Xerox ColorQube 8570 System Administrator Manual page 70

Security Features
Encrypt: Require IPsec authentication and encryption for the selected network traffic.
•
Note: In order to use X.509 certificates for IPsec authentication, install the certificates from the
Manage Certificates page in CentreWare IS before configuring IPsec. Select Security >
Certificates in the left navigation panel to configure certificates.
Creating IPsec Actions
To create a new action:
1. On the IPsec Actions page, click Create Action at the bottom of the page. A series of pages
display, which guide you through the process of creating an action. Each page shows your
previous entries to make configuration easier. You can create a maximum of 100 IP Actions.
2. To use X.509 certificates for IPsec confguration, install the certificates from the Manage
Certificates page before configuring IPsec.
Click Next.
3.
4. On the Create New Action page, next to Action Name, type a name, up to 64 characters.
5. Type a Description, up to 256 characters.
Note: The name and description cannot contain the following special characters: " ' & ? + = < > / \
6. Next to Keying Method, select Manual Keying, or Internet Key Exchange (IKE). IKE is the
protocol used to set up a security association (SA) in the IPsec protocol suite.
7. Click Next.
Manual Keying
If Manual Keying is selected, configure the following:
Next to IPsec Mode, select Tunnel or Transport. The default setting is Transport.
1.
• In Tunnel Mode, the entire IP packet (header and payload) is encrypted. Tunnel Mode
provides portal-to-portal communications security in which security of packet traffic is
provided to multiple machines by a single node. If Tunnel Mode is selected, enter the Remote
Tunnel Address in the provided field. Remote Tunnel Address can be 40 characters in length
maximum.
• In Transport Mode, only the payload (message) of the IP packet is encrypted. Transport
Mode provides end-to-end security of packet traffic in which the end-point computers do the
security processing.
2. Under IPsec Proposal Protocol, select Encapsulating Security Payload + Authentication Header
(ESP+AH), ESP, or AH. ESP provides IP packet confidentiality to prevent people from determining
the packet contents. AH provides a way to check that a packet came from a given source and that
it has not been modified in transit. A protocol other than None must be selected.
3. If you select ESP+AH for the IPsec Proposal Protocol, select IPsec Encryption Algorithms to provide
confidentiality and Hash Algorithms for authentication and integrity. Select Advanced Encryption
Standard CBC (AES-CBC), Triple Data Encryption Standard (3DES), and Data Encryption Standard
(DES). Hash Algorithms you can select include SHA1 and MD5. You must select at least one
encryption algorithm and at least one hash algorithm. One pair of Inbound and Outbound SPI is
used for ESP, and another pair is used for AH.
4. If you select ESP for the IPsec Proposal Protocol, you can select from the algorithms supported for
ESP+AH, Null Encryption Algorithm and None for Hash Algorithm. You must select at least one
70 ColorQube 8570/8870 Color Printer
System Administrator Guide