Canon iR3245 Network Manual page 109

ESP (Encapsulating Security Payload)
A protocol that provides confidentiality via encryption while certifying the integrity and
authentication of only the payload part of communicated data.
Key Exchange Protocol
Supports IKEv1 (Internet Key Exchange version 1) for exchanging keys based on ISAKMP (Internet
Security Association and Key Management Protocol). IKE includes two phases; in phase 1 the SA
used for IKE (IKE SA) is created, and in phase 2 the SA used for IPSec (IPSec SA) is created.
To set authentication with the pre-shared key method, it is necessary to decide upon a pre-shared
key in advance, which is a keyword (24 characters or less) used for both devices to send and receive
data. Use the control panel of the machine to set the same pre-shared key as the destination to
perform IPSec communications with, and perform authentication with the pre-shared key method.
To select authentication with the digital signature method, it is necessary to install a key pair file and
CA certificate file created on a PC in advance using the Remote UI, and then register the installed
files using the control panel of the machine. Authentication is conducted with the destinations for
IPSec communication using the CA certificate.
The types of key pair and CA certificate that can be used for authentication with the digital signature
method are indicated below.
RSA algorithm
X.509 certificate
PKCS#12 format key pair
Remarks
For ISAKMP, port number 500 of UDP (User Datagram
Protocol) is used for sending/receiving.
For information on installing a key pair file and CA
certificate file, see the Remote UI Guide
IPSec Settings
3
3-57