IPsec Help
Use this page to enable IPsec on the printer. IPsec is a protocol suite used for securing Internet Protocol (IP) communications by authenticating and/or encrypting each IP packet in a data stream. IPsec also includes protocols for cryptographic key establishment. IPsec can be implemented as part of your company's overall security policy.
Protocol - Select the Enabled checkbox to enable IPsec.
IKE Authentication Method - Internet Key Exchange (IKE) is the protocol used to set up a security association (SA) in the IPsec protocol suite. The Pre-Shared Key method used to authenticate communicating devices displays in this field.
Shared Key/Verify Shared Key - Enter the Shared Key value, up to 255 characters in length. Verify the Shared Key by entering it again.
IKE SA Life Time - Specify the key lifetime in minutes from 5 to 28800. This value should equal to or more than the IPsec SA Life Time.
IPsec SA Life Time - Specify the key lifetime in minutes from 5 to 2880. This value should equal to or less than the IKE SA Life Time.
DH Group - Diffie-Hellman (DH) groups are used to determine the length of the base prime numbers used during the key exchange process. The cryptographic strength of any key derived depends, in part, on the strength of the DH group upon which the prime numbers are based. Select Group 1 (G1) or Group 2 (G2). G2 (medium), is stronger (more secure) than G1 (low). G1 provides 768 bits of keying strength, G2 provides 1024 bits.
PFS (Perfect Forward Security) - Provides additional security using a Diffie-Hellman shared secret value. If this checkbox is enabled, if one key is compromised, previous and subsequent keys are secure because they are not derived from previous keys. Select the Enabled checkbox to enable PFS.
Specify Destination IPv4 Address - Enter the destination IPv4 address in this field, up to 31 characters in length. An address range can also be entered in this field.
Specify Destination IPv6 Address - Enter the destination IPv6 addresses in this field. An address range can also be entered in this field. This address should be hexadecimal digits delimited by the : character, and can be up to 79 characters in length.
Communicate with Non-IPsec Device - Select how the printer should communicate with non-IPsec supported devices. If one end of the network connection does not use IPsec, the printer either discards the ethernet packets or bypasses the IPsec processing of the packets. Supported values include Bypass or Discard.
When you are satisfied with your selections, click Save Changes to keep the settings or Discard Changes to keep the previous settings. The settings becomes active after you save the changes, and then restart the printer from CentreWare IS or by manually switching it off and then on again.
|