Kyocera C8100DN Command Center Guide - Page 54
Advanced > Security > IPSec > Rule1 to Rule3, COMMAND CENTER s, KYOCERA COMMAND CENTER
View all Kyocera C8100DN manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 54 highlights
COMMAND CENTER Pages Item Description Authentication Type Specifies the authentication type used for IKE phase1. To set a character string as the shared key and use it for communication, select Pre-shared and enter the string of the pre-shared key in the text box. To use a CA-issued device certificate or root certificate, select Certificates. When Expiration Verification is enabled, the expiration of the server certificate is verified at communicating. If the server certificate is found expired, communication will fail. When it is disabled, the expiration will not be verified. When you select Certificates, the contents of the CA certificate and root 1 to 3 certificates are displayed if they are enabled. When you click the CA or Root button, you can view, import or delete CA-issued or root certificates. Rule1 (to Rule3) Shows whether the set rule is enabled or disabled. To enable or disable the rule, refer to Advanced > Security > IPSec > Rule1 (to Rule3) on page 50. Advanced > Security > IPSec > Rule1 (to Rule3) These pages allow you to select or edit rules to use for IPSec protocol-based communication. Item Description Rule Key Exchange (IKE phase1) Policy Hash Specifies whether or not to enable the selected IPSec policy rule. Select On to enable the rule. Select Off to disable it. When using IKE phase1, a secure connection with the other end is established by generating ISAKMP SAs. Configure the following items so that they meet the requirement of the other end. Main Mode protects identifications but requires more messages to be exchanged with the other end. Aggressive Mode requires fewer messages to be exchanged with the other end than Main Mode but restricts identification protection and narrows the extent of the parameter negotiations. When Aggressive Mode is selected and Preshared is selected for Authentication Type, only host addresses can be specified for IP addresses of the rule. Selects the hash algorithm. Encryption Selects the encryption algorithm. DiffieHellman Group The Diffie-Hellman key-sharing algorithm allows two hosts on an unsecured network to share a private key securely. Select the Diffie-Hellman group to use for key sharing. Lifetime (Time) Specifies the lifetime of an ISAKMP SA in seconds. Data Protection (IKE phase2) In IKE phase2, IPSec SAs such as AH or ESP are established by using SAs established in IKE phase1. Configure the following items so that they meet the requirement of the other end. 50 KYOCERA COMMAND CENTER