Re: WLAN via ISA

• From: "Jim Harrison" <jim@xxxxxxxxxxxx>
• To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
• Date: Mon, 16 Sep 2002 12:45:56 -0700

How vulnerable WEP and 802.11x are is still subject to debate, but if it
makes you nervous, then by all means, restrict it.
Your design is sound; the decision you need to make is whether or not you
want to treat it as "trusted".
If so, assigning an RFC-1918 subnet to it and adding it to the LAT will
allow you to control through-ISA access via ISA rules.
If not, you'll need to treat it as a "DMZ" subnet, while requires packet
filters to control access.

 Jim Harrison
 MCP(NT4, W2K), A+, Network+, PCG
 http://isaserver.org/pages/author_index.asp?aut=3
 http://isatools.org
 Read the books!

----- Original Message -----
From: "Ray Dzek" <rdzek@xxxxxxxxxxxxxxx>
To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
Sent: Monday, September 16, 2002 10:23 AM
Subject: [isalist] WLAN via ISA


http://www.ISAserver.org


Can anybody think of a reason why I would not want to use ISA as a WLAN
gateway to my network?  Here is what I am thinking...

Since we all know that WEP is vulnerable, the recomended method of
connecting 802.11x systems is via VPN.  There are a gazzillion products out
there that will "firewall" your WLAN for you now.  I was thinking why not
just use the tool I already have?  ISA already has all the filtering and VPN
support built in.

So, to go forward, can I just add another NIC to my existing ISA box, plug
my Access Points into that interface, and label it as "outside my network"
and create the VPN (RAS) service to listen for IPSec connections on that
interface and pass them through to my network?  Or do I need to build a
seperate ISA box to handle those connections?

Thanks!

Ray Dzek
Network Operations / Helpdesk
Specialized Bicycle Components
15130 Concord Circle
Morgan Hill, CA 95037
Ph: 408-782-5420
Fx: 408-782-5421
Pg: 408-589-4250


------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

• » WLAN via ISA
• » Re: WLAN via ISA

1. Home
2. isalist
3. Archive
4. 09-2002

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---