Xerox WorkCentre 5735 System Administrator Manual page 187

• Tunnel Mode - this mode encrypts the IP header and the payload. It provides protection on
an entire IP packet by treating it as an AH (Authentication Header) or ESP (Encapsulating
Secuirty Payload) payload.
When this mode is selected, you have the option of specifying a host IP Address
2. In the Security Selections area select preferred option and enter the required information.
3. Click on the [Save] button to return to the IP Sec - Action page.
If you Selected Internet Key Exchange (IKE) as the Keying Method:
IKE Phase 1 authenticates the IPSec peers and sets up a secure channel between the peers to enable
IKE exchanges.
IKE Phase 2 negotiates IP Sec System Administrator to set up the IP Sec tunnel.
1. In the IKE Phase 1 area:
For [Key Lifetime] enter length of time that this key will live, either in seconds, minutes or
a.
hours.
b. Select required option from the [DH Group] drop-down menu. Choose one of following:
• DH Group 2 - which provides a 1024 bit Modular Exponential (MODP) keying strength.
• DH Group 14 - which provides a 2048 bit MODP keying strength. Diffie-Hellman (DH) is
a public-key cryptography scheme that allows two parties to establish a shared secret
over an insecure communications channel. It is also used within IKE to establish session
keys.
c. For Hash - Encryption, check the required checkboxes:
• SHA1 (Secure Hash Algorithm 1) and MD5 (Message Digest 5) are one-way hashing
algorithms used to authenticate packet data. Both produce a 128-bit hash. The SHA1
algorithm is generally considered stronger but slower than MD5. Select MD5 for better
encryption speed, and SHA1 for better security.
• 3DES (Triple-Data Encryption Standard) is a variation on DES that uses a 168-bit key. As
a result, 3DES is more secure than DES. It also requires more processing power, resulting
in increased latency and decreased throughput.
AES (Advanced Encryption Standard) is a more secure method compared to 3DES.
•
2. In the IKE Phase 2 area:
a. Select from the [IPSec Mode] drop-down menu one of the following:
• Transport Mode - this provides a secure connection between two endpoints as it
encapsulates the IP payload, while Tunnel Mode encapsulates the entire IP packet.
• Tunnel Mode - this provides a virtual 'secure hop' between two gateways. It is used to
form a traditional VPN, where the tunnel generally creates a secure tunnel across an
untrusted Internet.
b. If you select [Tunnel Mode], then select either [Disabled], [IPv4 Address] or [IPv6 Address].
c. If you select IPv4 Address or IPv6 Address, enter IP Address details.
d. From the [IPsec Security] drop-down menu, select either, Both, ESP or AH.
AH (Authentication Header) and ESP (Encapsulating Security Payload) are the two main
wire-level protocols used by IPsec, and they authenticate (AH) and encrypt and authenticate
(ESP) the data flowing over that connection. They can be used independently or together.
For [Key Lifetime] enter length of time that this key will be valid for, either in seconds,
e.
minutes or hours.
WorkCentre™ 5735/5740/5745/5755/5765/5775/5790
User Data Encryption
System Administrator Guide
187