Xerox 5222 用户手册
Configuration of IPsec
305
Configuration on a Computer
Confirm that the digital certificate to be used by the machine to encrypt PDF and XPS
files has been imported and registered on the recipient’s computer. This will assure the
ability to conduct two way digital signing of files, should this capability be required.
files has been imported and registered on the recipient’s computer. This will assure the
ability to conduct two way digital signing of files, should this capability be required.
Configuration of IPsec
IPsec (IPsecurity) is comprised of the IP Authentication Header and IP Encapsulating
Security Payload protocols, which secure IP communications at the network layer of
the protocol stack, using both authentication and data encryption techniques.
The ability to send IPsec encrypted data to the printer is provided by the use of a public
cryptographic key, following a network negotiating session between the initiator (client
computer) and the responder (printer or server). To send encrypted data to the printer,
the computer and the printer have to establish a Security Association with each other
by verifying a matching password (shared secret) to each other. If this authentication is
successful, a session public key will be built and used to send IPsec encrypted data
over the TCP/IP network to the printer.
Providing additional security during the Public Key negotiating process, Digital
Certificates can alternatively be used in place of the Shared Secret, to encrypt the
Public Key information being exchanged between communicating parties. The Digital
Certificate resides on the machine (managed as stated in
Security Payload protocols, which secure IP communications at the network layer of
the protocol stack, using both authentication and data encryption techniques.
The ability to send IPsec encrypted data to the printer is provided by the use of a public
cryptographic key, following a network negotiating session between the initiator (client
computer) and the responder (printer or server). To send encrypted data to the printer,
the computer and the printer have to establish a Security Association with each other
by verifying a matching password (shared secret) to each other. If this authentication is
successful, a session public key will be built and used to send IPsec encrypted data
over the TCP/IP network to the printer.
Providing additional security during the Public Key negotiating process, Digital
Certificates can alternatively be used in place of the Shared Secret, to encrypt the
Public Key information being exchanged between communicating parties. The Digital
Certificate resides on the machine (managed as stated in
) and MUST also have been imported and
stored on the computer that is encrypting data being sent to the machine.
Certificates add digital signatures (individualized checksums verifying data integrity) to
datagrams during the public key negotiating process, greatly assisting in securing data
from network sniffers.
Certificates add digital signatures (individualized checksums verifying data integrity) to
datagrams during the public key negotiating process, greatly assisting in securing data
from network sniffers.
To enable IPsec
1.
Open your web browser, and enter the IP address of the machine in the [Address]
box to access CentreWare Internet Services.
box to access CentreWare Internet Services.
2.
In CentreWare Internet Services, click the [Properties] tab.
3.
Expand the [Security] folder.
4.
Select [IPsec] in the directory tree.
5.
Enable the protocol by placing a checkmark in the [Enabled] box.
6.
Select [Pre-Shared Key] to use the Shared Secret (between this machine and
remote computers also possessing the secret). Note that if you select [Digital
Signature], the [Shared Secret] boxes will be grayed out and you will have to
supply a certificate stored on this machine to the remote computer that wishes to
send IPsec encrypted data to this machine. Refer to the
remote computers also possessing the secret). Note that if you select [Digital
Signature], the [Shared Secret] boxes will be grayed out and you will have to
supply a certificate stored on this machine to the remote computer that wishes to
send IPsec encrypted data to this machine. Refer to the
for full information.
7.
Enter the shared secret (a password) in the [Shared Secret] and [Verify Shared
Secret] boxes.
Secret] boxes.
8.
Select [Enabled] (default setting) for [Communicate with Non-IPsec Device], so
that computers not set up for encryption can still communicate with this machine.
that computers not set up for encryption can still communicate with this machine.
9.
Configure other available settings by referring to