It'll work however: 1)You're not offering much security unless the conduits are for protocol/applications of a completely benign nature, which I'm confident the probably are not. 2)By doing this the data traveling between wireless clients and these opened(conduit) services are at risk of being captured. 3)You've got the administration complexity of maintaining conduits for approved applications. This may not be an issue in this environment but it would be for most.
Placing the pix there and using conduits alone is not doing to offer much security like most folks hope for from them. The described situation isn't providing authentication, decent encryption, nor preventing any random wireless node from accessing those services. But then again maybe the wireless security you mentioned is addressing those sufficiently for the situation. Darrell ""Azhar Teza"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > In a campus network the customer would like to have a wireless LAN since all > the users in the other building are Telecommuters. Wireless has its own > security, but they would still like to have PIX between this wirless network > and the main network. PIX is the device which is mainly used to isolate the > private network from the public network, but in this scenerio the PIX would > be used between two Private Networks. Here is the details: Users on Wirelss > subnet 172.16.10.0 would connect to the Cisco 2900 switch. The PIX's outside > interface will be part of this subnet. The PIX Internal address would then > connect to another Cisco switch where customer main network resides, > Servers, Applications etc. This subnet is 192.168.10.0. Conduits will be > opened for Wirless users to access this network. This should work fine. I > just wanted to have an advise from the forum users to make sure that it will > work. > > ------------------------------------------------ > Changed your e-mail? Keep your contacts! Use this free e-mail change of > address service from Return Path. Register now! Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=54758&t=54757 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
