Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
444
Views
0
Helpful
2
Replies

Pros VS Cons of using VPN to secure wireless Access

c.tenley
Level 1
Level 1

‎06-25-2003 07:18 AM - edited ‎07-04-2021 08:49 AM

I have been asked to look into providing access to our wireless network using a VPN solution. I have tried looking in the previous posts regarding this issue but have yet to find a definitive answer. Currently we have a huge wireless infrastructure using Aironet 1200s and 350s. We are using LEAP as the security protocol. What I have been asked to do is give patience/ visiting PHDs access to the internet/e-mail, that have their own personal wireless device, that may not be LEAP capable. I know that I can set up multiple VLANS and assign different security settings and SSIDs for each individual VLAN. What I want to know is, is the VPN solution a better way to go about doing this.

Any insight would be greatly appreciated

Labels:
0 Helpful
2 Replies 2

djbradley
Level 1
Level 1

‎07-01-2003 09:10 AM

We are using Cisco APs and LEAP in our Hospitals as well. Our policy is that we allow only devices previously approved by IS to connect to the WLAN, and then only with Cisco cards. The problem with VPN (IPSEC) is that you'll still need a client or at least some type of IPSEC configuration on the devices accessing your network. This can add to the finger pointing madness of "it worked fine until you touched it".

If management is looking to provide patients with Internet access via wireless (bad idea) I would suggest providing them with preconfigured handhelds or laptops at a cost. Similar to how they pay for phone and TV access. It is truly the only safe way to do it.

If you do let the public onto your WLAN, put them on a separate VLAN and ensure that VLAN has access to nothing inside your organization (route-map, ACL, FW) and that packets from that network go only to the Internet.

Make the PHDs buy gear that supports LEAP and keep the patients personal gear off your network.

Thanks,

Dan Bradley

WAN Engineer

Lifespan

0 Helpful

tcross3
Level 1
Level 1

‎07-10-2003 11:04 AM

I am on a college campus where we do not control the users wireless devices. we have ap350 and ap1200. What we have done is bought a bluesocket device and that is what we use as a gateway device for registered and unregistered users. We do not use wep, eap, leap at all. The bluesocket provide unencrypted access to the internet or campus web sites. If you want to have encryption then you can use pptp or ipsec to the vpn concentrator. I suggest that you use what the os has and can do easilly. Windows computer do pptp great and MAC OS X computers do ipsec with no problems. Now for the every day user have them make a pptp ot and ipsec connection across the wireless network and they will be secured. The guest users can be unencrypted.

Hope this helps

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card