Operating systems supported by communication partners
|
Windows XP/Vista/7/8/Server 2003/Server 2008/Server 2012
|
|
Connection mode
|
Transport mode
|
|
Key exchange protocol
|
IKEv1
|
|
Print Mode
|
Main mode
Aggressive mode
|
|
Authentication method
|
Pre-shared key
Digital signature
|
|
Hash algorithm
|
SHA1
MD5
|
|
Encryption algorithm
(and key length) |
3DES-CBC
AES-CBC (128 bits, 192 bits, or 256 bits)
|
|
Key exchange algorithm/group (and key length)
|
Diffie-Hellman (DH)
Group 1 (768 bits)
Group 2 (1024 bits)
Group 14 (2048 bits)
|
|
ESP (Encapsulating Security Payload)
|
Hash algorithm
|
SHA1
MD5
|
Encryption algorithm
(and key length) |
3DES-CBC
AES-CBC (128 bits, 192 bits, or 256 bits)
|
|
AH (Authentication Header)
|
Hash algorithm
|
SHA1
MD5
|
Before configuring IPSec communication settingsCheck the IPSec settings in the operating system the machine will communicate with. An incorrect combination of the operating system settings and machine settings will disable the IPSec communication.
|
IPSec functional restrictionsIPSec supports communication to a unicast address (or a single device).
The machine cannot use both IPSec and DHCPv6 at the same time.
IPSec is unavailable in networks in which NAT or IP masquerade is implemented.
In IKEv1 phase1, PFS is not supported.
Using IPSec with IP address filterThe IPSec settings are applied before the IP address filter settings during packet reception while the IP address settings are applied before the IPSec settings during packet transmission. Specifying IP Addresses for Firewall Rules
|
[All IP Addresses]
|
Select to use IPSec for all IP packets.
|
[IPv4 Address]
|
Select to use IPSec for all IP packets that are sent to or from the IPv4 address of the machine.
|
[IPv6 Address]
|
Select to use IPSec for all IP packets that are sent to or from an IPv6 address of the machine.
|
[IPv4 Manual Settings]
|
Select to specify a single IPv4 address or a range of IPv4 addresses to apply IPSec. Enter the IPv4 address (or the range) in the [Addresses to Set Manually] text box.
|
[IPv6 Manual Settings]
|
Select to specify a single IPv6 address or a range of IPv6 addresses to apply IPSec. Enter the IPv6 address (or the range) in the [Addresses to Set Manually] text box.
|
[All IP Addresses]
|
Select to use IPSec for all IP packets.
|
[All IPv4 Address]
|
Select to use IPSec for all IP packets that are sent to or from an IPv4 address.
|
[All IPv6 Address]
|
Select to use IPSec for all IP packets that are sent to or from an IPv6 address.
|
[IPv4 Manual Settings]
|
Select to specify a single IPv4 address or a range of IPv4 addresses to apply IPSec. Enter the IPv4 address (or the range) in the [Addresses to Set Manually] text box.
|
[IPv6 Manual Settings]
|
Select to specify a single IPv6 address or a range of IPv6 addresses to apply IPSec. Enter the IPv6 address (or the range) in the [Addresses to Set Manually] text box.
|
[Authentication]
|
[SHA1 and MD5]
|
[Encryption]
|
[3DES-CBC and AES-CBC]
|
[DH Group]
|
[Group 2 (1024)]
|
[Authentication]
|
Select the hash algorithm.
|
[Encryption]
|
Select the encryption algorithm.
|
[DH Group]
|
Select the Diffie-Hellman group, which determines the key strength.
|
1
|
Select [Pre-Shared Key Method] for [AUTH Method] and click [Shared Key Settings].
|
2
|
Enter up to 24 alphanumeric characters for the pre-shared key and click [OK].
|
1
|
Select [Digital Signature Method] for [AUTH Method] and click [Key and Certificate].
|
2
|
Select the key pair you want to use, and click [Default Key Settings].
Viewing details of a key pair or certificate
You can check the details of the certificate or verify the certificate by clicking the corresponding text link under [Key Name], or the certificate icon. Verifying Key Pairs and Digital Certificates |
[Specify by Time]
|
Enter a time in minutes to specify how long a session lasts. The entered time is applied to both IPSec SA and IKE SA.
|
[Specify by Size]
|
Enter a size in megabytes to specify how much data can be transported in a session. The entered size is applied to IPSec SA only.
|
[ESP Authentication]
|
ESP is enabled and the authentication algorithm is set to [SHA1 and MD5].
|
[ESP Encryption]
|
ESP is enabled and the encryption algorithm is set to [3DES-CBC and AES-CBC].
|
[ESP Authentication]
|
Select the hash algorithm to use for ESP authentication.
|
[ESP Encryption]
|
Select the encryption algorithm for ESP.
|
The settings are enabled after a hard reset is performed.
|
The settings are enabled after the hard reset is performed.
|