Utility Software | OKI Data

Creating an IP Security Policy
Setting Key Exchange
Setting an IP Filter
Setting Filter Actions
Assigning an IP Security Policy

Set IPSec to a computer.

Follow the procedure below, and be sure to perform all the steps in order.

Memo

Set this machine before setting the computer.

Setting This Machine

Creating an IP Security Policy

Click [Start], and then select [Control Panel] > [System and Security] > [Administrative Tools].
Double-click [Local Security Policy].
Click [IP Security Policies on Local Computer] in the [Local Security Policy] window.
Select [Create IP Security Policy] from the [Action] menu.
Click [Next] in [IP Security Policy Wizard].
Enter [Name] and [Description], and then click [Next].
Clear the [Activate the default response rule (earlier versions of Windows only)] check box, and then click [Next].
Select the [Edit Properties] check box, and then click [Finish].

Setting Key Exchange

Select the [General] tab in the New IP Security Policy Properties window.
Click [Settings].
Enter a value (minutes) in [Authenticate and generate a new key after every] in the [Key Exchange Settings] window.

Note

Specify the same value as [Lifetime] in the "Phase1 Proposal" setting in "Setting This Machine". Enter a value in minutes in this step even if [Lifetime] is specified in seconds.
Click [Methods].
Click [Add] in the [Key Exchange Security Methods] window.
Specify [Integrity algorithm], [Encryption algorithm], and [Diffie-Hellman group].

Note

Select the same value specified in [IKE Encryption Algorithm], [IKE Hush Algorithm], and [Diffie-Hellman group] in the "Phase1 Proposal" setting in "Setting This Machine".
Click [OK].
Select [OK] in the [Key Exchange Security Methods] window.
Click [OK] in the [Key Exchange Settings] window.

Setting an IP Filter

Select the [Rules] tab in the IP security policy properties window.
Click [Add].
Click [Next] in [Security Rule Wizard].
Select [This rule does not specify a tunnel] on the [Tunnel Endpoint] screen, and then click [Next].
Select [All Network Connections] on the [Network Type] screen, and then click [Next].
Click [Add] on the [IP Filter List] screen.
Click [Add] in the [IP Filter List] window.
Click [Next] on [IP Filter Wizard].
Click [Next] on the [IP Filter Description and Mirrored property] screen.
Click [Next] on the [IP Traffic Source] screen.
Click [Next] on the [IP Traffic Destination] screen.
Click [Next] on the [IP Protocol Type] screen.
Click [Finish].

Setting Filter Actions

Click [OK] in the [IP Filter List] window.
Select a new IP filter from the list on the [Security Rule Wizard], and then click [Next].
Click [Add] on the [Filter Action] screen.
Click [Next] in the [Filter Action Wizard].
Enter [Name] and [Description] on the [Filter Action Name] screen.
Select [Negotiate security] on the [Filter Action General Options] screen, and then click [Next].
Select [Do not allow unsecured communication] on the [Communicating with computers that do not support IPsec] screen, and then click [Next].
Select [Custom] on the [IP Traffic Security] screen, and then click [Settings].
Set in the [Custom Security Method Settings] window, and then click [OK].

Note

Set the same values as those specified in [ESP Encryption Algorithm], [ESP Authentication Algorithm], [AH Authentication Algorithm], and [LifeTime] in the "Phase2 Proposal" setting in "Setting This Machine".
Click [Next] on the [IP Traffic Security] screen.
Select the [Edit Properties] check box, and then click [Finish].

Assigning an IP Security Policy

If you want to enable Key PFS, select the [Use session key perfect forward secrecy (PFS)] check box in the [Filter Action Properties] window.
If you perform IPSec communication with the IPv6 global address, select the [Accept unsecured communication, but always respond using IPsec] check box.
Click [OK].
Select the new filter action, and then click [Next].
Select the authentication method on the [Authentication Method] screen, and then click [Next].

Note

If the pre-shared key is set in "Setting This Machine", enable "Use this string to protect the key exchange (preshared key)" on the [Authentication Method] screen and enter the pre-shared key.
Click [Finish].
Click [OK] in the New IP Security Policy Properties window.
Select the new IP security policy in the [Local Security Policy] window.
Select [Assign] from the [Action] menu.
Check that [Yes] is displayed for [Policy Assigned] for the new IP security policy.
Click [x] in the [Local Security Policy] window.

Setting a Computer

Memo

Creating an IP Security Policy

Click [Start], and then select [Control Panel] > [System and Security] > [Administrative Tools].

Double-click [Local Security Policy].

Click [IP Security Policies on Local Computer] in the [Local Security Policy] window.

Select [Create IP Security Policy] from the [Action] menu.

Click [Next] in [IP Security Policy Wizard].

Enter [Name] and [Description], and then click [Next].

Clear the [Activate the default response rule (earlier versions of Windows only)] check box, and then click [Next].

Select the [Edit Properties] check box, and then click [Finish].

Setting Key Exchange

Select the [General] tab in the New IP Security Policy Properties window.

Click [Settings].

Enter a value (minutes) in [Authenticate and generate a new key after every] in the [Key Exchange Settings] window.

Note

Click [Methods].

Click [Add] in the [Key Exchange Security Methods] window.

Specify [Integrity algorithm], [Encryption algorithm], and [Diffie-Hellman group].

Note

Click [OK].

Select [OK] in the [Key Exchange Security Methods] window.

Click [OK] in the [Key Exchange Settings] window.

Setting an IP Filter

Select the [Rules] tab in the IP security policy properties window.

Click [Add].

Click [Next] in [Security Rule Wizard].

Select [This rule does not specify a tunnel] on the [Tunnel Endpoint] screen, and then click [Next].

Select [All Network Connections] on the [Network Type] screen, and then click [Next].

Click [Add] on the [IP Filter List] screen.

Click [Add] in the [IP Filter List] window.

Click [Next] on [IP Filter Wizard].

Click [Next] on the [IP Filter Description and Mirrored property] screen.

Click [Next] on the [IP Traffic Source] screen.

Click [Next] on the [IP Traffic Destination] screen.

Click [Next] on the [IP Protocol Type] screen.

Click [Finish].

Setting Filter Actions

Click [OK] in the [IP Filter List] window.

Select a new IP filter from the list on the [Security Rule Wizard], and then click [Next].

Click [Add] on the [Filter Action] screen.

Click [Next] in the [Filter Action Wizard].

Enter [Name] and [Description] on the [Filter Action Name] screen.

Select [Negotiate security] on the [Filter Action General Options] screen, and then click [Next].

Select [Do not allow unsecured communication] on the [Communicating with computers that do not support IPsec] screen, and then click [Next].

Select [Custom] on the [IP Traffic Security] screen, and then click [Settings].

Set in the [Custom Security Method Settings] window, and then click [OK].

Note

Click [Next] on the [IP Traffic Security] screen.

Select the [Edit Properties] check box, and then click [Finish].

Assigning an IP Security Policy

If you want to enable Key PFS, select the [Use session key perfect forward secrecy (PFS)] check box in the [Filter Action Properties] window.

If you perform IPSec communication with the IPv6 global address, select the [Accept unsecured communication, but always respond using IPsec] check box.

Click [OK].

Select the new filter action, and then click [Next].

Select the authentication method on the [Authentication Method] screen, and then click [Next].

Note

Click [Finish].

Click [OK] in the New IP Security Policy Properties window.

Select the new IP security policy in the [Local Security Policy] window.

Select [Assign] from the [Action] menu.

Check that [Yes] is displayed for [Policy Assigned] for the new IP security policy.

Click [x] in the [Local Security Policy] window.