HP 630n HP Jetdirect Print Servers - Administrator's Guide - Page 119
Advanced IKE Settings, IKEv1 Phase 2 / Quick Mode Settings IPsec Protocols
UPC - 808736806244
View all HP 630n manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 119 highlights
Table 5-12 IKEv1 Phase 2 / Quick Mode Settings (IPsec Protocols) page Item Description Encapsulation Type Specify how the selected IPsec protocols (ESP or AH) are encapsulated: ● Transport (default) Protect only the user data in each IP packet. Do not protect the IP packet header. ● Tunnel Protect all packet fields, including the header. Cryptographic Parameters Set the encryption methods and strengths, and the authentication methods used: ● ESP IPsec encapsulating security payload (ESP) protocol for IP packets. ESP headers are inserted in packets to ensure privacy and integrity of packet contents. Select among the supported encryption methods and strengths and the authentication methods to use for data protection. ● AH IPsec authentication header (AH) protocol for IP packets. AH headers are inserted in packets to protect integrity of packet contents through cryptographic checksums. Select among the supported authentication methods. CAUTION: IPsec AH might not function properly in environments that use network address translation (NAT). NOTE: You cannot use ESP authentication if AH is enabled. If you enable ESP and AH, you must select AH authentication methods. Security Association SA Lifetime Security association lifetime in seconds, the number of kilobytes (KB), or both. Within the limits specified, shorter lifetimes provide improved security depending on the frequency of SA use. Set to zero (0) to disable. Advanced IKE Settings Configure advanced IKE settings. Advanced IKE Settings The Advanced IKE Settings page contains the configuration settings described in the following table. Table 5-13 Advanced IKE Settings page Item Description Replay Detection Set the IPsec anti-replay algorithm. IPsec protocols support anti-replay services to prevent message interception for later use, such as attempting to gain access to resources. Key Perfect Forward Secrecy (Session PFS) Set session perfect forward secrecy (PFS) for key protection. When secret keys are periodically replaced, PFS indicates that the new keys are independently derived and unrelated to the prior keys. This can ensure that data protected by the new keys is secure. While PFS provides additional security, it requires additional processing overhead. Diffie-Hellman Groups (For Session PFS only) Multiple well-known Diffie-Hellman groups that can be used are listed. To change the entries in the list, click Edit. IKE Retries Number of times to retry IKE protocols if a failure occurs. Enter a value from 0 to 20. IKE Retransmit Interval Time (in seconds) between successive IKE protocol retries if a failure occurs. Enter a value from 0 to 5. ENWW HP Jetdirect IPsec/Firewall wizard 109