Kyocera KM-8030 Kyocera Command Center Operation Guide Rev 6.3 - Page 60

Advanced > Security > IPSec > Rule1 (to Rule3), Data Protection IKE phase2

Get Kyocera KM-8030 PDF manuals and user guides View all Kyocera KM-8030 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 60 highlights

COMMAND CENTER Pages Shows whether the set rule is enabled or disabled. To enable or disable the rule, refer to Advanced > Security > IPSec > Rule1 (to Rule3) on page 3-53. Advanced > Security > IPSec > Rule1 (to Rule3) These pages allow you to select or edit rules to use for IPSec protocol-based communication. Rule Specifies whether or not to enable the selected IPSec policy rule. Select On to enable the rule. Select Off to disable it. Key Exchange (IKE phase1) When using IKE phase1, a secure connection with the other end is established by generating ISAKMP SAs. Configure the following items so that they meet the requirement of the other end. • Mode Main Mode protects identifications but requires more messages to be exchanged with the other end. Aggressive Mode requires fewer messages to be exchanged with the other end than Main Mode but restricts identification protection and narrows the extent of the parameter negotiations. When Aggressive Mode is selected and Preshared is selected for Authentication Type, only host addresses can be specified for IP addresses of the rule. • Hash Selects the hash algorithm. • Encryption Selects the encryption algorithm. • Diffie-Hellman Group The Diffie-Hellman key-sharing algorithm allows two hosts on an unsecured network to share a private key securely. Select the Diffie-Hellman group to use for key sharing. • Lifetime (Time) Specifies the lifetime of an ISAKMP SA in seconds. Data Protection (IKE phase2) In IKE phase2, IPSec SAs such as AH or ESP are established by using SAs established in IKE phase1. Configure the following items so that they meet the requirement of the other end. • Protocol Select ESP or AH for the protocol. ESP protects the privacy and integrity of the packet contents. Select the hash algorithm and encryption algorithm below. AH protects the integrity of the packet contents using encryption checksum. Select the hash algorithm below. • Hash Selects the hash algorithm. • Encryption Selects the encryption algorithm. (When ESP is selected under Protocol.) • PFS When PFS is set to On (enabled), even if a key is decrypted, the decrypted key cannot be used to decrypt the other keys generated after the decryption. 3-53 User Guide

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
COMMAND CENTER Pages
Shows whether the set rule is enabled or disabled. To enable or disable the
rule, refer to
Advanced > Security > IPSec > Rule1 (to Rule3)
on page 3-53.
Advanced > Security > IPSec > Rule1 (to Rule3)
These pages allow you to select or edit rules to use for IPSec protocol-based
communication.
Rule
Specifies whether or not to enable the selected IPSec policy rule. Select
On
to enable the rule. Select
Off
to disable it.
Key Exchange (IKE phase1)
When using IKE phase1, a secure connection with the other end is
established by generating ISAKMP SAs. Configure the following items so
that they meet the requirement of the other end.
Mode
Main Mode
protects identifications but requires more messages to be
exchanged with the other end.
Aggressive Mode
requires fewer messages
to be exchanged with the other end than
Main Mode
but restricts
identification protection and narrows the extent of the parameter negotiations.
When
Aggressive Mode
is selected and
Preshared
is selected for
Authentication Type
, only host addresses can be specified for IP addresses
of the rule.
Hash
Selects the hash algorithm.
Encryption
Selects the encryption algorithm.
Diffie-Hellman Group
The Diffie-Hellman key-sharing algorithm allows two hosts on an unsecured
network to share a private key securely. Select the Diffie-Hellman group to
use for key sharing.
Lifetime (Time)
Specifies the lifetime of an ISAKMP SA in seconds.
Data Protection (IKE phase2)
In IKE phase2, IPSec SAs such as AH or ESP are established by using SAs
established in IKE phase1. Configure the following items so that they meet
the requirement of the other end.
Protocol
Select
ESP
or
AH
for the protocol.
ESP
protects the privacy and integrity of
the packet contents. Select the hash algorithm and encryption algorithm
below.
AH
protects the integrity of the packet contents using encryption
checksum. Select the hash algorithm below.
Hash
Selects the hash algorithm.
Encryption
Selects the encryption algorithm. (When
ESP
is selected under
Protocol
.)
PFS
When
PFS
is set to
On
(enabled), even if a key is decrypted, the decrypted
key cannot be used to decrypt the other keys generated after the decryption.
User Guide
3-53