Watson-SHDSL-Router-Manual.doc
Version 1.0-03
Watson SHDSL Router
Operating Manual
3.1.5 IPSEC VPN
Watson SHDSL router integrates IPSEC VPN capabilities. It allows to establish a Virtual Private
Network (VPN) to connect with business partners and branch offices using data encryption through
the Internet. It provides secure communications without the expense of leased lines. Watson
SHDSL router VPN implementation is based on the IPSec standard and is fully interoperable with
other IPSec-based VPN products.
VPN, IPSec and PPTP features enable Watson SHDSL router to act as a VPN client, allowing a
user to securely connect with remote computers without needing to run any additional PC-based
VPN software; or as a VPN server, allowing a user to connect to a home or office network from a
remote location.
In addition, Watson's VPN pass-through support enables a user to establish a VPN connection from
a PC-based VPN client by allowing the connection to pass transparently through the router's firewall
and Network Address Translation (NAT).
3.1.6 Point-to-Point Tunneling Protocol (PPTP)
Point-to-Point Tunneling Protocol (PPTP) is a protocol developed by Microsoft targeted at creating
VPN connections over the Internet. This enables remote users to access the router via any ISP that
supports PPTP on its servers. PPTP encapsulates network traffic, encrypts content using Micro-
soft's Point-to-Point Encryption (MPPE) protocol that is based on RC4, and routes using the generic
routing encapsulation (GRE) protocol.
With Watson SHDSL router, PPTP is targeted at serving two purposes:
Connection to the Internet using user name and password authentication.
Connection to a remote network using a Virtual Private Network (VPN) tunnel over the Internet.
This enables secure transfer of data to another location over the Internet, using user name and
password authentication.
Watson SHDSL router can also can act as a Point-to-Point Tunneling Protocol Server (PPTP
Server), accepting PPTP client connection requests.
3.2 Security
The firewall supports advanced filtering, designed to allow comprehensive control over the firewall's
behavior. Additional features, including surfing restrictions and access control, can also be easily
configured locally by the user through a user-friendly Web-based interface, or remotely by a service
provider.
3.2.1 Access Control
The access control features allow to block specific computers within the local network from access-
ing certain services on the Internet. For example, you may want to prohibit one computer from surf-
ing the Web, another computer from transferring files using FTP, and the whole network from re-
ceiving incoming e-mail.
Access control defines restrictions on the types of requests that may pass from the local network
out to the Internet, and thus may block traffic flowing in both directions. It can also be used for al-
lowing specific services when maximum security is configured. In the e-mail example given above,
you may prevent computers in the local network from receiving e-mail by blocking their outgoing re-
quests to POP3 servers on the Internet.
Revision: 2007-05-24 3-3
To Next Page
Loading...