1.Under IPsec page, Click on "Host Groups "tab and click on "ADD New Host Group" button to open "NEW HOST GROUP" page.
Provide "ABCD" as Name under Group name.
2.Select IPv4 radio button and select "Specific" under Address Type and provide the IPv4 address of the Windows 2012 server PC under IP address and save the settings.
3.Click on "Protocol Groups" tab and click on "ADD New Protocol Group" button to open "NEW Protocol GROUP" page and Provide "ABCD Group" as the "Group Name" select "LDAP and LDAPS " under the list of protocols and save the settings.
4.Under Actions tab, click on "Add New Action" button to create a new action .
5.Provide a name for this action and select IKE as the Keying Method and select Digital Certificate Option and from the Server validation Certificates drop down , Select the Root CA certificate and Click on next button.
6.Give key life time for phase1 as 24 hours and DH Group as group 2 IPSEC Security as ESP and phase2 lifetime as 24 hours perfect forward secracy as group none.
7.Hash algorithm as SHA256 and 3DES as encryption and save the settings.
Under the Security policies tab.
8.select the host group created in step2 above and select the protocol group created in step4 and select the action created in step5 and click on ADDpolicy button to add the policy.
Server Configuration:
9.Navigate to Windows firewall settings and select Windows Firewall properties .
10.Click on Customize option under IPsec defaults.
Under Key exchange- choose advance radio button and click on customize option.
select SHA-256 as Hash algorithm, 3DES as Encryption algorithm and group 2 as Key exchnage algorithm and click on ok button.
11. Create a new rule by selecting connection security rules and select custom radio button and click on next button.
12.In the next page , provide servers IP address as endpoint 1 and MFD IP address as endpoint 2. In the next page , Select Require authentication for Inbound and Outbound connection radio button and click on next button.I the next page select advanced radio button and click on customize button.
13.Under first Authentication, click on add button and select Computer certificate radio button in the following page.Browse for the CA certificate and select the CA certificate and click on ok -ok buttons and under protocols and ports page select protocol type, port 1 and port 2 matching with the settings configured on the MFD. Click next button and provide a name for the ruleand click on finish button to save settings.
14.Open device WEBUI using ip address of the device from the device and navigate to Properties->Login/ Permissions/ Accounting->.Login Methods. on the device WEBUI open the LDAP server page by selecting the LDAP policy created. Under LDAP server, Select the User Mappings tab and search for any user part of the same domain as LDAP server and verify if ESP packets are getting listed in the wireshark trace and the User Mappings also gets listed with the user details.
User mappings section lists the user details and the ESP packets are getting listed on the wireshark trace.
OUTPUT: PROCESS: PRIORITY: TEST_TYPE: LOE: RESOURCE_HW: RESOURCE_CONSUMEABLES: RESOURCE_MEDIA: SKILL_SET: TEST_CASE_TYPE: TESTCASE_SOURCE: SPEC: FS_41.005_IPSec SPEC_VERSION: SPEC_TAG: 1.MFD should be Upgraded with the latest build. 2.IPsec should be Enabled in the MFD. 3.Windows 2012 server and the MFD are placed in the same network. 4.Server CA Certificate should installed in MFD. 4.Wireshark is installed in the server PC. 5.User is currently in IPSec by navigating through Properties -> Security-> IPsec. 6.LDAP server is available. 7.LDAP settings are configured using IPv4 address of the LDAP server on the device WEBUI by navigating through to Properties->Login/ Permissions/ Accounting-&>Login Methods. ATM_OWNER: APPROVE_QE: APPROVED_QE: APPROVE_SE: APPROVED_SE: APPROVE_SPAR: APPROVED_SPAR: ASSOCIATED_TESTCASES: TRAINING: TESTCASE_VERSION: TESTCASE_STATE: TESTCASE_PLATFORM: TESTCASE_PRODUCT: TESTCASE_APPROVALS: CDATE: 1498215685 MDATE: 1498215685 MUSER: q4BVX0J1 AUTHOR: q4BVX0J1 ATM_MCOMMENTS: Imported from spreadsheet HISTORY: ATM_LOCKED: ATM_REQLINK: 9CD3EFE6-7548-1014-9055-DA1057619FB6 ATM_REQCOUNT: 1 QA_TEAM: TC_WEIGHTAGE: FILENAME: FILEDESC: FILES: