Now that we know the goals we want to accomplish, we can look at the design and see how to implement our goals.
This diagram shows the result of an established WaveSEC connection. The client machine has an IPsec connection with the WaveSEC server. This WaveSEC server is located behind the wireless segment, on a trusted wired segment. The client encrypts its traffic and sends it over the wireless to the WaveSEC server where the traffic is decrypted, and sent it on further.
Note that the WaveSEC server here is in the direct path of all the packets. It has become a critical part of the infrastructure. This mode is the easiest to set up, and is called inline mode. This is usually the setup employed when the wireless network is on private IP space that needs to be NATed.
The WaveSEC setup in this figure shows appendix mode. It works the same as inline mode, except that the WaveSEC server is now a purely optional network component. Appendix mode has the advantage that WaveSEC does not become...