Encryption Key Auto Exchange Settings - Ricoh MP C6502 series Operation Manual

5. Enhanced Network Security
• For successful authentication, the sender and receiver must specify the same authentication
algorithm and authentication key. If you use the encryption key auto exchange method, the
authentication algorithm and authentication key are specified automatically.
AH protocol
The AH protocol provides secure transmission through authentication of packets only, including
headers.
• For successful authentication, the sender and receiver must specify the same authentication
algorithm and authentication key. If you use the encryption key auto exchange method, the
authentication algorithm and authentication key are specified automatically.
AH protocol + ESP protocol
When combined, the ESP and AH protocols provide secure transmission through both encryption
and authentication. These protocols provide header authentication.
• For successful encryption, both the sender and receiver must specify the same encryption
algorithm and encryption key. If you use the encryption key auto exchange method, the
encryption algorithm and encryption key are specified automatically.
• For successful authentication, the sender and receiver must specify the same authentication
algorithm and authentication key. If you use the encryption key auto exchange method, the
authentication algorithm and authentication key are specified automatically.
• Some operating systems use the term "Compliance" in place of "Authentication".

Encryption Key Auto Exchange Settings

For key configuration, this machine supports automatic key exchange to specify agreements such as the
IPsec algorithm and key for both sender and receiver. Such agreements form what is known as an SA
(Security Association). IPsec communication is possible only if the receiver's and sender's SA settings are
identical.
If you use the auto exchange method to specify the encryption key, the SA settings are auto configured
on both parties' machines. However, before setting the IPsec SA, the ISAKMP SA (Phase 1) settings are
auto configured. After this, the IPsec SA (Phase 2) settings, which allow actual IPsec transmission, are
auto configured.
Also, for further security, the SA can be periodically auto updated by applying a validity period (time
limit) for its settings. This machine only supports IKEv1 for encryption key auto exchange.
Note that it is possible to configure multiple SAs.
Settings 1-4 and default setting
Using the auto exchange method, you can configure four separate sets of SA details (such as
different shared keys and IPsec algorithms). In the default settings of these sets, you can include
settings that the fields of sets 1 to 4 cannot contain.
142