Create an IPsec policy for a typical print environment and demonstrate the authentication with Certificates.
PROCEDURE:1 In TOE,Execute CO_AUTH_WEBUI_AUTHENTICATE_SA.2 Select [Security] followed by [IPsec] from the Properties Menu on the left side of the page.3 Click [Host Groups] to display the IP Host Groups page. Then click [Add New Host Group]4 Enter the following information,when done click [Save]. (Click [OK] to respond to the settings confirmation pop-up which follows)
Name = “MFD-B”
Description = N/A
Set the following address options:
IPv4
Address type = Specific
IP Address = 172.16.0.50
5 Click [Actions] to navigate to the IP Actions page. Then click [Add New Action] button.6 Enter the following information,when done click [Next].
Name = ”IKE – Certificate”
Description = N/A
Keying Method = Internet Key Exchange (IKEv1)
Pre-shared Key Passphrase = ”ObsidianOrder1”
7 Select the following options then click [Save]. (Click [OK] to respond to the settings confirmation pop-up which follows).
IKE Phase 1 Settings:
Key Lifetime = 86400 Seconds
IKE Phase 2 Settings:
IPsec Mode = Transport Mode
IPsec Security = ESP
Perfect Forward Secrecy = DH Group 14 (2048-bit MODP)
Hash = SHA-256
Encryption = AES-CBC-128/256
Key Lifetime = 28800 Seconds
8 Click [Security Policies] to navigate to the IPsec Policies page.9 Create a new policy. Set the following options then click [Add Policy]. (Click [OK] to respond to the settings confirmation popup which follows)
Host Groups = MFD-B
Protocol Groups = All
Action = IKE – Certificate
10 In MFD B,Execute CO_AUTH_WEBUI_AUTHENTICATE_SA.11 Select [Security] followed by [IPsec] from the Properties Menu on the left side of the page.12 Click [Host Groups] to display the IP Host Groups page. Then click [Add New Host Group]13 Enter the following information,when done click [Save]. (Click [OK] to respond to the settings confirmation pop-up which follows)
Name = “MFD-A”
Description = N/A
Set the following address options:
IPv4
Address type = Specific
IP Address = 172.16.0.51
14 Click [Actions] to navigate to the IP Actions page. Then click [Add New Action] button.15 Enter the following information,when done click [Next].
Name = ”IKE – Certificate”
Description = N/A
Keying Method = Internet Key Exchange (IKEv1)
Pre-shared Key Passphrase = ”ObsidianOrder1”
16 Select the following options then click [Save]. (Click [OK] to respond to the settings confirmation pop-up which follows).
IKE Phase 1 Settings:
Key Lifetime = 86400 Seconds
IKE Phase 2 Settings:
IPsec Mode = Transport Mode
IPsec Security = ESP
Perfect Forward Secrecy = DH Group 14 (2048-bit MODP)
Hash = SHA-1
Encryption = AES-CBC-128/256
Key Lifetime = 28800 Seconds
17 Click [Security Policies] to navigate to the IPsec Policies page.18 Create a new policy. Set the following options then click [Add Policy]. (Click [OK] to respond to the settings confirmation popup which follows)
Host Groups = MFD-A
Protocol Groups = All
Action = IKE – Certificate
19 Enable Network Troubleshooting session on both devices to capture and record all network communication to and from the devices.
Properties -> Security -> Logs -> Network Troubleshooting -> Click 'Start Session Now' button.
20 Now Enable IPsec on both the MFD's21 Test protocol connectivity. From each MFD ESS,try to ping one MFD to other and vice-versa.22 Disable Network Troubleshooting session on both the devices.
Properties -> Security -> Logs -> Network Troubleshooting -> Click 'Stop Session Now' button.
23 Click 'Download Log Now' button to download the capture and analyse the traces.
See CO_AUTH_WEBUI_AUTHENTICATE_SA.The {WEBUI IPSEC PAGE} will be displayed.The {WEBUI IPSEC New Host Group page} will be displayed.1. The {WEBUI IPSEC PAGE} will be displayed.