HP 635n HP Jetdirect Print Server Administrator's Guide - Page 114
IPsec Protocols, After authentication
UPC - 882780301016
View all HP 635n manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 114 highlights
Table 5-7 IKE Phase 1 (Authentication) page (continued) Item Description Security Methods (Required) Select the Encryption methods and strengths and Hash methods to be used. Selecting all the methods will result in a single negotiated method. Perfect Forward Secrecy When secret keys are periodically replaced, Perfect Forward Secrecy (PFS) indicates that the new keys are independently derived and unrelated to the prior keys. This helps to ensure that data protected by the new keys is secure. While PFS provides additional security, it requires additional processing overhead. If PFS is desired, enable the following: Identity Perfect Forward Secrecy (Master PFS): Enables PFS for identity protection. Key Perfect Forward Secrecy (Session PFS): Enables PFS for key protection. Diffie-Hellman Groups: (For Session PFS only) Select one or more Diffie-Hellman groups to use during the key exchange. Replay detection IPsec protocols support anti-replay services. Enable or disable the IPsec anti-replay algorithm. IKE Retries Specify the number of times that IKE protocols are to be retried if a failure occurs. Enter a value from 0 to 20. IKE Retransmit Interval Specify the time (in seconds) between successive IKE protocol retries if a failure occurs. Enter a value from 0 to 5. IPsec Protocols After authentication, this page is used to specify IPsec protocols and associated encryption to use for Security Associations in this rule. Item ESP AH Description Use IPsec Encapsulating Security Payload (ESP) protocol for IP packets. ESP headers are inserted in packets to ensure privacy and integrity of packet contents. Select among the supported encryption methods/strengths and Hash methods to be used for data protection. Use IPsec Authentication Header (AH) protocol for IP packets. AH headers are inserted in packets to protect integrity of packet contents through cryptographic checksums. Select among the supported Hash methods. Encapsulation Type CAUTION The use of IPsec AH may not function properly in environments that use Network Address Translation (NAT). Specify how the IPsec protocols selected (ESP or AH) will be encapsulated: ■ Transport: Only the user data in each IP packet is protected, the IP packet header is not protected. ■ Tunnel: All packet fields are protected, including the IP packet header. SA Lifetime Specify the Security Association lifetime, either in seconds or in the number of Kbytes. Within the limits specified, shorter lifetimes will provide improved security depending on the frequency of SA use. 104 Chapter 5 IPsec Configuration ENWW