Very true. The clients are the most vulnerable before the VPN session is established. Without PSPF enabled clients can attack other clients on an access point. Even with PSPF enabled an attacker could put up a rogue with the same SSID and WEP key if used and try to attack/trojan the client.
It's interesting though, the new IOS firmware has crypto map statements available. I wonder if Cisco will eventually allow VPN sessions to terminate directly on the access points. That would be pretty cool. Much like what Colubris does right now. Reimer, Fred wrote: > > Hmm, PSPF definitely sounds interesting, but I'd recommend > requiring the > integrated Cisco firewall in the VPN client, and not allowing > split > tunneling. > > Also, there is apparently a working group working on VPN > multicast... > > Fred Reimer - CCNA > > > Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA > 30338 > Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 > > > NOTICE; This email contains confidential or proprietary > information which > may be legally privileged. It is intended only for the named > recipient(s). > If an addressing or transmission error has misdirected the > email, please > notify the author by replying to this message. If you are not > the named > recipient, you are not authorized to use, disclose, distribute, > copy, print > or rely on this email, and should immediately delete it from > your computer. > > > -----Original Message----- > From: Charlie Wehner [mailto:[EMAIL PROTECTED] > Sent: Saturday, August 16, 2003 4:14 PM > To: [EMAIL PROTECTED] > Subject: RE: wireless security and VPN software? [7:73988] > > One more quick note on using VPN solutions. If your using a > VPN solution > with a Cisco AP be sure to enable PSPF. Everyone misses that > setting... > but it's important. :) > **Please support GroupStudy by purchasing from the GroupStudy > Store: > http://shop.groupstudy.com > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=74074&t=73988 -------------------------------------------------- **Please support GroupStudy by purchasing from the GroupStudy Store: http://shop.groupstudy.com FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
