Before configuring IPSec communication settings
Check the IPSec settings in the operating system the machine will communicate with. An incorrect
combination of the operating system settings and machine settings will disable the IPSec communication.
IPSec functional restrictions
IPSec supports communication to a unicast address (or a single device).
The machine cannot use both IPSec and DHCPv6 at the same time.
IPSec is unavailable in networks in which NAT or IP masquerade is implemented.
In IKEv1 phase1, PFS is not supported.
Using IPSec with IP address filter
The IPSec settings are applied before the IP address filter settings during packet reception while the IP
address settings are applied before the IPSec settings during packet transmission.
Addresses for Firewall Rules(P. 258)
Registering Security Policies
To use IPSec for encrypted communication, you need to register security policies (SP) before enabling the IPSec
Enabling IPSec Communication(P. 299) ). A security policy consists of the groups of settings described
below. Up to 10 policies can be registered. You can register multiple policies according to a combination of the IP
address and the port number. After registering policies, specify the order in which they are applied.
Selector defines conditions for IP packets to apply IPSec communication. Selectable conditions include IP
addresses and port numbers of the machine and the devices to communicate with.
IKE configures the IKEv1 that is used for key exchange protocol. Note that instructions vary depending on the
authentication method selected.
[Pre-Shared Key Method]
A key of up to 24 alphanumeric characters can be shared with the other devices. Enable TLS for the Remote UI
in advance (
Using TLS for Encrypted Communications(P. 287) ).
[Digital Signature Method]
The machine and the other devices authenticate each other by mutually verifying their digital signatures. Have
a key pair to use ready (
Setting Protocols and Options
Specify the settings for ESP and AH, which are added to packets during IPSec communication. ESP and AH
cannot be used at the same time. You can also select whether or not to enable PFS for tighter security.
Start the Remote UI and log on in Management Mode.
Using CA-issued Key Pairs and Digital Certificates(P. 319) ).
Starting Remote UI(P. 326)