Knowledge base Setup, installation, and configuration issues
What is IPSec and how to configure this data encryption feature
What is IPSec and How to Configure this Data Encryption Feature
Overview
This article summarizes the Internet Protocol Security (
IPSec
) configuration procedure. IPSec provides authentication and encryption at the network layer (Layer 3) of the OSI model. It allows for the connection of up to five hosts using IPv4 or IPv6.
IPSec provides data confidentiality via encryption of all data sent via the upper layer protocols. This encrypted data travels across the network, for example, from an MFP to a SMTP server or FTP server, and then down to a workstation.
NOTE:
This form of data encryption can have performance consequences.
Before you begin
You will need to obtain the printer's IP address. You will also need to obtain the following security information:
-IP addresses
of computers (hosts) requiring access to the printer.
-Case-sensitive
pre-shared key
value if AES - PSK is being implemented.
-TCP/IP address or subnet information of computers utilizing Certificate Authentication.
-Encryption type -
DES
,
3DES
, and
AES
- supported.
-Authentication type -
MD5
or
SHA1
- supported.
-Proper
DH group -
modp768, 1024, 1536 and 2048 - supported.
Lastly, make sure certificates are downloaded and installed on the printer.
How to configure IPSec
Access the printer's web page. To do this, enterthe printer's TCP/IP address into the web address bar (i.e. http://printer_IP_address using the IP address of the printer).
After a printer is configured for IPSec with a host, IPSec is required for any IP communications to take place.
Supported authentication types
Shared Key Authentication
This authenticates any ASCII phrase shared among all participating host computers. It is the easiest configuration method when only a few host computers on the network use IPSec.
Certificate Authentication
This authenticates any host computer or subnet of hosts for IPSec. Each host computer must have a public/private key pair.
The
Validate Peer Certificate
setting is enabled by default, requiring each host to have an installed signed authority certificate and an identifier in the
Subject Alternate Name
field of the signed certificate.
Still need help?
Please
contact
Lexmark Technical Support for additional assistance.
NOTE:
When calling for support, you will need to know the
printer model type
and
serial number
of your printer. Please call from near the printer and computer in case the technician asks you to perform a task involving one of these devices.
LEGACY ID:
HO3292
IP Sec Enable
- Turns security protocol
On
or
Off
.
Connections
- TCP/IP address of remote authenticated members (domain server address or client) using Pre-Shared Key (PSK) authenticated connections or certificate authenticated connections.
Settings
include:
DH Group
- Named after Diffie & Hellman cryptographic protocol: modp
*
1, 2, 5, and 14 are supported.
Encryption
- Data Encryption Standard (
DES
), Triple Data Encryption Standard (
3DES
), and Advanced Encryption Standard (
AES
) are supported.
Authentication
- Message Digest Algorithm (
MD5
, uses 128-bit hash) and Secure Hash Algorithm (
SHA1
, uses 160-bit hash) are supported.
Validate Peer Certificate
- Turns certificate validation
On
and
Off
.
* -
More modular exponential DH groups.
Is IPSec turned on?
Confirm that IPSec is working on the rest of the network.
Confirm proper case-sensitive entry of key or passphrase if using PSK.
Verify AES is being used and not EAP (Extensible Authentication Protocol). EAP/802.1X will require 802.1X configuration.
If the customer is not using a certificate, make sure
validate peer certificate
does not have a checkmark. The default
On
setting may be the problem.
Feedback Submitted! Thank you for providing valuable feedback!