Home » HP Manuals » Print Servers » HP 635n » Manual Viewer

HP 635n HP Jetdirect Print Server Administrator's Guide - Page 114

IPsec Protocols, After authentication

UPC - 882780301016

Add to My Manuals
Save this manual to your list of manuals

Page 114 highlights

Table 5-7 IKE Phase 1 (Authentication) page (continued) Item Description Security Methods (Required) Select the Encryption methods and strengths and Hash methods to be used. Selecting all the methods will result in a single negotiated method. Perfect Forward Secrecy When secret keys are periodically replaced, Perfect Forward Secrecy (PFS) indicates that the new keys are independently derived and unrelated to the prior keys. This helps to ensure that data protected by the new keys is secure. While PFS provides additional security, it requires additional processing overhead. If PFS is desired, enable the following: Identity Perfect Forward Secrecy (Master PFS): Enables PFS for identity protection. Key Perfect Forward Secrecy (Session PFS): Enables PFS for key protection. Diffie-Hellman Groups: (For Session PFS only) Select one or more Diffie-Hellman groups to use during the key exchange. Replay detection IPsec protocols support anti-replay services. Enable or disable the IPsec anti-replay algorithm. IKE Retries Specify the number of times that IKE protocols are to be retried if a failure occurs. Enter a value from 0 to 20. IKE Retransmit Interval Specify the time (in seconds) between successive IKE protocol retries if a failure occurs. Enter a value from 0 to 5. IPsec Protocols After authentication, this page is used to specify IPsec protocols and associated encryption to use for Security Associations in this rule. Item ESP AH Description Use IPsec Encapsulating Security Payload (ESP) protocol for IP packets. ESP headers are inserted in packets to ensure privacy and integrity of packet contents. Select among the supported encryption methods/strengths and Hash methods to be used for data protection. Use IPsec Authentication Header (AH) protocol for IP packets. AH headers are inserted in packets to protect integrity of packet contents through cryptographic checksums. Select among the supported Hash methods. Encapsulation Type CAUTION The use of IPsec AH may not function properly in environments that use Network Address Translation (NAT). Specify how the IPsec protocols selected (ESP or AH) will be encapsulated: ■ Transport: Only the user data in each IP packet is protected, the IP packet header is not protected. ■ Tunnel: All packet fields are protected, including the IP packet header. SA Lifetime Specify the Security Association lifetime, either in seconds or in the number of Kbytes. Within the limits specified, shorter lifetimes will provide improved security depending on the frequency of SA use. 104 Chapter 5 IPsec Configuration ENWW

Section	Page
Introducing the HP Jetdirect Print Server	11
Supported Print Servers	11
Supported Network Protocols	12
Security Protocols	13
SNMP (IPv4 and IPX)	13
HTTPS	13
Authentication	13
EAP/802.1X Server-Based Authentication	13
IPsec	14
Supplied Manuals	14
HP Support	14
HP Online Support	14
Firmware Upgrades	14
Firmware Installation Tools	15
HP Support By Phone	15
Product Registration	15
Product Accessibility	16
HP Software Solutions Summary	17
HP Install Network Printer Wizard (Windows)	19
Requirements	19
HP Jetdirect Printer Installer for UNIX	19
HP Web Jetadmin	20
System Requirements	20
Installing HP Web Jetadmin	20
Verifying Installation and Providing Access	20
Configuring and Modifying a Device	20
Removing HP Web Jetadmin Software	21
Internet Printer Connection Software	21
HP-Supplied Software	21
HP Software System Requirements	21
HP Software Supported Proxies	22
Microsoft Supplied Software	22
Windows 2000/XP/Server 2003 Integrated Software	22
Windows Me IPP Client	22
Novell Supplied Software	23
HP LaserJet Utilities for Mac OS	23
TCP/IP Configuration	27
IPv6 Configuration	27
IPv6 Address Introduction	27
IPv6 Address Configuration	28
Link-Local Address	28
Stateless Addresses	29
Stateful Addresses	29
Using DNS	29
Tools and Utilities	30
IPv4 Configuration	30
Server-Based and Manual TCP/IP Configuration (IPv4)	30
Default IP Address (IPv4)	31
Default IP Address Will Not Be Assigned	31
Default IP Address Will Be Assigned	31
Default IPv4 Address Configuration Options	32
Default IPv4 Behavior	33
TCP/IP Configuration Tools	33
Using BOOTP/TFTP (IPv4)	34
Why Use BOOTP/TFTP?	34
BOOTP/TFTP on UNIX	35
Using DHCP (IPv4)	46
UNIX Systems	47
Windows Systems	47
To Discontinue DHCP Configuration	50
Using RARP (IPv4)	51
Using the arp and ping Commands (IPv4)	51
Using Telnet (IPv4)	52
Creating a Telnet Connection	53
A Typical Telnet Session	53
User Interface Options	54
Using Telnet to Erase the Existing IP Settings	68
Moving to Another Network (IPv4)	68
Using the Embedded Web Server	68
Using the Printer Control Panel	68
HP Jetdirect Embedded Web Server (V.31.xx)	71
Requirements	73
Compatible Web Browsers	73
Browser Exceptions	73
Supported HP Web Jetadmin Version	73
Viewing the Embedded Web Server	73
Operating Notes	75
HP Jetdirect Home Tab	75
Device Tabs	76
Networking Tab	76
Sending Product Information to HP	77
TCP/IP Settings	78
Summary	78
Network Identification	79
TCP/IP(v4)	80
TCP/IP(v6)	81
Config Precedence	82
Advanced	83
Network Settings	85
IPX/SPX	85
AppleTalk	86
DLC/LLC	87
SNMP	87
Other Settings	88
Misc. Settings	88
Firmware Upgrade	90
LPD Queues	91
Support Info	93
Refresh Rate	93
Privacy Settings	93
Select Language	93
Security: Settings	93
Status	94
Wizard	94
Restore Defaults	94
Authorization	95
Admin. Account	95
Certificates	96
Configuring Certificates	97
Access Control	100
Mgmt. Protocols	100
Web Mgmt.	100
SNMP	101
SNMP v3	101
Other	102
802.1x Authentication	103
IPsec	104
Network Statistics	104
Protocol Info	104
Configuration Page	104
Other Links	105
Help	105
Support	105
HP Home	105
HP Web Jetadmin	105
IPsec Configuration	107
HP Jetdirect IPsec Wizard	109
Step 1-Specify an Address Template	110
Create Address Template	110
Step 2-Specify Service Template	110
Create Service Template	111
Select Custom Services	111
Add Custom Services	111
Step 3 - Specify IPsec Template	112
Create IPsec Template	112
IKEv1 Phase 1 (Authentication)	113
IPsec Protocols	114
Manual Keys	115
Summary	115
Configuring Windows Systems	115
Security Features	117
Using Security Features	120
Troubleshooting the HP Jetdirect Print Server	121
Resetting to Factory Defaults	122
Service Menu Example	122
General Troubleshooting	123
Troubleshooting Chart - Assessing the Problem	123
Procedure 1: Verifying that the Printer is On and Online	124
Procedure 2: Printing an HP Jetdirect Configuration Page	124
Procedure 3: Resolving Printer Display Error Messages	125
Procedure 4: Resolving Printer Communication Problems with the Network	126
HP Jetdirect Configuration Pages	129
HP Jetdirect Configuration Page	130
Status Field Error Messages	130
Configuration Page Format	130
Configuration Page Messages	131
HP Jetdirect Configuration/General Information	131
Security Settings	132
Network Statistics	134
TCP/IP Protocol Information	134
IPv4 Section	136
IPv6 Section	137
IPX/SPX Protocol Information	137
Novell NetWare Parameters	138
AppleTalk Protocol Information	139
DLC/LLC Protocol Information	140
Error Messages	140
Security Configuration Page	147
Security Settings	148
IPsec Error Log	150
Local IP Addresses	150
IPsec Stats	150
IKE Stats	150
IPsec Rules	151
IPsec SA Table	151
Available Network Services	151
LPD Printing	153
About LPD	154
Requirements for Configuring LPD	154
LPD Setup Overview	155
Step 1. Setting Up IP Parameters	155
Step 2. Setting Up Print Queues	155
Step 3. Printing a Test File	156
LPD on UNIX Systems	156
Configuring Print Queues for BSD-based Systems	156
Configuring Print Queues Using SAM (HP-UX systems)	157
Printing a Test File	158
LPD on Windows 2000/Server 2003 Systems	159
Installing TCP/IP Software	159
Configuring a Network Printer for Windows 2000/Server 2003 Systems	160
Verifying the Configuration	161
Printing from Windows Clients	161
LPD on Windows XP Systems	162
Adding Windows Optional Networking Components	162
Configuring a Network LPD Printer	162
Adding a New LPD Printer	162
Creating an LPR Port for an Installed Printer	163
LPD on Mac OS Systems	164
Assigning an IP Address	164
Setting Up Mac OS	164
FTP Printing	167
Requirements	167
Print Files	167
Using FTP Printing	167
FTP Connections	167
Control Connection	168
Data Connection	168
FTP Login	168
Ending the FTP Session	169
Commands	169
Example of an FTP Session	171
The HP Jetdirect EIO Control Panel Menu	173
Classic Control Panel	174
Graphical Control Panel	177
Open Source Licensing Statements	183
gSOAP	183
OpenSSL	184
OpenSSL License	184
Original SSLeay License	184

Match case Limit results 1 per page

Item

Description

Security Methods

(Required) Select the Encryption methods and strengths and Hash methods to be

used.

Selecting all the methods will result in a single negotiated method.

Perfect Forward Secrecy

When secret keys are periodically replaced, Perfect Forward Secrecy (PFS)

indicates that the new keys are independently derived and unrelated to the prior

keys. This helps to ensure that data protected by the new keys is secure. While PFS

provides additional security, it requires additional processing overhead.

If PFS is desired, enable the following:

Identity Perfect Forward Secrecy (Master PFS): Enables PFS for identity protection.

Key Perfect Forward Secrecy (Session PFS): Enables PFS for key protection.

Diffie-Hellman Groups: (For Session PFS only) Select one or more Diffie-Hellman

groups to use during the key exchange.

Replay detection

IPsec protocols support anti-replay services. Enable or disable the IPsec anti-replay

algorithm.

IKE Retries

Specify the number of times that IKE protocols are to be retried if a failure occurs.

Enter a value from 0 to 20.

IKE Retransmit Interval

Specify the time (in seconds) between successive IKE protocol retries if a failure

occurs. Enter a value from 0 to 5.

IPsec Protocols

After authentication, this page is used to specify IPsec protocols and associated encryption to use for

Security Associations in this rule.

Item

Description

ESP

Use IPsec Encapsulating Security Payload (ESP) protocol for IP packets. ESP

headers are inserted in packets to ensure privacy and integrity of packet contents.

Select among the supported encryption methods/strengths and Hash methods to be

used for data protection.

Use IPsec Authentication Header (AH) protocol for IP packets. AH headers are

inserted in packets to protect integrity of packet contents through cryptographic

checksums. Select among the supported Hash methods.

CAUTION

The use of IPsec AH may not function properly in environments

that use Network Address Translation (NAT).

Encapsulation Type

Specify how the IPsec protocols selected (ESP or AH) will be encapsulated:

■

Transport: Only the user data in each IP packet is protected, the IP packet

header is not protected.

■

Tunnel: All packet fields are protected, including the IP packet header.

SA Lifetime

Specify the Security Association lifetime, either in seconds or in the number of

Kbytes. Within the limits specified, shorter lifetimes will provide improved security

depending on the frequency of SA use.

Table 5-7

IKE Phase 1 (Authentication) page (continued)

104

Chapter 5

IPsec Configuration

ENWW