Kyocera ECOSYS P6035cdn Kyocera Command Center RX User Guide Rev-2014.2 - Page 63
Key Exchange IKE phase1, Data Protection IKE phase2
View all Kyocera ECOSYS P6035cdn manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 63 highlights
User Guide Network Settings Subnet Mask: When IPv4 is selected for IP Version, this specifies the subnet mask of the hosts or network with which the print system is connecting via IPSec. If this field is blank, the specified addresses are considered to be host addresses. IP Address (IPv6): Specifies the IPv6 addresses of the hosts or network with which the print system is connecting via IPSec. When you are restricting the scope of IPSec, be sure to specify the IP addresses. If this field is blank, all IPv6 addresses will be allowed to connect the print system. Prefix Length: When IPv6 is selected for IP Version, this specifies the prefix length of the hosts or network with which the print system is connecting via IPSec. If this field is blank, the specified addresses are considered to be host addresses. Remote Peer Address: If Tunnel is selected in Encapsulation Mode, assign an IP address that is remotely controlled. 3. Authentication: Configures the local side authentication when IKEv1 is selected as Key Management Type. To set a character string as the shared key and use it for communication, select Pre-shared Key and enter the string of the pre-shared key in the text box. To use the CA-issued Device Certification or Root Certificate, select the Certificates. When Certificates is selected, the availability of the device certificate is shown. To make advanced settings, click Settings button and select a certificate. Configure the device certificate on the Certificates page of Security Settings. Configures the local side and remote side authentication when IKEv2 is selected as Key Management Type. Configure Authentication Type, Local ID Type, Local ID and Pre-shared Key on Local Side, and Authentication Type, Remote ID Type, Remote ID and Pre-shared Key on Remote Side. 4. Key Exchange (IKE phase1): When using IKE phase1, a secure connection with the other end is established by generating ISAKMP SAs. Configure the following items so that they meet the requirement of the other end. Mode: Configures this item when IKEv1 is selected as Key Management Type. Main Mode protects identifications but requires more messages to be exchanged with the other end. Aggressive Mode requires fewer messages to be exchanged with the other end than Main Mode but restricts identification protection and narrows the extent of the parameter negotiations. When Aggressive Mode is selected and Pre-shared Key is selected for Authentication Type, only host addresses can be specified for IP addresses of the rule. Hash: Selects the hash algorithm. Encryption: Selects the encryption algorithm. Diffie-Hellman Group: The Diffie-Hellman key-sharing algorithm allows two hosts on an unsecured network to share a private key securely. Select the Diffie-Hellman group to use for key sharing. Lifetime (Time): Specifies the lifetime of an ISAKMP SA in seconds. 5. Data Protection (IKE phase2) In IKE phase2, IPSec SAs such as ESP or AH are established by using SAs established in IKE phase1. Configure the following items so that they meet the requirement of the other end. Protocol: Select ESP or AH for the protocol. ESP protects the privacy and integrity of the packet contents. Select the hash algorithm and encryption algorithm below. AH protects the integrity of the packet contents using encryption checksum. When you select AH as Protocols, you cannot use the AES-GCM-128, 192, or 256. Select the hash algorithm below. Hash: Selects the hash algorithm. When you select AES-GCM-128, 192, or 256 on Encryption, you have to select the AES-GCM-128, 192, or 256 or the AES-GMAC128, 192, or 256 corresponding to the same bit. Encryption: Selects the encryption algorithm. (When ESP is selected under Protocol.) When you select the AES-GCM-128, 192, or 256 on Hash, you have to select the AES-GCM-128, 192, or 256 corresponding to the same bit. When you select the AES-GMAC-128, 192, or 256 on Hash, you have to select the AES-GCM-128, 192, or 256 corresponding to the same bit. If you do not select any algorithm, the machine authenticates without encryption. 59