Management and Configuration Guide (Includes ACM xl) 2005-12

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

251

252

253

254

255

256

257

258

259

260

7-4 ProCurve Secure Access 700wl Series Management and Configuration Guide

Setting up Wireless Data Privacy

The fields and settings under the Configuration for IPSec heading of the Wireless Data Privacy tab are

as follows:

Table 7-1. IPSec configuration settings

Field Description

IKE Authentication Method Select the IKE Authentication Method you plan to use:

• To use certificate-based authentication, click Public Key Certificate.

If you elect to use this method, you will need to configure a public key

certificate. You can do this under the Certificates tab after you have finished

with the IPSec setup. See “IPSec Certificate Configuration” on page 7-5 for

details on setting up these certificates.

• To use shared secret-based authentication, click IPSec shared secret, and

type and confirm your shared secret in the fields provided.

This defines a shared secret to give to your IPSec users so that their IPSec

client software can prove they are authorized to use an IPSec connection.

The shared secret must be a minimum of five characters.

Note: The IPSec shared secret must be known by every IPSec client. Using a

shared secret makes the system vulnerable to man-in-the-middle attacks.

Therefore this method is not recommended. It is provided as a convenience for

sites who cannot or choose not to use certificate-based authentication.

IKE Encryption Select the appropriate IKE encryption algorithms. The 700wl Series system

supports the following algorithms:

• DES

• 3DES

• Blowfish

• CAST

The default is DES and 3DES selected.

IKE Integrity Select the appropriate IKE integrity algorithms. The 700wl Series system

supports the following algorithms:

• SHA-1

• MD5

The default is both SHA-1 and MD5 selected.

IKE Diffie-Hellman Select the appropriate IKE Diffie-Hellman algorithms. The 700wl Series system

supports Groups 1, 2, and 5:

The default is Group 1 and 2 selected.

Note: If more than one group is selected, the 700wl Series system will not

accept any client requests to do Aggressive Mode negotiation.