Technical information

ManualsBrandsSchmid ManualsComputer equipmentWatson

101

102

103

104

105

106

107

108

109

110

Watson SHDSL Router

Web-based Management Manual

Watson-SHDSL-Router-GUI-Manual.doc

Version 2.3-03

8-62

Revision: 2012-02-29

check-boxes are replaced by radio buttons, presenting strict propositions according

to your selections.

Negotiation attempts Select the number of negotiation attempts to be per-

formed in the automatic key exchange method. If all attempts fail, Watson will wait

for a negotiation request.

Life Time in Seconds The timeframe in which the peer authentication will be

valid.

Rekey Margin Specifies how long before connection expiry should attempts to ne-

gotiate a replacement begin. It is similar to that of the key life time and is given as

an integer denoting seconds.

Rekey Fuzz Percent Specifies the maximum percentage by which Rekey

Margin should be randomly increased to randomize re-keying intervals.

Peer Authentication Select the method by which Watson will authenticate

your IPSec peer:

 IPSec Shared secret – enter the IPSec shared secret.

 RSA Signature – enter the peer's RSA signature (equivalent to Watson's public

key – refer to Section 8.4.1.2.1).

 Certificate – if a certificate exists on Watson, it will appear when you select this

option. Enter the certificate's local ID and peer ID. To learn how to add certifi-

cates to Watson, please refer to Section 9.9.4.

Encryption Algorithm Select the encryption algorithms that Watson will at-

tempt to use when negotiating with the IPSec peer.

Hash Algorithm Select the hash algorithms that Watson will attempt to use

when negotiating with the IPSec peer.

Group Description Attribute Select the Diffie-Hellman (DH) group descrip-

tion(s). Diffie-Hellman is a public-key cryptography scheme that allows two parties

to establish a shared secret over an insecure communications channel.

 IPSec Automatic Phase 2 – Key Definition

Life Time in Seconds The length of time before a security association auto-

matically performs renegotiation.

Use Perfect Forward Secrecy (PFS) Select whether Perfect Forward Secrecy

of keys is required on the connection's keying channel (with PFS, penetration of the

key-exchange protocol does not compromise keys negotiated earlier). Deselecting

this option will hide the next parameter.

Group Description Attribute Select whether to use the same group chosen

in phase 1, or reselect specific groups.

Encryption Algorithm Select the encryption algorithms that Watson will at-

tempt to use when negotiating with the IPSec peer.

Authentication Algorithm (for ESP protocol) Select the authentication algo-

rithms that Watson will attempt to use when negotiating with the IPSec peer.

Hash Algorithm (for AH protocol) Select the hash algorithms that Watson

will attempt to use when negotiating with the IPSec peer.