If you install the optional IPSec Board to the machine, you can use IPSec communications by setting <Use IPSec> to [On] in the IPSec Settings screen on the touch panel display of the machine.

IPSec is a protocol for ensuring the security of IP packets sent and received over an IP network by protecting it from threats such as theft, modification, and impersonation. IPSec is applied for TCP packets, UDP (User Datagram Protocol) packets, and ICMP (Internet Control Message Protocol) packets. The reason why IPSec is superior to other security protocols is that since it adds security functions to IP, the basic protocol of the internet, it does not depend on the application software and network configuration.

This section describes the procedure for creating a security policy to set IPSec communications, using the control panel of the machine. A security policy registers the settings for IPSec, such as the packets to process with IPSec, and the algorithm to use for authentication and encryption. A logical connection established for traffic by conducting negotiations according to an IPSec security policy is called an IPSec SA (Security Association).

The features of the IPSec used by the machine are as follows.

• [IPSec Settings] is only displayed on the TCP/IP Settings screen if the optional IPSec Board is installed after installing the optional Expansion Bus.

• Communication Mode

Since the IPSec of the machine only supports the transport mode, authentication and encryption is only applied to the data part of the IP packets.

• Authentication and Encryption Method

At least one of the following methods must be set for the machine. You cannot set both methods at the same time.

• AH (Authentication Header)
  A protocol for certifying authentication by detecting modifications to the communicated data, including the IP header. The communicated data is not encrypted.

• ESP (Encapsulating Security Payload)
  A protocol that provides confidentiality via encryption while certifying the integrity and authentication of only the payload part of communicated data.

• Key Exchange Protocol

Supports IKEv1 (Internet Key Exchange version 1) for exchanging keys based on ISAKMP (Internet Security Association and Key Management Protocol). IKE includes two phases; in phase 1 the SA used for IKE (IKE SA) is created, and in phase 2 the SA used for IPSec (IPSec SA) is created.

To set authentication with the pre-shared key method, it is necessary to decide upon a pre-shared key in advance, which is a keyword (24 characters or less) used for both devices to send and receive data. Use the control panel of the machine to set the same pre-shared key as the destination to perform IPSec communications with, and perform authentication with the pre-shared key method.

To select authentication with the digital signature method, it is necessary to install a key pair file and CA certificate file created on a PC in advance using the Remote UI, and then register the installed files using the control panel of the machine. Authentication is conducted with the destinations for IPSec communication using the CA certificate.

The types of key pair and CA certificate that can be used for authentication with the digital signature method are indicated below.

• RSA algorithm

• X.509 certificate

• PKCS#12 format key pair

• For ISAKMP, port number 500 of UDP (User Datagram Protocol) is used for sending/receiving.

• For information on installing a key pair file and CA certificate file, see "Remote UI."

• Back To Top