e-ManualTopSite mapHelpGlossary

Category Top

Optional Equipment and System Requirements

Printing or Sending a Fax from a Computer

Using E-Mail/I-Fax

Sending Data

Checking Your Network Environment

Network Environment Setup Procedures

Connecting the Machine to a Computer or Network

Specifying Network Settings from the Touch Panel Display

Interface Settings

Communication Environment Setup

IEEE802.1X Authentication Settings

Selecting the IEEE802.1X Authentication Method

TCP/IP Network Setup Procedures

Protocol Settings

TCP/IPv4 Settings

TCP/IPv6 Settings

Settings Common to TCP/IPv4 and TCP/IPv6

Confirming TCP/IPv4 Settings (PING Command)

Confirming TCP/IPv6 Settings (PING Command)

Setting the Key Pair Used With SSL Encrypted Communications

IPSec Settings

Registering a Security Policy
Editing a Security Policy

Startup Time Settings

Setting Up a Computer for Printing/Sending a Fax

Printer Connection Method (LPD/Raw)

Windows 2000/XP/Server 2003/Server 2008/Vista/7/Server 2008 R2
Mac OS X 10.3.9 or Later
UNIX

Printer Connection Method (IPP/IPPS)

Printer Connection Method (FTP)

Printer Connection Method (WSD)

Setting Up a Computer as a File Server

FTP Server Settings

WebDAV Server Settings

NetWare Network Setup Procedures

NetWare Print Service Settings

Setup Using NetWare Administrator or PCONSOLE

Protocol Settings

Setting Up a Computer for Printing/Sending a Fax

SMB/CIFS Network Setup Procedures

Protocol Settings

Setting Up a Computer for Printing/Sending a Fax

Connecting to a TCP/IP Network

Connecting to an SMB/CIFS Network

Printer Connection Method

Setting Up a Computer as a File Server

Connecting to a TCP/IP Network

Connecting to an SMB/CIFS Network and Configuring a Shared Folder

AppleTalk Network Setup Procedures

Protocol Settings

Setting Up a Computer for Printing

Network Connection Problems and Remedies

Printing Problems and Remedies

Data Sending/File Sharing Problems and Remedies

Encrypted SSL Data Communication Problems and Remedies

Confirming Settings

Checking the Block Log

Obtaining the Public Key of the Machine to Use SSL with Windows Server 2008/Vista/7/Server 2008 R2

Top » Network » TCP/IP Network Setup Procedures » Protocol Settings » IPSec Settings
IPSec Settings
08JK-205
IPSec is a protocol for ensuring the security of IP packets sent and received over an IP network by protecting it from threats such as theft, modification, and impersonation. IPSec is applied for TCP packets, UDP (User Datagram Protocol) packets, and ICMP (Internet Control Message Protocol) packets. The reason why IPSec is superior to other security protocols is that since it adds security functions to IP, the basic protocol of the internet, it does not depend on the application software and network configuration.
This section describes the procedure for creating a security policy to set IPSec communications, using the control panel of the machine. A security policy registers the settings for IPSec, such as the packets to process with IPSec, and the algorithm to use for authentication and encryption. A logical connection established for traffic by conducting negotiations according to an IPSec security policy is called an IPSec SA (Security Association).
The features of the IPSec used by the machine are as follows.
Communication Mode
Since the IPSec of the machine only supports the transport mode, authentication and encryption is only applied to the data part of the IP packets.
Authentication and Encryption Method
At least one of the following methods must be set for the machine. You cannot set both methods at the same time.
AH (Authentication Header)
A protocol for certifying authentication by detecting modifications to the communicated data, including the IP header. The communicated data is not encrypted.
ESP (Encapsulating Security Payload)
A protocol that provides confidentiality via encryption while certifying the integrity and authentication of only the payload part of communicated data.
Key Exchange Protocol
Supports IKEv1 (Internet Key Exchange version 1) for exchanging keys based on ISAKMP (Internet Security Association and Key Management Protocol). IKE includes two phases; in phase 1 the SA used for IKE (IKE SA) is created, and in phase 2 the SA used for IPSec (IPSec SA) is created.
To set authentication with the pre-shared key method, it is necessary to decide upon a pre-shared key in advance, which is a keyword used for both machines to send and receive data. Use the control panel of the machine to set the same pre-shared key as the destination to perform IPSec communications with, and perform authentication with the pre-shared key method.
To select authentication with a digital signature, a CA certificate (X.509 certificate) must be registered for bilateral authentication of the IPSec destination. For information on installing the CA certificate file using the Remote UI, see "Installing a CA Certificate File." For instructions on registering the installed CA certificate file, see "Registering/Editing a CA Certificate File."
The types of key pair and certificate that can be used for authentication with the digital signature method are indicated below.
RSA (Rivest Shamir Adleman) algorithm
PKCS#12 format key pair
Registering a Security Policy
Editing a Security Policy
IMPORTANT
If you want to register multiple security policies when setting the Main mode and pre-shared key authentication method in the IKE Settings screen, the following restrictions apply.
Pre-shared key method key: when specifying multiple remote IP addresses to which a security policy is to be applied, all shared keys for that security policy are identical (this does not apply when a single address is specified).
Priority: when specifying multiple remote IP addresses to which a security policy is to be applied, the priority of that security policy is below security policies for which a single address is specified.
Back to Top