System information

ManualsBrandsKyocera ManualsPrinterFs-4020dn

COMMAND CENTER Pages

50 KYOCERA COMMAND CENTER

Advanced > Security > IPSec > Rule1 (to Rule3)

These pages allow you to select or edit rules to use for IPSec protocol-based communication.

Authentication

Type

Specifies the authentication type used for IKE phase1. To set

a character string as the shared key and use it for

communication, select Pre-shared and enter the string of

the pre-shared key in the text box. To use a CA-issued

device certificate or root certificate, select Certificates.

When Expiration Verification is enabled, the expiration of

the server certificate is verified at communicating. If the

server certificate is found expired, communication will fail.

When it is disabled, the expiration will not be verified.

When you select Certificates, the contents of the CA

certificate and root 1 to 3 certificates are displayed if they are

enabled. When you click the CA or Root button, you can

view, import or delete CA-issued or root certificates.

Rule1 (to Rule3)

Shows whether the set rule is enabled or disabled. To enable

or disable the rule, refer to Advanced > Security > IPSec >

Rule1 (to Rule3) on page 50.

Item Description

Rule

Specifies whether or not to enable the selected IPSec policy

rule. Select On to enable the rule. Select Off to disable it.

Key Exchange

(IKE phase1)

When using IKE phase1, a secure connection with the other

end is established by generating ISAKMP SAs. Configure the

following items so that they meet the requirement of the other

end.

Policy

Main Mode protects identifications but requires more

messages to be exchanged with the other end. Aggressive

Mode requires fewer messages to be exchanged with the

other end than Main Mode but restricts identification

protection and narrows the extent of the parameter

negotiations. When Aggressive Mode is selected and Pre-

shared is selected for Authentication Type, only host

addresses can be specified for IP addresses of the rule.

Hash

Selects the hash algorithm.

Encryption

Selects the encryption algorithm.

Diffie-

Hellman

Group

The Diffie-Hellman key-sharing algorithm allows two hosts on

an unsecured network to share a private key securely. Select

the Diffie-Hellman group to use for key sharing.

Lifetime

(Time)

Specifies the lifetime of an ISAKMP SA in seconds.

Data Protection

(IKE phase2)

In IKE phase2, IPSec SAs such as AH or ESP are established

by using SAs established in IKE phase1. Configure the

following items so that they meet the requirement of the other

end.