Default Policy Setting Items

Default Policy

Items

Settings and Explanation

IPsec/IP Filtering

You can enable or disable an IPsec/IP Filtering feature.

  • Access Control

    Configure a control method for traffic of IP packets.

    Items

    Settings and Explanation

    Permit Access

    Select this to permit configured IP packets to pass through.

    Refuse Access

    Select this to refuse configured IP packets to pass through.

    IPsec

    Select this to permit configured IPsec packets to pass through.

  • IKE Version

    Select IKEv1 or IKEv2 for IKE Version. Select one of them according to the device that the scanner is connected to.

    • IKEv1

      The following items are displayed when you select IKEv1 for IKE Version.

      Items

      Settings and Explanation

      Authentication Method

      To select Certificate, you need to obtain and import a CA-signed certificate in advance.

      Pre-Shared Key

      If you select Pre-Shared Key for Authentication Method, enter a pre-shared key between 1 and 127 characters.

      Confirm Pre-Shared Key

      Enter the key you configured for confirmation.

    • IKEv2

      The following items are displayed when you select IKEv2 for IKE Version.

      Items

      Settings and Explanation

      Local

      Authentication Method

      To select Certificate, you need to obtain and import a CA-signed certificate in advance.

      ID Type

      If you select Pre-Shared Key for Authentication Method, select the type of ID for the scanner.

      ID

      Enter the scanner's ID that matches the type of ID.

      You cannot use "@", "#", and "=" for the first character.

      Distinguished Name : Enter 1 to 255 1-byte ASCII (0x20 to 0x7E) characters. You need to include "=".

      IP Address : Enter IPv4 or IPv6 format.

      FQDN : Enter a combination of between 1 and 255 characters using A-Z, a-z, 0-9, "-", and period (.).

      Email Address : Enter 1 to 255 1-byte ASCII (0x20 to 0x7E) characters. You need to include "@".

      Key ID : Enter 1 to 255 1-byte ASCII (0x20 to 0x7E) characters.

      Pre-Shared Key

      If you select Pre-Shared Key for Authentication Method, enter a pre-shared key between 1 and 127 characters.

      Confirm Pre-Shared Key

      Enter the key you configured for confirmation.

      Remote

      Authentication Method

      To select Certificate, you need to obtain and import a CA-signed certificate in advance.

      ID Type

      If you select Pre-Shared Key for Authentication Method, select the type of ID for the device that you want to authenticate.

      ID

      Enter the scanner's ID that matches to the type of ID.

      You cannot use "@", "#", and "=" for the first character.

      Distinguished Name : Enter 1 to 255 1-byte ASCII (0x20 to 0x7E) characters. You need to include "=".

      IP Address : Enter IPv4 or IPv6 format.

      FQDN : Enter a combination of between 1 and 255 characters using A-Z, a-z, 0-9, "-", and period (.).

      Email Address : Enter 1 to 255 1-byte ASCII (0x20 to 0x7E) characters. You need to include "@".

      Key ID : Enter 1 to 255 1-byte ASCII (0x20 to 0x7E) characters.

      Pre-Shared Key

      If you select Pre-Shared Key for Authentication Method, enter a pre-shared key between 1 and 127 characters.

      Confirm Pre-Shared Key

      Enter the key you configured for confirmation.

  • Encapsulation

    If you select IPsec for Access Control, you need to configure an encapsulation mode.

    Items

    Settings and Explanation

    Transport Mode

    If you only use the scanner on the same LAN, select this. IP packets of layer 4 or later are encrypted.

    Tunnel Mode

    If you use the scanner on the Internet-capable network such as IPsec-VPN, select this option. The header and data of the IP packets are encrypted.

    Remote Gateway(Tunnel Mode): If you select Tunnel Mode for Encapsulation, enter a gateway address between 1 and 39 characters.

  • Security Protocol

    If you select IPsec for Access Control, select an option.

    Items

    Settings and Explanation

    ESP

    Select this to ensure the integrity of an authentication and data, and encrypt data.

    AH

    Select this to ensure the integrity of an authentication and data. Even if encrypting data is prohibited, you can use IPsec.

  • Algorithm Settings

    It is recommended that you select Any for all settings or select an item other than Any for each setting. If you select Any for some of the settings and select an item other than Any for the other settings, the device may not communicate depending on the other device that you want to authenticate.

    Items

    Settings and Explanation

    IKE

    Encryption

    Select the encryption algorithm for IKE.

    The items vary depending on the version of IKE.

    Authentication

    Select the authentication algorithm for IKE.

    Key Exchange

    Select the key exchange algorithm for IKE.

    The items vary depending on the version of IKE.

    ESP

    Encryption

    Select the encryption algorithm for ESP.

    This is available when ESP is selected for Security Protocol.

    Authentication

    Select the authentication algorithm for ESP.

    This is available when ESP is selected for Security Protocol.

    AH

    Authentication

    Select the encryption algorithm for AH.

    This is available when AH is selected for Security Protocol.