Management and Configuration Guide (Includes ACM xl) 2005-12

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

251

252

253

254

255

256

257

258

259

260

ProCurve Secure Access 700wl Series Management and Configuration Guide 7-5

Setting up Wireless Data Privacy

» To save the settings, click Save.

» Clicking the Reset to Defaults button resets the Wireless Data Privacy settings to the system defaults.

You must

Save to have these take effect.

IPSec Certificate Configuration

IPSec can use either a shared secret or a a public key infrastructure (PKI) certificate for authentication.

To use certificated-based Internet Key Exchange (IKE) authentication for IPSec, you must request and

install a signed local certificate and a root certificate self-signed by the Certification Authority (CA) that

signed the local certificate. Once you have installed these certificates, you should back up your

Integrated Access Manager or Access Control Server configuration to save the certificates and the

private key that is provided with the certificates.

The 700wl Series system does not support chained certificates.

The process for installing a PKI certificate requires that you create a Certificate Signing Request (CSR)

through the 700wl Series system Administrative Interface embodying information about the ProCurve

Access Control Server or Integrated Access Manager on which you will install the certificate. You then

provide the CSR to a Certification Authority, and then paste the resulting certificates into the 700wl

Series system.

To generate and store PKI certificates, do the following:

Step 1. Click the VPN icon in the Navigation bar at the top of the Administrative Interface, then click the

Certificates tab. This displays the IPSec Certificate Configuration page, as shown in Figure 7-2.

ESP Encryption Select the appropriate algorithms for ESP encryption, or specify None. The

700wl Series system supports the following algorithms:

• DES

• 3DES

• AES

• Blowfish

• CAST

• Null

The default is DES, 3DES, and AES selected.

ESP Integrity Select the appropriate algorithms for ESP integrity, or specify None. The 700wl

Series system supports the following algorithms:

• SHA-1

• MD5

• Null

The default is SHA-1 and MD5 selected.

Table 7-1. IPSec configuration settings

Field Description