Configuring IPSec Settings0U6X-097Internet Protocol Security (IPSec or IPsec) is a protocol suite for encrypting data transported over a network, includingInternet networks. While SSL only encrypts data used on a specific application, such as a Web browser or an e-mailapplication, IPSec encrypts either whole IP packets or the payloads of IP packets, offering a more versatile securitysystem. The IPSec of the machine works in transport mode, in which the payloads of IP packets are encrypted. Withthis feature, the machine can connect directly to a computer that is in the same virtual private network (VPN). Checkthe system requirements and set the necessary configuration on the computer before you configure the machine.System RequirementsIPSec that is supported by the machine conforms to RFC2401, RFC2402, RFC2406, and RFC4305.Operating system Windows Vista/7/8/Server 2003/Server 2008/Server 2012Connection mode Transport modeKey exchange protocolIKEv1 (main mode)Authentication method ● Pre-shared key● Digital signatureHash algorithm(and key length)● HMAC-SHA1-96● HMAC-SHA2 (256 bits or 384 bits)Encryption algorithm(and key length)● 3DES-CBC● AES-CBC (128 bits, 192 bits, or 256 bits)Key exchange algorithm/group (and keylength)Diffie-Hellman (DH)● Group 1 (768 bits)● Group 2 (1024 bits)● Group 14 (2048 bits)ESPHash algorithm HMAC-SHA1-96Encryption algorithm(and key length)● 3DES-CBC● AES-CBC (128 bits, 192 bits, or 256 bits)Hash algorithm/encryption algorithm (andkey length) AES-GCM (128 bits, 192 bits, or 256 bits)AH Hash algorithm HMAC-SHA1-96IPSec functional restrictions● IPSec supports communication to a unicast address (or a single device).● The machine cannot use both IPSec and DHCPv6 at the same time.● IPSec is unavailable in networks in which NAT or IP masquerade is implemented.Security259
