Kyocera TASKalfa 3051ci User Manual page 62

Network Settings
58
Subnet Mask: When IPv4 is selected for IP Version, this specifies the subnet mask
of the hosts or network with which the print system is connecting via IPSec. If this
field is blank, the specified addresses are considered to be host addresses.
IP Address (IPv6): Specifies the IPv6 addresses of the hosts or network with which
the print system is connecting via IPSec. When you are restricting the scope of
IPSec, be sure to specify the IP addresses. If this field is blank, all IPv6 addresses
will be allowed to connect the print system.
Prefix Length: When IPv6 is selected for IP Version, this specifies the prefix length
of the hosts or network with which the print system is connecting via IPSec. If this
field is blank, the specified addresses are considered to be host addresses.
Remote Peer Address: If Tunnel is selected in Encapsulation Mode, assign an IP
address that is remotely controlled.
3. Authentication: Configures the local side authentication when IKEv1 is selected
as Key Management Type. To set a character string as the shared key and use it
for communication, select Pre-shared Key and enter the string of the pre-shared
key in the text box. To use the CA-issued Device Certification or Root Certificate,
select the Certificates. When Certificates is selected, the availability of the
device certificate is shown. To make advanced settings, click Settings button and
select a certificate. Configure the device certificate on the Certificates page of
Security Settings.
Configures the local side and remote side authentication when IKEv2 is selected as
Key Management Type. Configure Authentication Type, Local ID Type, Local ID
and Pre-shared Key on Local Side, and Authentication Type, Remote ID Type,
Remote ID and Pre-shared Key on Remote Side.
4. Key Exchange (IKE phase1): When using IKE phase1, a secure connection with
the other end is established by generating ISAKMP SAs. Configure the following
items so that they meet the requirement of the other end.
Mode: Configures this item when IKEv1 is selected as Key Management Type.
Main Mode protects identifications but requires more messages to be exchanged
with the other end. Aggressive Mode requires fewer messages to be exchanged
with the other end than Main Mode but restricts identification protection and nar-
rows the extent of the parameter negotiations. When Aggressive Mode is selected
and Pre-shared Key is selected for Authentication Type, only host addresses can
be specified for IP addresses of the rule.
Hash: Selects the hash algorithm.
Encryption: Selects the encryption algorithm.
Diffie-Hellman Group: The Diffie-Hellman key-sharing algorithm allows two hosts
on an unsecured network to share a private key securely. Select the Diffie-Hellman
group to use for key sharing.
Lifetime (Time): Specifies the lifetime of an ISAKMP SA in seconds.
5. Data Protection (IKE phase2)
In IKE phase2, IPSec SAs such as ESP or AH are established by using SAs estab-
lished in IKE phase1. Configure the following items so that they meet the require-
ment of the other end.
Protocol: Select ESP or AH for the protocol. ESP protects the privacy and integrity
of the packet contents. Select the hash algorithm and encryption algorithm below.
AH protects the integrity of the packet contents using encryption checksum. When
you select AH as Protocols, you cannot use the AES-GCM-128, 192, or 256. Select
the hash algorithm below.
Hash: Selects the hash algorithm. When you select AES-GCM-128, 192, or 256 on
Encryption, you have to select the AES-GCM-128, 192, or 256 or the AES-GMAC-
128, 192, or 256 corresponding to the same bit.
Encryption: Selects the encryption algorithm. (When ESP is selected under Proto-
col.) When you select the AES-GCM-128, 192, or 256 on Hash, you have to select
the AES-GCM-128, 192, or 256 corresponding to the same bit. When you select the
AES-GMAC-128, 192, or 256 on Hash, you have to select the AES-GCM-128, 192,
or 256 corresponding to the same bit. If you do not select any algorithm, the
machine authenticates without encryption.
Embedded Web Server