We have a small company network with a router/firewall against the Internet and a few computers/servers. We would...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
like to add an WLAN access point to be able to work more flexible.
To secure the wireless connection we would like to put a VPN server between the access point and our network. Every WLAN client needs to establish a tunnel into the network via VPN.
We connected the VPN server directly to the LAN and tried to connect to our servers. It seems that we have only incoming traffic. When a server tries to answer WLAN client requests then those answers goes over the gateway (firewall/router) to the Internet instead of through the VPN server back to the WLAN client (an analysis whit ethereal shows this).
Is there a basic misunderstanding of the architecture of this configuration? Do we need to set a route somewhere?
Yes, you need to configure routes so that your application servers know how to return traffic to VPN clients. Let's assume your network topology looks like this:
You have added a VPN Server and AP to your network like this:
Internet----Router/Firewall----+----AppServers | +----VPN Server---WLAN Clients
Your AppServers currently use your Router/Firewall as their default route. They need to know to use the VPN Server as the next hop when returning traffic to VPN Clients. Let's assume that your WLAN Clients have IP addresses in the subnet 192.168.1.0. Let's assume that your Router/Firewall is 192.168.0.1, your AppServer is 192.168.0.2, and your VPN Server is 192.168.0.3. When a packet arrives from 192.168.1.1 (a WLAN client), the AppServer sends the response to its default gateway, 192.168.0.1. You want it to go instead to the VPN Gateway at 192.168.0.3. On the AppServer, add a route for 192.168.1.0 mask 255.255.255.0 via gateway 192.168.0.3. Also add this new route to your Router/Firewall so that it will know to redirect any packets it might receive to your VPN Server instead of forwarding them on to the Internet.
Related Q&A from Lisa Phifer
The enterprise mobility management market for wearable devices is in its infancy, but IT can still use existing EMM tools to manage wearables.continue reading
Wireless expert Lisa A. Phifer explains to what extent WEP cracking remains a worrisome issue. It all depends on your company's WLAN security policy.continue reading
Wireless expert Lisa A. Phifer explains why you shouldn't stop using 802.1X authentication methods for enterprise WLAN access control.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.