Xerox 6400XF WorkCentre 6400 System Administrator Guide - Page 68

Security Note: DH is a public-key cryptography scheme that allows two parties to establish a shared secret over an insecure communications channel. It is also used within IKE to establish session keys. 2. Select the DH Group. Options are: • Group 2: Provides a 1024-bit Modular Exponential (MODP) keying strength. • Group 14: Provides a 2048-bit MODP keying strength. 3. Select one or more of the following Hash - Encryption algorithms: • SHA1 - Advanced Encryption Standard (AES) • SHA1 - Triple Data Encryption Standard (3DES) • MD5 - AES • MD5 - 3DES Notes: • 3DES is a variation on DES that uses a168-bit key. 3DES is more secure than DES. • AES is more secure than 3DES. 4. Under IKE Phase 2, select the IPsec Mode. Options are Transport Mode or Tunnel Mode. Note: Transport mode only encrypts the IP payload whereas Tunnel mode encrypts the IP header and the IP payload. Tunnel mode provides protection for an entire IP packet by treating it as an Authentication Header (AH), or Encapsulating Security Payload (ESP). 5. If you select Tunnel Mode, under Enable Security End Point Address, select the address type. Options are Disabled, IPv4 Address, or IPv6 Address. 6. Under IPsec Security, select ESP, AH, or BOTH. 7. Type the Key Lifetime, and select the units; Seconds, Minutes, or Hours. 8. Under Perfect Forward Secrecy (PFS), select None, Group 2, or Group 14. Note: PFS is disabled by default. PFS allows faster IPSec setup, but is not very secure. 9. Under Hash, select from the following: • SHA1 • MD5 • None 10. If you selected ESP or BOTH for the IPsec Security type, select one or more of the following Encryption types: Note: Encryption will not display if IPsec Security is set to AH. • AES • 3DES • Null 11. Click Save. Editing or Deleting an Action To edit or delete an action, select the action from the list, then click Edit or Delete. 68 WorkCentre 6400 Multifunction Printer System Administrator Guide