Forum

Greets all -
what are some thoughts about this for some simple security at my facility.
I have access points (cisco 1200's) deployed on my campus.. I utilizie netmotion wireless for security. on a different vlan with a private class ip scheme to be dished out. the server that has netmotion on the box with 2 nics. one nic talking to my internal network infrastructure and the other with a private class ip's to the ap's on the different vlan if the users do associate with the ap's it will take them no where because of the netmotion. however if netmotion client is installed then they can connect and it will distribute them an internal ip address to access the infrastructure. additionally i have the users in a wireless group in Acitve directory that talks to netmotion also have aes 128 encryption.

The other thing I thought about doing is this - We also utilize checkpoint vpn at our workplace. I also have DSL which is totally seperate then work's current infrastructure. Was thinking to create another vlan for the DSL another profile on the ap's and have the ssid broadcasted so they can get on the internet very easy. Then when they want to get on the infrastructure they can simple laucnh there checkpoint vpn.

I am located in the sticks per say and my antennas are patch type

I guess I am thinking of ease and security at the same time. Perhaps I can then later phase out the netmotion and just use the one profile who knows. but again I am just thinking out loud.
thoughts??