This article summarizes the Internet Protocol Security (IPSec) configuration procedure. IPSec provides authentication and encryption at the network layer (Layer 3) of the OSI model. It allows for the connection of up to five hosts using IPv4 or IPv6.
IPSec provides data confidentiality via encryption of all data sent via the upper layer protocols. This encrypted data travels across the network, for example, from an MFP to a SMTP server or FTP server, and then down to a workstation.
NOTE: This form of data encryption can have performance consequences.
Before you begin
You will need to obtain the printer's IP address. Click xref_HO3261_xref for instructions. You will also need to obtain the following security information:
Lastly, make sure certificates are downloaded and installed on the printer.
- -IP addresses of computers (hosts) requiring access to the printer.
- -Case-sensitive pre-shared key value if AES - PSK is being implemented.
- -TCP/IP address or subnet information of computers utilizing Certificate Authentication.
- -Encryption type - DES, 3DES, and AES - supported.
- -Authentication type - MD5 or SHA1 - supported.
- -Proper DH group - modp768, 1024, 1536 and 2048 - supported.
How to configure IPSec
Access the printer's web page. To do this, enterthe printer's TCP/IP address into the web address bar (i.e. http://printer_IP_address using the IP address of the printer).
Click on Configuration.
Click on Security.
Click on IPSec.
Enter the values obtained above.
Click on Submit. Click here for one example illustration.
NOTE: After a printer is configured for IPSec with a host, IPSec is required for any IP communications to take place.
Supported authentication types
Shared Key Authentication This authenticates any ASCII phrase shared among all participating host computers. It is the easiest configuration method when only a few host computers on the network use IPSec.
Certificate Authentication This authenticates any host computer or subnet of hosts for IPSec. Each host computer must have a public/private key pair. NOTE: The Validate Peer Certificate setting is enabled by default, requiring each host to have an installed signed authority certificate and an identifier in the Subject Alternate Name field of the signed certificate.
Still need help?
Please contact Lexmark Technical Support for additional assistance. NOTE: When calling for support, you will need to know the printer model type and serial number of your printer. Please call from near the printer and computer in case the technician asks you to perform a task involving one of these devices.
LEGACY ID: HO3292