Home ApplicationIPsec Setting

IPsec Setting

IPsec Setting (IKEv1 Setting)

Specifies the IKEv1 setting.

  1. Access IPsec to display the IPsec Operation Selection screen.

  2. Select the [IPsec Setting] radio button, and click [OK]. The [IPsec Setting] screen is displayed.

  3. Click [Edit] of [IKEv1].

  4. Specify [Encryption Algorithm] you want to use when generating a common key used for communication.

    Select the checkbox of the encryption algorithm to be set. When selecting the [AES-CBC] checkbox, select the key length to be set from the [Key Length] drop-down list.

  5. Specify [Authentication Algorithm] you want to use when generating a common key used for communication.

    Select the checkbox of the authentication algorithm to be set. When selecting the [SHA-2] checkbox, select the desired key length from the [Key Length] drop-down list.

  6. Specify the validity period of common key to securely generate a common key used for encrypting communication. Enter a desired period of time into the [Encryption Key Validity Period] text box. The available range is 600 to 604800 (seconds).

  7. Select a group from the [Diffie-Hellman Group] drop-down list.

  8. Select either [Main Mode] or [Aggressive Mode] from the [Negotiation Mode] drop-down list. Select the method to securely generate a common key used for encrypting communication.

  9. Click [OK]. Clicking [Cancel] cancels the setting.

  10. Click [OK] on the setting complete screen.

    The screen returns to the [IPsec Setting] screen.

IPsec Setting (IKEv2 Setting)

Set the IKEv2 setting.

  1. Display the [IPsec Setting] screen.

    • The procedures are the same as Steps 1 to 2 in "IPsec Setting (IKEv1 Setting)."

  2. Click [Edit] of [IKEv2].

  3. Specify [Encryption Algorithm] you want to use when generating a common key used for communication.

    Select the checkbox of the encryption algorithm to be set. When selecting the [AES-CBC] checkbox, select the key length to be set from the [Key Length] drop-down list.

  4. Specify [Authentication Algorithm] you want to use when generating a common key used for communication.

    Select the checkbox of the authentication algorithm to be set. When selecting the [SHA-2] checkbox, select the desired key length from the [Key Length] drop-down list.

  5. Specify the validity period of common key to securely generate a common key used for encrypting communication. Enter a desired period of time into the [Encryption Key Validity Period] text box. The available range is 600 to 604800 (seconds).

  6. Set the priority of [Diffie-Hellman Group].

    Select a group from each drop-down list of [Priority1] to [Priority4].

  7. Click [OK]. Clicking [Cancel] cancels the setting.

  8. Click [OK] on the setting complete screen.

    The screen returns to the [IPsec Setting] screen.

IPsec Setting (SA Setting)

Registers Security Associations (SAs) used for encrypted communication, edits the registered SAs, and deletes the registered SAs.

  1. Display the [IPsec Setting] screen.

    • The procedures are the same as Steps 1 to 2 in "IPsec Setting (IKEv1 Setting)."

  2. Click [Create] in [SA].

    • When editing the registered SA, click [Edit].

  3. Specify the SA setting.

    • Enter the name of the SA in the [Name] field. Up to 10 one-byte characters can be used.

    • Select the options from the [Encapsulation Mode], [Security Protocol], and [Key Exchange Method] drop-down lists.

    • Enter a desired period of time into the [Lifetime After Establishing SA] text box. The available range is 600 to 604800 (seconds).

  4. Configure the settings of IKE used for this SA.

    • Select the options from the [Authentication Method], [ESN], and [Replay Detection] drop-down lists.

    • If you have selected [IKEv2] for [Key Exchange Method]. select the authentication method of the machine from [Local Authentication Method], and select the method to authenticate the peer from [Peer Authentication Method].

    • Select the checkboxes of [ESP Encryption Algorithm], [ESP Authentication Algorithm], and [AH Authentication Algorithm] to be set. Depending on the selected items, select the key length to be set from the [Key Length] drop-down list.

    • To enable [Perfect Forward Secrecy] capable of increasing the IKE strength, select the checkbox.

    • Select a group from the [Diffie-Hellman Group(IKEv1)] drop-down list.

    • Set the priority of [Diffie-Hellman Group(IKEv2)]. Select a group from each drop-down list of [Priority1] to [Priority4].

  5. If you have selected [Manual Key] for [Key Exchange Method], configure the manual key settings.

    • Select an item from a drop-down list for [Encryption Algorithm] or [Authentication Algorithm]. Depending on the selected items, select the key length to be set from the [Key Length] drop-down list.

    • Enter a value ranging from 256 to 4294967295 in each field of [Receive] and [Send] in [SA Index].

    • Enter a key in each field of [Receive] and [Send] in [Common Keys for Enc.]. You can enter up to 64 alphanumeric characters.

    • Enter a key in each field of [Receive] and [Send] in [Common Keys for Auth.]. You can enter up to 64 alphanumeric characters.

  6. Click [OK]. Clicking [Cancel] cancels the setting.

  7. Click [OK] on the setting complete screen.

    The screen returns to the [IPsec Setting] screen.

  8. When deleting the SA, click [Delete].

  9. Click [OK] on the confirmation screen. Click [Cancel] to cancel the deletion.

  10. Click [OK] on the setting complete screen.

    The screen returns to the [IPsec Setting] screen.

IPsec Setting (Peer)

Registers peers, edits the registered peer, and deletes the registered peers.

  1. Display the [IPsec Setting] screen.

    • The procedures are the same as Steps 1 to 2 in "IPsec Setting (IKEv1 Setting)."

  2. Click [Register] in [Peer].

    • When editing the registered peer, click [Edit].

  3. Enter the name of the peer in the [Name] field.

    • Up to 10 one-byte characters can be used.

  4. Select a radio button of the [Set IP Address], and enter the IP address and other information.

  5. Enter a string in each field of [Pre-Shared Key Text] and [Key-ID String]. You can enter up to 128 alphanumeric characters and symbols.

  6. Click [OK]. Clicking [Cancel] cancels the setting.

  7. Click [OK] on the setting complete screen.

    The screen returns to the [IPsec Setting] screen.

  8. When deleting the peer, click [Delete].

  9. Click [OK] on the confirmation screen. Click [Cancel] to cancel the deletion.

  10. Click [OK] on the setting complete screen.

    The screen returns to the [IPsec Setting] screen.

IPsec Setting (Protocol Setting)

Registers protocol settings, edits the registered protocol settings, and deletes the registered protocol settings.

  1. Display the [IPsec Setting] screen.

    • The procedures are the same as Steps 1 to 2 in "IPsec Setting (IKEv1 Setting)."

  2. Click [Create] in [Protocol Setting].

    • When editing the registered protocol setting, click [Edit].

  3. Enter the name of the protocol setting in the [Name] field.

    • Up to 10 one-byte characters can be used.

  4. Select a protocol identification from the [Protocol Identification Setting] drop-down list.

  5. If you have selected [TCP] or [UDP] for [Protocol Identification Setting], select a radio button of the [Port Number] setting, and enter the port number.

  6. If you have selected [ICMP] or [ICMPv6] for [Protocol Identification Setting], specify a message type.

  7. Click [OK]. Clicking [Cancel] cancels the setting.

  8. Click [OK] on the setting complete screen.

    The screen returns to the [IPsec Setting] screen.

  9. When deleting the protocol setting, click [Delete].

  10. Click [OK] on the confirmation screen. Click [Cancel] to cancel the deletion.

  11. Click [OK] on the setting complete screen.

    The screen returns to the [IPsec Setting] screen.