Re: VPN over wireless

Mike,

I see now, so you only have one Gateway or WAN connection and not two as it
suggested in your first post. I would have setup a separate VLAN on the
L2/L3 switch. You will still the need the Router to issue DHCP and wireless
to the Guest network. Give the LAN IP on the router an IP of 10.0.0.1
(better for separating networks if you use a different Private Range) So
when you create, say VLAN2 on the switch plug the internal port of the 524
to VLAN2. This will now give the Guest computers IP's on the 10.0.0.0
network but still access to the internet. Now on the WAN port of the 524,
input an IP address of 192.168.0.50. Plug the WAN Port of the 524 into the
VLAN1. Now you can go the PIII's and add a persistent route statement for
the 192.168.0.0 network. This will now let the PIII's access the
192.168.0.0 network. You could also do a lot of this the Cisco Router but
you did not state what model you have. It basically would not require the
need for route statements on the PIII's as the Router would control them
through access lists but in your case we still need the additional DHCP
Server and AP so this would not be relevant. If this does not make a lot of
sense then I would contact a Cisco Engineer to help you out. Better to get
this done right the first time.

--
John Oliver, Jr
MCSE, MCT, CCNA
Exchange MVP 2008
Microsoft Certified Partner


"Mike Webb" <Mike_Webb@xxxxxxxxxxxxxxxxx> wrote in message
news:eE62uO3YIHA.4332@xxxxxxxxxxxxxxxxxxxxxxx
Ok, that makes a bit more sense, but I think I should diagram out my setup
to see if you think your idea will still work.

T1, Cisco Router
|
unmanaged D-Link switch
| |
LAN Router Wireless Router
(D-Link DI-524)
192.168.1.1 192.168.0.1
| |
L2/L3 switch (4) wireless
access points (D-Link DWL-2200AP)
(D-Link DES-3828) 192.168.0.100
thru .103
192.168.16.150
|
SBS server
192.168.16.2

So .... how would I do as you suggest?



"John Oliver, Jr. [MVP]" <jcoliverjr@xxxxxxxxxxx> wrote in message
news:OEWyTJ3YIHA.4896@xxxxxxxxxxxxxxxxxxxxxxx
I have no problem with creating a separate network for just the Guests but
why not just let the PIII's connect directly to your LAN throught the AP's
with security enabled? You are essentially doing the same thing with
creating the VPN through the additional internet connection. When they
connect either way, they will still be on your SBS LAN. You can control
access to your SBS LAN AP's with Mac addressing, time schedule, etc. for
the PIII's. This gets them only connected to your SBS LAN, at that point
you can still implement Windows AD Security.

--
John Oliver, Jr
MCSE, MCT, CCNA
Exchange MVP 2008
Microsoft Certified Partner


"Mike Webb" <Mike_Webb@xxxxxxxxxxxxxxxxx> wrote in message
news:OFCDj32YIHA.1532@xxxxxxxxxxxxxxxxxxxxxxx
I've set the AP's and router to WPA2. However, the primary users of
this Guest network are people here for conferences, visitors, grad and
undergrad students in our housing unit during their off time, etc. I
don't want them anywhere NEAR my SBS network, so I don't know how to
give just these 2 PIII's access -- as I think you're suggesting.


"John Oliver, Jr. [MVP]" <jcoliverjr@xxxxxxxxxxx> wrote in message
news:uY7ewu2YIHA.4160@xxxxxxxxxxxxxxxxxxxxxxx
If you are using wireless then enable encryption WEP or WPA (most
secure) on the wireless AP's. No need for VPN.

--
John Oliver, Jr
MCSE, MCT, CCNA
Exchange MVP 2008
Microsoft Certified Partner


"Mike Webb" <Mike_Webb@xxxxxxxxxxxxxxxxx> wrote in message
news:uI%23MMR2YIHA.208@xxxxxxxxxxxxxxxxxxxxxxx
Running SBS 2003 Premium, Exchange, ISA 2004, SQL, 2 NIC's, router,
L2/L3 switch, WSUS.
==================
I am setting up a separate network for Guest access using a wireless
router with a fixed IP conected to the T1 Cisco router. My access
points are in near-by buildings and connectivity is good. Our lab is
busy from Spring to early Fall with undergraduate and graduate
students, and a part of their duties is to input data into Excel
sheets and database forms. I put a couple old PIII's out there with
wireless cards and would like to give them access to the LAN so they
can get to those resources. Money is tight, otherwise I'd set up
another wireless network. Can I use VPN in this scenario? (I've
never used it or seen it in use.) The setup seems pretty simple. We
are in a remote rural area so I'm not worried about anyone else
getting in. I'm pretty sure I can lock the users down with
folder/file permissions so they can't stray where they shouldn't. (GP
is probably better, but that's another area I've never gotten into.)

Any and all suggestions and comments are welcome!

--
Mike Webb
Platte River Whooping Crane Maintenance Trust, Inc.
a 501 (c)(3) conservation non-profit organization











.