WLAN connected to server over ethernet

Hi,

I need to set up a small WLAN which needs to be connected to a linux server on a larger LAN. (security policy demands that the server is placed in the central server room)

The clients on the WLAN should only be allowed to access that particular server on the LAN, nothing else.

Also, I'd like to keep the configuration work on the WLAN clients as limited as possible.

Can anyone suggest a secure solution and a suitable (more or less affordable) access point?

What I've read about VPN seems to imply that the client pc's themselves need a VPN client configured and running, which is not desirable. I'd preferably keep it transparent for the clients, especially since they are simply not allowed to access anything but that machine.
LVL 1
herr_apfelschnittAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

snerkelCommented:
You would probably be best fitting an additional network card to the server, then running a crossover cable to the AP, this totally segregates the wireless traffic from your normal network.

VPN will require client software, I assume you are doing this for improved data security? other option is to make your wireless network WPA encrypted as this is more secure than WEP, however the client machines and the AP will need to support this functionality, but using WPA you could avoid the VPN altogether.
0
herr_apfelschnittAuthor Commented:
I was planning on using WPA anyway.

Directly connecting the server to the AP is unfortunately impossible.

I'll have to connect to it through the existing LAN. I need some solution that will make the connection secure on the wired part too, and that will prevent the clients from seeing anything else on the LAN.

Perhaps it's possible to create a VPN tunnel between the access point itself and the server?
0
snerkelCommented:
>> Perhaps it's possible to create a VPN tunnel between the access point itself and the server?

I guess very few if any general purpose APs will have anything like this functionality.

I think you need to be looking at something a little more costly than an AP to achieve this, maybe a Linux box (if the security policy would allow this) acting as the wireless gateway to your network, this could then be configured to give the network security you require.
0
What were the top attacks of Q1 2018?

The Threat Lab team analyzes data from WatchGuard’s Firebox Feed, internal and partner threat intelligence, and a research honeynet, to provide insightful analysis about the top threats on the Internet. Check out our Q1 2018 report for smart, practical security advice today!

lrmooreCommented:
Your best bet would be to use a VLAN with just the server and the AP in the VLAN..
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
snerkelCommented:
>> Your best bet would be to use a VLAN with just the server and the AP in the VLAN

Wouldn't this only work if the network admin could lock the wireless clients down, a user with enough knowledge could simply statically assigning a known IP address for the LAN and allow full access. this is assuming a standard AP is used.

herr_apfelschnitt are the client machines company property, or is the plan to give site visitors access to certain files using their own equipment ?
0
herr_apfelschnittAuthor Commented:
The clients will be company property.

There may also be Pocket PC's in the WLAN in the future. Event though these will also be company property, I don't think you can lock those things down (nor run a VPN client on them).

I was looking at a Cisco Aironet 1100, but couldn't find anything specific about VPN support. It did support VLAN.

The much cheaper Draytek Vigor 2600G router does. Even though it's an ADSL router, could this work?
0
lrmooreCommented:
I don't think that a low-end router will provide you what you want. If your switched infrastructure supports VLANs, then the wireless AP does not necessarily need to also support vlans.
0
rindiCommented:
The draytek sounds ok. You'd have to check if you can get a VPN client which runs with Linux...

Why can't you add another dedicated NIC to the Linux Server? That would be by far the easiest way to get what you want. I don't think you'd even need a crossover cable, todays routers usually are smart enough to adjust the link automatically.
0
herr_apfelschnittAuthor Commented:
So you can just connect the WAN interface on that thing directly to a LAN instead of a modem, and use it as a "regular" router?
0
herr_apfelschnittAuthor Commented:
As I said before, directly connecting the server to the AP/router is impossible, simply because the server will be located somewhere completely different.
0
herr_apfelschnittAuthor Commented:
Hmm 'k... so the thing doesn't even have a WAN interface, just the connector for the phone line :/

So does anyone know a wireless AP with built in router that can set up VPN connections?
0
lrmooreCommented:
Linksys WRV54G
The thing about using a router is that the WLAN users will be protected from your LAN, but it provides no protection for your LAN from the users.
0
herr_apfelschnittAuthor Commented:
Well I was thinking of setting up a VPN to the server, then somehow get the router to forward all outbound packets to the server, which would then simply not forward any packets that aren't meant for himself. I don't know if you can force such a basic router to do that though.
0
lrmooreCommented:
The Linksys VPN models can setup a standard IPSEC tunnel with just about anything, including servers, Windows workstations, VPN clients, firewalls, etc..
0
lrmooreCommented:
I still say that it would be a whole lot easier to simply create a VLAN. No encryption necessary, and you can use most any wireless access point.
Only 2 ports need to be in that VLAN - the server, and the access point..
0
paulrauschCommented:
I would say VLAN is the best bet, as aforementioned, this segrates the traffic between the server and the AP, however Linksys does not create VPN APs which are very reasonably priced. But VPN can be a pain to maintain. Depending on how your network is set up. If all goes well you should be able to simply restrict the VLAN to the AP and the Server, and be done with it.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Wireless Hardware

From novice to tech pro — start learning today.