Filter
Top Products
7
SETTING UP WIRELESS DATA PRIVACY
This chapter explains how to configure the global settings for the security protocols. The topics covered in
this chapter are:
Overview of Wireless Data Privacy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-1
Wireless Data Privacy Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-2
IPSec Certificate Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-5
IP Address Assignment for Tunneling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-11
Overview of Wireless Data Privacy
Wireless Data Privacy is an optional security feature of the 700wl Series system that allows you to provide
strong encryption of data between a client and the Access Controller. Wireless Data Privacy provides
additional security for data sent over the airwaves, supplanting the relatively insecure Wired Equivalent
Privacy (WEP) of a wireless network.
The HP system offers four choices for encrypting data between a client and the Access Controller: PPTP,
L2TP plus IPSec, tunnel mode IPSec, and SSH.
To use one of these protocols for Wireless Data Privacy, there are three basic conditions that must be met:
• The protocol must be enabled and configured appropriately for the 700wl Series system as a whole.
• The use of individual security protocols (the encryption policy that pertains to specific clients) must be
specified (required or allowed) in the relevant Access Policies.
• The appropriate Wireless Data Privacy client software must be installed and configured on the client
systems that expect to make use of those protocols.
All the security protocols can be enabled or disabled globally without having to change the settings in the
individual Access Policies.
For IPSec and the other tunneling protocols there are some settings that must be configured centrally,
either across the 700wl Series system as a whole, or per Access Controller:
• For IPSec, the configuration of the IKE Authentication method and IKE and ESP encryption and
integrity algorithms is done centrally on the Access Control Server for the 700wl Series system as a
whole
• For the tunneling protocols (IPSec, PPTP and L2TP) the configuration of IP addressing used in setting
up inner tunnel addresses is done on a per-Access Controller basis.
The global security settings are set under the VPN pages of the 700wl Series system Administrative
Console, and are discussed in this chapter.
7-1