Re: VPN over wireless

I'm sure it will work, if I can just 'get over the hump'.

Thanks,
Mike
"John Oliver, Jr. [MVP]" <jcoliverjr@xxxxxxxxxxx> wrote in message
news:%23JYMat4YIHA.1208@xxxxxxxxxxxxxxxxxxxxxxx
I personally use Cisco since I am Cisco Certified. I know with Cisco
Support (Smartnet) with a Cisco Switch it would work. Do not use Dlink
that much so I cannot comment. I would keep pounding on them to get it to
work. You have an investment in their products so they should support it.
This configuration is not uncommon and I cannot believe their equipment
will not support it.

--
John Oliver, Jr
MCSE, MCT, CCNA
Exchange MVP 2008
Microsoft Certified Partner


"Mike Webb" <Mike_Webb@xxxxxxxxxxxxxxxxx> wrote in message
news:%239y7BM4YIHA.4828@xxxxxxxxxxxxxxxxxxxxxxx
I've thought about this a bit and am hesitant to try it for the following
reason: I've tried, on and off, for about 9 months to get VLAN's working
on my network - and no success. I've been on-line and on phone with
D-Link's tech support, even got bumped up a level or two, and we could
never get it to work. I also 'haunted' the MS wireless newsgroup with
this issue. Never got it solved. I could "see" the main building AP
(which is wired) but the remote AP's could never get a connection.

I'd be willing to try again, but I'd need someone who KNOWS the D-Link
managed switches to lend lots of advice.
(I won't bore you or this newsgroup with the details, but will share it
with anyone off-line. I'll post here if it is thought to be
constructive.)

Mike

"John Oliver, Jr. [MVP]" <jcoliverjr@xxxxxxxxxxx> wrote in message
news:eoLack3YIHA.1132@xxxxxxxxxxxxxxxxxxxxxxx
Mike,

I see now, so you only have one Gateway or WAN connection and not two as
it suggested in your first post. I would have setup a separate VLAN on
the L2/L3 switch. You will still the need the Router to issue DHCP and
wireless to the Guest network. Give the LAN IP on the router an IP of
10.0.0.1 (better for separating networks if you use a different Private
Range) So when you create, say VLAN2 on the switch plug the internal
port of the 524 to VLAN2. This will now give the Guest computers IP's
on the 10.0.0.0 network but still access to the internet. Now on the
WAN port of the 524, input an IP address of 192.168.0.50. Plug the WAN
Port of the 524 into the VLAN1. Now you can go the PIII's and add a
persistent route statement for the 192.168.0.0 network. This will now
let the PIII's access the 192.168.0.0 network. You could also do a lot
of this the Cisco Router but you did not state what model you have. It
basically would not require the need for route statements on the PIII's
as the Router would control them through access lists but in your case
we still need the additional DHCP Server and AP so this would not be
relevant. If this does not make a lot of sense then I would contact a
Cisco Engineer to help you out. Better to get this done right the first
time.

--
John Oliver, Jr
MCSE, MCT, CCNA
Exchange MVP 2008
Microsoft Certified Partner


"Mike Webb" <Mike_Webb@xxxxxxxxxxxxxxxxx> wrote in message
news:eE62uO3YIHA.4332@xxxxxxxxxxxxxxxxxxxxxxx
Ok, that makes a bit more sense, but I think I should diagram out my
setup to see if you think your idea will still work.

T1, Cisco
Router
|
unmanaged D-Link
switch
| |
LAN Router Wireless
Router (D-Link DI-524)
192.168.1.1 192.168.0.1
| |
L2/L3 switch (4) wireless
access points (D-Link DWL-2200AP)
(D-Link DES-3828)
192.168.0.100 thru .103
192.168.16.150
|
SBS server
192.168.16.2

So .... how would I do as you suggest?



"John Oliver, Jr. [MVP]" <jcoliverjr@xxxxxxxxxxx> wrote in message
news:OEWyTJ3YIHA.4896@xxxxxxxxxxxxxxxxxxxxxxx
I have no problem with creating a separate network for just the Guests
but why not just let the PIII's connect directly to your LAN throught
the AP's with security enabled? You are essentially doing the same
thing with creating the VPN through the additional internet connection.
When they connect either way, they will still be on your SBS LAN. You
can control access to your SBS LAN AP's with Mac addressing, time
schedule, etc. for the PIII's. This gets them only connected to your
SBS LAN, at that point you can still implement Windows AD Security.

--
John Oliver, Jr
MCSE, MCT, CCNA
Exchange MVP 2008
Microsoft Certified Partner


"Mike Webb" <Mike_Webb@xxxxxxxxxxxxxxxxx> wrote in message
news:OFCDj32YIHA.1532@xxxxxxxxxxxxxxxxxxxxxxx
I've set the AP's and router to WPA2. However, the primary users of
this Guest network are people here for conferences, visitors, grad
and undergrad students in our housing unit during their off time,
etc. I don't want them anywhere NEAR my SBS network, so I don't know
how to give just these 2 PIII's access -- as I think you're
suggesting.


"John Oliver, Jr. [MVP]" <jcoliverjr@xxxxxxxxxxx> wrote in message
news:uY7ewu2YIHA.4160@xxxxxxxxxxxxxxxxxxxxxxx
If you are using wireless then enable encryption WEP or WPA (most
secure) on the wireless AP's. No need for VPN.

--
John Oliver, Jr
MCSE, MCT, CCNA
Exchange MVP 2008
Microsoft Certified Partner


"Mike Webb" <Mike_Webb@xxxxxxxxxxxxxxxxx> wrote in message
news:uI%23MMR2YIHA.208@xxxxxxxxxxxxxxxxxxxxxxx
Running SBS 2003 Premium, Exchange, ISA 2004, SQL, 2 NIC's, router,
L2/L3 switch, WSUS.
==================
I am setting up a separate network for Guest access using a
wireless router with a fixed IP conected to the T1 Cisco router.
My access points are in near-by buildings and connectivity is good.
Our lab is busy from Spring to early Fall with undergraduate and
graduate students, and a part of their duties is to input data into
Excel sheets and database forms. I put a couple old PIII's out
there with wireless cards and would like to give them access to the
LAN so they can get to those resources. Money is tight, otherwise
I'd set up another wireless network. Can I use VPN in this
scenario? (I've never used it or seen it in use.) The setup seems
pretty simple. We are in a remote rural area so I'm not worried
about anyone else getting in. I'm pretty sure I can lock the users
down with folder/file permissions so they can't stray where they
shouldn't. (GP is probably better, but that's another area I've
never gotten into.)

Any and all suggestions and comments are welcome!

--
Mike Webb
Platte River Whooping Crane Maintenance Trust, Inc.
a 501 (c)(3) conservation non-profit organization

















.