Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Point-to-point wireless with IPSEC

lan1----e1R1e0-----350bd----wireless-----350bd----e0R2e1-----LAN2

I am running ipsec between r1 and r2 to encrypt the data between lan1 and lan2. What precaution should I implement to secure link between R1e0 and e0R2.

Thx

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Point-to-point wireless with IPSEC

At a minimum I would run 128 bit static WEP on the bridges with MIC and TKIP. But I really would like at MAC address filtering and maybe even EAP if you already have the infrastructure in your network

Have you seen the safe white paper ?? It will give you a great guide to what each level of security can do.

http://www.cisco.com/en/US/products/hw/wireless/ps430/products_white_paper09186a00800b469f.shtml

Currently all your layer 3 data is protected but your layer 2 wireless network is wide open malicous people could associate to your AP and create excessive broadcasts reduing your throughput or could spoof MAC addresses etc

Currently you have the equivlent of running IPSEC on your clients plugged into a hub but leaving that hub in a busy bar where anyone can plug into.

1 REPLY
Cisco Employee

Re: Point-to-point wireless with IPSEC

At a minimum I would run 128 bit static WEP on the bridges with MIC and TKIP. But I really would like at MAC address filtering and maybe even EAP if you already have the infrastructure in your network

Have you seen the safe white paper ?? It will give you a great guide to what each level of security can do.

http://www.cisco.com/en/US/products/hw/wireless/ps430/products_white_paper09186a00800b469f.shtml

Currently all your layer 3 data is protected but your layer 2 wireless network is wide open malicous people could associate to your AP and create excessive broadcasts reduing your throughput or could spoof MAC addresses etc

Currently you have the equivlent of running IPSEC on your clients plugged into a hub but leaving that hub in a busy bar where anyone can plug into.

292
Views
0
Helpful
1
Replies
CreatePlease login to create content