I am looking to deploy a PIX with the inside interface facing outside to allow for DHCP addresses to be assigned to Wireless clients. I will be deploying ACL's to restrict access on both interfaces, but am looking for confirmation that there will be no information "leakage" with having the higher security level interface providing access to the dirty side.
For the sole purpose of deploying the DHCP services on the firewall you are willing to jeopardize your security? How do you make sure that only authorized wireless users are provided with an IP address? Be very careful in deploying such a setup. They call wireless LANs not for nothing 'a wire on a parking lot'.
You might want to look into Cisco LEAP offering regarding wireless access.
I hadn't explained the design fully, insofar as once the DHCP server has assigned an IP address, the wireless user can only gain access to the network through a correctly configured VPN client, with the appropriate one-time password. My design has been to address the "wire on the lot" situation!
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
[toc:faq]Introduction:This document describes details on how NAT-T
works.Background:ESP encrypts all critical information, encapsulating
the entire inner TCP/UDP datagram within an ESP header. ESP is an IP
protocol in the same sense that TCP and UDP are I...