I'll only have a few wireless connections anyway.
If WPA2 is not enough security for some reason, please let me know.
Otherwise, I'll implement this.
Thanks again,
Ari
"Dave Nickason [SBS MVP]" wrote:
As Owen says in the document, that configuration will break VPN. I can't.
imagine that you're going to want to put in a second server to do RADIUS
(although if you already have a second server, it can do RADIUS as well -
it's not a high impact service). What I would do is to either use RWW
instead of VPN as Cris suggests, or configure WPA2 manually using pre-shared
keys. The primary disadvantages to PSK are the additional labor to set up
new hardware as you add it, and that users may be able to obtain the key and
use it on unauthorized equipment. If you trust the users, and change the
pre-shared key when a user leaves, you should be OK with this.
When I use PSKs, I use this to get a random 63-character key. (Not all
equipment will take a 64-character key). https://www.grc.com/passwords.htm
"doucettea" <doucettea@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:D0CF64B7-F286-4FD6-A11A-BF11A0F0BD6B@xxxxxxxxxxxxxxxx
Dave,
In the article you linked to about setting up 802.11x on SBS for the WAP,
there is a caveat that VPN might not work. Of course, I would like to have
VPN and good wireless security, so is there a workaround? How likely is
VPN
to stop working (we do use ISA 2004)?
The article mentions that using RADIUS would fix this, but that it would
be
used instead of Windows Authenticaion for VPN connections?
What does this mean, practically?
The article also mentions that getting a RADIUS server would be necessary.
We don't have an additional server available. Are the "free RADIUS
servers"
mentioned by the article OK?
I guess I'm starting to get into something more involved than I expected
for
setting up secure wireless and having VPN connectivity. Am I overly
concerned?
Thanks,
Ari
"Dave Nickason [SBS MVP]" wrote:
I don't use Linksys WAPs at the office, but I do use them at home, and at
the homes of anyone I support for wireless. I've been completely happy
with
them.
At the office, I've wanted to use a commercial quality WAP instead of a
home-quality device. I use 3Coms, and I'm very happy with them. I've
got
to say, for the one or two users at home and the six or so at the office,
I
haven't really seen a difference in reliability or functionality between
the
two brands. I've recently seen a lot of favorable comments about DLink,
but
don't have any personal experience with them.
With wireless, every device has to support the settings you want to use.
I
recommend getting one with a good range of features so it doesn't become
the
weak point in your deployment plans. Specifically, I would not purchase
a
device that does not support "WPA2 Enterprise" security.
"doucettea" <doucettea@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:A9ECBBC4-0089-4B09-834A-939C1702F463@xxxxxxxxxxxxxxxx
Thank you, Dave. I'm using SBS premium, ISA, 2 NICs. So, per your
suggestion,
I shouldn't put the WAP outside of ISA. Instead, I should put the WAP
on
the
internal switch.
Can you recommend a good (cheap, for small home-based office) WAP? Is
the
Linksys WRT54gL the way to go for the WAP (as it is recommended in
other
recent posts)?
Is the Dlink di804hv OK for the router/firewall (since I'm also using
ISA)?
It is also recommended in other posts.
Thanks again,
Ari
"Dave Nickason [SBS MVP]" wrote:
Is this SBS Standard or Premium? If it's Premium, I would not use a
device
outside of ISA to provide LAN access. If you're using the router as
the
firewall device, without ISA, then you can use a combination wireless
device
such as a Sonicwall. I'd be reluctant to use a low-priced NAT device
in
this way.
What I think would be the best practice: get a good quality
non-wireless
firewall that you're comfortable with. Get a separate WAP and install
it
with these instructions. This will give you the appropriate security
for
both the perimeter and the internal wireless network.
Configuring Secure Wireless Network Access with Microsoft® Windows®
Small
Business Server 2003
http://home.comcast.net/~clearviewtc/
"doucettea" <doucettea@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:52DA73CF-66B8-4831-BE3C-AB429F8E8ABF@xxxxxxxxxxxxxxxx
Hi all,
Is it possible to use the wireless access from a router/firewall
between
the
SBS external NIC and the cable modem for access to the internal
network?
I need to get a new router/firewall to put between the SBS and the
cable
modem b/c VPN isn't working through the current one. I'd also like
to
replace
the WAP we've been using because it doesn't have the gratest
security
(it
currently connects by cat5 to the switch on the internal network).
Could
all
of this be accomplished with one device (like the Linksys WRT54gL)?
Or
do
I
need to buy a new router/firewall (Dlink di804hv ?) and then add the
WAP
to
the switch on the inside (still go with the Linksys)?
Thanks,
Ari
- Follow-Ups:
- Re: Wireless Access Point on external router?
- From: Owen Williams [SBS MVP]
- Re: Wireless Access Point on external router?
- From: Dave Nickason [SBS MVP]
- Re: Wireless Access Point on external router?
- References:
- Re: Wireless Access Point on external router?
- From: Dave Nickason [SBS MVP]
- Re: Wireless Access Point on external router?
- From: Dave Nickason [SBS MVP]
- Re: Wireless Access Point on external router?
- From: doucettea
- Re: Wireless Access Point on external router?
- From: Dave Nickason [SBS MVP]
- Re: Wireless Access Point on external router?
- Prev by Date: Re: Please Help - MMC console error on clients at startup.
- Next by Date: Re: Wireless Access Point on external router?
- Previous by thread: Re: Wireless Access Point on external router?
- Next by thread: Re: Wireless Access Point on external router?
- Index(es):
Relevant Pages
|
Loading
