Xerox 5222 manual Configuration of IPsec, To enable IPsec

Configuration of IPsec

Configuration on a Computer

Confirm that the digital certificate to be used by the machine to encrypt PDF and XPS files has been imported and registered on the recipient’s computer. This will assure the ability to conduct two way digital signing of files, should this capability be required.

Configuration of IPsec

IPsec (IPsecurity) is comprised of the IP Authentication Header and IP Encapsulating Security Payload protocols, which secure IP communications at the network layer of the protocol stack, using both authentication and data encryption techniques.

The ability to send IPsec encrypted data to the printer is provided by the use of a public cryptographic key, following a network negotiating session between the initiator (client computer) and the responder (printer or server). To send encrypted data to the printer, the computer and the printer have to establish a Security Association with each other by verifying a matching password (shared secret) to each other. If this authentication is successful, a session public key will be built and used to send IPsec encrypted data over the TCP/IP network to the printer.

Providing additional security during the Public Key negotiating process, Digital Certificates can alternatively be used in place of the Shared Secret, to encrypt the Public Key information being exchanged between communicating parties. The Digital Certificate resides on the machine (managed as stated in Configuration of E-mail Encryption/Digital Signature on page 300) and MUST also have been imported and stored on the computer that is encrypting data being sent to the machine.

Certificates add digital signatures (individualized checksums verifying data integrity) to datagrams during the public key negotiating process, greatly assisting in securing data from network sniffers.

To enable IPsec

1.Open your web browser, and enter the IP address of the machine in the [Address] box to access CentreWare Internet Services.

2.In CentreWare Internet Services, click the [Properties] tab.

3.Expand the [Security] folder.

4.Select [IPsec] in the directory tree.

5.Enable the protocol by placing a checkmark in the [Enabled] box.

6.Select [Pre-Shared Key] to use the Shared Secret (between this machine and remote computers also possessing the secret). Note that if you select [Digital Signature], the [Shared Secret] boxes will be grayed out and you will have to supply a certificate stored on this machine to the remote computer that wishes to send IPsec encrypted data to this machine. Refer to the Configuration of E-mail Encryption/Digital Signature on page 300 for full information.

7.Enter the shared secret (a password) in the [Shared Secret] and [Verify Shared Secret] boxes.

8.Select [Enabled] (default setting) for [Communicate with Non-IPsec Device], so that computers not set up for encryption can still communicate with this machine.

9.Configure other available settings by referring to Properties in the CentreWare Internet Services chapter on page 173.

305