Wireless Access

last person joined: yesterday 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

Campus AP IPSEC encryption option

This thread has been viewed 1 times

  • 1.  Campus AP IPSEC encryption option

    Posted Nov 10, 2019 07:43 PM

    We have controllers running on 6.5.4.x versions. All access points are CAP. For the IP sec tunnel between the AP and the controller, is it possible to change the phase 1 / 2 encryption encryption/hash alogrithm?

     

    For eg.

    show crypto isakmp sa peer x.x.x.x

    Phase1 Transform:EncrAlg:AES256 HashAlg:HMAC_SHA1_96

     

    show crypto ipsec sa peer x.x.x.x

    Phase2 Transform:Encryption Alg: AES 256 Authentication Alg: SHA1

     

    Was told that the setting for the above are negotiated by the access points and cannot be changed manually. Was wondering if anyone was able to modify as the default hash is deem not so secure.



  • 2.  RE: Campus AP IPSEC encryption option

    EMPLOYEE
    Posted Nov 10, 2019 07:59 PM

    The Campus IPSEC encryption is only for control traffic to/from the AP.  The user traffic is encrypted using whatever wireless protocol is configured and then tunneled via GRE.  Which portion of the communication do you want to be more secure?



  • 3.  RE: Campus AP IPSEC encryption option

    Posted Nov 10, 2019 08:47 PM

    Looking to change the encypriton between the AP and the controller to more secure algorithm but am not sure if that is possible.