Encryption Key Manual Settings Configuration Flow - Ricoh Aficio MP C5502 User Manual

• If you specify the "Authentication and High Level Encryption" security level in "Encryption Key Auto
Exchange Settings", also select the "Use session key perfect forward secrecy (PFS)" check box in
the filter action properties screen. If using PFS in Windows, the PFS group number used in phase 2
is automatically negotiated in phase 1 from the Diffie-Hellman group number (set in step 11).
Consequently, if you change the security level specified automatic settings on the machine and
"User Setting" appears, you must set the same the group number for "Phase 1 Diffie-Hellman
Group" and "Phase 2 PFS" on the machine to establish IPsec transmission.

Encryption Key Manual Settings Configuration Flow

<Machine>
Set IPsec SA using
Web Image Monitor
Activate IPsec settings
• Before transmission, SA information is shared and specified by the sender and receiver. To prevent
SA information leakage, we recommend that this exchange is not performed over the network.
• After configuring IPsec, you can use "Ping" command to check if the connection is established
correctly. However, you cannot use "Ping" command when ICMP is excluded from IPsec
transmission. Also, because the response is slow during initial key exchange, it may take some time
to confirm that transmission has been established.
Specifying Encryption Key Manual Settings
1. Log in as the network administrator from Web Image Monitor.
2. Point to [Device Management], and then click [Configuration].
3. Click [IPsec] under "Security".
4. Select [Active] for "Encryption Key Manual Settings".
5. Click [Edit] under "Encryption Key Manual Settings".
Decide IPsec SA items
Share IPsec SA items
<PC>
Set IPsec SA using
the IPsec setting tool
Activate IPsec settings
Confirm IPsec transmission
Configuring IPsec
CJD016
165