NOTE
Depending on your selection of the authentication type (dynamic keys or manual keys)
on this page, subsequent configuration pages will differ when you click
Next
.
Table 5-7
Create IPsec Template page
Item
Description
IPsec Template Name
Enter a name for a custom IPsec template in the edit box. This name will be added to
the
Step 3-Specify IPsec Template
page.
NOTE
The IPsec template name must be unique.
Authentication Type
Hosts specified in the Address template must negotiate IPsec security settings during
a session. During negotiation, authentication must occur to validate sender/receiver
identities. Select one of the following authentication types.
Dynamic Keys
: Use Internet Key Exchange (IKE) protocols for authentication and
encryption and to create Security Associations . You must select one of the following
methods:
●
Pre-Shared Key
: Enter a pre-shared key (ASCII string) that is shared by all hosts
specified by this rule. If a pre-shared key is used, it should be protected; any host
that knows this key may be authenticated.
●
Certificates
: Certificates may be used for authentication. A self-signed Jetdirect
certificate is pre-installed by factory default, and can be replaced. In addition, a CA
certificate must be installed for server authentication. For information on
requesting, configuring and installing certificates, see
Configuring Certificates
.
After selecting a dynamic key method, you must configure IKE parameters using the
IKEv1 Phase 1 (Authentication)
page.
Manual Keys
: Select this option to configure encryption keys and create Security
Associations manually through the
Manual Keys
page.
IKEv1 Phase 1 (Authentication)
Internet Key Exchange (IKE) is used to create Security Associations dynamically. Use this page to
configure SA parameters for authentication and to securely generate IPsec session keys for encryption
and hashing algorithms. Items on this page are described below.
Table 5-8
IKE Phase 1 (Authentication) page
Item
Description
Diffie-Hellman Groups
(Required) A Diffie-Hellman exchange allows a secret key and security services to be
securely exchanged between two hosts over an unprotected network. A Diffie-Hellman
group determines the parameters to use during a Diffie-Hellman exchange. Multiple
well-known Diffie-Hellman groups are provided and can be selected.
Selecting all the groups will result in a single negotiated group.
SA Lifetime
(Required) Specify the lifetime, in seconds, that the keys associated with this Security
Association will be valid.
Negotiation Mode
(Required) IKE provides two modes of negotiation during an exchange for keys and
security services to be used for a Security Association:
Main: This mode features identity protection between the hosts and is slower but secure.
ENWW
HP Jetdirect IPsec/Firewall Wizard
101
Содержание Jetdirect J7974E
Страница 2: ......
Страница 3: ...HP Jetdirect Print Servers Administrator s Guide ...
Страница 10: ...viii ENWW ...
Страница 18: ...8 Chapter 1 Introducing the HP Jetdirect Print Server ENWW ...
Страница 26: ...16 Chapter 2 HP Software Solutions Summary ENWW ...
Страница 68: ...58 Chapter 3 TCP IP Configuration ENWW ...
Страница 104: ...Figure 5 1 Firewall Policy page Figure 5 2 IPsec Policy page 94 Chapter 5 IPsec Firewall Configuration V 34 xx ENWW ...
Страница 114: ...104 Chapter 5 IPsec Firewall Configuration V 34 xx ENWW ...
Страница 162: ...152 Appendix A LPD Printing ENWW ...
Страница 178: ...168 Appendix D Open Source Licensing Statements ENWW ...
Страница 184: ...174 Index ENWW ...
Страница 185: ......
Страница 186: ... 2006 Hewlett Packard Development Company L P www hp com ...