Home » Lexmark Manuals » Multifunction Devices » Lexmark X925 » Manual Viewer

Lexmark X925 Common Criteria Installation Supplement and Administrator Guide - Page 17

Setting up IPSec

Add to My Manuals
Save this manual to your list of manuals

Page 17 highlights

17 The contents of the file should be in the following format: -----BEGIN CERTIFICATE----MIIE1jCCA76gAwIBAgIQY6sV0KL3tIhBtlr4gHG85zANBgkqhkiG9w0BAQUFADBs ... l3DTbPe0mnIbTq0iWqKEaVne1vvaDt52iSpEQyevwgUcHD16rFy+sOnCaQ== -----END CERTIFICATE----- • Download Signing Request-Download or save the signing request as a .csr file. • Install Signed Certificate-Upload a previously signed certificate. Installing a CA certificate A Certificate Authority (CA) certificate is required if you will be using the PKI Authentication application. 1 From the Embedded Web Server, click Settings > Security > Certificate Management > Certificate Authority Management. Note: For information about accessing the EWS, see "Using the Embedded Web Server" on page 15. 2 Click New. 3 Click Browse to locate the Certificate Authority Source file, and then click Submit. Note: The Certificate Authority Source file must be in PEM (.cer) format. 4 Reboot the MFP by turning it off and back on using the power switch. Setting up IPSec IPSec encrypts IP packets as they are transmitted over the network between devices. It does not handle authentication or restrict access. 1 From the Embedded Web Server, click Settings > Security > IPSec. Note: For information about accessing the EWS, see "Using the Embedded Web Server" on page 15. 2 Select the IPSec Enable check box, and then click Submit. Your browser will return to the Security page. 3 Click IPSec. 4 In the Settings section, click Encryption, and then select 3DES from the Proposed Encryption Method drop‑down menu. 5 In the Settings section, click Certificate Validation, and then select the Validate Peer Certificate check box. 6 In the Connections section, click either Pre‑Shared Key Authenticated Connections or Certificate Authenticated Connections, and then click one of the numbered Host fields. 7 Type the IP address of the client device you want to connect to the MFP. If you are using Pre‑Shared Key (PSK) Authentication, then also type the key. Note: If you are using PSK Authentication, then retain the key to use later when configuring client devices. 8 Configure IPSec as needed on client devices that will connect to the MFP. 9 Click Submit.

Section	Page
Installation Supplement and Administrator Guide	1
Contents	3
Overview and first steps	5
Overview	5
Using this guide	5
Supported devices	5
Operating environment	6
Before configuring the device (required)	6
Verifying physical interfaces and installed firmware	6
Attaching a lock	7
Encrypting the hard disk	7
Disabling the USB buffer	8
Installing the minimum configuration	9
Configuring the device	9
Configuration checklist	9
Configuring disk wiping	9
Enabling the backup password (optional)	9
Creating user accounts	10
Creating security templates	11
Controlling access to device functions	12
Disabling home screen icons	14
Administering the device	15
Using the Embedded Web Server	15
Settings for network-connected devices	15
Creating and modifying digital certificates	15
Setting up IPSec	17
Disabling the AppleTalk protocol	18
Shutting down port access	18
Other settings and functions	19
Network Time Protocol	19
Kerberos	19
Security audit logging	20
E-mail	22
Fax	24
Configuring security reset jumper behavior	25
User access	25
Creating user accounts through the EWS	25
Configuring LDAP+GSSAPI	27
Configuring Common Access Card access	30
Creating security templates using the EWS	32
Controlling access to device functions	33
Configuring PKI Held Jobs	33
Controlling access to device functions using the EWS	34
Troubleshooting	37
Login issues	37
“Unsupported USB Device” error message	37
Make sure a supported Smart Card reader is attached	37
The printer home screen fails to return to a locked state when not in use	37
Make sure the authentication token is installed and running	37
Make sure PKI Authentication is installed and running	37
Login screen does not appear when a Smart Card is inserted	37
Make sure the Smart Card is recognized by the reader	37
“The KDC and MFP clocks are different beyond an acceptable range; check the MFP's date and time” err ...	38
Verify the date and time on the printer	38
“Kerberos configuration file has not been uploaded” error message	38
Make sure the Kerberos file has been uploaded	38
Users are unable to authenticate	38
Make sure the Realm specified in the Kerberos settings is in uppercase	38
“The Domain Controller Issuing Certificate has not been installed” error message	39
Make sure that the correct certificate has been installed on the printer	39
“The KDC did not respond within the required time” error message	39
Make sure the IP address or host name of the KDC is correct	39
Make sure the KDC is available	39
Make sure Port 88 is not blocked by a firewall	39
“User's Realm was not found in the Kerberos Configuration file” error message	39
Make sure the Windows Domain is specified in the Kerberos settings	39
“Realm on the card was not found in the Kerberos Configuration File” error message	40
Upload a Kerberos configuration file and make sure the realm has been added to the file	40
“Client [NAME] unknown” error message	40
Verify that the Domain Controller information is correct	40
Login does not respond at “Getting User Info”	40
User is logged out almost immediately after logging in	40
Increase the Panel Login Timeout interval	40
LDAP issues	41
LDAP lookups take a long time and then fail	41
Make sure Port 389 (non-SSL) and Port 636 (SSL) are not blocked by a firewall	41
Make sure the LDAP search base is not too broad in scope	41
LDAP lookups fail almost immediately	41
Verify that the Address Book Setup contains the host name for the LDAP server	41
Verify or adjust Address Book Setup settings	41
Narrow the LDAP search base	41
Verify that the LDAP attributes being searched for are correct	41
Held Jobs/Print Release Lite issues	42
“You are not authorized to use this feature” Held Jobs error message	42
Add the user to the appropriate Active Directory group	42
“Unable to determine Windows User ID” error message	42
Make sure PKI Authentication is setting the user ID for the session	42
“There are no jobs available for [USER]” error message	42
Make sure PKI Authentication is setting the correct user ID	42
Make sure the jobs were sent to the correct printer and were printed	42
Jobs are printing out immediately	43
Make sure PKI Held Jobs is installed and running	43
Make sure all jobs are required to be held	43
Appendix A: Using the touch screen	44
Appendix B: Acronyms	46
Appendix C: Description of access controls	47
Access controls	47
Appendix D: Using Common Access Cards	50
Using a Common Access Card to access the printer	50
Notices	51
LEXMARK SOFTWARE LICENSE AGREEMENT	51

Match case Limit results 1 per page

The contents of the file should be in the following format:

-----BEGIN CERTIFICATE-----

MIIE1jCCA76gAwIBAgIQY6sV0KL3tIhBtlr4gHG85zANBgkqhkiG9w0BAQUFADBs

…

l3DTbPe0mnIbTq0iWqKEaVne1vvaDt52iSpEQyevwgUcHD16rFy+sOnCaQ==

-----END CERTIFICATE-----

•

Download Signing Request

—Download or save the signing request as a .csr file.

•

Install Signed Certificate

—Upload a previously signed certificate.

Installing a CA certificate

Certificate Authority

(CA) certificate is required if you will be using the PKI Authentication application.

From the Embedded Web Server, click

Settings

Security

Certificate Management

Certificate Authority

Management

Note:

For information about accessing the EWS, see “Using the Embedded Web Server” on page 15.

Click

New

Click

Browse

to locate the Certificate Authority Source file, and then click

Submit

Note:

The Certificate Authority Source file must be in PEM (.cer) format.

Reboot the MFP by turning it off and back on using the power switch.

Setting up IPSec

IPSec encrypts IP packets as they are transmitted over the network between devices. It does not handle authentication

or restrict access.

From the Embedded Web Server, click

Settings

Security

IPSec

Note:

For information about accessing the EWS, see “Using the Embedded Web Server” on page 15.

Select the

IPSec Enable

check box, and then click

Submit

. Your browser will return to the Security page.

Click

IPSec

In the Settings section, click

Encryption

, and then select

3DES

from the Proposed Encryption Method drop

‑

down

menu.

In the Settings section, click

Certificate Validation

, and then select the

Validate Peer Certificate

check box.

In the Connections section, click either

Pre

‑

Shared Key Authenticated Connections

Certificate Authenticated

Connections

, and then click one of the numbered

Host

fields.

Type the IP address of the client device you want to connect to the MFP. If you are using

Pre

‑

Shared Key

(PSK)

Authentication, then also type the key.

Note:

If you are using PSK Authentication, then retain the key to use later when configuring client devices.

Configure IPSec as needed on client devices that will connect to the MFP.

Click

Submit