Settings Pages
Data Protection (IKE phase2)
In IKE phase2, IPSec SAs such as AH or ESP are established by using SAs
established in IKE phase1. Configure the following items so that they meet
the requirement of the other end.
• Protocol
Select ESP or AH for the protocol. ESP protects the privacy and integrity of
the packet contents. Select the hash algorithm and encryption algorithm
below. AH protects the integrity of the packet contents using encryption
checksum. Select the hash algorithm below.
• Hash
Selects the hash algorithm.
• Encryption
Selects the encryption algorithm. (When ESP is selected under Protocol.)
• PFS
When PFS is set to On (enabled), even if a key is decrypted, the decrypted
key cannot be used to decrypt the other keys generated after the decryption.
This improves the safety, but imposes a heavy burden because of more key-
generation processes.
• Diffie-Hellman Group
The Diffie-Hellman key-sharing algorithm allows two hosts on an unsecured
network to share a private key securely. Select the Diffie-Hellman group to
use for key sharing.
• Lifetime Measurement
Specifies whether the lifetime is measured by time or by time and data size.
• Lifetime (Time)/Lifetime (Data Size)
Specifies the lifetime of an IPSec SA. Lifetime Measurement allows you to
select whether to use time or data size to specify the lifetime. When you
select Time & Data Size, an SA is disabled and updated when either the time
or data size of the SA exceeds the specified value.
• IP Version
Specifies the IP version of the other end. Select IPv4 or IPv6.
• IP Address (IPv4)
Specifies the IPv4 addresses of the hosts or network with which the print
system is connecting via IPSec. When you are restricting the scope of IPSec,
be sure to specify the IP addresses. If this field is blank, all IPv4 addresses
will be allowed to connect the print system.
• IP Address (IPv6)
Specifies the IPv6 addresses of the hosts or network with which the print
system is connecting via IPSec. When you are restricting the scope of IPSec,
be sure to specify the IP addresses. If this field is blank, all IPv6 addresses
will be allowed to connect the print system.
• Subnet Mask
When IPv4 is selected for IP Version, this specifies the subnet mask of the
hosts or network with which the print system is connecting via IPSec. If this
field is blank, the specified addresses are considered to be host addresses.
• Prefix Length
6-52 User Guide
To Next Page
Loading...
Need help?
General