Brother HL-S7000DN User Manual
Page 19

IPsec Settings
16
2
Note
• ESP is a protocol for carrying out encrypted communication using IPsec. ESP encrypts the payload
(communicated contents) and adds additional information. The IP packet is comprised of the header and 
the encrypted payload, which follows the header. In addition to the encrypted data, the IP packet also 
includes information regarding the encryption method and encryption key, the authentication data, and so 
on.
• AH is part of the IPsec protocol that authenticates the sender and prevents manipulation of the data
(ensures the completeness of the data). In the IP packet, the data is inserted immediately after the header. 
In addition, the packets include hash values, which are calculated using an equation from the 
communicated contents, secret key, and so on, in order to prevent the falsification of the sender and 
manipulation of the data. Unlike ESP, the communicated contents are not encrypted, and the data is sent 
and received as plain text.
• Encryption
(If Custom is selected in Use Prefixed Template) Select DES, 3DES, AES-CBC 128, or 
AES-CBC 256. The encryption can be selected only when ESP is selected in Protocol. If IKEv2 
is selected in IKE, multiple selections are possible.
(If a setting other than Custom is selected in Use Prefixed Template) The above-mentioned 
enabled encryption will be displayed.
• Hash
(If Custom is selected in Use Prefixed Template, and IKEv1 or Manual is selected in IKE) Select 
None, MD5, SHA1, SHA256, or SHA512. None can be selected only when ESP is selected in 
Protocol.
(If Custom is selected in Use Prefixed Template, and IKEv2 is selected in IKE) Select MD5, 
SHA1, SHA256, or SHA512. Multiple selections are possible.
(If a setting other than Custom is selected in Use Prefixed Template) The above-mentioned 
enabled hash algorithm type will be displayed.
• SA Lifetime
Specify the IKE SA lifetime.
(If Custom is selected in Use Prefixed Template, and IKEv1 or IKEv2 is selected in IKE) Enter 
the time (seconds) and number of kilobytes (KByte).
(If a setting other than Custom is selected in Use Prefixed Template) The time (seconds) and 
number of kilobytes (KByte) will be displayed.
• Encapsulation Mode
Select Transport or Tunnel.
• Remote Router IP-Address
Specify the IP address (IPv4 or IPv6) of the connection destination. Enter only when the Tunnel 
mode is selected.
Note
SA (Security Association) is an encrypted communication method using IPsec or IPv6 that exchanges and 
shares information, such as the encryption method and encryption key, in order to establish a secure 
