Communication modeThis machine only supports transport mode for IPSec communication. As a result, authentication and encryption is only applied to the data portions of IP packets.
Key exchange protocolThis machine supports Internet Key Exchange version 1 (IKEv1) for exchanging keys based on the Internet Security Association and Key Management Protocol (ISAKMP). For the authentication method, set either the pre-shared key method or the digital signature method.
When setting the pre-shared key method, you need to decide on a passphrase (pre-shared key) in advance, which is used between the machine and the IPSec communication peer.
When setting the digital signature method, use a CA certificate and a PKCS#12 format key and certificate to perform mutual authentication between the machine and the IPSec communication peer. For more information on registering new CA certificates or keys/certificates, see Registering a Key and Certificate for Network Communication. Note that SNTP must be configured for the machine before it uses this method. Making SNTP Settings
|
1
|
Press <Selector Settings>.
|
||||||||||||||
2
|
Specify the IP address to apply the IPSec policy to.
Specify the IP address of this machine in <Local Address>, and specify the IP address of the communication peer in <Remote Address>.
|
||||||||||||||
3
|
Specify the port to apply IPSec to.
Press <Specify by Port Number> to use port numbers when specifying the ports that IPSec applies to. Select <All Ports> to apply IPSec to all port numbers. To apply IPSec to a specific port number, press <Single Port> and enter the port number. After specifying the ports, press <OK>. Specify the port of this machine in <Local Port>, and specify the port of the communication peer in <Remote Port>.
Press <Specify by Service Name> to use service names when specifying the ports that IPSec applies to. Select the service in the list, press <Service On/Off> to set it to <On>, and press <OK>.
|
||||||||||||||
4
|
Press <OK>.
|
1
|
Press <IKE Settings>.
|
||||||||||
2
|
Configure the necessary settings.
<IKE Mode>
Select the operation mode for the key exchange protocol. Security is enhanced if you select <Main> because the IKE session itself is encrypted, but the speed of the session is slower than with <Aggressive>, which does not encrypt the entire session.
<Authentication Method>
Select one of the authentication methods described below.
<Authentication/Encryption Algorithm>
Select either <Auto> or <Manual Settings> to set how to specify the authentication and encryption algorithm for IKE phase 1. If you select <Auto>, an algorithm that can be used by both this machine and the communication peer is set automatically. If you want to specify a particular algorithm, select <Manual Settings> and configure the settings below.
|
||||||||||
3
|
Press <OK>.
|
1
|
Press <IPSec Network Settings>.
|
||||||
2
|
Configure the necessary settings.
<Validity>
Set a period of validity for the generated IKE SA and IPSec SA. Make sure to set either <Time> or <Size>. If you set both, the period of validity ends when either value is reached.
<PFS>
If you set the Perfect Forward Secrecy (PFS) function to <On>, the secrecy of the encryption key is increased, but the communication speed is slower. In addition, the PFS function must be enabled on the communication peer device.
<Authentication/Encryption Algorithm>
Select either <Auto> or <Manual Settings> to set how to specify the authentication and encryption algorithm for IKE phase 2. If you select <Auto>, the ESP authentication and encryption algorithm is set automatically. If you want to specify a particular authentication method, press <Manual Settings> and select one of the authentication methods below.
|
||||||
3
|
Press <OK> <OK>.
|
Managing IPSec policiesYou can edit policies on the screen displayed in step 3.
To edit the details of a policy, select the policy in the list and press <Edit>.
To disable a policy, select the policy in the list and press <Policy On/Off>.
To delete a policy, select the policy in the list and press <Delete> <Yes>.
|