Skip header
 

Specifying IPsec Settings on the Computer

Specify exactly the same settings for IPsec SA settings on your computer as are specified for the IPsec Settings on the printer. Setting methods differ according to the computer's operating system. The following procedure is based on Windows XP in an IPv4 environment as an example.

1On the [Start] menu, click [Control Panel], [Performance and Maintenance], and then click [Administrative Tools].

2Double-click [Local Security Policy].

3Click [IP Security Policies on Local Computer].

4In the "Action" menu, click [Create IP Security Policy].

The IP Security Policy Wizard appears.

5Click [Next].

6Enter a security policy name in "Name", and then click [Next].

7Clear the "Activate the default response rule" check box, and then click [Next].

8Select "Edit properties", and then click [Finish].

9In the "General" tab, click [Advanced].

10In "Authenticate and generate a new key after every", enter the same validity period (in minutes) that is specified on the printer in [IKE Life Time], and then click [Methods].

11Confirm that the Encryption Algorithm ("Encryption"), Hash Algorithm ("Integrity"), and IKE Diffie-Hellman Group ("Diffie-Hellman Group") settings in "Security method preference order" all match those specified on the printer in [IKE Settings].

If the settings are not displayed, click [Add].

12Click [OK] twice.

13Click [Add] in the "Rules" tab.

The Security Rule Wizard appears.

14Click [Next].

15Select "This rule does not specify a tunnel", and then click [Next].

16Select the type of network for IPsec, and then click [Next].

17Select "Use this string to protect the key exchange (preshared key)", and then enter the same PSK text specified on the printer with the pre-shared key.

18Click [Next].

19Click [Add] in the IP Filter List.

20In [Name], enter an IP Filter name, and then click [Add].

The IP Filter Wizard appears.

21Click [Next].

22Select "My IP Address" in "Source address", and then click [Next].

23Select "A specific IP Address" in "Destination address", enter the printer's IP address, and then click [Next].

24For the IPsec protocol type, select "Any", and then click [Next].

25Click [Finish].

26Click [OK].

27Select the IP filter that you have just created, and then click [Next].

28Select the IPsec security filter, and then click [Edit].

29In the "Security Methods" tab, check "Negotiate security" and then click [Add].

30Select "Custom" and click [Settings].

31When [ESP] is selected for the printer in [Security Protocol] under [IPsec Settings], select [Data integrity and encryption (ESP)], and configure the following settings:

Set the value of [Integrity algorithm] to the same value as the [Authentication Algorithm for ESP] specified on the printer.

Set the value of [Encryption algorithm] to the same value as the [Encryption Algorithm for ESP] specified on the printer.

32When [AH] is selected for the printer in [Security Protocol] under [IPsec Settings], select [Data and address integrity without encryption (AH)], and configure the following settings:

Set the value of [Integrity algorithm] to the same value as the [Authentication Algorithm for AH] specified on the printer.

Clear the [Data integrity and encryption (ESP)] check box.

33When [ESP&AH] is selected for the printer in [Security Protocol] under [IPsec Settings], select [Data and address integrity without encryption (AH)], and configure the following settings:

Set the value of [Integrity algorithm] under [Data and address integrity without encryption (AH)] to the same value as [Authentication Algorithm for AH] specified on the printer.

Set the value of [Encryption algorithm] under [Data integrity and encryption (ESP)] to the same value as [Encryption Algorithm for ESP] specified on the printer.

34In the Session key settings, select "Generate a new key every", and enter the same validity period (in seconds or Kbytes) as that specified for [Life Time] on the printer.

35Click [OK] three times.

36Click [Next].

37Click [Finish].

If you are using IPv6 under Windows Vista or a newer version of Windows, you must repeat this procedure from step 13 and specify ICMPv6 as an exception. When you reach step 24, select [58] as the protocol number for the "Other" target protocol type, and then set [Negotiate security] to [Permit].

38Click [OK].

39Click [Close].

The new IP security policy (IPsec settings) is specified.

40Select the security policy that you have just created, right click on it, and then click [Assign].

IPsec settings on the computer are enabled.

Note

  • To disable the computer's IPsec settings, select the security policy, right click, and then click [Un-assign].