Hi Walden,

It sounds like you have this setup now.  Would you mind sharing 
model numbers?

Thanks,
Gary

> OK, this is when I like things that _aren't_ bundled together. Let's see
> if I can ASCII-art this:
> 
> 
> -----Internet-----
>         |
>         |
>      Firewall
>         |
>         |
> -------DMZ--------
>  |         |                    
>  |         |         ---WirelessLan---
>  |         |                    |
>  GW       VPNServer-------WirelessRouter
>  |         |
>  |         |
> ---InternalNet---
> 
> The gateway (GW) is a linksys router (w/o wireless) and the wireless
> router is a linksys wireless access point (but not router). Since
> they're separate devices I can assign separate IP ranges. Don't know if
> you can do that w/the integrated models. The VPNServer is a W2K box
> running RAS.
> 
> The DMZ has by 68.164.141.x IPs, the InternalNet has my 10.100.10.x IPs
> and the wireless has my 10.100.12.x Ips.
> 
> -Walden
> 
> 
> ------------
> Walden H Leverich III
> President & CEO
> Tech Software
> (516) 627-3800 x11
> WaldenL@xxxxxxxxxxxxxxx
> http://www.TechSoftInc.com
> 
> Quiquid latine dictum sit altum viditur.
> (Whatever is said in Latin seems profound.)
> 
> 
> 
> -----Original Message-----
> From: pctech-bounces@xxxxxxxxxxxx [mailto:pctech-bounces@xxxxxxxxxxxx]
> On Behalf Of Gary Kuznitz
> Sent: Thursday, 17 March, 2005 01:50
> To: PC Technical Discussion for iSeries Users
> Subject: Re: [PCTECH] RE: Communicate from a laptop
> 
> Hi Walden,
> 
> >  So what I'm proposing is put
> > the wireless people on their own subnet and bring up a VPN connection
> to
> > the "real" subnet. This way they can access "protected" resources over
> > the VPN and still be wireless. 
> I'm not following how to accomplish this.  Maybe you have more 
> resources than I am thinking about.  If a person uses a SonicWall 
> TZW the Wireless is on a different subnet than the lan.  But of 
> course it comes with a VPN for the wireless.  If a person uses any 
> other wireless router they only allow you to have one subnet on the 
> router.  (At least the ones I have been working with)
> I don't  understand this even if you have one router for wireless and 
> one  router for a Lan.  The Lan router would have to be able to 
> accept more than one subnet.  If you are talking about a very 
> expensive router I could understand this.  Do you know of routers 
> under $150 that can do this?   I'd love to learn more details of what 
> you are proposing. 
> 
> > Now, as for the internet, you could either force them to come over the
> > VPN and then out through the same interface as the hardwired people,
> or
> > you could provide another route to the internet for the wireless
> people.
> It makes sense.  I just don't know of what hardware/software is 
> required to accomplish this.
> 
> > Make sense, or did I miss something?
> > 
> > -Walden
> Thank you,
> 
> Gary Kuznitz
> 
> > 
> > ------------
> > Walden H Leverich III
> > President & CEO
> > Tech Software
> > (516) 627-3800 x11
> > WaldenL@xxxxxxxxxxxxxxx
> > http://www.TechSoftInc.com
> > 
> > Quiquid latine dictum sit altum viditur.
> > (Whatever is said in Latin seems profound.)
> > 
> > 
> > 
> > -----Original Message-----
> > From: Gary Kuznitz [mailto:docfxit@xxxxxxxxxxxx] 
> > Sent: Wednesday, 16 March, 2005 15:09
> > To: PC Technical Discussion for iSeries Users
> > Cc: Walden H. Leverich
> > Subject: RE: Communicate from a laptop
> > 
> > Moved from Midrange List
> > 
> > Hi Walden,
> > 
> > Thanks for your input.  My iimmediate need is to protect the wireless 
> > transmission in the office.  I can easily setup a VPN tunnel between 
> > the laptop --> over wireless --> to a remote office.   Which covers 
> > the wireless part easily.  The problem is when I need to surf the 
> > internet to other locations. Like when I need to transmit to other 
> > people that don't have VPN setup.  At these times I'd like to have 
> > the wireless protected.
> > 
> > Thank you,
> > 
> > Gary Kuznitz
> > 
> > > Gary,
> > > 
> > > We use W2K as our VPN server (no surprise there, right? <G>) so what
> > we
> > > did in this situation was deploy a second subnet for all wireless
> > > access. That subnet, while it has a private IP range (10.100.12.x)
> is
> > > still considered by us to be a public network, so there's no direct
> > > connect between the wireless subnet and our internal network.
> However,
> > > the VPN server is connected to that subnet. So when you're wireless
> > you
> > > need to bring up a VPN connection just as if you were anywhere on
> the
> > > internet, and the connection is the same one you'd bring up from
> home
> > --
> > > into the same VPN server you'd access from home. 
> > > 
> > > What I'm getting at is, do you need a separate VPN server for the
> > > wireless stuff, or can you setup your current VPN server to handle
> > > another subnet?
> > > 
> > > -Walden
> > > 
> > > 
> > > ------------
> > > Walden H Leverich III
> > > President & CEO
> > > Tech Software
> > > (516) 627-3800 x11
> > > WaldenL@xxxxxxxxxxxxxxx
> > > http://www.TechSoftInc.com
> > > 
> > > Quiquid latine dictum sit altum viditur.
> > > (Whatever is said in Latin seems profound.)
> > > 
> > 
> > 
> > 
> > -- 
> > This is the PC Technical Discussion for iSeries Users (PcTech) mailing
> list To
> > post a message email: PcTech@xxxxxxxxxxxx To subscribe, unsubscribe,
> or change
> > list options, visit: http://lists.midrange.com/mailman/listinfo/pctech
> or email:
> > PcTech-request@xxxxxxxxxxxx Before posting, please take a moment to
> review the
> > archives at http://archive.midrange.com/pctech.
> 
> 
> -- 
> This is the PC Technical Discussion for iSeries Users (PcTech) mailing
> list
> To post a message email: PcTech@xxxxxxxxxxxx
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/mailman/listinfo/pctech
> or email: PcTech-request@xxxxxxxxxxxx
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/pctech.
> 
> -- 
> This is the PC Technical Discussion for iSeries Users (PcTech) mailing list To
> post a message email: PcTech@xxxxxxxxxxxx To subscribe, unsubscribe, or change
> list options, visit: http://lists.midrange.com/mailman/listinfo/pctech or 
> email:
> PcTech-request@xxxxxxxxxxxx Before posting, please take a moment to review the
> archives at http://archive.midrange.com/pctech.



As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.