HP 635n HP Jetdirect Print Server Administrator's Guide (Firmware V.36) - Page 120
IKEv1 Phase 2 / Quick Mode (IPsec Protocols), Advanced IKE Settings
UPC - 882780301016
View all HP 635n manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 120 highlights
IKEv1 Phase 2 / Quick Mode (IPsec Protocols) Items on this page are described below. Table 5-12 IKEv1 Phase 2 / Quick Mode Settings (IPsec Protocols) page Item Description Encapsulation Type Specify how the IPsec protocols selected (ESP or AH) will be encapsulated: ● Transport (default): Only the user data in each IP packet is protected, the IP packet header is not protected. ● Tunnel: All packet fields are protected, including the IP packet header. Cryptographic Parameters Select the encryption methods and strengths, and the authentication methods to be used ● ESP: Use IPsec Encapsulating Security Payload (ESP) protocol for IP packets. ESP headers are inserted in packets to ensure privacy and integrity of packet contents. Select among the supported encryption methods/strengths and authentication methods to be used for data protection. ● AH: Use IPsec Authentication Header (AH) protocol for IP packets. AH headers are inserted in packets to protect integrity of packet contents through cryptographic checksums. Select among the supported authentication methods. CAUTION: The use of IPsec AH may not function properly in environments that use Network Address Translation (NAT). Security Association Advanced IKE Settings button NOTE: ESP authentication cannot be used if AH is enabled. If you enable ESP and AH, you must select AH authentication methods. SA Lifetime: Specify the Security Association lifetime, either in seconds, in the number of kilobytes (KB), or both. Within the limits specified, shorter lifetimes will provide improved security depending on the frequency of SA use. Use "0" to disable. Click this button to configure advanced IKE settings. Advanced IKE Settings The Advanced IKE Settings page contains the configuration settings described below. Table 5-13 Advanced IKE Settings page Item Description Replay Detection IPsec protocols support anti-replay services that prevent message interception for later use (for example, to gain access to resources). Enable or disable the IPsec anti-replay algorithm. Key Perfect Forward Secrecy (Session PFS) When secret keys are periodically replaced, Perfect Forward Secrecy (PFS) indicates that the new keys are independently derived and unrelated to the prior keys. This helps to ensure that data protected by the new keys is secure. While PFS provides additional security, it requires additional processing overhead. Enable or disable Session PFS for key protection as desired. Diffie-Hellman Groups: (For Session PFS only) Multiple well-known Diffie-Hellman groups that will be used are listed. To change the entries in the list, click Edit. 110 Chapter 5 IPsec/Firewall Configuration (V.36.xx) ENWW