Configuring The Ipsec Settings - Canon imageRUNNER ADVANCE C5560i III User Manual
Hide thumbs
Also See for imageRUNNER ADVANCE C5560i III:
Table of Contents
Advertisement
Configuring the IPSec Settings
By using IPSec, you can prevent third parties from intercepting or tampering with IP packets transported over the IP
network. Because IPSec adds security functions to IP, a basic protocol suite used for the Internet, it can provide
security that is independent of applications or network configuration. To perform IPSec communication with this
machine, you must configure settings such as the application parameters and the algorithm for authentication and
encryption. Administrator or NetworkAdmin privileges are required in order to configure these settings.
Communication mode
●
This machine only supports transport mode for IPSec communication. As a result, authentication and
encryption is only applied to the data portions of IP packets.
Key exchange protocol
This machine supports Internet Key Exchange version 1 (IKEv1) for exchanging keys based on the Internet
Security Association and Key Management Protocol (ISAKMP). For the authentication method, set either the pre-
shared key method or the digital signature method.
●
When setting the pre-shared key method, you need to decide on a passphrase (pre-shared key) in advance,
which is used between the machine and the IPSec communication peer.
●
When setting the digital signature method, use a CA certificate and a PKCS#12 format key and certificate to
perform mutual authentication between the machine and the IPSec communication peer. For more
information on registering new CA certificates or keys/certificates, see
for Network Communication(P. 802) . Note that SNTP must be configured for the machine before it uses
this method.
Making SNTP Settings(P. 67)
●
Regardless of the setting of <Format Encryption Method to FIPS 140-2> for IPSec communication, an
encryption module which has already obtained FIPS140-2 certification will be used.
●
In order to make IPSec communication comply with FIPS 140-2, you must set the key length of both DH and
RSA for IPSec communication to 2048-bit or longer in the network environment that the machine belongs to.
●
Only the key length for DH can be specified from the machine.
●
Take note when configuring your environment, as there are no settings for RSA in the machine.
●
You can register up to 10 security policies.
1
Press
.
2
Press <Preferences>
Managing the Machine
<Network>
<TCP/IP Settings>
743
Registering a Key and Certificate
<IPSec Settings>.
4XR3-0CY
Advertisement
Chapters
Table of Contents
