On 6/15/06, Lee Sharp <leesharp at hal dash pc dot org> wrote:
> > And many firewalls break or block outbound GRE in their default NAT
> > configuration, hence breaking PPTP.
> <cough>Pix<cough><cough> :-) And to fix it is a PITA cli nightmare
> that is poorly documented. But things like that make me money!
My sentiments exactly. ;) The PIX has to be the most popular very
poorly understood firewall in the world.
> One that I know of. I can not remember the name, but I want to say
> "Nexgate?" Hilton hotels require it for the solution they use.
Only Nexgate I've heard of Nexcom's firewall appliances. If you find
out anything further, post back.
> They also require
> Cisco APs.
Er, it's open source, but they require Cisco APs? seems strange.
though their VLAN setup may only work with features that Cisco APs
> They run a vlan for EVERY client, and proxy arp everything
> they see on the vlan. Is that messy? :-)
That's pretty messy, implementation-wise, but probably acceptable
given the situation. I was thinking messy along the lines of
something that has some outrageous dependencies like Perl, Python,
Ruby, and 50 MB of extra libraries to go along with. :)
VLAN for every client - how do they manage that? A single SSID per
client with SSID to VLAN mappings, or is there some other slick
feature in Cisco APs I'm not aware of?