1.Under IPsec page, Click on "Host Groups "tab and click on "ADD New Host Group" button to open "NEW HOST GROUP" page. Provide "FTP" as Name under Group name. 2.Select IPv4 radio button and select "Specific" under Address Type and provide the IPv4 address of the Windows PC under IP address and save the settings. 3.Click on "Protocol Groups" tab and click on "ADD New Protocol Group" button to open "NEW Protocol GROUP" page and Provide "FTP Group" as the "Group Name" select "FTP " under the list of protocols and save the settings. 4.Under Actions tab, click on "Add New Action" button to create a new action . 5.Provide a name for this action and select IKE as the Keying Method and select Digital Certificate Option and from the Server validation Certificates drop down , Select the Root CA certificate and Click on next button. 6.Give key life time for phase1 as 24 hours and DH Group as group 2 IPSEC Security as ESP and phase2 lifetime as 24 hours perfect forward secracy as None. 7.Hash
algorithm as SHA256 and 3DES as encryption and save the settings. Under the Security policies tab. 8.select the host group created in step2 above and select the protocol group created in step4 and select the action created in step5 and click on ADDpolicy button to add the policy. Server Configuration: 9.Navigate to Windows firewall settings and select Windows Firewall properties . 10.Click on Customize option under IPsec defaults. Under Key exchange- choose advance radio button and click on customize option. select SHA-256 as Hash algorithm, 3DES as Encryption algorithm and group none as Key exchnage algorithm and click on ok button. 11. Click Connection security rule and Create a new rule by selecting connection security rules and select custom radio button and click on next button. 12.In the next page , provide Windows 2008 servers IP address as endpoint 1 and MFD IP address as endpoint 2. In the next page , Select Require authentication for Inbound and Outbound connection radio
button and click on next button.I the next page select advanced radio button and click on customize button. 13.Under first Authentication, click on add button and select Computer certificate radio button in the following page.Browse for the CA certificate and select the CA certificate and click on ok -ok buttons and under protocols and ports page select protocol type, port 1 and port 2 matching with the settings configured on the MFD. Click next button and provide a name for the ruleand click on finish button to save settings. 14.Perform a scan job in the MFD.
Scan Job should be sent successfully to FTP server from the device. ESP packets are listed once scan job is submitted via FTP. This confirms that the IKE digital signature authentication supports certificate trust configuration where CA and peer device certificates and trusted CA certificates used are generated by one common CA., , , , , , , ,
OUTPUT: PROCESS: PRIORITY: TEST_TYPE: LOE: RESOURCE_HW: RESOURCE_CONSUMEABLES: RESOURCE_MEDIA: SKILL_SET: TEST_CASE_TYPE: TESTCASE_SOURCE: SPEC: FS_41.005_IPSec SPEC_VERSION: SPEC_TAG: 1: MFD should be Upgraded with the latest build. 2: MFD, Windows client and linux CA server are in the same subnet. 3: From linux CA server, generate MFD device certificate, Peer device certificate and trusted root certificate 4: Upload MFD device certificate under "CA-Signed Device Certificate(s)" page in MFD. 5: Upload trusted root certificate generated from the linux server into Trusted root certificates page in MFD. 6: In the Windows 2008 server, upload the Peer device certificate into "Personal" folder and Trusted root certificate generated from linux server onto "Trusted root certificate authorities" page. 7:Wireshark is installed in the server PC. 8: User is currently in IPSec by navigating through Properties -> Security-> IPsec. 9: FTP should be configured in the MFD. ATM_OWNER: APPROVE_QE: APPROVED_QE: APPROVE_SE: APPROVED_SE: APPROVE_SPAR: APPROVED_SPAR: ASSOCIATED_TESTCASES: TRAINING: TESTCASE_VERSION: TESTCASE_STATE: TESTCASE_PLATFORM: TESTCASE_PRODUCT: TESTCASE_APPROVALS: CDATE: 1498215685 MDATE: 1498215685 MUSER: q4BVX0J1 AUTHOR: q4BVX0J1 ATM_MCOMMENTS: Imported from spreadsheet HISTORY: ATM_LOCKED: ATM_REQLINK: DB4B9FD0-6C30-1014-B4D5-FA8C56619FB6, 1A698AAA-5658-11E7-94FC-0DE7D40A4651 ATM_REQCOUNT: 2 QA_TEAM: TC_WEIGHTAGE: FILENAME: FILEDESC: FILES: