Kyocera ECOSYS FS-6525MFP Kyocera Command Center RX User Guide Rev-1.60 - Page 75
Advanced > Security > IPSec > Rule1 (to Rule3), Key Exchange IKE phase1
View all Kyocera ECOSYS FS-6525MFP manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 75 highlights
Settings Pages Restriction Specifies the default policy for non-IPSec packets. Select Allow to allow communication with all hosts and networks including those not permitted by the rules described under Advanced > Security > IPSec > Rule1 (to Rule3) on page 6-51. Select Deny to allow communication only with the hosts and networks permitted by the rules. Authentication Type Specifies the authentication type used for IKE phase1. To set a character string as the shared key and use it for communication, select Pre-shared and enter the string of the pre-shared key in the text box. To use a CAissued device certificate or root certificate, select Certificates. When Expiration Verification is enabled, the expiration of the server certificate is verified at communicating. If the server certificate is found expired, communication will fail. When it is disabled, the expiration will not be verified. When you select Certificates, the contents of the CA certificate and root 1 to 3 certificates are displayed if they are enabled. When you click the CA or Root button, you can view, import or delete CA-issued or root certificates. Rule1 (to Rule3) Shows whether the set rule is enabled or disabled. To enable or disable the rule, refer to Advanced > Security > IPSec > Rule1 (to Rule3) on page 6-51. Advanced > Security > IPSec > Rule1 (to Rule3) These pages allow you to select or edit rules to use for IPSec protocol-based communication. Rule Specifies whether or not to enable the selected IPSec policy rule. Select On to enable the rule. Select Off to disable it. Key Exchange (IKE phase1) When using IKE phase1, a secure connection with the other end is established by generating ISAKMP SAs. Configure the following items so that they meet the requirement of the other end. • Mode Main Mode protects identifications but requires more messages to be exchanged with the other end. Aggressive Mode requires fewer messages to be exchanged with the other end than Main Mode but restricts identification protection and narrows the extent of the parameter negotiations. When Aggressive Mode is selected and Preshared is selected for Authentication Type, only host addresses can be specified for IP addresses of the rule. • Hash Selects the hash algorithm. • Encryption Selects the encryption algorithm. • Diffie-Hellman Group The Diffie-Hellman key-sharing algorithm allows two hosts on an unsecured network to share a private key securely. Select the Diffie-Hellman group to use for key sharing. • Lifetime (Time) Specifies the lifetime of an ISAKMP SA in seconds. COMMAND CENTER RX 6-51