Kyocera C8100DN Command Center Guide - Page 54

Advanced > Security > IPSec > Rule1 to Rule3, COMMAND CENTER s, KYOCERA COMMAND CENTER

Get Kyocera C8100DN - Color Laser Printer PDF manuals and user guides View all Kyocera C8100DN manuals
Add to My Manuals
Save this manual to your list of manuals

Page 54 highlights

COMMAND CENTER Pages Item Description Authentication Type Specifies the authentication type used for IKE phase1. To set a character string as the shared key and use it for communication, select Pre-shared and enter the string of the pre-shared key in the text box. To use a CA-issued device certificate or root certificate, select Certificates. When Expiration Verification is enabled, the expiration of the server certificate is verified at communicating. If the server certificate is found expired, communication will fail. When it is disabled, the expiration will not be verified. When you select Certificates, the contents of the CA certificate and root 1 to 3 certificates are displayed if they are enabled. When you click the CA or Root button, you can view, import or delete CA-issued or root certificates. Rule1 (to Rule3) Shows whether the set rule is enabled or disabled. To enable or disable the rule, refer to Advanced > Security > IPSec > Rule1 (to Rule3) on page 50. Advanced > Security > IPSec > Rule1 (to Rule3) These pages allow you to select or edit rules to use for IPSec protocol-based communication. Item Description Rule Key Exchange (IKE phase1) Policy Hash Specifies whether or not to enable the selected IPSec policy rule. Select On to enable the rule. Select Off to disable it. When using IKE phase1, a secure connection with the other end is established by generating ISAKMP SAs. Configure the following items so that they meet the requirement of the other end. Main Mode protects identifications but requires more messages to be exchanged with the other end. Aggressive Mode requires fewer messages to be exchanged with the other end than Main Mode but restricts identification protection and narrows the extent of the parameter negotiations. When Aggressive Mode is selected and Preshared is selected for Authentication Type, only host addresses can be specified for IP addresses of the rule. Selects the hash algorithm. Encryption Selects the encryption algorithm. DiffieHellman Group The Diffie-Hellman key-sharing algorithm allows two hosts on an unsecured network to share a private key securely. Select the Diffie-Hellman group to use for key sharing. Lifetime (Time) Specifies the lifetime of an ISAKMP SA in seconds. Data Protection (IKE phase2) In IKE phase2, IPSec SAs such as AH or ESP are established by using SAs established in IKE phase1. Configure the following items so that they meet the requirement of the other end. 50 KYOCERA COMMAND CENTER

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
COMMAND CENTER Pages
50
KYOCERA COMMAND CENTER
Advanced > Security > IPSec > Rule1 (to Rule3)
These pages allow you to select or edit rules to use for IPSec protocol-based communication.
Authentication
Type
Specifies the authentication type used for IKE phase1. To set
a character string as the shared key and use it for
communication, select
Pre-shared
and enter the string of
the pre-shared key in the text box. To use a CA-issued
device certificate or root certificate, select
Certificates
.
When
Expiration Verification
is enabled, the expiration of
the server certificate is verified at communicating. If the
server certificate is found expired, communication will fail.
When it is disabled, the expiration will not be verified.
When you select
Certificates
, the contents of the CA
certificate and root 1 to 3 certificates are displayed if they are
enabled.
When you click the
CA
or
Root
button, you can
view, import or delete CA-issued or root certificates.
Rule1 (to Rule3)
Shows whether the set rule is enabled or disabled. To enable
or disable the rule, refer to
Advanced > Security > IPSec >
Rule1 (to Rule3)
on page 50.
Item
Description
Item
Description
Rule
Specifies whether or not to enable the selected IPSec policy
rule. Select
On
to enable the rule. Select
Off
to disable it.
Key Exchange
(IKE phase1)
When using IKE phase1, a secure connection with the other
end is established by generating ISAKMP SAs. Configure the
following items so that they meet the requirement of the other
end.
Policy
Main Mode
protects identifications but requires more
messages to be exchanged with the other end.
Aggressive
Mode
requires fewer messages to be exchanged with the
other end than
Main Mode
but restricts identification
protection and narrows the extent of the parameter
negotiations. When
Aggressive Mode
is selected and
Pre-
shared
is selected for
Authentication Type
, only host
addresses can be specified for IP addresses of the rule.
Hash
Selects the hash algorithm.
Encryption
Selects the encryption algorithm.
Diffie-
Hellman
Group
The Diffie-Hellman key-sharing algorithm allows two hosts on
an unsecured network to share a private key securely. Select
the Diffie-Hellman group to use for key sharing.
Lifetime
(Time)
Specifies the lifetime of an ISAKMP SA in seconds.
Data Protection
(IKE phase2)
In IKE phase2, IPSec SAs such as AH or ESP are established
by using SAs established in IKE phase1. Configure the
following items so that they meet the requirement of the other
end.