Multiple VPN clients from single LAN

[schulza]

Here's the scenario:

I have 4 wireless access points (WAPs) that are open to the public, so that they can have internet access during their meetings. Our staff also use these WAPs for internet during meetings, however they now want access to files on the private LAN. VPN would be the solution I would like to use.

However, when testing, only one person can create a VPN tunnel at a time. I understand this is a limitation of GRE.

I'm looking for suggestions on how to setup/configure our network to allow multiple clients to VPN into our site from the wireless LAN.

Thanks...

 

[unclerico]

i'm assuming that these AP's are not able to run multiple SSIDs/VLANS??

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[schulza]

Actually they do. The APs are Cisco WAP4410N and support up to 4 BSSIDs and SSID mapping for up to 4 VLANs.

 

[unclerico]

there's your solution, no VPN necessary. you have two SSID's, one for internal people and one for guests. you could potentially use 802.1x w/RADIUS and have your internal people connect without the need for a WEP key. you could leave the guest SSID open or specify a WEP key. you place an ACL on the SVI of the VLAN for the guest SSID permitting traffic to the internet only.

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[schulza]

That would work... What about security? Yes, with RADIUS they need to authenticate, which is a good first step to security, but the connection wouldn't be encrypted like with VPN.

That's one of the main reasons I want to use VPN.

 

[unclerico]

are you talking about the 802.1x piece or the user traffic?? When using 802.1x the AP should automatically choose AES as the encryption

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)