Brother HL-S7000DN User Manual

Page 20

Advertising
background image

IPsec Settings

17

2

communication channel before communication begins. SA may also refer to a virtual encrypted
communication channel that has been established. The SA used for IPsec establishes the encryption
method, exchanges the keys, and carries out mutual authentication according to the IKE (Internet Key
Exchange) standard procedure. In addition, the SA is updated periodically.

Perfect Forward Secrecy (PFS)
PFS does not derive keys from previous keys, which were used to encrypt messages. In addition, if
a key that is used to encrypt a message was derived from a parent key, that parent key is not used
to derive other keys. Therefore, even if a key is compromised, the damage will be limited only to the
messages that were encrypted using that key.
Select Enabled or Disabled. If Custom is selected in Use Prefixed Template, and Manual is
selected in IKE, the PFS information will not be displayed.

Authentication Method
Select the authentication method. Select Pre-Shared Key, Certificates, EAP - MD5, or EAP -

MS-CHAPv2.

EAP - MD5 and EAP - MS-CHAPv2 can be selected only when IKEv2 is selected in IKE. If Custom
is selected in Use Prefixed Template, and Manual is selected in IKE, the authentication method
information will not be displayed.

Pre-Shared Key
When encrypting communication, the encryption key is exchanged and shared beforehand using
another channel.
If Pre-Shared Key is selected in Authentication Method, enter the Pre-Shared Key. (Maximum of
32 characters)

Local ID Type/ID

Select the ID type of the sender, and enter the ID.
Select IPv4 Address, IPv6 Address, FQDN, E-mail Address, or Certificate for the type.
If Certificate is selected, enter the common name of the certificate in ID.

Remote ID Type/ID

Select the ID type of the recipient, and enter the ID.
Select IPv4 Address, IPv6 Address, FQDN, E-mail Address, or Certificate for the type.
If Certificate is selected, enter the common name of the certificate in ID.

Certificates
If Certificates is selected in Authentication Method, select the certificate.

Note

You can select only the certificates that were created using the Certificate page of the Web Based
Management Security features. For details, see Network User's Guide: Using Certificates for device
security.

Advertising