Management and Configuration Guide (Includes ACM xl) 2005-12
7-2 ProCurve Secure Access 700wl Series Management and Configuration Guide
Setting up Wireless Data Privacy
The global security settings are set under the VPN pages of the 700wl Series system Administrative
Interface, and are discussed in this chapter.
The encryption policy that defines how encryption applies to a specific client is determined through the
Access Policy that defines rights for that client. The Access Policy can specify that encryption is
required, that it is allowed but not required, or that it is disabled. It also specifies which encryption
methods can be used. These settings are specified when you create an Access Policy. See “Access
Policies” in Chapter 4, on page 4-35 for a detailed discussion of configuring encryption in an Access
Policy.
Client configuration is discussed in detail in the 700wl Series system Wireless Data Privacy Configuration
Guide, available on the ProCurve Documentation CD or on the 700wl Series system Technical Support
web site. This same manual contains a more in-depth discussion of encryption protocols and their use
with the 700wl Series system.
Wireless Data Privacy Setup
The Wireless Data Privacy page provides settings that determine the encryption protocols that can be
used with the 700wl Series system. The security protocols can be enabled or disabled globally on this
page, affecting all components of the 700wl Series system.
Configuration of IPSec on the 700wl Series system consists of selecting and setting up the IKE
authentication method (shared secret or certificate) and noting which algorithms the 700wl Series
system is prepared to negotiate. It is up to the client system to propose algorithms, and the 700wl Series
system either agrees or not.
IPSec configuration is handled centrally for the entire 700wl Series system. IPSec usage is enabled
within Access Policies on a policy-by-policy basis.
The configuration of IPSec involves several steps:
• Specifying the IKE authentication method (Public Key certificate or IPSec shared secret)
• Requesting and installing a signed local certificate and a certificate from the Certificate Authority
(CA), or setting the IPSec shared secret
• Specifying the acceptable encryption and secure hash algorithms
• Specifying how client IP address assignment is done—via DHCP or from a specified range of
addresses. This specification is done once whether you are using IPSec, PPTP or L2TP.
Once IPSec is configured, you can specify whether IPSec is allowed or required on a per-location basis
in the Rights Manager.
An IPSec client negotiates with the IPSec server to set the various options for encryption and integrity
assurance. The IPSec configuration page allows the network administrator to specify which IKE and
ESP encryption and integrity algorithms that the Integrated Access Manager and Access Controller will
negotiate with the client.
» To configure IPSec security, click the VPN icon in the Navigation bar at the top of the Administrative
Interface. This displays the Wireless Data Privacy tab, as shown in Figure 7-1.