11. Appendix

AH Protocol

The AH protocol provides secure transmission through authentication of packets only, including headers.

For successful authentication, the sender and receiver must specify the same authentication algorithm and authentication key. The authentication algorithm and authentication key are specified automatically.

AH Protocol + ESP Protocol

When combined, the ESP and AH protocols provide secure transmission through both encryption and authentication. These protocols provide header authentication.

For successful encryption, both the sender and receiver must specify the same encryption algorithm and encryption key. The encryption algorithm and encryption key are specified automatically.

For successful authentication, the sender and receiver must specify the same authentication algorithm and authentication key. The authentication algorithm and authentication key are specified automatically.

Some operating systems use the term "Compliance" in place of "Authentication".

Security Association

This machine uses encryption key exchange as the key setting method. With this method, agreements such as the IPsec algorithm and key must be specified for both sender and receiver. Such agreements form what is known as an SA (Security Association). IPsec communication is possible only if the receiver's and sender's SA settings are identical.

The SA settings are auto configured on both parties' machines. However, before the IPsec SA can be established, the ISAKMP SA (Phase 1) settings must be auto configured. When this is done, the IPsec SA (Phase 2) settings, which allow actual IPsec transmission, will be auto configured.

Also, for further security, the SA can be periodically auto updated by applying a validity period (time limit) for its settings. This machine only supports IKEv1 for encryption key exchange.

Multiple settings can be configured in the SA.

Settings 1-10

You can configure ten separate sets of SA details (such as different shared keys and IPsec algorithms).

IPsec policies are searched through one by one, starting at [No.1].

346

Page 348
Image 348
Ricoh SP C252SF, SP C250SF operating instructions Security Association