Canon Color imageCLASS LBP622Cdw imageCLASS LBP664Cdw / LBP623Cdw / LBP622Cdw - Page 267
Configuring IPSec Settings, Selector, AH/ESP
View all Canon Color imageCLASS LBP622Cdw manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 267 highlights
Managing the Machine Configuring IPSec Settings 3S2S-04J Internet Protocol Security (IPSec or IPsec) is a protocol suite for encrypting data transported over a network, including Internet networks. While TLS only encrypts data used on a specific application, such as a Web browser or an e-mail application, IPSec encrypts either whole IP packets or the payloads of IP packets, offering a more versatile security system. The IPSec of the machine works in transport mode, in which the payloads of IP packets are encrypted. With this feature, the machine can connect directly to a computer that is in the same virtual private network (VPN). Check the system requirements ( Management Functions(P. 499) ) and set the necessary configuration on the computer before you configure the machine. Using IPSec with IP address filter ● IP address filter settings are applied before the IPSec policies. Specifying IP Addresses for Firewall Settings(P. 241) Configuring IPSec Settings Before using IPSec for encrypted communication, you need to register security policies (SP). A security policy consists of the groups of settings described below. After registering policies, specify the order in which they are applied. Selector Selector defines conditions for IP packets to apply IPSec communication. Selectable conditions include IP addresses and port numbers of the machine and the devices to communicate with. IKE IKE configures the IKEv1 that is used for key exchange protocol. Note that instructions vary depending on the authentication method selected. [Pre-Shared Key Method] This authentication method uses a common key word, called Shared Key, for communication between the machine and other devices. Enable TLS for the Remote UI before specifying this authentication method ( Configuring the Key and Certificate for TLS(P. 250) ). [Digital Signature Method] The machine and the other devices authenticate each other by mutually verifying their digital signatures. Generate or install the key and certificate beforehand ( Registering the Key and Certificate for Network Communication(P. 259) ). AH/ESP Specify the settings for AH/ESP, which is added to packets during IPSec communication. AH and ESP can be used at the same time. You can also select whether or not to enable PFS for tighter security. 261