Enterprise Wireless Encryption
Using VPNs

IP Security (IPSec) is a framework of open standards for ensuring secure private communication over IP networks. IPSec Virtual Private Networks (VPNs) use the services defined within IPSec to ensure confidentiality, integrity, and authenticity of data communications across networks such as the Internet. VPN deployment is illustrated in Figure . IPSec also has a practical application to secure WLANs. It does this by overlaying IPSec on top of 802.11 wireless traffic.

When deploying IPSec in a WLAN environment, an IPSec client is placed on every PC connected to the wireless network . The user is required to establish an IPSec tunnel and to route any traffic to the wired network, as shown in Figure . Filters are put in place to prevent wireless traffic from reaching any destination other than the VPN concentrator and the DHCP/DNS server. The VPN clients can also be terminated on an IOS Firewall router or a PIX Security Appliance.

IPSec provides for the confidentiality of IP traffic. It also has authentication and anti-replay capabilities using Message Digest 5 (MD5) or Secure Hash Algorithm (SHA). Confidentiality is achieved through encryption, which uses Data Encryption Standard (DES), Triple DES (3DES) or AES. The process is shown in Figure .

Filtering can provide an additional layer of wireless security. Filters can be created to filter a Protocol or IP port. When an access point is designed for VPN-only use, filters like the one in Figure can be used. These filters are to only allow specified traffic such as Encapsulated Security Payload (ESP) and Internet Key Exchange (IKE), which are necessary for secure VPN communication


Web Links