Canon imageRUNNER ADVANCE C5560i III User Manual page 761

7
Configure the IPSec communication settings.
1
Press <IPSec Network Settings>.
2
Configure the necessary settings.
<Validity>
Set the expiration period of the generated IPSec SA. Make sure to set either <Time> or <Size>. If you
set both, the setting with the value that is reached first is applied.
<PFS>
If you set the Perfect Forward Secrecy (PFS) function to <On>, the secrecy of the encryption key is
increased, but the communication speed is slower. In addition, the PFS function must be enabled on
the communication peer device.
<Authentication/Encryption Algorithm>
Select either <Auto> or <Manual Settings> to set how to specify the authentication and encryption
algorithm for IKE phase 2. If you select <Auto>, the ESP authentication and encryption algorithm is set
automatically. If you want to specify a particular authentication method, press <Manual Settings> and
select one of the authentication methods below.
<ESP>
<ESP (AES-GCM)>
<AH (SHA1)>
3
Press <OK> <OK>.
8
Enable the registered policies and check the order of priority.
● Select the registered policies from the list, and press <Policy On/Off> to turn them <On>.
● Policies are applied in the order that they are listed, starting at the top. If you want to change the order of
priority, select a policy in the list and press <Raise Priority> or <Lower Priority>.
● If you do not want to send or receive packets that do not correspond to the policies, select <Reject> for
<Receive Non-Policy Packets>.
9
Press <OK>.
Managing the Machine
Authentication and encryption are both performed. Select the algorithm for <ESP
Authentication> and <ESP Encryption>. Select <NULL> if you do not want to set
the authentication or encryption algorithm.
AES-GCM is used as the ESP algorithm, and authentication and encryption are
both performed.
Authentication is performed, but data is not encrypted. SHA1 is used as the
algorithm.
747