Default Policy
Items |
Settings and Explanation |
---|---|
IPsec/IP Filtering |
You can enable or disable an IPsec/IP Filtering feature. |
Access Control
Configure a control method for traffic of IP packets.
Items |
Settings and Explanation |
---|---|
Permit Access |
Select this to permit configured IP packets to pass through. |
Refuse Access |
Select this to refuse configured IP packets to pass through. |
IPsec |
Select this to permit configured IPsec packets to pass through. |
IKE Version
Select IKEv1 or IKEv2 for IKE Version. Select one of them according to the device that the scanner is connected to.
IKEv1
The following items are displayed when you select IKEv1 for IKE Version.
Items |
Settings and Explanation |
---|---|
Authentication Method |
To select Certificate, you need to obtain and import a CA-signed certificate in advance. |
Pre-Shared Key |
If you select Pre-Shared Key for Authentication Method, enter a pre-shared key between 1 and 127 characters. |
Confirm Pre-Shared Key |
Enter the key you configured for confirmation. |
IKEv2
The following items are displayed when you select IKEv2 for IKE Version.
Items |
Settings and Explanation |
||
---|---|---|---|
Local |
Authentication Method |
To select Certificate, you need to obtain and import a CA-signed certificate in advance. |
|
ID Type |
If you select Pre-Shared Key for Authentication Method, select the type of ID for the scanner. |
||
ID |
Enter the scanner's ID that matches the type of ID. You cannot use "@", "#", and "=" for the first character. Distinguished Name : Enter 1 to 255 1-byte ASCII (0x20 to 0x7E) characters. You need to include "=". IP Address : Enter IPv4 or IPv6 format. FQDN : Enter a combination of between 1 and 255 characters using A-Z, a-z, 0-9, "-", and period (.). Email Address : Enter 1 to 255 1-byte ASCII (0x20 to 0x7E) characters. You need to include "@". Key ID : Enter 1 to 255 1-byte ASCII (0x20 to 0x7E) characters. |
||
Pre-Shared Key |
If you select Pre-Shared Key for Authentication Method, enter a pre-shared key between 1 and 127 characters. |
||
Confirm Pre-Shared Key |
Enter the key you configured for confirmation. |
||
Remote |
Authentication Method |
To select Certificate, you need to obtain and import a CA-signed certificate in advance. |
|
ID Type |
If you select Pre-Shared Key for Authentication Method, select the type of ID for the device that you want to authenticate. |
||
ID |
Enter the scanner's ID that matches to the type of ID. You cannot use "@", "#", and "=" for the first character. Distinguished Name : Enter 1 to 255 1-byte ASCII (0x20 to 0x7E) characters. You need to include "=". IP Address : Enter IPv4 or IPv6 format. FQDN : Enter a combination of between 1 and 255 characters using A-Z, a-z, 0-9, "-", and period (.). Email Address : Enter 1 to 255 1-byte ASCII (0x20 to 0x7E) characters. You need to include "@". Key ID : Enter 1 to 255 1-byte ASCII (0x20 to 0x7E) characters. |
||
Pre-Shared Key |
If you select Pre-Shared Key for Authentication Method, enter a pre-shared key between 1 and 127 characters. |
||
Confirm Pre-Shared Key |
Enter the key you configured for confirmation. |
Encapsulation
If you select IPsec for Access Control, you need to configure an encapsulation mode.
Items |
Settings and Explanation |
---|---|
Transport Mode |
If you only use the scanner on the same LAN, select this. IP packets of layer 4 or later are encrypted. |
Tunnel Mode |
If you use the scanner on the Internet-capable network such as IPsec-VPN, select this option. The header and data of the IP packets are encrypted. Remote Gateway(Tunnel Mode): If you select Tunnel Mode for Encapsulation, enter a gateway address between 1 and 39 characters. |
Security Protocol
If you select IPsec for Access Control, select an option.
Items |
Settings and Explanation |
---|---|
ESP |
Select this to ensure the integrity of an authentication and data, and encrypt data. |
AH |
Select this to ensure the integrity of an authentication and data. Even if encrypting data is prohibited, you can use IPsec. |
Algorithm Settings
It is recommended that you select Any for all settings or select an item other than Any for each setting. If you select Any for some of the settings and select an item other than Any for the other settings, the device may not communicate depending on the other device that you want to authenticate.
Items |
Settings and Explanation |
||
---|---|---|---|
IKE |
Encryption |
Select the encryption algorithm for IKE. The items vary depending on the version of IKE. |
|
Authentication |
Select the authentication algorithm for IKE. |
||
Key Exchange |
Select the key exchange algorithm for IKE. The items vary depending on the version of IKE. |
||
ESP |
Encryption |
Select the encryption algorithm for ESP. This is available when ESP is selected for Security Protocol. |
|
Authentication |
Select the authentication algorithm for ESP. This is available when ESP is selected for Security Protocol. |
||
AH |
Authentication |
Select the encryption algorithm for AH. This is available when AH is selected for Security Protocol. |