How vulnerable WEP and 802.11x are is still subject to debate, but if it makes you nervous, then by all means, restrict it. Your design is sound; the decision you need to make is whether or not you want to treat it as "trusted". If so, assigning an RFC-1918 subnet to it and adding it to the LAT will allow you to control through-ISA access via ISA rules. If not, you'll need to treat it as a "DMZ" subnet, while requires packet filters to control access. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/pages/author_index.asp?aut=3 http://isatools.org Read the books! ----- Original Message ----- From: "Ray Dzek" <rdzek@xxxxxxxxxxxxxxx> To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx> Sent: Monday, September 16, 2002 10:23 AM Subject: [isalist] WLAN via ISA http://www.ISAserver.org Can anybody think of a reason why I would not want to use ISA as a WLAN gateway to my network? Here is what I am thinking... Since we all know that WEP is vulnerable, the recomended method of connecting 802.11x systems is via VPN. There are a gazzillion products out there that will "firewall" your WLAN for you now. I was thinking why not just use the tool I already have? ISA already has all the filtering and VPN support built in. So, to go forward, can I just add another NIC to my existing ISA box, plug my Access Points into that interface, and label it as "outside my network" and create the VPN (RAS) service to listen for IPSec connections on that interface and pass them through to my network? Or do I need to build a seperate ISA box to handle those connections? Thanks! Ray Dzek Network Operations / Helpdesk Specialized Bicycle Components 15130 Concord Circle Morgan Hill, CA 95037 Ph: 408-782-5420 Fx: 408-782-5421 Pg: 408-589-4250 ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe send a blank email to $subst('Email.Unsub')