HP 635n HP Jetdirect Print Server Administrator's Guide - Page 113
IKEv1 Phase 1 (Authentication), Table 5-6
UPC - 882780301016
View all HP 635n manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 113 highlights
Table 5-6 Create IPsec Template page Item IPsec Template Name Description Enter a name for a custom IPsec template in the edit box. This name will be added to the Step 3-Specify IPsec Template page. NOTE The IPsec policy template name must be unique for all IPsec policy templates. Authentication Type Hosts specified in the Address template must negotiate IPsec security settings during a session. During negotiation, authentication must occur to validate sender/ receiver identities. Select one of the following authentication types. Dynamic Keys: Use Internet Key Exchange (IKE) protocols for authentication and encryption and to create Security Associations . You must select one of the following methods: ■ Pre-Shared Key: Enter a pre-shared key (ASCII string) that is shared by all hosts specified by this rule. If a pre-shared key is used, it should be protected; any host that knows this key may be authenticated. ■ Certificates: Certificates may be used for authentication. A self-signed Jetdirect certificate is pre-installed by factory default, and can be replaced. In addition, a CA certificate must be installed for server authentication. For information on requesting, configuring and installing certificates, see Configuring Certificates. After selecting a dynamic key method, you must configure IKE parameters using the IKEv1 Phase 1 (Authentication) page. Manual Keys: Select this option to configure encryption keys and create Security Associations manually through the Manual Keys page. IKEv1 Phase 1 (Authentication) Internet Key Exchange (IKE) is used to create Security Associations dynamically. Use this page to configure SA parameters for authentication and to securely generate IPsec session keys for encryption and hashing algorithms. Items on this page are described below. Table 5-7 IKE Phase 1 (Authentication) page Item Diffie-Hellman Groups SA Lifetime Negotiation Mode Description (Required) A Diffie-Hellman exchange allows a secret key and security services to be securely exchanged between two hosts over an unprotected network. A DiffieHellman group determines the parameters to use during a Diffie-Hellman exchange. Multiple well-known Diffie-Hellman groups are provided and can be selected. Selecting all the groups will result in a single negotiated group. (Required) Specify the lifetime, in seconds, that the keys associated with this Security Association will be valid. (Required) IKE provides two modes of negotiation during an exchange for keys and security services to be used for a Security Association: Main: This mode features identity protection between the hosts and is slower but secure. Aggressive: This mode uses half the message exchanges. It is faster, but less secure than Main mode. ENWW HP Jetdirect IPsec Wizard 103