SearchSearch   ProfileProfile   Log inLog in   RegisterRegister 

Centralized Scenario 3 - II

 
Post new topic   Reply to topic    FirstSpot Forum Index -> Pre-sales Support Forum
View previous topic :: View next topic  
Author Message
Tori wireless



Joined: 22 Sep 2005
Posts: 2
Location: Amsterdam

PostPosted: Fri Sep 23, 2005 10:09 am    
Post subject: Centralized Scenario 3 - II

It seems like there are some issues to be solved concerning scenario 3, if I read well. We certainly do not intent to have all traffic, HTML, VOIP or what ever traffic hit the Internet from one Point. We have our own Internet access on every location, whether VSAT, ADSL of WLL, so why bring all traffic to one spot to hit the Internet from there???(as shown in the PPT presentation on your site)
Plz advice how to make a proper set up so every HS can access the Internet from there own location, while authentication is taking place else where, yes centrlized!!!???

Roel
Back to top
Waylon



Joined: 28 Sep 2005
Posts: 3
Location: Bartlesville

PostPosted: Wed Sep 28, 2005 12:28 am    
Post subject: Centralized Use of FirstSpot

We have been waiting to see the answer that PatronSoft provides for this situation.

I have seen all the notes about how the topology for centralized access should work.

I DONT see a list of end point hardware devices and complete deployment examples. PatronSoft is NOT forthcoming with us about how to setup their product, tech support over the phone is non-existent.

Zywall says there is NO WAY their device will allow the DHCP traffic from the client PCs down the VPN tunnel and hit firstspot server. They can not help us so we have software that will only work for one site.

IF someone could officially contact us or reply to our email, we may want to discuss returning this software or discussing a detailed deployment not just some casual reference to the obsolete zywall 10.
_________________
Waylon May
AlasticIT Solutions
Back to top
alan
Forum facilitator


Joined: 26 Sep 2003
Posts: 4435

PostPosted: Wed Sep 28, 2005 3:56 am    
Post subject:

(some background information, please check out http://www.patronsoft.com/forum/viewtopic.php?t=437 and http://www.patronsoft.com/firstspot/FirstSpot_Scenario_3_with_VPN.pdf for more information).

I understand your frustration, and the fact is setting up Scenerio 3 with VPN is a complicated task which involved in-depth knowlodege of VPN. So to answer your questions:

1) Roel, the current FirstSpot architecture won't support hotspot accessing the Internet from there own location while authentication is taking place in a centrlized site. The reason is that for that to happen you need either a proprietary gateway hardware or proprietary AP. Our design philosophy is to rely on standard hardware equipment instead. We do understand that there will be performance concerns. As bandwidth is getting cheaper, we believe that overtime the bandwidth "overhead" is not as significant as the costly proprietary hardware.

2) Waylon, for DHCP to work with Zywall 10 (with VPN turned on), you need to turn on DHCP relay within Zywall 10 command line. We test that quite a bit, so I still think that will work. I am a bit surprise that you say that Zywall 10 is obsolete, since they still sell Zywall 10W (which is really the same thing) as far as I can tell in their web site.

For alternative VPN routers, you can try some higher end solutions such as:
a) Nortel Contivity 1010 for both Hotspot and centralized site ( see http://www.patronsoft.com/forum/viewtopic.php?t=592 )
b) Cisco PIX 501 for both Hotspot and centralized site if you have fixed IP in the Hotspot sites
c) Cisco PIX 501 (for Hotspot), and VPN 3000 concentrator series or a Pix 515 or higher running version 7.0 (for centralized site) if you have dynamic IP in the Hotspot sites

Again, you need to consult with the VPN manufacturers to confirm the details.
_________________
~ Patronsoft Limited ~
Back to top
Waylon



Joined: 28 Sep 2005
Posts: 3
Location: Bartlesville

PostPosted: Wed Sep 28, 2005 7:13 am    
Post subject: Centralized Management using Zywall Hardware VPN endpoint

Thanks for the info. Unfortunately for our organization, We have a zywall 35 and a zywall 2. the corp server, the zywall 35 has tunnel up with the zywall two.

After long technical calls the the Zywall Technical support, their official statements from two technicians have forked on the issue. Tim says it can be done but has failed on two occassions to allow a DHCP client to connect from a remote site. Another tech , Walter, has indicated that he knows of no way even with DHCP relay, can Zywall produce the connection the FirstSpot software requires listening on the 10.xxx

on the particulars of forwarding all traffic from remote client on remote AP to the NIC of the FirstSpotServerPC/. The particulars of the VPN are not to in depth. the tunnel is up, but no routing and simple forwarding and what settings are required on varios hardware should be available from someone at PatronSoft!

Unfortunately PatronSoft has not assisted us in a private communication and compounding the issue, the Zywall technicians do not represent the nature of what FirstSpot requires. I have heard many statements that this topology is NOT possible and we require VLAN tagging. Dead End. Some simple forwarding should be all we need.

We are open to suggestions as to what to do with it and have requested options from the PatronSoft reps via email, no reply. We have contacted tech support at Zywall with first line techs, no progress No escalation process? :lol:. If you can provide a more effective exchange of data, we would provide particulars of the LAN and WAN to legitimate contacts at both organizations. We currently are reviewing our options for our license with our overall evaluation still pending. Small sites simply can not warrant industry grade appliances ie user base of 40 to 100 with a plan for 5 locations in 20 months. I really appreciate the feedback!
_________________
Waylon May
AlasticIT Solutions
Back to top
Waylon



Joined: 28 Sep 2005
Posts: 3
Location: Bartlesville

PostPosted: Wed Sep 28, 2005 7:34 am    
Post subject: Let me clarify ANY Centralized Control

Let me clarify that at this point we are not concerned with routing traffic to the web at the remote AP, we would be happy to get first spot to run as a centralized server. Centralized Management. That is what the what people in the forum have not been able to get from FirstSpot, the support with sample topologies and scalable affordable hardware from vendors that know who FirstSpot is. you require DHCP relay then the documentation for that topolgy needs to have that information. The hype is great but the site has a huge vacuum where technical documention should be. We have the software and I never received a real manual for it. If our IT department cant make it work, its is not the solution most people come here to find. If a simple VPN tunnel and some port forwarding wont put a remote site online with firstspot, I would wonder how you can push it as centralized and scalable.
_________________
Waylon May
AlasticIT Solutions
Back to top
alan
Forum facilitator


Joined: 26 Sep 2003
Posts: 4435

PostPosted: Wed Sep 28, 2005 10:59 am    
Post subject:

In general, our experience shows that the best approach to configure Scenario 3 with VPN are:

1) configure your VPN without FirstSpot first. You need to make sure the tunnel is working correctly and all the traffic are forced to the centralized location before reaching the Internet at large
2) now insert FirstSpot in between. Again, in this phase don't turn on FirstSpot DHCP server yet. Just set the IP manually in the client side
3) finally, turn on DHCP server within FirstSpot and configure DHCP relay agent in your VPN/router

Also, more information on non-split tunnel on Zywall can be found at :
http://www.zyxel.com/support/supportnote/zywall2_2WE/app/alltovpn.html
http://www.zyxel.com/support/knowledgebase1.php?indexFlagvalue=1045221572&level=3&upFlag=1023426091

Finally about DHCP relay, it is actually mentioned in p22 of firstspot_guide.pdf. As for enabling DHCP relay within Zywall 10, please check out ftp://ftp.us.zyxel.com/zywall10/document/zywall10_v3-61_UsersGuide.pdf .

Unfortunately, due to the complex nature of this type of VPN tunnel, we don't have the exact steps to set it up. You need to do it using the approach above in order to narrow down the issue one-by-one.
_________________
~ Patronsoft Limited ~
Back to top
Display posts from previous:   
Post new topic   Reply to topic    FirstSpot Forum Index -> Pre-sales Support Forum All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group