Kyocera ECOSYS P5021cdw Kyocera Command Center RX User Guide Rev-8.2016.3 - Page 71

User Guide Network Settings Prefix Length: When IPv6 is selected for IP Version, this specifies the prefix length of the hosts or network with which the print system is connecting via IPSec. If this field is blank, the specified addresses are considered to be host addresses. Remote Peer Address: If Tunnel is selected in Encapsulation Mode, assign an IP address that is remotely controlled. 3. Authentication: Configures the local side authentication when IKEv1 is selected as Key Management Type. To set a character string as the shared key and use it for communication, select Pre-shared Key and enter the string of the pre-shared key in the text box. To use the CA-issued Device Certification or Root Certificate, select the Certificates. When Certificates is selected, the availability of the device certificate is shown. To make advanced settings, click Settings button and select a certificate. Configure the device certificate on the Certificates page of Security Settings. Configures the local side and remote side authentication when IKEv2 is selected as Key Management Type. Configure Authentication Type, Local ID Type, Local ID, Devoce Certificate and Pre-shared Key on Local Side, and Authentication Type, Remote ID Type, Remote ID and Pre-shared Key on Remote Side. 4. Key Exchange (IKE phase1): When using IKE phase1, a secure connection with the other end is established by generating ISAKMP SAs. Configure the following items so that they meet the requirement of the other end. Mode: Configures this item when IKEv1 is selected as Key Management Type. Main Mode protects identifications but requires more messages to be exchanged with the other end. Aggressive Mode requires fewer messages to be exchanged with the other end than Main Mode but restricts identification protection and narrows the extent of the parameter negotiations. When Aggressive Mode is selected and Pre-shared Key is selected for Authentication Type, only host addresses can be specified for IP addresses of the rule. Hash: Selects the hash algorithm. Encryption: Selects the encryption algorithm. Diffie-Hellman Group: The Diffie-Hellman key-sharing algorithm allows two hosts on an unsecured network to share a private key securely. Select the Diffie-Hellman group to use for key sharing. Lifetime (Time): Specifies the lifetime of an ISAKMP SA in seconds. 5. Data Protection (IKE phase2) In IKE phase2, IPSec SAs such as ESP or AH are established by using SAs established in IKE phase1. Configure the following items so that they meet the requirement of the other end. Protocol: Select ESP or AH for the protocol. ESP protects the privacy and integrity of the packet contents. Select the hash algorithm and encryption algorithm below. AH protects the integrity of the packet contents using encryption checksum. When you select AH as Protocols, you cannot use the AES-GCM-128, 192, or 256. Select the hash algorithm below. Hash: Selects the hash algorithm. When you select AES-GCM-128, 192, or 256 on Encryption, you have to select the AES-GCM-128, 192, or 256 or the AESGMAC-128, 192, or 256 corresponding to the same bit. Encryption: Selects the encryption algorithm. (When ESP is selected under Protocol.) When you select the AES-GCM-128, 192, or 256 on Hash, you have to select the AES-GCM-128, 192, or 256 corresponding to the same bit. When you select the AES-GMAC-128, 192, or 256 on Hash, you have to select the AESGCM-128, 192, or 256 corresponding to the same bit. If you do not select any algorithm, the machine authenticates without encryption. PFS: When PFS is turned On (enabled), even if a key is decrypted, the decrypted key cannot be used to decrypt the other keys generated after the decryption. This improves the safety, but imposes a heavy burden because of more key-generation processes. Diffie-Hekkman Group: When PFS is turned On (enabled), select the Diffie-Hekkman Group to use. Lifetime Measurement: Select Time or Time & Data Size. 67