Kyocera Multifunctional Printer manual Advanced Security IPSec Rule1 to Rule3, Pfs

Page 52

COMMAND CENTER Pages

Advanced > Security > IPSec > Rule1 (to Rule3)

These pages allow you to select or edit rules to use for IPSec protocol-based communication.

Item	Description

Rule	Specifies whether or not to enable the selected IPSec policy
	rule. Select On to enable the rule. Select Off to disable it.

Key Exchange	When using IKE phase1, a secure connection with the other
(IKE phase1)	end is established by generating ISAKMP SAs. Configure the
	following items so that they meet the requirement of the other
	end.

Policy	Main Mode protects identifications but requires more
	messages to be exchanged with the other end. Aggressive
	Mode requires fewer messages to be exchanged with the
	other end than Main Mode but restricts identification
	protection and narrows the extent of the parameter
	negotiations. When Aggressive Mode is selected and Pre-
	shared is selected for Authentication Type, only host
	addresses can be specified for IP addresses of the rule.

Hash	Selects the hash algorithm.

Encryption	Selects the encryption algorithm.

Diffie-	The Diffie-Hellman key-sharing algorithm allows two hosts on
Hellman	an unsecured network to share a private key securely. Select
Group	the Diffie-Hellman group to use for key sharing.

Lifetime	Specifies the lifetime of an ISAKMP SA in seconds.
(Time)

Data Protection (IKE phase2)

In IKE phase2, IPSec SAs such as AH or ESP are established by using SAs established in IKE phase1. Configure the following items so that they meet the requirement of the other end.

Protocol	Select ESP or AH for the protocol. ESP protects the privacy
	and integrity of the packet contents. Select the hash algorithm
	and encryption algorithm below. AH protects the integrity of
	the packet contents using encryption checksum. Select the
	hash algorithm below.

Hash	Selects the hash algorithm.

Encryption	Selects the encryption algorithm. (When ESP is selected
	under Protocol.)

PFS	When PFS is set to On (enabled), even if a key is decrypted,
	the decrypted key cannot be used to decrypt the other keys
	generated after the decryption. This improves the safety, but
	imposes a heavy burden because of more key-generation
	processes.

Diffie-

Hellman

Group

The Diffie-Hellman key-sharing algorithm allows two hosts on an unsecured network to share a private key securely. Select the Diffie-Hellman group to use for key sharing.

48	KYOCERA COMMAND CENTER

Image 52

Contents Command Center Legal and General Information Table of Contents Page Using Command Center System RequirementsProtocol Web browserAccessing Command Center Admin passwordAuthentication EncryptionStart Start Start Start Status PagesDescription NetworkGeneral SnmpStart Links Start InformationFAX Basic Defaults Network BootpBasic DhcpBasic Defaults Time UTC/GMTBasic Defaults Reset Basic Defaults Device DefaultsRAM Disk Mode RAM Disk SizeFile Name AdditionalBasic Security Account Settings Basic Security Device Security General Basic Security Device Security Interface BlockBasic Security User Login Basic Security Device Security Network SecuritySSL, Http HTTPS, FTPBasic Security Certificates Printer Printer Summary of Network Printer Access Methods Printer SystemPrinter System APL. Filter Parameters Printer System APL. FilterPrinter Media Input Scanner Scanner DefaultsPrinter Document Output Command Center Pages FAX / i-FAXScanner FTP Scanner SMBFAX / i-FAX Common Receive FAX / i-FAX Common DefaultsFAX / i-FAX Common RX/Forward Requirements General Enable Time Use Requirements ListAll NamePrint ForwardSeparate NumberDestination List Save to FAX BoxName StatusSMB FAX / i-FAX FAX Defaults Click Import Contacts or Import GroupsFAX / i-FAX FAX Receive FAX / i-FAX FAX TransmitFAX / i-FAX FAX FAX Restrictions General FAX / i-FAX FAX FAX Restrictions Permit Number List FAX / i-FAX FAX FAX Restrictions Permit ID ListFAX / i-FAX FAX FAX Restrictions Reject Number List FAX / i-FAX FAX Encryption KeyFAX / i-FAX i-FAX Smtp FAX / i-FAX i-FAX POP3 POP3Jobs FAX / i-FAX i-FAX Domain Restrictions GeneralFAX / i-FAX i-FAX Domain Restrictions Smtp Restriction List FAX / i-FAX i-FAX Domain Restrictions POP3 Restriction ListDocument Box Document Box Custom BoxDocument Box FAX Box Editing a FAX BoxAdvanced Document Box Polling BoxDNS Advanced Protocols TCP/IP GeneralWins Advanced Protocols TCP/IP IP Filters Advanced Protocols TCP/IP Logical Printers Advanced Protocols Netware Start of JobString End of JobEnables or disables IPP Advanced Protocols IPPAdvanced Protocols AppleTalk IPPAdvanced Protocols NetBEUI Advanced E-mail Smtp GeneralNetBEUI WorkgroupAdvanced E-mail Smtp E-mail Recipient # Advanced E-mail POP3 General Advanced E-mail POP3 User #Name Login Password Use ApopAdvanced Management Snmp SNMPv1/v2c Write CommunityAdvanced Management Snmp SNMPv3 Advanced Management Authentication Enables or disables access to the Ldap serverAdvanced Management Ldap LdapAdvanced Management Maintenance Domain NameHost Name Server TypeAdvanced Security Secure Protocols Advanced Security IEEE802.1xSSL HttpsAdvanced Security IPSec General Advanced Security IPSec Rule1 to Rule3 PFSLifetime MeasureMent Lifetime TimeAdvanced Set to Secure Https Security Secure Symptom Check Items Corrective ActionSecure HTTPS? Symptom Check Items Corrective Action Reference Center Command CENTER?Page Page Rev .7W