1. Support
  2. Printers
  3. Lexmark Forms Printer 2591+
  4. Interactive user guide
  5. What is IPSec and how to configure this data encryption feature
Lexmark Forms Printer 2591+

Lexmark Forms Printer 2591+

Printer features: Dot matrix

Lexmark Forms Printer 2591+ Support

What is IPSec and how to configure this data encryption feature

What is IPSec and How to Configure this Data Encryption Feature
Overview
This article summarizes the Internet Protocol Security (
IPSec
) configuration procedure. IPSec provides authentication and encryption at the network layer (Layer 3) of the OSI model. It allows for the connection of up to five hosts using IPv4 or IPv6.
IPSec provides data confidentiality via encryption of all data sent via the upper layer protocols. This encrypted data travels across the network, for example, from an MFP to a SMTP server or FTP server, and then down to a workstation.
NOTE:
This form of data encryption can have performance consequences.
Before you begin
You will need to obtain the printer's IP address. You will also need to obtain the following security information:
  • -IP addresses
    of computers (hosts) requiring access to the printer.
  • -Case-sensitive
    pre-shared key
    value if AES - PSK is being implemented.
  • -TCP/IP address or subnet information of computers utilizing Certificate Authentication.
  • -Encryption type -
    DES
    ,
    3DES
    , and
    AES
    - supported.
  • -Authentication type -
    MD5
    or
    SHA1
    - supported.
  • -Proper
    DH group -
    modp768, 1024, 1536 and 2048 - supported.
Lastly, make sure certificates are downloaded and installed on the printer.
How to configure IPSec
  1. Access the printer's web page. To do this, enterthe printer's TCP/IP address into the web address bar (i.e. http://printer_IP_address using the IP address of the printer).
  2. Click on
    Configuration
    .
  3. Click on
    Security
    .
  4. Click on
    IPSec
    .
  5. Enter the values obtained above.
  6. Click on
    Submit
    . Click here for one example illustration.
NOTE:
After a printer is configured for IPSec with a host, IPSec is required for any IP communications to take place.
Supported authentication types
Shared Key Authentication
This authenticates any ASCII phrase shared among all participating host computers. It is the easiest configuration method when only a few host computers on the network use IPSec.
Certificate Authentication
This authenticates any host computer or subnet of hosts for IPSec. Each host computer must have a public/private key pair.
The
Validate Peer Certificate
setting is enabled by default, requiring each host to have an installed signed authority certificate and an identifier in the
Subject Alternate Name
field of the signed certificate.
Still need help?
Please
contact
Lexmark Technical Support for additional assistance.
NOTE:
When calling for support, you will need to know the
printer model type
and
serial number
of your printer. Please call from near the printer and computer in case the technician asks you to perform a task involving one of these devices.
LEGACY ID:
HO3292
  • IP Sec Enable
    - Turns security protocol
    On
    or
    Off
    .
  • Connections
    - TCP/IP address of remote authenticated members (domain server address or client) using Pre-Shared Key (PSK) authenticated connections or certificate authenticated connections.
    Settings
    include:
  • DH Group
    - Named after Diffie & Hellman cryptographic protocol: modp
    *
    1, 2, 5, and 14 are supported.
  • Encryption
    - Data Encryption Standard (
    DES
    ), Triple Data Encryption Standard (
    3DES
    ), and Advanced Encryption Standard (
    AES
    ) are supported.
  • Authentication
    - Message Digest Algorithm (
    MD5
    , uses 128-bit hash) and Secure Hash Algorithm (
    SHA1
    , uses 160-bit hash) are supported.
  • Validate Peer Certificate
    - Turns certificate validation
    On
    and
    Off
    .
    * -
    More modular exponential DH groups.
  • Is IPSec turned on?
  • Confirm that IPSec is working on the rest of the network.
  • Confirm proper case-sensitive entry of key or passphrase if using PSK.
  • Verify AES is being used and not EAP (Extensible Authentication Protocol). EAP/802.1X will require 802.1X configuration.
  • If the customer is not using a certificate, make sure
    validate peer certificate
    does not have a checkmark. The default
    On
    setting may be the problem.