Advanced > security > ipsec > rule1 (to rule3) – Kyocera COMMAND CENTER Multifunctional Printer User Manual

Page 52

Advertising
background image

COMMAND CENTER Pages

48

KYOCERA COMMAND CENTER

Advanced > Security > IPSec > Rule1 (to Rule3)

These pages allow you to select or edit rules to use for IPSec protocol-based communication.

Item

Description

Rule

Specifies whether or not to enable the selected IPSec policy
rule. Select On to enable the rule. Select Off to disable it.

Key Exchange
(IKE phase1)

When using IKE phase1, a secure connection with the other
end is established by generating ISAKMP SAs. Configure the
following items so that they meet the requirement of the other
end.

Policy

Main Mode protects identifications but requires more
messages to be exchanged with the other end. Aggressive
Mode requires fewer messages to be exchanged with the
other end than Main Mode but restricts identification
protection and narrows the extent of the parameter
negotiations. When Aggressive Mode is selected and Pre-
shared is selected for Authentication Type, only host
addresses can be specified for IP addresses of the rule.

Hash

Selects the hash algorithm.

Encryption

Selects the encryption algorithm.

Diffie-
Hellman
Group

The Diffie-Hellman key-sharing algorithm allows two hosts on
an unsecured network to share a private key securely. Select
the Diffie-Hellman group to use for key sharing.

Lifetime
(Time)

Specifies the lifetime of an ISAKMP SA in seconds.

Data Protection
(IKE phase2)

In IKE phase2, IPSec SAs such as AH or ESP are established
by using SAs established in IKE phase1. Configure the
following items so that they meet the requirement of the other
end.

Protocol

Select ESP or AH for the protocol. ESP protects the privacy
and integrity of the packet contents. Select the hash algorithm
and encryption algorithm below. AH protects the integrity of
the packet contents using encryption checksum. Select the
hash algorithm below.

Hash

Selects the hash algorithm.

Encryption

Selects the encryption algorithm. (When ESP is selected
under Protocol.)

PFS

When PFS is set to On (enabled), even if a key is decrypted,
the decrypted key cannot be used to decrypt the other keys
generated after the decryption. This improves the safety, but
imposes a heavy burden because of more key-generation
processes.

Diffie-
Hellman
Group

The Diffie-Hellman key-sharing algorithm allows two hosts on
an unsecured network to share a private key securely. Select
the Diffie-Hellman group to use for key sharing.

Advertising
Popular Brands
Popular manuals