Using ipsec, Using ipsec(p. 228), Ipsec applicable conditions and supported modes – Canon imageCLASS LBP674Cdw Wireless Color Laser Printer User Manual

Using IPSec

95W3-057

Use IP Security Protocol (IPSec) to prevent eavesdropping and tampering of IP packets sent and received over an IP

network. This performs encryption at the IP protocol level to ensure security without relying on an application or

network configuration.

IPSec Applicable Conditions and Supported Modes(P. 228)
IPSec Policy Configuration(P. 228)
Setting IPSec(P. 228)

IPSec Applicable Conditions and Supported Modes

Packets where IPSec does not apply

●

Packets specifying a loopback, multicast, or broadcast address

●

IKE packets sent from UDP port 500

●

ICMPv6 Neighbor Solicitation and Neighbor Advertisement packets

Operation mode of key exchange protocol (IKE mode)

The IKE mode supported by the machine is only the main mode that is used to encrypt packets. The non-

encrypting aggressive mode is not supported.

Communication mode

The communication mode supported by the machine is only the transport mode, which encrypts only the

part excluding the IP header. Tunnel mode, which encrypts the entire IP packet, is not supported.

Using IPSec together with IP address filtering

The IP address filter settings are applied first. Setting the Firewall(P. 220)

IPSec Policy Configuration

To perform IPSec communication on the machine, you must create an IPSec policy that includes the applicable range

and algorithms for authentication and encryption. The policy is mainly made up of the following items.

Selector

Specify which IP packets to apply IPSec communication. In addition to specifying the IP address of the

machine and communicating devices, you can also specify their port numbers.

IKE

The key exchange protocol supports Internet Key Exchange Version 1 (IKEv1). For the authentication method,

select the pre-shared key method or digital signature method.

●

Pre-shared Key Method:
This authentication method uses a common key word, called Shared Key, for communication between the
machine and other devices.

●

Digital Signature Method
The machine and the other devices authenticate each other by mutually verifying their digital signatures.

ESP/AH

Specify the settings for ESP/AH, which is the protocol used for IPSec communication. ESP and AH can be used

at the same time. Use Perfect Forward Secrecy (PFS) for even greater security.

Setting IPSec

Enable the use of IPSec, and then create and register the IPSec policy. If multiple policies have been created, specify

the order in which they are applied.

This section describes how to configure the settings using Remote UI from a computer.

Security

228