* Enter the name of the utility key. You can search descriptions of utility keys.

Enable IPsec

To display: [Utility][Administrator][Network][TCP/IP Setting][IPsec][Enable IPsec]

Configure settings to enable use of IPsec. Also, specify the policy for IPsec communication.

InĀ [IPsec Setting], register items [IKE], [SA], [Peer], and [Protocol Setting].

Setting

Description

[IPsec]

When using IPsec, set this option to ON (default: OFF).

[Dead Peer Detection]

If no response can be confirmed from the peer in a certain period, the SA with the peer is deleted. Select a time that elapses before sending survival confirmation information to the peer how has not responded (default: [15] sec.).

[Cookies]

Select whether to enable the defense using Cookies against denial-of-service attacks (default: [Disable]).

[ICMP Pass]

Select whether to apply IPsec to the Internet Control Message Protocol (ICMP) (default: [Disable]). Select [Enable] to allow the ICMP packets to pass without applying IPsec to the ICMP.

[ICMPv6 Pass]

Select whether to apply IPsec to the Internet Control Message Protocol for IPv6 (ICMPv6) (default: [Disable]). Select [Enable] to allow the ICMPv6 packets to pass without applying IPsec to the ICMPv6.

[Default Action]

Select an action to be taken if no settings meet the [IPsec Policy] while IPsec communication is enabled (default: [Allow]). Select [Deny] to discard IP packets that do not meet the [IPsec Policy] settings.

[Certificate Verification Level Settings]

To verify the certificate, select items to be verified.

  • [Expiration Date]: Confirm whether the certificate is within the validity period (default: ON).

  • [Key Usage]: Confirm whether the certificate is used according to the intended purpose approved by the certificate issuer (default: OFF).

  • [Chain]: Confirm whether there is a problem in the certificate chain (certificate path) (default: OFF). The chain is validated by referencing the external certificates managed on this machine.

  • [Expiration Date Confirmation]: Confirm whether the certificate has expired (default: OFF). The expiration date confirmation is performed in the order of OCSP (Online Certificate Status Protocol) service, and CRL (Certificate Revocation List).

[IPsec Policy]

Configure the policy to apply for IPsec communication.

IP packet conditions can be specified to pass or allow the IP packets that meet each of the conditions.

  • [IPsec Policy]: Select whether to use the IPsec policy (default: [OFF]).

  • [Name]: Enter the IPsec policy name (using 1 to 10 characters, excluding ").

  • [Peer]: Select a peer setting. Select the setting from those registered in [Peer] in [IPsec Setting].

  • [Protocol Setting]: Select a protocol. Select the setting from those registered in [Protocol Setting] in [IPsec Setting].

  • [IPsec Setting]: Select an SA setting. Select the setting from those registered in [SA] in [IPsec Setting].

  • [Communication Type]: Select a direction of IPsec communication.

  • [Action]: Select the operation for the IP packet that matches the specified condition.
    [Protected]: Protect the IP packets that met the conditions.
    [Allow]: Do not protect the IP packets that met the conditions.
    [Deny]: Discard the IP packets that met the conditions.
    [Cancel]: Refuse the IP packets that met the conditions.