Filter
Top Products
Configuring Rights
Table 4-16. New Access Policy Settings Tab Contents
Column Description
Key Length (PPTP only) For PPTP, the minimum MPPE (RC4) session key length:
• Select 40 bits to allow a 40-bit or 128-bit key. This is the default.
• Select 128 bits to allow a 128-bit key only.
• Select no encryption to disable MPPE encryption.
Authentication Method For L2TP or PPTP, the method that should be used to authenticate users who
connect and present a username and password via an L2TP or PPTP client:
• Select Use Associated Authentication Policy to use the Authentication Policy
associated with the Connection Profile associated with this Access Policy.
Note: If this Access Policy is associated with different Connection Profiles
through the Rights Assignment Table, then the Authentication Policy used for
L2TP or PPTP may be different, depending on the Connection Profile the client
matches. See
—The Rights Assignment Table“ on page 4-6 for more information
on how Authentication Policies, Connection Profiles, and the Rights table
interact.
Note: For L2TP, there are restrictions on the Authentication Policy that may be
used if PAP is not allowed. In this case, the Authentication Policy must include
only RADIUS or the built-in authentication services. If PAP is allowed, any
authentication service may be included.
• Select Use Shared Secret to set the secret a client presents to create a PPTP
tunnel. Enter the secret twice in the fields provided.
Note: This shared secret is not used for client authentication. Once the
connection is made, the client is presented with the web-based logon page, and
is authenticated based on the appropriate Authentication Policy to determine
what access is allowed to the network.
MSCHAP For L2TP, whether MSCHAP V1 and/or PAP is allowed in addition to V2:
• Select V2 only to enable only MSCHAP V2.
• Select V1 or V2 to enable both V1 and V2.
• Check Allow PAP for L2TP to allow PAP for authentication.
Note: If the client is using the L2TP client provided by HP ProCurve, you must allow
PAP.
Network Address Translation and IP Addressing Considerations
The NAT settings in an Access Policy affect client IP addressing as follows:
• If NAT is required (the Access Policy NAT setting is
Always) then the Access Controller always uses
NAT mode. Static IP addresses are translated, and client DHCP requests are satisfied by the Access
Controller’s internal DHCP server, and are then translated.
• If NAT is not required, but is allowed (the Access Policy NAT setting is
When Necessary) then the
client’s real or static IP address is used, untouched, unless the IP address is not valid. Client DHCP
requests are satisfied by the external DHCP server, and the resulting address is used. A static IP
addresses is used as is, unless it is determined to be not valid.
The validity of the client IP address is determined as follows:
— If the Access Controller port (through which the client is connected) has an IP address range
configured for it (through the Subnet tab under Interfaces in the Rights Manager) then an IP
HP ProCurve Secure Access 700wl Series Management and Configuration Guide 4-47