Setting a Computer

Memo

Set the printer before setting the computer.

Click [Start], and then select [Control Panel] > [System and Security] > [Administrative Tools].
Double-click [Local Security Policy].
Click [IP Security Policies on Local Computer] on the [Local Security Policy] screen.
Select [Create an IP Security policy] from the [Action] menu.
Click [Next] on [IP Security Policy Wizard] screen.
Enter [Name] and [Description], and then click [Next].
Clear the [Activate the default response rule (earlier versions of Windows only).] check box, and then click [Next].
Select the [Edit properties] check box, and then click [Finish].
Select the [General] tab on the [New IP Security Policy Properties] screen.
Click [Settings].
Enter a value (minutes) on [Authenticate and generate a new key after every] in the [Key Exchange Settings] screen.

Note

Specify the same value as [LifeTime] in the "Phase1 Proposal" setting in "Setting the Printer". Enter a value in minutes in this step even if [LifeTime] is specified in seconds.
Click [Methods].
Click [Add] on the [Key Exchange Security Methods] screen.
Specify [Integrity algorithm], [Encryption algorithm], and [Diffie-Hellman group].

Note

Select the same value specified in [IKE Security Algorithm], [IKE Hash Algorithm], and [Diffie-Hellman group] in the "Phase1 Proposal" setting in "Setting the Printer".
Click [OK].
Click [OK] on the [Key Exchange Security Methods] screen.
Click [OK] on the [Key Exchange Settings] screen.
Select the [Rules] tab on the [New IP Security Policy Properties] screen.
Click [Add].
Click [Next] on [Security Rule Wizard] screen.
Select [This rule does not specify a tunnel] on the [Tunnel Endpoint] screen, and then click [Next].
Select [All network connections] on the [Network Type] screen, and then click [Next].
Click [Add] on the [IP filter lists] screen.
Click [Add] on the [IP filter lists] screen.
Click [Next] on the [IP Filter Wizard] screen.
Click [Next] on [IP Filter Description and Mirrored property] screen.
Click [Next] on [IP Traffic Source] screen.
Click [Next] on [IP Traffic destination] screen.
Click [Next] on [IP Protocol Type] screen.
Click [Finish].
Click [OK] on the [IP filter lists] screen.
Select a new IP filter from the list on the [Security Rule Wizard], and then click [Next].
Click [Add] on the [Filter Action] screen.
Click [Next] on [Filter Action Wizard] screen.
Enter [Name] and [Description] on the [Filter Action Name] screen, and then click [Next].
Select [Negotiate security] on the [Filter Action General Options] screen, and then click [Next].
Select [Do not allow unsecured communication.] on the [Communicating with computers that do not support IPSec] screen, and then click [Next].
Select [CUSTOM] on the [IP Traffic Security] screen, and then click [Settings].
Set on the [Custom Security Method Settings] screen, and then click [OK].

Note

Set AH and ESP so that these settings can be the same as the settings that you set in "Phase2 Proposal" in "Setting the Printer".
Click [Next] on the [IP Traffic Security] screen.
Select the [Edit properties] check box, and then click [Finish].
If you want to enable Key PFS, select the [Use session key perfect forward secrecy (PFS)] check box in the [New Filter Action Properties] screen.
If you perform IPSec communication with the IPv6 global address, select the [Accept unsecured communication, but always respond using IPSec] check box.
Click [OK].
Select the new filter action, and then click [Next].
Select the authentication method on the [Authentication Method] screen, and then click [Next].
Click [Finish].
Select [OK] on the [New IP Security Policy Properties] screen.
Select the new IP security policy on the [Local Security Policy] screen.
Select [Assign] from the [Action] menu.
Check that [Yes] is displayed for [Policy Assigned] for the new IP security policy.
Click [X] on the [Local Security Policy] screen.

Setting a Computer

Memo

Click [Start], and then select [Control Panel] > [System and Security] > [Administrative Tools].

Double-click [Local Security Policy].

Click [IP Security Policies on Local Computer] on the [Local Security Policy] screen.

Select [Create an IP Security policy] from the [Action] menu.

Click [Next] on [IP Security Policy Wizard] screen.

Enter [Name] and [Description], and then click [Next].

Clear the [Activate the default response rule (earlier versions of Windows only).] check box, and then click [Next].

Select the [Edit properties] check box, and then click [Finish].

Select the [General] tab on the [New IP Security Policy Properties] screen.

Click [Settings].

Enter a value (minutes) on [Authenticate and generate a new key after every] in the [Key Exchange Settings] screen.

Note

Click [Methods].

Click [Add] on the [Key Exchange Security Methods] screen.

Specify [Integrity algorithm], [Encryption algorithm], and [Diffie-Hellman group].

Note

Click [OK].

Click [OK] on the [Key Exchange Security Methods] screen.

Click [OK] on the [Key Exchange Settings] screen.

Select the [Rules] tab on the [New IP Security Policy Properties] screen.

Click [Add].

Click [Next] on [Security Rule Wizard] screen.

Select [This rule does not specify a tunnel] on the [Tunnel Endpoint] screen, and then click [Next].

Select [All network connections] on the [Network Type] screen, and then click [Next].

Click [Add] on the [IP filter lists] screen.

Click [Add] on the [IP filter lists] screen.

Click [Next] on the [IP Filter Wizard] screen.

Click [Next] on [IP Filter Description and Mirrored property] screen.

Click [Next] on [IP Traffic Source] screen.

Click [Next] on [IP Traffic destination] screen.

Click [Next] on [IP Protocol Type] screen.

Click [Finish].

Click [OK] on the [IP filter lists] screen.

Select a new IP filter from the list on the [Security Rule Wizard], and then click [Next].

Click [Add] on the [Filter Action] screen.

Click [Next] on [Filter Action Wizard] screen.

Enter [Name] and [Description] on the [Filter Action Name] screen, and then click [Next].

Select [Negotiate security] on the [Filter Action General Options] screen, and then click [Next].

Select [Do not allow unsecured communication.] on the [Communicating with computers that do not support IPSec] screen, and then click [Next].

Select [CUSTOM] on the [IP Traffic Security] screen, and then click [Settings].

Set on the [Custom Security Method Settings] screen, and then click [OK].

Note

Click [Next] on the [IP Traffic Security] screen.

Select the [Edit properties] check box, and then click [Finish].

If you want to enable Key PFS, select the [Use session key perfect forward secrecy (PFS)] check box in the [New Filter Action Properties] screen.

If you perform IPSec communication with the IPv6 global address, select the [Accept unsecured communication, but always respond using IPSec] check box.

Click [OK].

Select the new filter action, and then click [Next].

Select the authentication method on the [Authentication Method] screen, and then click [Next].

Click [Finish].

Select [OK] on the [New IP Security Policy Properties] screen.

Select the new IP security policy on the [Local Security Policy] screen.

Select [Assign] from the [Action] menu.

Check that [Yes] is displayed for [Policy Assigned] for the new IP security policy.

Click [X] on the [Local Security Policy] screen.