Configuring internet key exchange settings – Xerox WorkCentre 7970-2606 User Manual

Security

102

Xerox

®

WorkCentre

®

7970 Multifunction Printer

System Administrator Guide

6.

If you selected ESP under IPsec security, under Hash, select an option.

7.

Under Enter Keys as, select ASCII format or Hexadecimal number.

8.

For Hash Key: IN and Hash Key: OUT, type a 20-character ASCII key or 40-character Hexadecimal

key.

9.

If you selected ESP or BOTH for the IPsec Security type, under Encryption, select an option.

Note:

If you are configuring an IPsec security policy to communicate with a Linux computer, and

you selected BOTH for the security type, select 3DES encryption. If you select AES encryption, the

data transfer rate is reduced.

10.

For Encryption Key: IN and Encryption Key: OUT, type a 24-character ASCII key or 48-character

Hexadecimal key.

11.

Click Save.

Configuring Internet Key Exchange Settings

IKE is a keying protocol that allows automatic negotiation and authentication, anti-replay services, and

CA support. It can also change encryption keys during an IPsec session. IKE is used as part of virtual

private networking.

IKE Phase 1 authenticates the IPsec peers and sets up a secure channel between the peers to enable IKE

exchanges. IKE Phase 2 negotiates IPsec SAs to set up the IPsec tunnel.
1.

Under IKE Phase 1, in the Key Lifetime field, type the length of time until the key expires in Seconds,

Minutes, or Hours. When a key reaches this lifetime, the SA is renegotiated and the key is

regenerated or refreshed.

2.

Select the DH Group from the following options:

−

Group 2 provides a 1024-bit Modular Exponential (MODP) keying strength.

−

Group 14 provides a 2048-bit MODP keying strength.

3.

Under IKE Phase 2, select the IPsec Mode. Options are Transport Mode or Tunnel Mode.

Note:

Transport mode only encrypts the IP payload, whereas Tunnel mode encrypts the IP header

and the IP payload. Tunnel mode provides protection for an entire IP packet by treating it as an

Authentication Header (AH), or Encapsulating Security Payload (ESP).

4.

If you selected Tunnel Mode, under Enable Security End Point Address, select the address type.

Options are

Disabled, IPv4 Address, or IPv6 Address.

5.

Under IPsec Security, select ESP, AH, or BOTH.

6.

Type the Key Lifetime, and select Seconds, Minutes, or Hours.

7.

Under Perfect Forward Secrecy (PFS), select None, Group 2, or Group 14.

Note:

PFS is disabled by default. PFS allows faster IPsec setup, but is less secure.