* Enter the name of the utility key. You can search descriptions of utility keys.

Enable IPsec

To display: [Utility][Administrator Settings][Network Settings][TCP/IP Settings][IPsec Settings][Enable IPsec]

Configure settings to enable use of IPsec on this machine. Also, specify the policy for IPsec communication.

In [IPsec Settings], register items [IKE Settings], [IPsec SA Settings], [Peer], and [Protocol Setting].

Settings

Description

[ON]/[OFF]

Select whether to use IPsec.

[OFF] is specified by default.

[IPsec Policy]

Configure the policy to apply for IPsec communication.

IP packet conditions can be specified to pass or allow the IP packets that meet each of the conditions.

Select a group, then tap [Edit].

[ON]/[OFF]

Select whether to use the IPsec policy.

[OFF] is specified by default.

[Group Name]

Enter a name for the IPsec policy (using up to 10 characters).

[action]

Select an action to be taken for the IP packets that meet [Peer], [Protocol], and [IPsec Settings].

  • [Protected]: Protect the IP packets that met the conditions.

  • [Allow]: Do not protect the IP packets that met the conditions.

  • [Deny]: Discard the IP packets that met the conditions.

  • [Cancel]: Refuse the IP packets that met the conditions.

[Select Group]

Select [Peer], [Protocol], and [IPsec Setting] from the registered settings.

[Communication Type]

Select a direction of IPsec communication.

[Common Settings]

Configure common settings for IPsec policy.

  • [Cookies]: Select whether to enable the defense using Cookies against denial-of-service attacks. [Invalid] is specified by default.

  • [ICMP Pass Settings]: Select whether to apply IPsec to the Internet Control Message Protocol (ICMP). Select [Enable] to allow the ICMP packets to pass without applying IPsec to the ICMP. [Invalid] is specified by default.

  • [ICMPv6 Pass Settings]: Select whether to apply IPsec to the Internet Control Message Protocol for IPv6 (ICMPv6). Select [Enable] to allow the ICMPv6 packets to pass without applying IPsec to the ICMPv6. [Invalid] is specified by default.

  • [default action]: Select an action to be taken if no settings meet the [IPsec Policy] while IPsec communication is enabled. Select [Deny] to discard IP packets that do not meet the [IPsec Policy] settings. [Allow] is specified by default.

  • [Certificate Verification Level Settings]: To verify the certificate, select items to be verified.
    [Expiration Date]: Confirm whether the certificate is within the validity period. [Confirm] is specified by default.
    [Key Usage]: Confirm whether the certificate is used according to the intended purpose approved by the certificate issuer. [Do Not Confirm] is specified by default.
    [Chain]: Confirm whether there is a problem in the certificate chain (certificate path). The chain is validated by referencing the external certificates managed on this machine. [Do Not Confirm] is specified by default.
    [Expiration Date Confirmation]: Confirm whether the certificate has expired. [Do Not Confirm] is specified by default.

  • [Dead Peer Detection]: If no response can be confirmed from the peer within a certain period, the SA with the peer is deleted. Select a time that elapses before sending survival confirmation information to the peer how has not responded. [15] sec is specified by default.