Security Features
ColorQube 8570/8870 Color Printer
System Administrator Guide
72
4. Next to Key Lifetime, type the lifetime and select seconds or kilobytes (KB). Kilobytes are based
on the amount of network traffic sent over the policy. Seconds are based on when the policy is
first connected to. Key Lifetime must be at least 12 seconds or 2560 KB. The default setting is
28800 seconds (8 hours).
5. On the IKE Phase 2 Configuration page, under IKE Phase 2, select Tunnel or Transport as the
IPsec Mode. The default setting is Transport.
6. If Tunnel Mode is selected, type the Remote Tunnel Address up to 40 characters in length.
7. Under IPsec Proposal 1, 2 and 3, select IPsec encryption/hash pair SA Proposal Protocols for use
during IPsec protocol negotiation. Choose None, ESP+AH, ESP, or AH. A proposal is a hashing and
encryption method that the printer offers to another device connecting to it, during the setup of
an encrypted session. At least one of these proposals must match the proposals of a device that is
attempting to connect to the printer. The default setting is None. You must select at least one
proposal.
• For ESP+AH, select IPsec Encryption Algorithms to provide confidentiality and Hash
Algorithms for authentication and integrity. Encryption Algorithms you can select include
Advanced Encryption Standard CBC (AES-CBC 128bit), Triple Data Encryption Standard
(3DES), and Data Encryption Standard (DES). Hash Algorithms you can select include SHA1
and MD5. You must select at least one encryption algorithm and at least one hash algorithm.
• For ESP, in addition to the algorithms supported for ESP+AH, you can select Null Encryption
Algorithm and None for Hash Algorithm. You must select at least one encryption algorithm
and at least one hash algorithm. The combination of Null and None is not valid.
• For AH, Hash Algorithms you can select SHA1 and MD5. You must select at least one hash
algorithm.
8. Select the DH Group. Choose None or Group 2 (1024-bit MODP). Diffie-Hellman (DH) groups are
used to determine the length of the base prime numbers used during the key exchange process.
The cryptographic strength of any key derived depends, in part, on the strength of the DH Group
upon which the prime numbers are based. Group 2 provides 1024 bits of keying strength.
9. Next to Key Lifetime, type the lifetime and select seconds or kilobytes (KB). Kilobytes are based
on the amount of network traffic sent over the policy. Seconds are based on when the policy is
first connected to. Key Lifetime must be at least 12 seconds or 2560 KB. The default setting is
3600 seconds.
10. Click Next.
11. Click Finish.
12. Click Apply at the bottom of the page to update the IPsec Policy database and save the new
policies.
Modifying IPsec Actions
To view or modify an action, click the Name of the action. You can sort the list of actions by Name or
Description by clicking the column titles.
To Next Page
Loading...
Need help?
General
