Re: VPN over wireless

I personally use Cisco since I am Cisco Certified. I know with Cisco
Support (Smartnet) with a Cisco Switch it would work. Do not use Dlink that
much so I cannot comment. I would keep pounding on them to get it to work.
You have an investment in their products so they should support it. This
configuration is not uncommon and I cannot believe their equipment will not
support it.

--
John Oliver, Jr
MCSE, MCT, CCNA
Exchange MVP 2008
Microsoft Certified Partner


"Mike Webb" <Mike_Webb@xxxxxxxxxxxxxxxxx> wrote in message
news:%239y7BM4YIHA.4828@xxxxxxxxxxxxxxxxxxxxxxx
I've thought about this a bit and am hesitant to try it for the following
reason: I've tried, on and off, for about 9 months to get VLAN's working
on my network - and no success. I've been on-line and on phone with
D-Link's tech support, even got bumped up a level or two, and we could
never get it to work. I also 'haunted' the MS wireless newsgroup with
this issue. Never got it solved. I could "see" the main building AP
(which is wired) but the remote AP's could never get a connection.

I'd be willing to try again, but I'd need someone who KNOWS the D-Link
managed switches to lend lots of advice.
(I won't bore you or this newsgroup with the details, but will share it
with anyone off-line. I'll post here if it is thought to be
constructive.)

Mike

"John Oliver, Jr. [MVP]" <jcoliverjr@xxxxxxxxxxx> wrote in message
news:eoLack3YIHA.1132@xxxxxxxxxxxxxxxxxxxxxxx
Mike,

I see now, so you only have one Gateway or WAN connection and not two as
it suggested in your first post. I would have setup a separate VLAN on
the L2/L3 switch. You will still the need the Router to issue DHCP and
wireless to the Guest network. Give the LAN IP on the router an IP of
10.0.0.1 (better for separating networks if you use a different Private
Range) So when you create, say VLAN2 on the switch plug the internal
port of the 524 to VLAN2. This will now give the Guest computers IP's on
the 10.0.0.0 network but still access to the internet. Now on the WAN
port of the 524, input an IP address of 192.168.0.50. Plug the WAN Port
of the 524 into the VLAN1. Now you can go the PIII's and add a
persistent route statement for the 192.168.0.0 network. This will now
let the PIII's access the 192.168.0.0 network. You could also do a lot
of this the Cisco Router but you did not state what model you have. It
basically would not require the need for route statements on the PIII's
as the Router would control them through access lists but in your case we
still need the additional DHCP Server and AP so this would not be
relevant. If this does not make a lot of sense then I would contact a
Cisco Engineer to help you out. Better to get this done right the first
time.

--
John Oliver, Jr
MCSE, MCT, CCNA
Exchange MVP 2008
Microsoft Certified Partner


"Mike Webb" <Mike_Webb@xxxxxxxxxxxxxxxxx> wrote in message
news:eE62uO3YIHA.4332@xxxxxxxxxxxxxxxxxxxxxxx
Ok, that makes a bit more sense, but I think I should diagram out my
setup to see if you think your idea will still work.

T1, Cisco Router
|
unmanaged D-Link
switch
| |
LAN Router Wireless Router
(D-Link DI-524)
192.168.1.1 192.168.0.1
| |
L2/L3 switch (4) wireless
access points (D-Link DWL-2200AP)
(D-Link DES-3828)
192.168.0.100 thru .103
192.168.16.150
|
SBS server
192.168.16.2

So .... how would I do as you suggest?



"John Oliver, Jr. [MVP]" <jcoliverjr@xxxxxxxxxxx> wrote in message
news:OEWyTJ3YIHA.4896@xxxxxxxxxxxxxxxxxxxxxxx
I have no problem with creating a separate network for just the Guests
but why not just let the PIII's connect directly to your LAN throught
the AP's with security enabled? You are essentially doing the same
thing with creating the VPN through the additional internet connection.
When they connect either way, they will still be on your SBS LAN. You
can control access to your SBS LAN AP's with Mac addressing, time
schedule, etc. for the PIII's. This gets them only connected to your
SBS LAN, at that point you can still implement Windows AD Security.

--
John Oliver, Jr
MCSE, MCT, CCNA
Exchange MVP 2008
Microsoft Certified Partner


"Mike Webb" <Mike_Webb@xxxxxxxxxxxxxxxxx> wrote in message
news:OFCDj32YIHA.1532@xxxxxxxxxxxxxxxxxxxxxxx
I've set the AP's and router to WPA2. However, the primary users of
this Guest network are people here for conferences, visitors, grad and
undergrad students in our housing unit during their off time, etc. I
don't want them anywhere NEAR my SBS network, so I don't know how to
give just these 2 PIII's access -- as I think you're suggesting.


"John Oliver, Jr. [MVP]" <jcoliverjr@xxxxxxxxxxx> wrote in message
news:uY7ewu2YIHA.4160@xxxxxxxxxxxxxxxxxxxxxxx
If you are using wireless then enable encryption WEP or WPA (most
secure) on the wireless AP's. No need for VPN.

--
John Oliver, Jr
MCSE, MCT, CCNA
Exchange MVP 2008
Microsoft Certified Partner


"Mike Webb" <Mike_Webb@xxxxxxxxxxxxxxxxx> wrote in message
news:uI%23MMR2YIHA.208@xxxxxxxxxxxxxxxxxxxxxxx
Running SBS 2003 Premium, Exchange, ISA 2004, SQL, 2 NIC's, router,
L2/L3 switch, WSUS.
==================
I am setting up a separate network for Guest access using a wireless
router with a fixed IP conected to the T1 Cisco router. My access
points are in near-by buildings and connectivity is good. Our lab
is busy from Spring to early Fall with undergraduate and graduate
students, and a part of their duties is to input data into Excel
sheets and database forms. I put a couple old PIII's out there with
wireless cards and would like to give them access to the LAN so they
can get to those resources. Money is tight, otherwise I'd set up
another wireless network. Can I use VPN in this scenario? (I've
never used it or seen it in use.) The setup seems pretty simple.
We are in a remote rural area so I'm not worried about anyone else
getting in. I'm pretty sure I can lock the users down with
folder/file permissions so they can't stray where they shouldn't.
(GP is probably better, but that's another area I've never gotten
into.)

Any and all suggestions and comments are welcome!

--
Mike Webb
Platte River Whooping Crane Maintenance Trust, Inc.
a 501 (c)(3) conservation non-profit organization















.