Home » HP Manuals » Print Servers » HP 635n » Manual Viewer

HP 635n HP Jetdirect Print Server Administrator's Guide - Page 113

IKEv1 Phase 1 (Authentication), Table 5-6

UPC - 882780301016

Add to My Manuals
Save this manual to your list of manuals

Page 113 highlights

Table 5-6 Create IPsec Template page Item IPsec Template Name Description Enter a name for a custom IPsec template in the edit box. This name will be added to the Step 3-Specify IPsec Template page. NOTE The IPsec policy template name must be unique for all IPsec policy templates. Authentication Type Hosts specified in the Address template must negotiate IPsec security settings during a session. During negotiation, authentication must occur to validate sender/ receiver identities. Select one of the following authentication types. Dynamic Keys: Use Internet Key Exchange (IKE) protocols for authentication and encryption and to create Security Associations . You must select one of the following methods: ■ Pre-Shared Key: Enter a pre-shared key (ASCII string) that is shared by all hosts specified by this rule. If a pre-shared key is used, it should be protected; any host that knows this key may be authenticated. ■ Certificates: Certificates may be used for authentication. A self-signed Jetdirect certificate is pre-installed by factory default, and can be replaced. In addition, a CA certificate must be installed for server authentication. For information on requesting, configuring and installing certificates, see Configuring Certificates. After selecting a dynamic key method, you must configure IKE parameters using the IKEv1 Phase 1 (Authentication) page. Manual Keys: Select this option to configure encryption keys and create Security Associations manually through the Manual Keys page. IKEv1 Phase 1 (Authentication) Internet Key Exchange (IKE) is used to create Security Associations dynamically. Use this page to configure SA parameters for authentication and to securely generate IPsec session keys for encryption and hashing algorithms. Items on this page are described below. Table 5-7 IKE Phase 1 (Authentication) page Item Diffie-Hellman Groups SA Lifetime Negotiation Mode Description (Required) A Diffie-Hellman exchange allows a secret key and security services to be securely exchanged between two hosts over an unprotected network. A DiffieHellman group determines the parameters to use during a Diffie-Hellman exchange. Multiple well-known Diffie-Hellman groups are provided and can be selected. Selecting all the groups will result in a single negotiated group. (Required) Specify the lifetime, in seconds, that the keys associated with this Security Association will be valid. (Required) IKE provides two modes of negotiation during an exchange for keys and security services to be used for a Security Association: Main: This mode features identity protection between the hosts and is slower but secure. Aggressive: This mode uses half the message exchanges. It is faster, but less secure than Main mode. ENWW HP Jetdirect IPsec Wizard 103

Section	Page
Introducing the HP Jetdirect Print Server	11
Supported Print Servers	11
Supported Network Protocols	12
Security Protocols	13
SNMP (IPv4 and IPX)	13
HTTPS	13
Authentication	13
EAP/802.1X Server-Based Authentication	13
IPsec	14
Supplied Manuals	14
HP Support	14
HP Online Support	14
Firmware Upgrades	14
Firmware Installation Tools	15
HP Support By Phone	15
Product Registration	15
Product Accessibility	16
HP Software Solutions Summary	17
HP Install Network Printer Wizard (Windows)	19
Requirements	19
HP Jetdirect Printer Installer for UNIX	19
HP Web Jetadmin	20
System Requirements	20
Installing HP Web Jetadmin	20
Verifying Installation and Providing Access	20
Configuring and Modifying a Device	20
Removing HP Web Jetadmin Software	21
Internet Printer Connection Software	21
HP-Supplied Software	21
HP Software System Requirements	21
HP Software Supported Proxies	22
Microsoft Supplied Software	22
Windows 2000/XP/Server 2003 Integrated Software	22
Windows Me IPP Client	22
Novell Supplied Software	23
HP LaserJet Utilities for Mac OS	23
TCP/IP Configuration	27
IPv6 Configuration	27
IPv6 Address Introduction	27
IPv6 Address Configuration	28
Link-Local Address	28
Stateless Addresses	29
Stateful Addresses	29
Using DNS	29
Tools and Utilities	30
IPv4 Configuration	30
Server-Based and Manual TCP/IP Configuration (IPv4)	30
Default IP Address (IPv4)	31
Default IP Address Will Not Be Assigned	31
Default IP Address Will Be Assigned	31
Default IPv4 Address Configuration Options	32
Default IPv4 Behavior	33
TCP/IP Configuration Tools	33
Using BOOTP/TFTP (IPv4)	34
Why Use BOOTP/TFTP?	34
BOOTP/TFTP on UNIX	35
Using DHCP (IPv4)	46
UNIX Systems	47
Windows Systems	47
To Discontinue DHCP Configuration	50
Using RARP (IPv4)	51
Using the arp and ping Commands (IPv4)	51
Using Telnet (IPv4)	52
Creating a Telnet Connection	53
A Typical Telnet Session	53
User Interface Options	54
Using Telnet to Erase the Existing IP Settings	68
Moving to Another Network (IPv4)	68
Using the Embedded Web Server	68
Using the Printer Control Panel	68
HP Jetdirect Embedded Web Server (V.31.xx)	71
Requirements	73
Compatible Web Browsers	73
Browser Exceptions	73
Supported HP Web Jetadmin Version	73
Viewing the Embedded Web Server	73
Operating Notes	75
HP Jetdirect Home Tab	75
Device Tabs	76
Networking Tab	76
Sending Product Information to HP	77
TCP/IP Settings	78
Summary	78
Network Identification	79
TCP/IP(v4)	80
TCP/IP(v6)	81
Config Precedence	82
Advanced	83
Network Settings	85
IPX/SPX	85
AppleTalk	86
DLC/LLC	87
SNMP	87
Other Settings	88
Misc. Settings	88
Firmware Upgrade	90
LPD Queues	91
Support Info	93
Refresh Rate	93
Privacy Settings	93
Select Language	93
Security: Settings	93
Status	94
Wizard	94
Restore Defaults	94
Authorization	95
Admin. Account	95
Certificates	96
Configuring Certificates	97
Access Control	100
Mgmt. Protocols	100
Web Mgmt.	100
SNMP	101
SNMP v3	101
Other	102
802.1x Authentication	103
IPsec	104
Network Statistics	104
Protocol Info	104
Configuration Page	104
Other Links	105
Help	105
Support	105
HP Home	105
HP Web Jetadmin	105
IPsec Configuration	107
HP Jetdirect IPsec Wizard	109
Step 1-Specify an Address Template	110
Create Address Template	110
Step 2-Specify Service Template	110
Create Service Template	111
Select Custom Services	111
Add Custom Services	111
Step 3 - Specify IPsec Template	112
Create IPsec Template	112
IKEv1 Phase 1 (Authentication)	113
IPsec Protocols	114
Manual Keys	115
Summary	115
Configuring Windows Systems	115
Security Features	117
Using Security Features	120
Troubleshooting the HP Jetdirect Print Server	121
Resetting to Factory Defaults	122
Service Menu Example	122
General Troubleshooting	123
Troubleshooting Chart - Assessing the Problem	123
Procedure 1: Verifying that the Printer is On and Online	124
Procedure 2: Printing an HP Jetdirect Configuration Page	124
Procedure 3: Resolving Printer Display Error Messages	125
Procedure 4: Resolving Printer Communication Problems with the Network	126
HP Jetdirect Configuration Pages	129
HP Jetdirect Configuration Page	130
Status Field Error Messages	130
Configuration Page Format	130
Configuration Page Messages	131
HP Jetdirect Configuration/General Information	131
Security Settings	132
Network Statistics	134
TCP/IP Protocol Information	134
IPv4 Section	136
IPv6 Section	137
IPX/SPX Protocol Information	137
Novell NetWare Parameters	138
AppleTalk Protocol Information	139
DLC/LLC Protocol Information	140
Error Messages	140
Security Configuration Page	147
Security Settings	148
IPsec Error Log	150
Local IP Addresses	150
IPsec Stats	150
IKE Stats	150
IPsec Rules	151
IPsec SA Table	151
Available Network Services	151
LPD Printing	153
About LPD	154
Requirements for Configuring LPD	154
LPD Setup Overview	155
Step 1. Setting Up IP Parameters	155
Step 2. Setting Up Print Queues	155
Step 3. Printing a Test File	156
LPD on UNIX Systems	156
Configuring Print Queues for BSD-based Systems	156
Configuring Print Queues Using SAM (HP-UX systems)	157
Printing a Test File	158
LPD on Windows 2000/Server 2003 Systems	159
Installing TCP/IP Software	159
Configuring a Network Printer for Windows 2000/Server 2003 Systems	160
Verifying the Configuration	161
Printing from Windows Clients	161
LPD on Windows XP Systems	162
Adding Windows Optional Networking Components	162
Configuring a Network LPD Printer	162
Adding a New LPD Printer	162
Creating an LPR Port for an Installed Printer	163
LPD on Mac OS Systems	164
Assigning an IP Address	164
Setting Up Mac OS	164
FTP Printing	167
Requirements	167
Print Files	167
Using FTP Printing	167
FTP Connections	167
Control Connection	168
Data Connection	168
FTP Login	168
Ending the FTP Session	169
Commands	169
Example of an FTP Session	171
The HP Jetdirect EIO Control Panel Menu	173
Classic Control Panel	174
Graphical Control Panel	177
Open Source Licensing Statements	183
gSOAP	183
OpenSSL	184
OpenSSL License	184
Original SSLeay License	184

Match case Limit results 1 per page

Table 5-6

Create IPsec Template page

Item

Description

IPsec Template Name

Enter a name for a custom IPsec template in the edit box. This name will be added to

the

Step 3-Specify IPsec Template

page.

NOTE

The IPsec policy template name must be unique for all IPsec policy

templates.

Authentication Type

Hosts specified in the Address template must negotiate IPsec security settings

during a session. During negotiation, authentication must occur to validate sender/

receiver identities. Select one of the following authentication types.

Dynamic Keys

: Use Internet Key Exchange (IKE) protocols for authentication and

encryption and to create Security Associations . You must select one of the following

methods:

■

Pre-Shared Key

: Enter a pre-shared key (ASCII string) that is shared by all

hosts specified by this rule. If a pre-shared key is used, it should be protected;

any host that knows this key may be authenticated.

■

Certificates

: Certificates may be used for authentication. A self-signed Jetdirect

certificate is pre-installed by factory default, and can be replaced. In addition, a

CA certificate must be installed for server authentication. For information on

requesting, configuring and installing certificates, see

Configuring

Certificates

After selecting a dynamic key method, you must configure IKE parameters using the

IKEv1 Phase 1 (Authentication)

page.

Manual Keys

: Select this option to configure encryption keys and create Security

Associations manually through the

Manual Keys

page.

IKEv1 Phase 1 (Authentication)

Internet Key Exchange (IKE) is used to create Security Associations dynamically. Use this page to

configure SA parameters for authentication and to securely generate IPsec session keys for

encryption and hashing algorithms. Items on this page are described below.

Table 5-7

IKE Phase 1 (Authentication) page

Item

Description

Diffie-Hellman Groups

(Required) A Diffie-Hellman exchange allows a secret key and security services to

be securely exchanged between two hosts over an unprotected network. A Diffie-

Hellman group determines the parameters to use during a Diffie-Hellman exchange.

Multiple well-known Diffie-Hellman groups are provided and can be selected.

Selecting all the groups will result in a single negotiated group.

SA Lifetime

(Required) Specify the lifetime, in seconds, that the keys associated with this

Security Association will be valid.

Negotiation Mode

(Required) IKE provides two modes of negotiation during an exchange for keys and

security services to be used for a Security Association:

Main: This mode features identity protection between the hosts and is slower but

secure.

Aggressive: This mode uses half the message exchanges. It is faster, but less

secure than Main mode.

ENWW

HP Jetdirect IPsec Wizard

103