Filter
Top Products
Setting up Wireless Data Privacy
The encryption policy that defines how encryption applies to a specific client is determined through the
Access Policy that defines rights for that client. The Access Policy can specify that encryption is required,
that it is allowed but not required, or that it is disabled. It also specifies which encryption methods can be
used. These settings are specified when you create an Access Policy. See
“Access Policies” in Chapter 4,
on page 4-39 for a detailed discussion of configuring encryption in an Access Policy.
Client configuration is discussed in detail in the 700wl Series system Wireless Data Privacy Configuration
Guide, available on the HP ProCurve Documentation CD or on the 700wl Series system Technical Support
web site. This same manual contains a more in-depth discussion of encryption protocols and their use
with the 700wl Series system.
Wireless Data Privacy Setup
The Wireless Data Privacy page provides settings that determine the encryption protocols that can be
used with the 700wl Series system. The security protocols can be enabled or disabled globally on this
page, affecting all components of the 700wl Series system.
Configuration of IPSec on the 700wl Series system consists of selecting and setting up the IKE
authentication method (shared secret or certificate) and noting which algorithms the 700wl Series system
is prepared to negotiate. It is up to the client system to propose algorithms, and the 700wl Series system
either agrees or not.
IPSec configuration is handled centrally for the entire 700wl Series system. IPSec usage is enabled within
Access Policies on a policy-by-policy basis.
The configuration of IPSec involves several steps:
• Specifying the IKE authentication method (Public Key certificate or IPSec shared secret)
• Requesting and installing a signed local certificate and a certificate from the Certificate Authority (CA),
or setting the IPSec shared secret
• Specifying the acceptable encryption and secure hash algorithms
• Specifying how client IP address assignment is done—via DHCP or from a specified range of addresses.
This specification is done once whether you are using IPSec, PPTP or L2TP.
Once IPSec is configured, you can specify whether IPSec is allowed or required on a per-location basis in
the Rights Manager.
An IPSec client negotiates with the IPSec server to set the various options for encryption and integrity
assurance. The IPSec configuration page allows the network administrator to specify which IKE and ESP
encryption and integrity algorithms that the Integrated Access Manager and Access Controller will
negotiate with the client.
» To configure IPSec security, click the VPN icon in the Navigation bar at the top of the Administrative
Console. This displays the Wireless Data Privacy tab, as shown in Figure 7-1.
7-2 HP ProCurve Secure Access 700wl Series Management and Configuration Guide