Management / Setting the Printer

You can encrypt communication between your computer and the machine.

The communication is encrypted by IPSec. When IPSec is enabled, encryption is applied for all the applications by using IP protocols.

You can specify up to 50 hosts by their IP addresses. When a host that is not registered tries to access the machine, it is rejected. When you try to access a host that is not registered, the attempt is invalid.

Be sure to configure the machine in advance, before configuring your computer.

Memo

You must have a pre-shared key readied in advance.

Setting This Machine

To enable IPSec, you must set this machine by using the Web page in advance.

Note

When you enable IPSec, communication with a host not specified in this procedure is rejected.
If IPsec is set to this machine and the host, IPSec communication is established. If IPSec is not set to the host, IPSec communication is not established.
Do not forget to take notes of the values specified in this procedure. These values are necessary when setting IPSec on a computer.

Open the Web page of this machine.

Open the Web Page of This Machine
Log in as the administrator.
Select [Admin Setup].
Select [Network] > [Security] > [IPSec].
Specify detailed settings by following the on-screen instructions.
Memo
- You must enable either [AH] or [ESP] in the [Phase2 Proposal] setting.
Click [Submit].

The new settings take effect when the network function of this machine restarts.

Note

If you were unable to set up IPSec due to the inconsistency of the parameters that were specified, you cannot access the Web page. In such a case, disable the IPSec from the operator panel of this machine or initialize the network settings.

Proceed to "Setting a Computer".

Setting a Computer

Set IPSec to a computer.

Follow the procedure below, and be sure to perform all the steps in order.

Creating an IP Security Policy

Click [Start], and then select [Control Panel] > [System and Security] > [Administrative Tools].
Double-click [Local Security Policy].
Click [IP Security Policies on Local Computer] in the [Local Security Policy] window.
Select [Create IP Security Policy] from the [Action] menu.
Click [Next] in [IP Security Policy Wizard].
Enter [Name] and [Description], and then click [Next].
Clear the [Activate the default response rule (earlier versions of Windows only)] check box, and then click [Next].
Select the [Edit Properties] check box, and then click [Finish].

Setting Key Exchange

Select the [General] tab in the New IP Security Policy Properties window.
Click [Settings].
Enter a value (minutes) in [Authenticate and generate a new key after every] in the [Key Exchange Settings] window.
Note
- Specify the same value as [Lifetime] in the "Phase1 Proposal" setting in "Setting This Machine". Enter a value in minutes in this step even if [Lifetime] is specified in seconds.
Click [Methods].
Click [Add] in the [Key Exchange Security Methods] window.
Specify [Integrity algorithm], [Encryption algorithm], and [Diffie-Hellman group].
Note
- Select the same value specified in [IKE Encryption Algorithm], [IKE Hush Algorithm], and [Diffie-Hellman group] in the "Phase1 Proposal" setting in "Setting This Machine".
Click [OK].
Select [OK] in the [Key Exchange Security Methods] window.
Click [OK] in the [Key Exchange Settings] window.

Setting an IP Filter

Select the [Rules] tab in the IP security policy properties window.
Click [Add].
Click [Next] in [Security Rule Wizard].
Select [This rule does not specify a tunnel] on the [Tunnel Endpoint] screen, and then click [Next].
Select [All Network Connections] on the [Network Type] screen, and then click [Next].
Click [Add] on the [IP Filter List] screen.
Click [Add] in the [IP Filter List] window.
Click [Next] on [IP Filter Wizard].
Click [Next] on the [IP Filter Description and Mirrored property] screen.
Click [Next] on the [IP Traffic Source] screen.
Click [Next] on the [IP Traffic Destination] screen.
Click [Next] on the [IP Protocol Type] screen.
Click [Finish].

Setting Filter Actions

Click [OK] in the [IP Filter List] window.
Select a new IP filter from the list on the [Security Rule Wizard], and then click [Next].
Click [Add] on the [Filter Action] screen.
Click [Next] in the [Filter Action Wizard].
Enter [Name] and [Description] on the [Filter Action Name] screen, and then click [Next].
Select [Negotiate security] on the [Filter Action General Options] screen, and then click [Next].
Select [Do not allow unsecured communication] on the [Communicating with computers that do not support IPsec] screen, and then click [Next].
Select [Custom] on the [IP Traffic Security] screen, and then click [Settings].
Set in the [Custom Security Method Settings] window, and then click [OK].
Note
- Set the same values as those specified in [ESP Encryption Algorithm], [ESP Authentication Algorithm], [AH Authentication Algorithm], and [LifeTime] in the "Phase2 Proposal" setting in "Setting This Machine".
Click [Next] on the [IP Traffic Security] screen.
Select the [Edit Properties] check box, and then click [Finish].

Assigning an IP Security Policy

If you want to enable Key PFS, select the [Use session key perfect forward secrecy (PFS)] check box in the [Filter Action Properties] window.
If you perform IPSec communication with the IPv6 global address, select the [Accept unsecured communication, but always respond using IPsec] check box.
Click [OK].
Select the new filter action, and then click [Next].
Select the authentication method on the [Authentication Method] screen, and then click [Next].
Note
- If the pre-shared key is set in "Setting This Machine", enable "Use this string to protect the key exchange (preshared key)" on the [Authentication Method] screen and enter the pre-shared key.
Click [Finish].
Click [OK] in the New IP Security Policy Properties window.
Select the new IP security policy in the [Local Security Policy] window.
Select [Assign] from the [Action] menu.
Check that [Yes] is displayed for [Policy Assigned] for the new IP security policy.
Click [x] in the [Local Security Policy] window.

Encrypting Communication with IPSec

Memo

Setting This Machine

Note

Open the Web page of this machine.

Log in as the administrator.

Select [Admin Setup].

Select [Network] > [Security] > [IPSec].

Specify detailed settings by following the on-screen instructions.

Memo

Click [Submit].

Note

Setting a Computer

Creating an IP Security Policy

Click [Start], and then select [Control Panel] > [System and Security] > [Administrative Tools].

Double-click [Local Security Policy].

Click [IP Security Policies on Local Computer] in the [Local Security Policy] window.

Select [Create IP Security Policy] from the [Action] menu.

Click [Next] in [IP Security Policy Wizard].

Enter [Name] and [Description], and then click [Next].

Clear the [Activate the default response rule (earlier versions of Windows only)] check box, and then click [Next].

Select the [Edit Properties] check box, and then click [Finish].

Setting Key Exchange

Select the [General] tab in the New IP Security Policy Properties window.

Click [Settings].

Enter a value (minutes) in [Authenticate and generate a new key after every] in the [Key Exchange Settings] window.

Note

Click [Methods].

Click [Add] in the [Key Exchange Security Methods] window.

Specify [Integrity algorithm], [Encryption algorithm], and [Diffie-Hellman group].

Note

Click [OK].

Select [OK] in the [Key Exchange Security Methods] window.

Click [OK] in the [Key Exchange Settings] window.

Setting an IP Filter

Select the [Rules] tab in the IP security policy properties window.

Click [Add].

Click [Next] in [Security Rule Wizard].

Select [This rule does not specify a tunnel] on the [Tunnel Endpoint] screen, and then click [Next].

Select [All Network Connections] on the [Network Type] screen, and then click [Next].

Click [Add] on the [IP Filter List] screen.

Click [Add] in the [IP Filter List] window.

Click [Next] on [IP Filter Wizard].

Click [Next] on the [IP Filter Description and Mirrored property] screen.

Click [Next] on the [IP Traffic Source] screen.

Click [Next] on the [IP Traffic Destination] screen.

Click [Next] on the [IP Protocol Type] screen.

Click [Finish].

Setting Filter Actions

Click [OK] in the [IP Filter List] window.

Select a new IP filter from the list on the [Security Rule Wizard], and then click [Next].

Click [Add] on the [Filter Action] screen.

Click [Next] in the [Filter Action Wizard].

Enter [Name] and [Description] on the [Filter Action Name] screen, and then click [Next].

Select [Negotiate security] on the [Filter Action General Options] screen, and then click [Next].

Select [Do not allow unsecured communication] on the [Communicating with computers that do not support IPsec] screen, and then click [Next].

Select [Custom] on the [IP Traffic Security] screen, and then click [Settings].

Set in the [Custom Security Method Settings] window, and then click [OK].

Note

Click [Next] on the [IP Traffic Security] screen.

Select the [Edit Properties] check box, and then click [Finish].

Assigning an IP Security Policy

If you want to enable Key PFS, select the [Use session key perfect forward secrecy (PFS)] check box in the [Filter Action Properties] window.

If you perform IPSec communication with the IPv6 global address, select the [Accept unsecured communication, but always respond using IPsec] check box.

Click [OK].

Select the new filter action, and then click [Next].

Select the authentication method on the [Authentication Method] screen, and then click [Next].

Note

Click [Finish].

Click [OK] in the New IP Security Policy Properties window.

Select the new IP security policy in the [Local Security Policy] window.

Select [Assign] from the [Action] menu.

Check that [Yes] is displayed for [Policy Assigned] for the new IP security policy.

Click [x] in the [Local Security Policy] window.