On 6/15/06, Lee Sharp <leesharp at hal dash pc dot org> wrote:
>
> > And many firewalls break or block outbound GRE in their default NAT
> > configuration, hence breaking PPTP.
>
> <cough>Pix<cough><cough> :-)  And to fix it is a PITA cli nightmare
> that is poorly documented.  But things like that make me money!
>

My sentiments exactly.  ;)  The PIX has to be the most popular very
poorly understood firewall in the world.


> One that I know of.  I can not remember the name, but I want to say
> "Nexgate?"  Hilton hotels require it for the solution they use.

Only Nexgate I've heard of Nexcom's firewall appliances.  If you find
out anything further, post back.


> They also require
> Cisco APs.

Er, it's open source, but they require Cisco APs?  seems strange.
though their VLAN setup may only work with features that Cisco APs
have.


> They run a vlan for EVERY client, and proxy arp everything
> they see on the vlan.  Is that messy? :-)
>

That's pretty messy, implementation-wise, but probably acceptable
given the situation.  I was thinking messy along the lines of
something that has some outrageous dependencies like Perl, Python,
Ruby, and 50 MB of extra libraries to go along with.  :)

VLAN for every client - how do they manage that?  A single SSID per
client with SSID to VLAN mappings, or is there some other slick
feature in Cisco APs I'm not aware of?

-Chris