Specify exactly the same settings for IPsec SA settings on your computer as are specified for the IPsec Settings on the printer. Setting methods differ according to the computer's operating system. The following procedure is based on Windows XP in an IPv4 environment as an example.
On the [Start] menu, click [Control Panel], [Performance and Maintenance], and then click [Administrative Tools].
Double-click [Local Security Policy].
Click [IP Security Policies on Local Computer].
In the "Action" menu, click [Create IP Security Policy].
The IP Security Policy Wizard appears.
Click [Next].
Enter a security policy name in "Name", and then click [Next].
Clear the "Activate the default response rule" check box, and then click [Next].
Select "Edit properties", and then click [Finish].
In the "General" tab, click [Advanced].
In "Authenticate and generate a new key after every", enter the same validity period (in minutes) that is specified on the printer in [IKE Life Time], and then click [Methods].
Confirm that the Encryption Algorithm ("Encryption"), Hash Algorithm ("Integrity"), and IKE Diffie-Hellman Group ("Diffie-Hellman Group") settings in "Security method preference order" all match those specified on the printer in [IKE Settings].
If the settings are not displayed, click [Add].
Click [OK] twice.
Click [Add] in the "Rules" tab.
The Security Rule Wizard appears.
Click [Next].
Select "This rule does not specify a tunnel", and then click [Next].
Select the type of network for IPsec, and then click [Next].
Select "Use this string to protect the key exchange (preshared key)", and then enter the same PSK text specified on the printer with the pre-shared key.
Click [Next].
Click [Add] in the IP Filter List.
In [Name], enter an IP Filter name, and then click [Add].
The IP Filter Wizard appears.
Click [Next].
Select "My IP Address" in "Source address", and then click [Next].
Select "A specific IP Address" in "Destination address", enter the printer's IP address, and then click [Next].
For the IPsec protocol type, select "Any", and then click [Next].
Click [Finish].
Click [OK].
Select the IP filter that you have just created, and then click [Next].
Select the IPsec security filter, and then click [Edit].
In the "Security Methods" tab, check "Negotiate security" and then click [Add].
Select "Custom" and click [Settings].
When [ESP] is selected for the printer in [Security Protocol] under [IPsec Settings], select [Data integrity and encryption (ESP)], and configure the following settings:
Set the value of [Integrity algorithm] to the same value as the [Authentication Algorithm for ESP] specified on the printer.
Set the value of [Encryption algorithm] to the same value as the [Encryption Algorithm for ESP] specified on the printer.
When [AH] is selected for the printer in [Security Protocol] under [IPsec Settings], select [Data and address integrity without encryption (AH)], and configure the following settings:
Set the value of [Integrity algorithm] to the same value as the [Authentication Algorithm for AH] specified on the printer.
Clear the [Data integrity and encryption (ESP)] check box.
When [ESP&AH] is selected for the printer in [Security Protocol] under [IPsec Settings], select [Data and address integrity without encryption (AH)], and configure the following settings:
Set the value of [Integrity algorithm] under [Data and address integrity without encryption (AH)] to the same value as [Authentication Algorithm for AH] specified on the printer.
Set the value of [Encryption algorithm] under [Data integrity and encryption (ESP)] to the same value as [Encryption Algorithm for ESP] specified on the printer.
In the Session key settings, select "Generate a new key every", and enter the same validity period (in seconds or Kbytes) as that specified for [Life Time] on the printer.
Click [OK] three times.
Click [Next].
Click [Finish].
If you are using IPv6 under Windows Vista or a newer version of Windows, you must repeat this procedure from step 13 and specify ICMPv6 as an exception. When you reach step 24, select [58] as the protocol number for the "Other" target protocol type, and then set [Negotiate security] to [Permit].
Click [OK].
Click [Close].
The new IP security policy (IPsec settings) is specified.
Select the security policy that you have just created, right click on it, and then click [Assign].
IPsec settings on the computer are enabled.
To disable the computer's IPsec settings, select the security policy, right click, and then click [Un-assign].