Kyocera TASKalfa 4500i Kyocera Command Center RX User Guide Rev-1.2 - Page 70

Advanced > Security > IPSec > Rule1 (to Rule3), Key Exchange IKE phase1

Get Kyocera TASKalfa 4500i PDF manuals and user guides View all Kyocera TASKalfa 4500i manuals
Add to My Manuals
Save this manual to your list of manuals

Page 70 highlights

Settings Pages Expiration Verification is enabled, the expiration of the server certificate is verified at communicating. If the server certificate is found expired, communication will fail. When it is disabled, the expiration will not be verified. When you select Certificates, the contents of the CA certificate and root 1 to 3 certificates are displayed if they are enabled. When you click the CA or Root button, you can view, import or delete CA-issued or root certificates. Rule1 (to Rule3) Shows whether the set rule is enabled or disabled. To enable or disable the rule, refer to Advanced > Security > IPSec > Rule1 (to Rule3) on page 6-48. Advanced > Security > IPSec > Rule1 (to Rule3) These pages allow you to select or edit rules to use for IPSec protocol-based communication. Rule Specifies whether or not to enable the selected IPSec policy rule. Select On to enable the rule. Select Off to disable it. Key Exchange (IKE phase1) When using IKE phase1, a secure connection with the other end is established by generating ISAKMP SAs. Configure the following items so that they meet the requirement of the other end. • Mode Main Mode protects identifications but requires more messages to be exchanged with the other end. Aggressive Mode requires fewer messages to be exchanged with the other end than Main Mode but restricts identification protection and narrows the extent of the parameter negotiations. When Aggressive Mode is selected and Preshared is selected for Authentication Type, only host addresses can be specified for IP addresses of the rule. • Hash Selects the hash algorithm. • Encryption Selects the encryption algorithm. • Diffie-Hellman Group The Diffie-Hellman key-sharing algorithm allows two hosts on an unsecured network to share a private key securely. Select the Diffie-Hellman group to use for key sharing. • Lifetime (Time) Specifies the lifetime of an ISAKMP SA in seconds. Data Protection (IKE phase2) In IKE phase2, IPSec SAs such as AH or ESP are established by using SAs established in IKE phase1. Configure the following items so that they meet the requirement of the other end. • Protocol Select ESP or AH for the protocol. ESP protects the privacy and integrity of the packet contents. Select the hash algorithm and encryption algorithm below. AH protects the integrity of the packet contents using encryption checksum. Select the hash algorithm below. • Hash 6-48 User Guide

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
Settings Pages
Expiration Verification
is enabled, the expiration of the server certificate is
verified at communicating. If the server certificate is found expired,
communication will fail. When it is disabled, the expiration will not be verified.
When you select
Certificates
, the contents of the CA certificate and root 1 to
3 certificates are displayed if they are enabled. When you click the
CA
or
Root
button, you can view, import or delete CA-issued or root certificates.
Rule1 (to Rule3)
Shows whether the set rule is enabled or disabled. To enable or disable the
rule, refer to
Advanced > Security > IPSec > Rule1 (to Rule3)
on page 6-48.
Advanced > Security > IPSec > Rule1 (to Rule3)
These pages allow you to select or edit rules to use for IPSec protocol-based
communication.
Rule
Specifies whether or not to enable the selected IPSec policy rule. Select
On
to enable the rule. Select
Off
to disable it.
Key Exchange (IKE phase1)
When using IKE phase1, a secure connection with the other end is
established by generating ISAKMP SAs. Configure the following items so
that they meet the requirement of the other end.
Mode
Main Mode
protects identifications but requires more messages to be
exchanged with the other end.
Aggressive Mode
requires fewer messages
to be exchanged with the other end than
Main Mode
but restricts
identification protection and narrows the extent of the parameter negotiations.
When
Aggressive Mode
is selected and
Preshared
is selected for
Authentication Type
, only host addresses can be specified for IP addresses
of the rule.
Hash
Selects the hash algorithm.
Encryption
Selects the encryption algorithm.
Diffie-Hellman Group
The Diffie-Hellman key-sharing algorithm allows two hosts on an unsecured
network to share a private key securely. Select the Diffie-Hellman group to
use for key sharing.
Lifetime (Time)
Specifies the lifetime of an ISAKMP SA in seconds.
Data Protection (IKE phase2)
In IKE phase2, IPSec SAs such as AH or ESP are established by using SAs
established in IKE phase1. Configure the following items so that they meet
the requirement of the other end.
Protocol
Select
ESP
or
AH
for the protocol.
ESP
protects the privacy and integrity of
the packet contents. Select the hash algorithm and encryption algorithm
below.
AH
protects the integrity of the packet contents using encryption
checksum. Select the hash algorithm below.
Hash
User Guide
6-48