Ipsec] setting ipsec, P. 70) – Canon VB-H41 User Manual
Page 70
70
IPsec
(1) [IPsec]
Key settings for use with IPsec can be selected as
[Auto Key Exchange] or [Manual].
Auto Key Exchange Settings
(1) [IPsec SA Encryption Algorithm]
Set the IPsec SA encryption algorithm to [AES-
>3DES], [AES->3DES->DES] or [AES->3DES->DES -
>NULL].
The specified algorithm will be checked for an
applicable encryption algorithm starting from the left.
(2) [IPsec SA Authentication Algorithm]
Set the IPsec SA authentication algorithm to
[HMAC_SHA1_96] or [HMAC_SHA1_96->
HMAC_MD5_96].
The specified algorithm will be checked for an
applicable authentication algorithm starting from the
left.
(3) [IPsec SA Validity Period (min)]
Set the duration of validity for IPsec SA (factory default
setting is [480]).
(4) [ISAKMP SA Encryption Algorithm]
Set the SA encryption algorithm for use with auto key
exchange protocol IKE to [AES->3DES] or [AES->
3DES->DES].
(5) [ISAKMP SA Authentication Algorithm]
Set the SA authentication algorithm for use with auto
key exchange protocol IKE to [SHA1] or [SHA1-
>MD5].
(6) [DH Group]
Select [Group 2] or [Group 2->Group 1] for the key
generation information that will be used in the DH
algorithm for key exchange via auto key exchange
protocol IKE.
(7) [ISAKMP SA Validity Period (min)]
Set the duration of validity for ISAKMP SA (factory
default setting is [480]).
IPsec Set (Auto Key Exchange)
IPsec Sets 1 to 5 are available, and you can specify IPsec
settings for one communication device for each IPsec Set.
(1) [IPsec Set]
Set IPsec Set to [Disable], [Enable in IPv4] or [Enable
in IPv6].
(2) [IPsec Mode]
Set IPsec mode to [Tunnel Mode] or [Transport
Mode].
(3) [Destination IPv4 Address], [Destination IPv6 Address]
Enter the IP address of the connection destination.
(4) [Source IPv4 Address], [Source IPv6 Address]
Enter the IP address of the source.
(5) [Security Protocol]
Set the IPsec protocol to [ESP], [AH] or [ESP and AH].
If [ESP] is selected, enter only the setting items
relating to ESP.
If [AH] is selected, enter only the setting items relating
to AH.
If [ESP and AH] is selected, enter all setting items.
(6) [Security Gateway IPv4 Address], [Security Gateway
IPv6 Address]
If IPsec mode is set to [Tunnel Mode] in (2), set the IP
address of the security gateway.
(7) [Destination Subnet Mask Length] (IPv4), [Destination
Prefix Length] (IPv6)
This setting is required only if IPsec mode is set to
[Tunnel Mode] in (2).
If IPv6 is used, enter a desired prefix length for the
connection destination in the range of 16 to 128.
If IPv4 is used, enter a desired length in the range of 1
to 32.
[IPsec] Setting IPsec
The following can be set here.
• IPsec
Set the IPsec setting method.
• Auto Key Exchange Settings
Set auto key exchange.
• IPsec Set
IP security can be specified through auto key
exchange or manual setting with up to five
communicating devices.