Table 5-6
Create IPsec Template page
Item
Description
IPsec Template Name
Enter a name for a custom IPsec template in the edit box. This name will be added to
the
Step 3-Specify IPsec Template
page.
NOTE
The IPsec policy template name must be unique for all IPsec policy
templates.
Authentication Type
Hosts specified in the Address template must negotiate IPsec security settings
during a session. During negotiation, authentication must occur to validate sender/
receiver identities. Select one of the following authentication types.
Dynamic Keys
: Use Internet Key Exchange (IKE) protocols for authentication and
encryption and to create Security Associations . You must select one of the following
methods:
■
Pre-Shared Key
: Enter a pre-shared key (ASCII string) that is shared by all
hosts specified by this rule. If a pre-shared key is used, it should be protected;
any host that knows this key may be authenticated.
■
Certificates
: Certificates may be used for authentication. A self-signed Jetdirect
certificate is pre-installed by factory default, and can be replaced. In addition, a
CA certificate must be installed for server authentication. For information on
requesting, configuring and installing certificates, see
Configuring Certificates
.
After selecting a dynamic key method, you must configure IKE parameters using the
IKEv1 Phase 1 (Authentication)
page.
Manual Keys
: Select this option to configure encryption keys and create Security
Associations manually through the
Manual Keys
page.
IKEv1 Phase 1 (Authentication)
Internet Key Exchange (IKE) is used to create Security Associations dynamically. Use this page to
configure SA parameters for authentication and to securely generate IPsec session keys for
encryption and hashing algorithms. Items on this page are described below.
Table 5-7
IKE Phase 1 (Authentication) page
Item
Description
Diffie-Hellman Groups
(Required) A Diffie-Hellman exchange allows a secret key and security services to
be securely exchanged between two hosts over an unprotected network. A Diffie-
Hellman group determines the parameters to use during a Diffie-Hellman exchange.
Multiple well-known Diffie-Hellman groups are provided and can be selected.
Selecting all the groups will result in a single negotiated group.
SA Lifetime
(Required) Specify the lifetime, in seconds, that the keys associated with this
Security Association will be valid.
Negotiation Mode
(Required) IKE provides two modes of negotiation during an exchange for keys and
security services to be used for a Security Association:
Main: This mode features identity protection between the hosts and is slower but
secure.
Aggressive: This mode uses half the message exchanges. It is faster, but less
secure than Main mode.
ENWW
HP Jetdirect IPsec Wizard
103
Содержание 635n
Страница 1: ...635n HP Jetdirect Print Servers Administrator s Guide ...
Страница 2: ......
Страница 3: ...HP Jetdirect Print Servers 635n Administrator s Guide ...
Страница 10: ...viii ENWW ...
Страница 70: ...60 Chapter 3 TCP IP Configuration ENWW ...
Страница 106: ...96 Chapter 4 HP Jetdirect Embedded Web Server V 31 xx ENWW ...
Страница 116: ...106 Chapter 5 IPsec Configuration ENWW ...
Страница 166: ...156 Appendix A LPD Printing ENWW ...
Страница 172: ...162 Appendix B FTP Printing ENWW ...
Страница 182: ...172 Appendix C The HP Jetdirect EIO Control Panel Menu ENWW ...
Страница 186: ...176 Appendix D Open Source Licensing Statements ENWW ...
Страница 192: ...182 Index ENWW ...
Страница 193: ......
Страница 194: ... 2005 Hewlett Packard Development Company L P www hp com ...