Konica Minolta bizhub 4020i bizhub 5020i/4020i User Guide - Page 408
Internet Key Exchange IKE, Use Prefixed Template
View all Konica Minolta bizhub 4020i manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 408 highlights
Use Prefixed Template Select Custom, IKEv1 High Security or IKEv1 Medium Security. The setting items are different depending on the selected template. The default template differs depending on whether you chose Main or Aggressive for Negotiation Mode on the IPsec configuration screen. Internet Key Exchange (IKE) IKE is a communication protocol that is used to exchange encryption keys in order to carry out encrypted communication using IPsec. To carry out encrypted communication for that time only, the encryption algorithm that is necessary for IPsec is determined and the encryption keys are shared. For IKE, the encryption keys are exchanged using the Diffie-Hellman key exchange method, and encrypted communication that is limited to IKE is carried out. If you selected Custom in Use Prefixed Template, select IKEv1. Authentication Type Configure the IKE authentication and encryption. • Diffie-Hellman Group This key exchange method allows secret keys to be securely exchanged over an unprotected network. The Diffie-Hellman key exchange method uses a discrete logarithm problem, not the secret key, to send and receive open information that was generated using a random number and the secret key. Select Group1, Group2, Group5, or Group14. • Encryption Select DES, 3DES, AES-CBC 128, or AES-CBC 256. • Hash Select MD5, SHA1, SHA256, SHA384 or SHA512. • SA Lifetime Specify the IKE SA lifetime. Type the time (seconds) and number of kilobytes (KByte). Encapsulating Security • Protocol Select ESP, AH or AH+ESP. - ESP is a protocol for carrying out encrypted communication using IPsec. ESP encrypts the payload (communicated contents) and adds additional information. The IP packet is comprised of the header and the encrypted payload, which follows the header. In addition to the encrypted data, the IP packet also includes information regarding the encryption method and encryption key, the authentication data, and so on. - AH is part of the IPsec protocol that authenticates the sender and prevents manipulation (ensures the completeness) of the data. In the IP packet, the data is inserted immediately after the header. In addition, the packets include hash values, which are calculated using an equation from the communicated contents, secret key, and so on, in order to prevent the falsification of the sender and manipulation of the data. Unlike ESP, the communicated contents are not encrypted, and the data is sent and received as plain text. • Encryption Select DES, 3DES, AES-CBC 128, or AES-CBC 256. The encryption can be selected only when ESP is selected in Protocol. • Hash Select None, MD5, SHA1, SHA256, SHA384, or SHA512. When AH+ESP is selected in Protocol, select each protocol for Hash(ESP) and Hash(AH). • SA Lifetime Specify the IPsec SA lifetime. 402