Wireless Networks and the NetSentronBy: Darren Critchley

Capable of supporting a Wireless network as a DMZ

Need an access point, but built in ability is coming – still being heavily developed

Administrator can limit access to resources on LAN

Administrator can limit access to the Internet Multiple methods of access control

ACL's on wireless page controlled by: IP Address Mac Adapter Address Both IP & Mac Adapter Address

VPN The most secure and preferred method is the

VPN Connection

Configure the Blue … Configure the Blue Network card, make sure

the subnet is different than the Green (LAN) subnet

Configure a wireless access point (Linksys WRT54G works well) if it is a full fledged router, disable the router part

of things. May need to add static routing on the access point

to allow packets to flow to GREEN (LAN) if you wish to access resources on GREEN (LAN)

Enable usual WEP, WPA , ACL lists or other settings on the access point

decide if the NetSentron or the access point is serving DHCP or use Static IP Addresses on the clients

connect the access point to the Blue Network card

If not using the VPN option, on the NetSentron, go to Wireless page Determine if all clients on Blue should have Internet access,

check “Allow all PC's on BLUE (Wireless) Internet access”, click Save.

If you wish to allow machines access to resources on GREEN (LAN), or you have not enabled all PC's on Blue to access the Internet, then you need to enter their IP address, Mac Adapter or both into the Wireless page

Use the DMZ Pinholes page to open up and ports to machines on GREEN (LAN) such as web servers, file shares, etc.

To allow a machine on Blue to print to a shared printer, you would need to open up TCP ports 137 to 139 and UDP Port 137

HTTP & HTTPS are TCP 80 & TCP 443 FTP is TCP port 21 RDP is TCP 3389

If a PC on BLUE cannot access a resource on GREEN (LAN), check the firewall logs, it will show the PC and the blocked port which can be opened using the DMZ Pinholes page.

Allow clients on Blue to connect to a Resource on GREEN Enable the BLUE (Wireless) VPN

On the NetSentron, go to the VPN page Make sure that “VPN on Blue (Wireless)” is Enabled Click Save

Create a Host to Net Connection on the NetSentron

Name the VPN Select BLUE from drop down list Set the Local Subnet to be 0.0.0.0/0.0.0.0 Leave Remote Host/IP Blank Put in a Remark that describes the connection Select “clear” for Dead Peer Detection Action Set a Pre-Shared Key (not recommended) or Generate a

Certificate Click Save, VPN on BLUE is ready for connections

On the client PC's Install & Configure the Linsys VPN Client

Install Hotfix if necessary http://support.microsoft.com/?kbid=889527

Select the wireless adapter in Interfaces The entries in the Local Side of the Tunnel should be filled in for

you For VPN Gateway (hostname / ip) enter the Blue address For Remote Internal IP enter the Green address For Private Address/NetWork mask enter 0.0.0.0/0.0.0.0 Under Ipsec Options Select PreShared Key or Certificate Remaining settings, 3DES, MD5, PFS (checked), 3500 and 50000 Enabled Debug Save your settings Bring up log view Click Connect You should now have full access to all resources on GREEN (LAN) Note for Network Neighborhood to work properly, you will need a

WINS/DNS server running on the GREEN (LAN)