[ previous ] [ next ] [ threads ]
 From:  "Chris Buechler" <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] 2nd management login
 Date:  Thu, 15 Jun 2006 13:36:15 -0400
On 6/15/06, Lee Sharp <leesharp at hal dash pc dot org> wrote:
> > And many firewalls break or block outbound GRE in their default NAT
> > configuration, hence breaking PPTP.
> <cough>Pix<cough><cough> :-)  And to fix it is a PITA cli nightmare
> that is poorly documented.  But things like that make me money!

My sentiments exactly.  ;)  The PIX has to be the most popular very
poorly understood firewall in the world.

> One that I know of.  I can not remember the name, but I want to say
> "Nexgate?"  Hilton hotels require it for the solution they use.

Only Nexgate I've heard of Nexcom's firewall appliances.  If you find
out anything further, post back.

> They also require
> Cisco APs.

Er, it's open source, but they require Cisco APs?  seems strange.
though their VLAN setup may only work with features that Cisco APs

> They run a vlan for EVERY client, and proxy arp everything
> they see on the vlan.  Is that messy? :-)

That's pretty messy, implementation-wise, but probably acceptable
given the situation.  I was thinking messy along the lines of
something that has some outrageous dependencies like Perl, Python,
Ruby, and 50 MB of extra libraries to go along with.  :)

VLAN for every client - how do they manage that?  A single SSID per
client with SSID to VLAN mappings, or is there some other slick
feature in Cisco APs I'm not aware of?