Transcript Wireless Networks and the NetSentron

Wireless Networks and the
NetSentron
By: Darren Critchley





Capable of supporting a Wireless network as a
DMZ
Need an access point, but built in ability is coming
– still being heavily developed
Administrator can limit access to resources on LAN
Administrator can limit access to the Internet
Multiple methods of access control

ACL's on wireless page controlled by:





IP Address
Mac Adapter Address
Both IP & Mac Adapter Address
VPN
The most secure and preferred method is the VPN
Connection
Configure the Blue …


Configure the Blue Network card, make sure the
subnet is different than the Green (LAN) subnet
Configure a wireless access point (Linksys WRT54G
works well)





if it is a full fledged router, disable the router part of
things.
May need to add static routing on the access point to allow
packets to flow to GREEN (LAN) if you wish to access
resources on GREEN (LAN)
Enable usual WEP, WPA , ACL lists or other settings on the
access point
decide if the NetSentron or the access point is serving
DHCP or use Static IP Addresses on the clients
connect the access point to the Blue Network card

If not using the VPN option, on the NetSentron, go
to Wireless page



Determine if all clients on Blue should have Internet access, check
“Allow all PC's on BLUE (Wireless) Internet access”, click Save.
If you wish to allow machines access to resources on GREEN (LAN),
or you have not enabled all PC's on Blue to access the Internet,
then you need to enter their IP address, Mac Adapter or both into
the Wireless page
Use the DMZ Pinholes page to open up and ports to machines on
GREEN (LAN) such as web servers, file shares, etc.





To allow a machine on Blue to print to a shared printer, you would
need to open up TCP ports 137 to 139 and UDP Port 137
HTTP & HTTPS are TCP 80 & TCP 443
FTP is TCP port 21
RDP is TCP 3389
If a PC on BLUE cannot access a resource on GREEN (LAN), check
the firewall logs, it will show the PC and the blocked port which can
be opened using the DMZ Pinholes page.
Allow clients on Blue to connect
to a Resource on GREEN

Enable the BLUE (Wireless) VPN




On the NetSentron, go to the VPN page
Make sure that “VPN on Blue (Wireless)” is Enabled
Click Save
Create a Host to Net Connection on the
NetSentron








Name the VPN
Select BLUE from drop down list
Set the Local Subnet to be 0.0.0.0/0.0.0.0
Leave Remote Host/IP Blank
Put in a Remark that describes the connection
Select “clear” for Dead Peer Detection Action
Set a Pre-Shared Key (not recommended) or Generate a
Certificate
Click Save, VPN on BLUE is ready for connections

On the client PC's Install & Configure the Linsys VPN Client














Install Hotfix if necessary http://support.microsoft.com/?kbid=889527
Select the wireless adapter in Interfaces
The entries in the Local Side of the Tunnel should be filled in for you
For VPN Gateway (hostname / ip) enter the Blue address
For Remote Internal IP enter the Green address
For Private Address/NetWork mask enter 0.0.0.0/0.0.0.0
Under Ipsec Options Select PreShared Key or Certificate
Remaining settings, 3DES, MD5, PFS (checked), 3500 and 50000
Enabled Debug
Save your settings
Bring up log view
Click Connect
You should now have full access to all resources on GREEN (LAN)
Note for Network Neighborhood to work properly, you will need a
WINS/DNS server running on the GREEN (LAN)