Secure Access Configuration Guide For Wireless Clients Part Two: Wireless Data Privacy and Monitored Logon 2003-03
Configuring Scenario 4: Wireless Data Privacy Logon using VPN
Authentication (PPTP)
Scenario 4 consists of a wireless, Windows XP client authenticating via a VPN. The VPN used in
this example will be a PPTP VPN. Since VPN authentication requires a RADIUS backend, we will
configure the ACS to authenticate VPN users against Internet Authentication Service (IAS),
Microsoft’s RADIUS implementation. In contrast to Browser-based logon, Wireless Data Privacy
logon is automatic upon successful establishment of the VPN connection. The steps required
are:
• On the ACS, enable PPTP VPN support globally.
• On the ACS, enable PPTP VPN support in both the Unauthenticated and
Authenticated Access Policies.
• On the ACS, define a RADIUS Authentication Service, associate it to the System
Authentication Policy, and enable the RADIUS server to authenticate the user during
PPTP session negotiation.
• On the AP 420, configure open authentication wireless parameters.
• On the Windows XP client, connect the wireless client, configure PPTP client software
(Windows XP native) and verify authentication.
1) On the ACS, enable PPTP VPN support globally.
a. On the ACS, browse to VPN -> Wireless Data Privacy tab and click the
Enable PPTP checkbox. Save changes.
Figure 4.1 – Wireless Data Privacy
© Copyright 2005 Hewlett-Packard Company, LP. 8