Kyocera Multifunctional Printer manual Advanced Security IPSec Rule1 to Rule3, Pfs

Page 52

COMMAND CENTER Pages

Advanced > Security > IPSec > Rule1 (to Rule3)

These pages allow you to select or edit rules to use for IPSec protocol-based communication.

Item

Description

 

 

Rule

Specifies whether or not to enable the selected IPSec policy

 

rule. Select On to enable the rule. Select Off to disable it.

 

 

Key Exchange

When using IKE phase1, a secure connection with the other

(IKE phase1)

end is established by generating ISAKMP SAs. Configure the

 

following items so that they meet the requirement of the other

 

end.

 

 

Policy

Main Mode protects identifications but requires more

 

messages to be exchanged with the other end. Aggressive

 

Mode requires fewer messages to be exchanged with the

 

other end than Main Mode but restricts identification

 

protection and narrows the extent of the parameter

 

negotiations. When Aggressive Mode is selected and Pre-

 

shared is selected for Authentication Type, only host

 

addresses can be specified for IP addresses of the rule.

 

 

Hash

Selects the hash algorithm.

 

 

Encryption

Selects the encryption algorithm.

 

 

Diffie-

The Diffie-Hellman key-sharing algorithm allows two hosts on

Hellman

an unsecured network to share a private key securely. Select

Group

the Diffie-Hellman group to use for key sharing.

 

 

Lifetime

Specifies the lifetime of an ISAKMP SA in seconds.

(Time)

 

Data Protection (IKE phase2)

In IKE phase2, IPSec SAs such as AH or ESP are established by using SAs established in IKE phase1. Configure the following items so that they meet the requirement of the other end.

Protocol

Select ESP or AH for the protocol. ESP protects the privacy

 

and integrity of the packet contents. Select the hash algorithm

 

and encryption algorithm below. AH protects the integrity of

 

the packet contents using encryption checksum. Select the

 

hash algorithm below.

 

 

Hash

Selects the hash algorithm.

 

 

Encryption

Selects the encryption algorithm. (When ESP is selected

 

under Protocol.)

 

 

PFS

When PFS is set to On (enabled), even if a key is decrypted,

 

the decrypted key cannot be used to decrypt the other keys

 

generated after the decryption. This improves the safety, but

 

imposes a heavy burden because of more key-generation

 

processes.

Diffie-

Hellman

Group

The Diffie-Hellman key-sharing algorithm allows two hosts on an unsecured network to share a private key securely. Select the Diffie-Hellman group to use for key sharing.

48

KYOCERA COMMAND CENTER

Image 52
Contents Command Center Legal and General Information Table of Contents Page Using Command Center System RequirementsProtocol Web browserAccessing Command Center Admin passwordAuthentication EncryptionStart Start Start Start Status PagesDescription NetworkGeneral SnmpStart Links Start InformationFAX Basic Defaults Network BootpBasic DhcpBasic Defaults Time UTC/GMTBasic Defaults Reset Basic Defaults Device DefaultsRAM Disk Mode RAM Disk SizeFile Name AdditionalBasic Security Account Settings Basic Security Device Security General Basic Security Device Security Interface BlockBasic Security User Login Basic Security Device Security Network SecuritySSL, Http HTTPS, FTPBasic Security Certificates Printer Printer Summary of Network Printer Access Methods Printer SystemPrinter System APL. Filter Parameters Printer System APL. FilterPrinter Media Input Scanner Scanner DefaultsPrinter Document Output Command Center Pages FAX / i-FAXScanner FTP Scanner SMBFAX / i-FAX Common Receive FAX / i-FAX Common DefaultsFAX / i-FAX Common RX/Forward Requirements General Enable Time Use Requirements ListAll NamePrint ForwardSeparate NumberDestination List Save to FAX BoxName StatusSMB FAX / i-FAX FAX Defaults Click Import Contacts or Import GroupsFAX / i-FAX FAX Receive FAX / i-FAX FAX TransmitFAX / i-FAX FAX FAX Restrictions General FAX / i-FAX FAX FAX Restrictions Permit Number List FAX / i-FAX FAX FAX Restrictions Permit ID ListFAX / i-FAX FAX FAX Restrictions Reject Number List FAX / i-FAX FAX Encryption KeyFAX / i-FAX i-FAX Smtp FAX / i-FAX i-FAX POP3 POP3Jobs FAX / i-FAX i-FAX Domain Restrictions GeneralFAX / i-FAX i-FAX Domain Restrictions Smtp Restriction List FAX / i-FAX i-FAX Domain Restrictions POP3 Restriction ListDocument Box Document Box Custom BoxDocument Box FAX Box Editing a FAX BoxAdvanced Document Box Polling BoxDNS Advanced Protocols TCP/IP GeneralWins Advanced Protocols TCP/IP IP Filters Advanced Protocols TCP/IP Logical Printers Advanced Protocols Netware Start of JobString End of JobEnables or disables IPP Advanced Protocols IPPAdvanced Protocols AppleTalk IPPAdvanced Protocols NetBEUI Advanced E-mail Smtp GeneralNetBEUI WorkgroupAdvanced E-mail Smtp E-mail Recipient # Advanced E-mail POP3 General Advanced E-mail POP3 User #Name Login Password Use ApopAdvanced Management Snmp SNMPv1/v2c Write CommunityAdvanced Management Snmp SNMPv3 Advanced Management Authentication Enables or disables access to the Ldap serverAdvanced Management Ldap LdapAdvanced Management Maintenance Domain NameHost Name Server TypeAdvanced Security Secure Protocols Advanced Security IEEE802.1xSSL HttpsAdvanced Security IPSec General Advanced Security IPSec Rule1 to Rule3 PFSLifetime MeasureMent Lifetime TimeAdvanced Set to Secure Https Security Secure Symptom Check Items Corrective ActionSecure HTTPS? Symptom Check Items Corrective Action Reference Center Command CENTER?Page Page Rev .7W