Xerox Phaser 6700 Administrator's Guide

Security

Phaser 6700 Color Printer

System Administrator Guide

1. Under IKE Phase 1, in the Key Lifetime field, type the length of time until the key expires in Seconds,

Minutes, or Hours. When a key reaches this lifetime, the SA is renegotiated and the key is
regenerated or refreshed.

2. Select the DH Group from the following options:



Group 2 provides a 1024-bit Modular Exponential (MODP) keying strength.



Group 14 provides a 2048-bit MODP keying strength.

3. Under IKE Phase 2, select the IPsec Mode. Options are Transport Mode or Tunnel Mode.

Note:

Transport mode only encrypts the IP payload, whereas Tunnel mode encrypts the IP header

and the IP payload. Tunnel mode provides protection for an entire IP packet by treating it as an
Authentication Header (AH), or Encapsulating Security Payload (ESP).

4. If you selected Tunnel Mode, under Enable Security End Point Address, select the address type.

Options are Disabled, IPv4 Address, or IPv6 Address.

5.  Under IPsec Security, select ESP, AH, or BOTH.
6.  Type the Key Lifetime, and select Seconds, Minutes, or Hours.
7.  Under Perfect Forward Secrecy (PFS), select None, Group 2, or Group 14.

Note:

PFS is disabled by default. PFS allows faster IPsec setup, but is less secure.

8. Under Hash, select from the following:



SHA1



None

9. If you selected ESP or BOTH for the IPsec Security type, select one or more of the following

Encryption types:

Note:

If the IPsec Security type is set to AH, the Encryption type options do not appear.



AES



3DES



Null

10. Click Save to apply the new settings or Undo to retain the previous settings.

Editing or Deleting an Action

To edit or delete an action, select the action from the list, then click Edit or Delete.

Managing Protocol Groups

Protocol Groups are logical groupings of selected protocols based on service type, service name, port

number, and device type. Create a Protocol Group to apply specific security policies for selected protocols.