1.Under IPsec page, Click on "Host Groups "tab and click on "ADD New Host Group" button to open "NEW HOST GROUP" page.
Provide "SMB" as Name under Group name.
2.Select IPv4 radio button and select "Specific" under Address Type and provide the IPv4 address of the Windows 2008 server PC under IP address and save the settings.
3.Click on "Protocol Groups" tab and click on "ADD New Protocol Group" button to open "NEW Protocol GROUP" page and Provide "SMB Group" as the "Group Name" select "SMB " under the list of protocols and save the settings.
4.Under Actions tab, click on "Add New Action" button to create a new action .
5.Provide a name for this action and select IKE as the Keying Method and select Digital Certificate Option and from the Server validation Certificates drop down , Select the Root CA certificate and Click on next button.
6.Give key life time for phase1 as 5 minutes and DH Group as group 14 IPSEC Security as Both and phase2 lifetime as 5 minutes perfect forward secracy as group 14.
7.Hash algorithm as SHA256 and 3DES as encryption and save the settings.
Under the Security policies tab.
8.select the host group created in step2 above and select the protocol group created in step4 and select the action created in step5 and click on ADDpolicy button to add the policy.
Server Configuration:
9.Navigate to Windows firewall settings and select Windows Firewall properties .
10.Click on Customize option under IPsec defaults.
Under Key exchange- choose advance radio button and click on customize option.
select SHA-256 as Hash algorithm, 3DES as Encryption algorithm and group 14 as Key exchnage algorithm and click on ok button.
11. Click Connection security rule and Create a new rule by selecting connection security rules and select custom radio button and click on next button.
12.In the next page , provide servers IP address as endpoint 1 and MFD IP address as endpoint 2. In the next page , Select Require authentication for Inbound and Outbound connection radio button and click on next button.I the next page select advanced radio button and click on customize button.
13.Under first Authentication, click on add button and select Computer certificate radio button in the following page.Browse for the CA certificate and select the CA certificate and click on ok -ok buttons and under protocols and ports page select protocol type, port 1 and port 2 matching with the settings configured on the MFD. Click next button and provide a name for the ruleand click on finish button to save settings.
14.Perform a scan job in the MFD.
Scan Job should be sent successfully to SMB server from the device.
ESP and AH packets are listed once scan job is submitted via SMB.