Educause Security Discussion mailing list archives

Re: NAC with Guest wireless

From: Greg Williams <gwillia5 () UCCS EDU>
Date: Mon, 18 Oct 2010 08:20:07 -0600

We have the same setup here.  Open network is through a captive portal for AD or LDAP accounts and provisioned guest 
accounts only.  Ports 80,443, 500 for IKE, 1701 for L2TP, 1723 for PPTP.  Additionally we block 443 to any server on 
campus that authenticates against AD or LDAP.  We haven't had anyone come to us asking to open other ports for VPN 
other than the standard ones.

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Cal Frye
Sent: Saturday, October 16, 2010 8:21 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] NAC with Guest wireless

On 10/15/10 3:57 PM, Childs, Aaron wrote:

We have Guest Wireless but restrict the traffic to HTTP, HTTPS, and 
establish a VPN connection off campus.


I'm curious to know what the latter means. Standard ports for IPSEC, or just SSL VPN? Do you make provisions for VPN on 
non-standard ports?

We've seen VIPs here a couple times with odd VPN setups that we were blocking and required some adjustment to permit.

--
Best regards
-- Cal Frye, Network Administrator, Oberlin College
   Mudd Library, x.56930 -- CIT will NEVER ask you for your password!

   www.calfrye.com,  www.oberlin.edu/cit/

"Love is a form of work or a form of courage." --M. Scott Peck.

Current thread:

NAC with Guest wireless King, Ronald A. (Oct 15)
- Re: NAC with Guest wireless Childs, Aaron (Oct 15)
  - Re: NAC with Guest wireless Reyes, Esteban (Oct 15)
  - Re: NAC with Guest wireless Cal Frye (Oct 16)
    - Re: NAC with Guest wireless Greg Williams (Oct 18)
    - Re: NAC with Guest wireless Anthony Maszeroski (Oct 20)