Section 4 — Network Security
Canon imageRUNNER ADVANCE systems support an optional IPSec Board, which allows users to utilize
IPSec (Internet Protocol Security) to help ensure the privacy and security of information sent to and from
the device, while in transit over unsecured networks.
IPSec is a suite of protocols for securing IP communications. IPSec supports secure exchange of packets at
the IP layer, where the packets in the data stream are authenticated and encrypted. It encrypts traffic so that
the traffic cannot be read by parties other than those for whom it is intended, it also ensures that the traffic
has not been modified along its path and is from a trusted party, and protects against replay of the secure
session. The IPSec functionality of the device only supports transport mode, therefore authentication and
encryption is only applied to the data part of the IP packets.
See the imageRUNNER ADVANCE system manual for the specific device in question for additional
instructions on registering IPSec-based security policies.
Authentication and Encryption Method:
One of the following methods must be set for the device.
AH (Authentication Header)
A protocol for certifying authentication by detecting modifications to the communicated data,
including the IP header. The communicated data is not encrypted.
ESP (Encapsulating Security Payload)
A protocol that provides confidentiality via encryption while certifying the integrity and
authentication of only the payload part of communicated data.
Key Exchange Protocol
Supports IKEv1 (Internet Key Exchange version 1) for exchanging keys based on ISAKMP (Internet
Security Association and Key Management Protocol). IKE includes two phases; in phase 1 the SA used for
IKE (IKE SA) is created, and in phase 2 the SA used for IPSec (IPSec SA) is created.
To set authentication with the pre-shared key method, it is necessary to decide upon a pre-shared key in
advance, which is a keyword (24 characters or less) used for both devices to send and receive data. Use the
control panel of the device to set the same pre-shared key as the destination to perform IPSec
communications with, and perform authentication with the pre-shared key method.
To select authentication with the digital signature method, it is necessary to install a key pair file and CA
certificate file created on a PC in advance using the Remote UI, and then register the installed files using
the control panel of the device. Authentication is conducted with the destinations for IPSec communication
using the CA certificate.
The types of key pair and CA certificate that can be used for authentication with the digital signature
method are indicated below.
PKCS#12 format key pair
Canon imageRUNNER ADVANCE systems support wireless networking through the installation of an
optional Wireless LAN Board. The Wireless LAN Board is IPv6 compliant and supports the latest wireless
White Paper: Canon imageRUNNER ADVANCE Security