Home
/
Draytek
/
Vigor 3200 Series
/
User Manual

Draytek Vigor 3200 Series, User Manual, Page: 153 / 356

Share

Page: 153 / 356

Draytek Vigor 3200 Series User Manual Download Page 153

Vigor3200 Series User’s Guide

143

Choose

Private IP

or

Active True IP

first.

Active True IP

selection is available for WAN1 only.

Private IP

Enter the private IP address of the DMZ host, or click Choose
PC to select one.

Choose PC

Click this button and then a window will automatically pop
up, as depicted below. The window consists of a list of private
IP addresses of all hosts in your LAN network. Select one
private IP address in the list to be the DMZ host.

When you have selected one private IP from the above dialog,
the IP address will be shown on the following screen. Click

OK

to save the setting.

DMZ Host for WAN2 ~ WAN5 are slightly different with WAN1. See the following figure.

«
...
151
152
153
154
155
...
»

Summary of Contents for Vigor 3200 Series

Page 1: ......

Page 2: ...Vigor3200 Series User s Guide ii Vigor3200 Series Multi WAN Security Router User s Guide Version 1 5 Firmware Version V3 3 7 2 for future update contact DrayTek Date 17 09 2012 ...

Page 3: ...ions on conservation of the environment Warranty We warrant to the original end user purchaser that the router will be free from any defects in workmanship or materials for a period of two 2 years from the date of purchase from the dealer Please keep your purchase receipt in a safe place as it serves as proof of date of purchase During the warranty period and upon proof of purchase should the prod...

Page 4: ...an radiate radio frequency energy and if not installed and used in accordance with the instructions may cause harmful interference to radio communications However there is no guarantee that interference will not occur in a particular installation If this equipment does cause harmful interference to radio or television reception which can be determined by turning the equipment off and on the user i...

Page 5: ...Vigor3200 Series User s Guide v ...

Page 6: ... 7 Support Area 30 2 8 Registering Vigor Router 32 Tutorials and Applications 35 3 1 How to Implement the AD LDAP Authentication for User Management 35 3 2 How to implement the AD LDAP authentication for SSL Application 38 3 3 How to Configure Multi Subnet 46 3 4 How to Customize Your Login Page 51 3 5 Create a LAN to LAN Connection Between Remote Office and Headquarter 53 3 6 Create a Remote Dial...

Page 7: ...to MAC 135 4 2 6 LAN Port Mirror 136 4 3 NAT 138 4 3 1 Port Redirection 139 4 3 2 DMZ Host 142 4 3 3 Open Ports 145 4 3 4 Address Mapping 146 4 3 5 Port Triggering 148 4 4 Firewall 151 4 4 1 Basics for Firewall 151 4 4 2 General Setup 153 4 4 3 Filter Setup 158 4 4 4 DoS Defense 166 4 5 User Management 169 4 5 1 General Setup 169 4 5 2 User Profile Reserved 170 4 5 3 User Group 173 3 5 4 User Onli...

Page 8: ...ement 265 4 11 Certificate Management 267 4 11 1 Local Certificate 267 4 11 2 Trusted CA Certificate 271 4 11 3 Certificate Backup 272 4 12 Wireless LAN 272 4 12 1 Basic Concepts 272 4 12 2 General Setup 275 4 12 3 Security 279 4 12 4 Access Control 281 4 12 5 WPS 282 4 12 6 WDS 285 4 12 7 Advanced Setting 288 4 12 8 WMM Configuration 289 4 12 9 AP Discovery 291 4 12 10 Station List 292 4 12 11 We...

Page 9: ...e 330 4 16 3 ARP Cache Table 331 4 16 4 DHCP Table 331 4 16 5 NAT Sessions Table 332 4 16 6 Data Flow Monitor 333 4 16 7 Traffic Graph 335 4 16 8 Ping Diagnosis 336 4 16 9 Trace Route 337 4 17 External Devices 338 Trouble Shooting 339 5 1 Checking If the Hardware Status Is OK or Not 339 5 2 Checking If the Network Connection Settings on Your Computer Is OK or Not 340 5 3 Pinging the Router from Yo...

Page 10: ......

Page 11: ...ries supports USB interface for connecting USB printer to share printer USB storage device for sharing files or for 3G WAN Vigor3200 Series provides two level management to simplify the configuration of network connection The user mode allows user accessing into WEB interface via simple configuration However if users want to have advanced configurations they can access into WEB interface through a...

Page 12: ...SM On The profile s of CSM Content Security Management for IM P2P URL Web Content Filter application can be enabled from Firewall General Setup Such profile must be established under CSM menu LED on Connector On The port is connected Off The port is disconnected Left LED Green Blinking The data is transmitting On The port is connected with 1000Mbps WAN 1 2 3 4 Right LED Green Off The port is conne...

Page 13: ...than 5 seconds When you see the ACT LED begins to blink rapidly than usual release the button Then the router will restart with the factory default configuration WAN1 WAN4 Connecters for remote networked devices DMZ Connecter for local DMZ host LAN Connecter for local network devices USB Connecter for 3G Modem or printer PWR Connecter for a power adapter ON OFF Power Switch ...

Page 14: ...Web Content Filter application can be enabled from Firewall General Setup Such profile must be established under CSM menu LED on Connector On The port is connected Off The port is disconnected Left LED Green Blinking The data is transmitting On The port is connected with 1000Mbps WAN 1 2 3 4 Right LED Green Off The port is connected with 10 100Mbps when left LED is on On The port is connected Off ...

Page 15: ...actory Reset Restore the default settings Usage Turn on the router ACT LED is blinking Press the hole and keep for more than 5 seconds When you see the ACT LED begins to blink rapidly than usual release the button Then the router will restart with the factory default configuration WAN1 WAN4 Connecters for remote networked devices DMZ Connecter for local DMZ host LAN Connecter for local network dev...

Page 16: ...o the LAN port of the router and the other end of the cable RJ 45 into the Ethernet port on your computer Or use a switch to connect Vigor router and computer s 3 Connect one end of the power adapter to the router s power port on the rear panel and the other side into a wall outlet 4 Power on the device by pressing down the power switch on the rear panel 5 The system starts to initiate After compl...

Page 17: ...ected this router can print documents via the router The example provided here is made based on Windows XP 2000 For Windows 98 SE Vista please visit www DrayTek com Before using it please follow the steps below to configure settings for connected computers or wireless clients 1 Connect the printer with the router through USB parallel port 2 Open Start Settings Printer and Faxes ...

Page 18: ...Add Printer A welcome dialog will appear Please click Next 4 Click Local printer attached to this computer and click Next 5 In this dialog choose Create a new port Type of port and use the drop down list to select Standard TCP IP Port Click Next ...

Page 19: ...following dialog type 192 168 1 1 router s LAN IP in the field of Printer Name or IP Address and type IP_192 168 1 1 as the port name Then click Next 7 Click Standard and choose Generic Network Card 8 Then in the following dialog click Finish ...

Page 20: ...orrect driver loaded onto your PC When you finish the selection click Next 10 For the final stage you need to go back to Control Panel Printers and edit the property of the new printer you have added 11 Select LPR on Protocol type p1 number 1 as Queue Name Then click OK Next please refer to the red rectangle for choosing the correct protocol and LPR name ...

Page 21: ...g or other additional functions are not supported If you do not know whether your printer is supported or not please visit www DrayTek com to find out the printer list Open Support FAQ find out the link of Printer Server and click it then choose the What types of printers are compatible with Vigor router Note 2 Vigor router supports printing request from computers via the LAN port but not WAN port...

Page 22: ...Vigor3200 Series User s Guide 12 This page is left blank ...

Page 23: ...t as the default IP address of Vigor router 192 168 1 1 For the detailed information please refer to the later section Trouble Shooting of the guide 2 Open a web browser on your PC and type http 192 168 1 1 The following window will be open to ask for username and password 3 Please type admin admin on Username Password and click Login For the option of Group it is used to access into SSL VPN porta...

Page 24: ... http 192 168 1 1 A pop up window will open to ask for username and password 2 Please type admin admin on Username Password for admin mode Otherwise do not type any word both username and password are Null for user mode on the window and click Login on the window 3 Now the Main Screen will appear Note The home page will change slightly in accordance with the type of the router you have 4 Go to Sys...

Page 25: ...a ar rd d Notice Quick Start Wizard for user mode operation is the same as for admin mode operation If your router can be under an environment with high speed NAT the configuration provide here can help you to deploy and use the router quickly The first screen of Quick Start Wizard is entering login password After typing the password please click Next On the next page as shown below please select ...

Page 26: ...oE stands for Point to Point Protocol over Ethernet It relies on two widely accepted standards PPP and Ethernet It connects users through an Ethernet to the Internet with a common broadband medium such as a single DSL line wireless device or cable modem All the users over the Ethernet can share a common connection PPPoE is used for most of DSL modem users All local users can share one PPPoE connec...

Page 27: ... specific valid user name provided by the ISP Password Assign a valid password provided by the ISP Confirm Password Retype the password Back Click it to return to previous setting page Next Click it to get into the next setting page Cancel Click it to give up the quick start wizard 3 Please manually enter the Username Password provided by your ISP Click Next for viewing summary of such connection ...

Page 28: ...Vigor3200 Series User s Guide 18 4 Click Finish A page of Quick Start Wizard Setup OK will appear Then the system status of this protocol will be shown 5 Now you can enjoy surfing on the Internet ...

Page 29: ...following page will be open for you to specify Internet Access Type 2 Click PPTP L2TP as the Internet Access Type Then click Next to continue Available settings are explained as follows Item Description User Name Assign a specific valid user name provided by the ISP Password Assign a valid password provided by the ISP Confirm Password Retype the password ...

Page 30: ... DNS Type in the primary IP address for the router Second DNS Type in secondary IP address for necessity in the future PPTP Server L2TP Server Type the IP address of the server Back Click it to return to previous setting page Next Click it to get into the next setting page Cancel Click it to give up the quick start wizard 3 Click Next for viewing summary of such connection 4 Click Finish A page of...

Page 31: ...rnet Access Type 2 Click Static IP as the protocol Type in all the information that your ISP provides for this protocol Available settings are explained as follows Item Description WAN IP Type the IP address Subnet Mask Type the subnet mask Gateway Type the IP address of gateway Primary DNS Type in the primary IP address for the router Secondary DNS Type in secondary IP address for necessity in th...

Page 32: ... next setting page Cancel Click it to give up the quick start wizard 3 After finishing the settings in this page click Next to see the following page 4 Click Finish A page of Quick Start Wizard Setup OK will appear Then the system status of this protocol will be shown 5 Now you can enjoy surfing on the Internet ...

Page 33: ...HCP as the protocol Type in all the information that your ISP provides for this protocol Available settings are explained as follows Item Description Host Name Type the name of the host MAC Some Cable service providers specify a specific MAC address for access authentication In such cases you need to enter the MAC address Back Click it to return to previous setting page Next Click it to get into t...

Page 34: ...see the following page 4 Click Finish A page of Quick Start Wizard Setup OK will appear Then the system status of this protocol will be shown 5 Now you can enjoy surfing on the Internet 2 2 3 3 2 2 F Fo or r W WA AN N5 5 To use 3G USB modem for network connection please choose WAN5 1 Choose WAN5 as the WAN Interface and click the Next button ...

Page 35: ...ries User s Guide 25 2 Then click Next to continue 3 Click Finish A page of Quick Start Wizard Setup OK will appear Then the system status of this protocol will be shown 4 Now you can enjoy surfing on the Internet ...

Page 36: ...to the server MyVigor located on http myvigor draytek com For using Web Content Filter Profile please refer to later section Web Content Filter Profile for detailed information Now follow the steps listed below to activate WCF feature for your router 1 Open Service Activation Wizard 2 The screen of Service Activation Wizard will be shown as follows Choose the one you need and click Next In this ca...

Page 37: ...selection please click Next 4 Setting confirmation page will be displayed as follows please click Next 5 Wait for a moment till the following page appears When such page appears you can enable or disable these services for your necessity Then click Finish Note The service will be activated and applied as the default rule configured in Firewall General Setup ...

Page 38: ...d according to your selection s The valid time for the free trial of these services is one month Later if you need to extend the license valid time you can also use the Service Activation Wizard again to reach your goal by clicking the radio button of Formal edition with license key and clicking Next ...

Page 39: ...ut a link of Dial PPPoE or Drop PPPoE in the Online Status web page Detailed explanation is shown below Item Description LAN Status Primary DNS Displays the IP address of the primary DNS Secondary DNS Displays the IP address of the secondary DNS IP Address Displays the IP address of the LAN interface TX Packets Displays the total transmitted packets at the LAN interface RX Packets Displays the tot...

Page 40: ...WAN interface RX Rate Displays the speed of received octets at the WAN interface Note The words in green mean that the WAN connection of that interface is ready for accessing Internet the words in red mean that the WAN connection of that interface is not ready for accessing Internet 2 2 6 6 S Sa av vi in ng g C Co on nf fi ig gu ur ra at ti io on n Each time you click OK on the web page for saving...

Page 41: ...ide 31 Click Support Area Application Note the following web page will be displayed Click Support Area FAQ the following web page will be displayed Click Support Area Product Registration the following web page will be displayed ...

Page 42: ...and you can surf the Internet at any time Now it is the time to register your Vigor router to MyVigor website for getting more service Please follow the steps below to finish the router registration 1 Please login the web configuration interface of Vigor router by typing admin admin as User Name Password 2 Click Support Area Production Registration from the home page ...

Page 43: ...word that you created previously And click Login 4 The following page will be displayed after you logging in MyVigor From this page please click Add or Product Registration Note Below the field of Your Device List all the Vigor routers that you have registered to MyVigor website will be displayed in sequence ...

Page 44: ... when you click on the box of Registration Date After adding the basic information for the router please click Submit 6 When the following page appears your router information has been added to the database Click OK to leave this web page and return to My Information web page 6 Take a look at the page of My Information the new added Vigor router is listed under Your Device List ...

Page 45: ...outer e g Vigor 3200 series can pass the authentication to LDAP server with the pre defined Group path Below shows the configuration steps 1 Access into the web configurator of the Vigor router 2 Open Applications Active Directory LDAP to get the following page for configuring LDAP related settings There are three types of bind type supported z Simple Mode Just simply do the bind authentication wi...

Page 46: ... the profile web page and click any one of the index number link If we have two groups RD1 and SHRD on LDAP server we can configure two LDAP server profiles with different Group Distinguished Name 4 Click OK to save the settings above 5 Open User Management General Setup Select User Based as the Mode option ...

Page 47: ... open User Management User Profile to create the user profile that will authenticate with LDAP server 7 After above configurations users belong to either rd1 or shrd group can access Internet after inputting their credentials on LDAP server ...

Page 48: ...e following page for configuring LDAP related settings Click the General Setup tab and enable the AD LDAP service There are three types of bind type supported z Simple Mode Just simply do the bind authentication without any search action z Anonymous Perform a search action first with Anonymous account then do the bind authentication z Regular Mode Mostly it is the same with anonymous mode The diff...

Page 49: ... proper Base Distinguished Name and Group Distinguished Name Suppose that there are several departments in your company e g RD1 and RD2 Here create a profile for RD1 first Sometimes you may forget the Distinguished Name since it s too long Then you may click the button to list all the account information on the AD LDAP Server to assist you finish the setup ...

Page 50: ... its sub tree In addition means this item is an organization means this item is an account 5 Press certain item its Base Distinguished Name BDN will be shown automatically in the AD LDAP Distinguished Name field box Then press OK to save the profile and return to the previous page ...

Page 51: ...sometimes to separate certain accounts authority with it For example the Base Distinguished Name BDN is ou people dc ms dc draytek dc com There is a lot of accounts information But only several of them you may prefer to grant the authority of VPN dial up For such case you will have to use this Group Distinguished Name feature separate those accounts 7 Click OK to save the configuration 8 Configure...

Page 52: ...User Group to setup two separate groups named with g1 and g2 with different authorities and different authentication methods Different departments should have separated access authorities For example RD1 can only access Google web site and connect to PC1 via VNC while RD2 can only access Baidu web site and connect to PC2 via RDP Therefore Set the user group profile named g1 for RD1 department ...

Page 53: ...Vigor3200 Series User s Guide 43 Set the user group profile named g2 for RD2 department ...

Page 54: ...at the account belongs to In this case the username is Caesar and the group it belongs to is g1 You may also leave this Group option blank The router will look through all the group profiles to check which one your account belongs to It might take a few seconds If the authentication is successful SSL portal web interface with the applications related to such user account will be displayed on the s...

Page 55: ...Vigor3200 Series User s Guide 45 ...

Page 56: ...r example Vigor3200 can divide the internal departments of a company into four different groups by using VigorSwitch G2240 Each group uses different network segment and does not connect for each other VigorSwitch G2240 Trunk Port 23 and Vigor3200 LAN Port are connected with network cable See the following graphic for an example VLAN0 Human Resource LAN Port IP 192 168 1 0 24 VLAN1 Finance Dept LAN...

Page 57: ...te the function of VLAN Tag for VLAN2 setting check the box of Enable and type the value 20 for VID setting Then check LAN Port and set LAN2 as the Subnet 5 To activate the function of VLAN Tag for VLAN3 setting check the box of Enable and type the value 30 for VID setting Then check LAN Port and set LAN3 as the Subnet 6 To activate the function of VLAN Tag for VLAN4 setting check the box of Enabl...

Page 58: ...f 192 168 1 0 24 The equipment connecting to Vigor3200 LAN Port LAN2 can get the IP address of 192 168 2 0 24 The equipment connecting to Vigor3200 LAN Port LAN3 can get the IP address of 192 168 3 0 24 The equipment connecting to Vigor3200 LAN Port LAN4 can get the IP address of 192 168 4 0 24 For the detailed settings of the network segment open LAN General Setup and click Details Page Adjust th...

Page 59: ... Trunk Port 23 VLAN Name 3200 VID10 Port Members 15 23 VLAN Name 3200 VID20 Port Members 16 23 VLAN Name 3200 VID30 Port Members 17 23 VLAN Name 3200 VID40 Port Members 18 23 3 Open Vlan Ports and set the VID value with role for each Port Port 15 VID 10 Role Access Port 16 VID 20 Role Access Port 17 VID 30 Role Access Port 18 VID 40 Role Access Port 23 VID 1 Role Trunk Port 23 is set with Trunk in...

Page 60: ...of the network segment The equipment connecting to VigorSwitch Port 15 can get the IP address of 192 168 1 0 24 The equipment connecting to VigorSwitch Port 16 can get the IP address of 192 168 2 0 24 The equipment connecting to VigorSwitch Port 17 can get the IP address of 192 168 3 0 24 The equipment connecting to VigorSwitch Port 18 can get the IP address of 192 168 4 0 24 ...

Page 61: ...gin page can be customized to fit the request of the administrator 1 Open User Management General Setup Set User Based as the Mode and click OK to save teh settings 2 Open User Management User Profile to create a new user profle 3 Click any link e g 3 to access into the following page Type a User Name and a Password Then click OK ...

Page 62: ... type URL redirect link in Bulletin box 5 Open a new tab in the same browser for IE 7 0 FireFox and above or open a new web browser 6 Try to access into the web configurator e g 192 168 1 1 of Vigor router Please note Just for Carrie is displayed as a heading on the login dialog box After typing the username and password defined in User Management User Profile click Login You can access into Inter...

Page 63: ...hown in the below illustration you may follow the steps to create a LAN to LAN profile These two networks LANs should NOT have the same network address Settings in Router A in headquarter 1 Go to VPN and Remote Access and select Remote Access Control to enable the necessary VPN service and click OK 2 Then For using PPP based services such as PPTP L2TP you have to set general settings in PPP Genera...

Page 64: ... User s Guide 54 3 Go to LAN to LAN Click on one index number to edit a profile 4 Set Common Settings as shown below You should enable both of VPN connections because any one of the parties may start the VPN connection ...

Page 65: ...od If an IPSec based service is selected you should further specify the remote peer IP Address IKE Authentication Method and IPSec Security Method for this Dial Out connection If a PPP based service is selected you should further specify the remote peer IP Address Username Password PPP Authentication and VJ Compression for this Dial Out connection ...

Page 66: ...ed you may further specify the remote peer IP Address IKE Authentication Method and IPSec Security Method for this Dial In connection Otherwise it will apply the settings defined in IPSec General Setup above If a PPP based service is selected you should further specify the remote peer IP Address Username Password and VJ Compression for this Dial In connection ...

Page 67: ...er B in the remote office 1 Go to VPN and Remote Access and select Remote Access Control to enable the necessary VPN service and click OK 2 Then for using PPP based services such as PPTP L2TP you have to set general settings in PPP General Setup For using IPSec based service such as IPSec or L2TP with IPSec Policy you have to set general settings in IPSec General Setup such as the pre shared key t...

Page 68: ...N connections because any one of the parties may start the VPN connection 5 Set Dial Out Settings as shown below to dial to connect to Router B aggressively with the selected Dial Out method If an IPSec based service is selected you should further specify the remote peer IP Address IKE Authentication Method and IPSec Security Method for this Dial Out connection ...

Page 69: ...gor3200 Series User s Guide 59 If a PPP based service is selected you should further specify the remote peer IP Address Username Password PPP Authentication and VJ Compression for this Dial Out connection ...

Page 70: ...ed you may further specify the remote peer IP Address IKE Authentication Method and IPSec Security Method for this Dial In connection Otherwise it will apply the settings defined in IPSec General Setup above If a PPP based service is selected you should further specify the remote peer IP Address Username Password and VJ Compression for this Dial In connection ...

Page 71: ...or3200 Series User s Guide 61 7 At last set the remote network IP subnet in TCP IP Network Settings so that Router B can direct the packets destined to the remote network to Router A via the VPN connection ...

Page 72: ... as shown in the below illustration you may follow the steps to create a Remote User Profile and install Smart VPN Client on the remote host Settings in VPN Router in the enterprise office 1 Go to VPN and Remote Access and select Remote Access Control to enable the necessary VPN service and click OK 2 Then for using PPP based services such as PPTP L2TP you have to set general settings in PPP Gener...

Page 73: ...ion If an IPSec based service is selected you may further specify the remote peer IP Address IKE Authentication Method and IPSec Security Method for this Dial In connection Otherwise it will apply the settings defined in IPSec General Setup above If a PPP based service is selected you should further specify the remote peer IP Address Username Password and VJ Compression for this Dial In connection...

Page 74: ...please use Network and Dial up connections or Smart VPN Client complimentary software to help you create PPTP L2TP and L2TP over IPSec tunnel You can find it in CD ROM in the package or go to www DrayTek com download center Install as instructed 2 After successful installation for the first time user you should click on the Step 0 Configure button Reboot the host ...

Page 75: ...entication method If the Pre Shared Key is selected it should be consistent with the one set in VPN router If a PPP based service is selected you should further specify the remote VPN server IP address Username Password and encryption method The User Name and Password should be consistent with the one set up in the VPN router To use default gateway on remote network means that all the packets of r...

Page 76: ... then forwarded to Internet This will make the remote host seem to be working in the enterprise network 4 Click Connect button to build connection When the connection is successful you will find a green light on the right down corner ...

Page 77: ...ccess internal database Meanwhile children may chat on Skype in other room 1 Go to Bandwidth Management Quality of Service 2 Click Setup link of WAN Make sure the QoS Control on the left corner is checked And select BOTH in Direction 3 Set Inbound Outbound bandwidth Note The rate of outbound inbound must be smaller than the real bandwidth to ensure correct calculation of QoS It is suggested to set...

Page 78: ...ing Edit link Type the name E mail for Class 1 5 For this index the user will set reserved bandwidth e g 25 for E mail using protocol POP3 and SMTP 6 Return to previous page Enter the Name of Index Class 2 by clicking Edit link In this index the user will set reserved bandwidth for HTTPS And click OK ...

Page 79: ...Vigor3200 Series User s Guide 69 7 Click Setup link for one of the WAN interface 8 Check Enable UDP Bandwidth Control on the bottom to prevent enormous UDP traffic of influent other application Click OK ...

Page 80: ... up an index for it Enter the Class Name of Index 3 In this index he will set reserved bandwidth for 1 VPN tunnel 10 Click Edit to open a new window 11 Click Edit to open the following window Check the ACT box first 12 Then click Edit of Local Address to set a worker s subnet address Click Edit of Remote Address to set headquarter s IP address Leave other fields and click OK ...

Page 81: ...ll the Router Tools The Firmware Upgrade Utility is included in the tools 1 Go to www DrayTek com 2 Access into Support Downloads Please find out Firmware menu and click it Search the model you have and click on it to download the newly update firmware for your router 3 Access into Support Downloads Please find out Utility menu and click it 4 Click on the link of Router Tools to download the file ...

Page 82: ... Programs and choose Router Tools XXX Firmware Upgrade Utility 8 Type in your router IP usually 192 168 1 1 9 Click the button to the right side of Firmware file typing box Locate the files that you download from the company web sites You will find out two files with different extension names xxxx all keep the old custom settings and xxxx rst reset all the custom settings to default settings Choos...

Page 83: ...mware Note that this example is running over Windows OS Operating System 1 Download the newest firmware from DrayTek s web site or FTP site The DrayTek web site is www DrayTek com or local DrayTek s web site and FTP site is ftp DrayTek com 2 Click System Maintenance Firmware Upgrade 3 Select a firmware file by clicking Browse Click Upgrade to perform the firmware upgrade ...

Page 84: ...e 74 3 3 9 9 R Re eq qu ue es st t a a c ce er rt ti if fi ic ca at te e f fr ro om m a a C CA A s se er rv ve er r o on n W Wi in nd do ow ws s C CA A S Se er rv ve er r 1 Go to Certificate Management and choose Local Certificate ...

Page 85: ... Enter the information in the certificate request 3 Copy and save the X509 Local Certificate Requet as a text file and save it for later use 4 Connect to CA server via web browser Follow the instruction to submit the request Below we take a Windows 2000 CA server for example Select Request a Certificate ...

Page 86: ...ile Select Router Offline request or IPSec Offline request below Then you have done the request and the server now issues you a certificate Select Base 64 encoded certificate and Download CA certificate Now you should get a certificate cer file and save it 5 Back to Vigor router go to Local Certificate Click IMPORT button and browse the file to import the certificate cer file into Vigor router Whe...

Page 87: ...Vigor3200 Series User s Guide 77 you will find the below window showing BEGINE CERTIFICATE 6 You may review the detail information of the certificate by clicking View button ...

Page 88: ...t ti if fi ic ca at te e a an nd d S Se et t a as s T Tr ru us st te ed d o on n W Wi in nd do ow ws s C CA A S Se er rv ve er r 1 Use web browser connecting to the CA server that you would like to retrieve its CA certificate Click Retrive the CA certificate or certificate recoring list ...

Page 89: ...ed CA Certificate Click IMPORT button and browse the file to import the certificate cer file into Vigor router When finished click refresh and you will find the below illustration 4 You may review the detail information of the certificate by clicking View button Note Before setting certificate configuration please go to System Maintenance Time and Date to reset current time of the router first ...

Page 90: ...i Intrusion and etc to filter the web pages for protecting your system To access into MyVigor for getting more information please create an account for MyVigor first 3 3 1 11 1 1 1 C Cr re ea at ti in ng g a an n A Ac cc co ou un nt t v vi ia a V Vi ig go or r R Ro ou ut te er r 1 Click System Maintenance Activation to open the following page 2 Click the Activate link A login page for MyVigor web ...

Page 91: ...s User s Guide 81 4 Check to confirm that you accept the Agreement and click Accept 5 Type your personal information in this page and then click Continue 6 Choose proper selection for your computer and click Continue ...

Page 92: ...ART 8 Check to see the confirmation email with the title of New Account Confirmation Letter from myvigor draytek com 9 Click the Activate my Account link to enable the account that you created The following screen will be shown to verify the register process is finished Please click Login ...

Page 93: ...lick Login Your account has been activated You can access into MyVigor server to activate the service e g WCF that you want 3 3 1 11 1 2 2 C Cr re ea at ti in ng g a an n A Ac cc co ou un nt t v vi ia a M My yV Vi ig go or r W We eb b S Si it te e 1 Access into http myvigor draytek com Find the line of Not registered yet Then click the link Click here to access into next page ...

Page 94: ...s User s Guide 84 2 Check to confirm that you accept the Agreement and click Accept 3 Type your personal information in this page and then click Continue 4 Choose proper selection for your computer and click Continue ...

Page 95: ...ART 6 Check to see the confirmation email with the title of New Account Confirmation Letter from myvigor draytek com 7 Click the Activate my Account link to enable the account that you created The following screen will be shown to verify the register process is finished Please click Login ...

Page 96: ... password that you just created in the fields of UserName and Password Then type the code in the box of Auth Code according to the value displayed on the right side of it Now click Login Your account has been activated You can access into MyVigor server to activate the service e g WCF that you want ...

Page 97: ...orer If it is necessary for you to delete copy files on the device or write paste files to the devcie it must be done through SAMBA server or FTP server Samba service is based on the original USB FTP service You will need to setup USB FTP first We would like to give brief instructions on USB FTP setup here 1 Plug the USB device to the USB port on the router Make sure Disk Connected appears on the ...

Page 98: ...B User Management Click Enable to enable FTP Samba User account Here we add a new account user1 and assign authorities Read Write and List to it Click OK to save the configuration 4 Make sure the FTP service is running properly Please open a browser and type ftp 192 168 1 1 Use the account user1 to login ...

Page 99: ...B Application USB Disk Status The information for FTP server will be shown as below 7 Now users in LAN of Vigor3200 can access into the USB storage device by typing ftp 192 168 1 1 on any browser They can add or remove files directories depending on the Access Rule for FTP account settings in USB Application USB User Management ...

Page 100: ...192 168 1 0 24 and 192 168 33 0 24 Note z You can still setup two VPN trunk groups over 4 WAN connections between the networks 192 168 1 0 24 and 192 168 33 0 24 But the VPN traffic can just pass through one VPN trunk group z You can create arbitrary number of VPN trunk groups between Vigor3200 and Vigor3300 for different VPN network pairs For example suppose there is another network 192 168 10 0 ...

Page 101: ...ser s Guide 91 Settings for Vigor 3200 1 Open VPN and Remote Access LAN to LAN Choose Index number 1 for configuring a VPN LAN to LAN profile 2 In the following page please configure the settings as the following figure ...

Page 102: ...User s Guide 92 3 Click OK to save the configuration and return to previous page Choose Index number 2 for configuring another VPN LAN to LAN profile 4 In this page please configure the settings as the following figure ...

Page 103: ...e 93 5 Click OK to save the configuration 6 Open VPN and Remote Access VPN TRUNK Management Add these VPN profiles to the VPN Trunk and set Load Balance as the Attribute Mode 7 Click Advanced for specifying Load Balance Algorithm ...

Page 104: ...connection status by viewing the page of VPN and Remote Access Connection Management Transferred packets Tx Pkts will keep increasing through both tunnels when outgoing packets sent to the remote VPN network Settings for Vigor3300 1 Open VPN IPSec VPN Trunk Policy Table Choose Index 1 and click Edit ...

Page 105: ...e please configure the settings as the following figure 3 Click Apply to save the configuration and return to previous page Choose Index 2 for configuring another VPN Trunk policy 4 In this page please configure the settings as the following figure ...

Page 106: ...guration 6 Open VPN VPN Trunk Group Table to group these two VPN policies 7 Choose Index 1 and click Edit Add these two VPN profiles wan1 and wan2 to a VPN Trunk Now one pair VPN trunk between Vigor3200 192 168 1 0 24 and Vigor3300 192 168 33 0 24 has be established ...

Page 107: ...rver dial in site LAN1 192 168 33 0 24 LAN2 192 168 10 0 24 WAN 1 IP 202 211 110 100 Local GRE IP 10 0 0 2 Remote GRE IP 10 0 0 1 WAN 2 IP 202 211 120 100 Local GRE IP 10 0 0 4 Remote GRE IP 10 0 0 3 WAN 3 IP 202 211 130 100 Local GRE IP 10 0 0 6 Remote GRE IP 10 0 0 5 WAN 4 IP 202 211 140 100 Local GRE IP 10 0 0 8 Remote GRE IP 10 0 0 7 Settings for Vigor 3200 1 Open VPN and Remote Access LAN to ...

Page 108: ...ation is the same as Scenario 1 Profile 1 and Profile 2 are one pair Profile 3 and Profile 4 are the other pair 4 When the VPN trunk is successfully connected you may check the connection status by viewing the page of VPN and Remote Access Connection Management Transferred packets Tx Pkts will keep increasing through both tunnels when outgoing packets sent to the remote VPN network ...

Page 109: ...nced LAN VLAN Choose the tab of 802 1Q VLAN Configure the settings as the following figure 2 Next open Network LAN Set two LAN subnet LAN1 192 168 33 0 24 and LAN2 192 168 10 0 24 3 Click Apply 4 Open VPN IPSec VPN Trunk Policy Table to create VPN Trunk policy The way ...

Page 110: ...pen VPN VPN Trunk Group Table to group these VPN policies Group two VPN policies as the following figure and then click Apply The way to configure the setting is the same as Scenario 1 Now two pair VPN trunk between Vigor3200 192 168 1 0 24 and Vigor3300 192 168 33 0 24 has be established ...

Page 111: ...n easy method to quick setup the connection mode for the router Moreover if you want to adjust more settings for different WAN modes please go to WAN group 4 4 1 1 1 1 B Ba as si ic cs s o of f I In nt te er rn ne et t P Pr ro ot to oc co ol l I IP P N Ne et tw wo or rk k IP means Internet Protocol Every device in an IP based Network including routers print server and host PCs needs an IP address ...

Page 112: ...er Ethernet PPPoE connects a network of hosts via an access device to a remote access concentrator or aggregation concentrator This implementation provides users with significant ease of use Meanwhile it provides access control billing and type of service according to user requirement When a router begins to connect to your ISP a serial of discovery process will occur to ask for a connection Then ...

Page 113: ...ugh the network Each WAN port can connect to different ISPs even if the ISPs use different technology to provide telecommunication service such as DSL Cable modem etc If any connection problem occurred on one of the ISP connections all the traffic will be guided and switched to the normal communication port for proper operation This webpage allows you to set general setup for WAN1 to WAN5 respecti...

Page 114: ... the downstream and upstream rate of such WAN interface Active Mode Display whether such WAN interface is Active device or backup device Always On Display that such WAN interface is active Backup WAN Display the Backup WAN interface for such WAN when it is disabled Note In default each WAN is enabled F Fo or r W WA AN N1 1 W WA AN N4 4 E Et th he er rn ne et t WAN1 WAN4 are fixed with physical mod...

Page 115: ...number to all packets on the WAN while sending them out Disable Disable the function of VLAN with tag Tag value Type the value as the VLAN ID number The range is form 0 to 4095 Priority Type the number for such VLAN The range is from 0 to 7 Send Mail Alert if line drops out Check the box to enable this function When the network connection is off the system will send a mail alert to notify the admi...

Page 116: ... the settings for this WAN interface Choose No to disable the settings for this WAN interface Display Name Type the description for such WAN interface Physical Mode Display the physical mode of such WAN interface Physical type For such WAN interface is fixed to USB network connection it is not necessary to specify physical type Line Speed If your choose According to Line Speed as the Load Balance ...

Page 117: ... will be selected to backup multiple WANs However ignore this setting if you want to backup a single WAN When any WAN disconnect WAN1 will be activated when any WAN interface disconnects When all WAN disconnect WAN1 will be activated when all the WAN interfaces disconnect After finished the above settings click OK to save the settings 4 4 1 1 3 3 I In nt te er rn ne et t A Ac cc ce es ss s For the...

Page 118: ...de It shows the physical connection for WAN1 WAN4 Ethernet WAN5 3G USB Modem according to the real network connection Access Mode Use the drop down list to choose a proper access mode The details page of that mode will be popped up If not click Details Page for accessing the page to configure the settings Details Page This button will open different web page according to the access mode that you c...

Page 119: ...er your allocated username password and authentication parameters according to the information provided by your ISP Username Type in the username provided by ISP in this field Password Type in the password provided by ISP in this field Index 1 15 in Schedule Setup You can type in four sets of time schedule for your request All the schedules can be set previously in Application Schedule web page an...

Page 120: ...ireless LAN If you check this box PCs on the same wireless network can use another set of PPPoE session different with the Host PC to access into Internet PPP MP Setup PPP Authentication Select PAP only or PAP or CHAP for PPP If you want to connect to Internet all the time you can check Always On Idle Timeout Set the timeout for breaking down the Internet after passing through the time without any...

Page 121: ... e f fo or r S St ta at ti ic c o or r D Dy yn na am mi ic c I IP P i in n W WA AN N1 1 W WA AN N4 4 For static IP mode you usually receive a fixed public IP address or a public subnet namely multiple public IP addresses from your DSL or Cable ISP service providers In most cases a Cable service provider will offer a fixed public IP while a DSL service provider will offer a public subnet If you hav...

Page 122: ...able PING to keep alive box to activate this function PING to the IP If you enable the PING function please specify the IP address for the system to PING it for keeping alive PING Interval Enter the interval for the system to execute the PING operation WAN Connection Detection Such function allows you to verify whether network connection is alive or not through ARP Detect or Ping Detect Mode Choos...

Page 123: ...P address manually WAN IP Alias If you have multiple public IP addresses and would like to utilize them on the WAN interface please use WAN IP Alias You can set up to 8 public IP addresses other than the current one you are using Obtain an IP address automatically Click this button to obtain the IP address automatically if you want to use Dynamic IP mode Router Name Type in the router name provide...

Page 124: ...ss authentication In such cases you need to click the Specify a MAC Address and enter the MAC address in the MAC Address field DNS Server IP Address Type in the primary IP address for the router if you want to use Static IP mode If necessary type in secondary IP address for necessity in the future After finishing all the settings here please click OK to activate them ...

Page 125: ...isable Click this radio button to close the connection through PPTP or L2TP Server Address Specify the IP address of the PPTP L2TP server if you enable PPTP L2TP client mode Specify Gateway IP Address Specify the gateway IP address for DHCP server ISP Access Setup Username Type in the username provided by ISP in this field Password Type in the password provided by ISP in this field Index 1 15 in S...

Page 126: ...hem on the WAN interface please use WAN IP Alias You can set up to 8 public IP addresses other than the current one you are using Fixed IP Usually ISP dynamically assigns IP address to you each time you connect to it and request In some case your ISP provides service to always assign you the same IP address whenever you request In this case you can fill in this IP address in the Fixed IP field Ple...

Page 127: ...e closed and all the settings that you adjusted in this page will be invalid SIM PIN code Type PIN code of the SIM card that will be used to access Internet Modem Initial String Such value is used to initialize USB modem Please use the default value If you have any question please contact to your ISP APN Name APN means Access Point Name which is provided and required by some ISPs Type the name and...

Page 128: ...that you have set in that web page WAN Connection Detection Such function allows you to verify whether network connection is alive or not through ARP Detect or Ping Detect Mode Choose ARP Detect or Ping Detect for the system to execute for WAN detection Ping IP If you choose Ping Detect as detection mode you have to type IP address in this field for pinging TTL Time to Live Displays value for your...

Page 129: ...ollows Item Description Index Click the number of index to access into the load balance policy configuration web page Enable Check this box to enable this policy Protocol Use the drop down menu to change the protocol for the WAN interface WAN Use the drop down menu to change the WAN interface Src IP Start Displays the IP address for the start of the source IP Src IP End Displays the IP address for...

Page 130: ...face is failover Src IP Start Type the source IP start for the specified WAN interface Src IP End Type the source IP end for the specified WAN interface If this field is blank it means that all the source IPs inside the LAN will be passed through the WAN interface Dest IP Start Type the destination IP start for the specified WAN interface Dest IP End Type the destination IP end for the specified W...

Page 131: ... L LA AN N The most generic function of Vigor router is NAT It creates a private subnet of your own As mentioned previously the router will talk to other public hosts on the Internet by using public IP address and talking to local hosts by using its private IP address What NAT does is to translate the packets from public IP address to private IP address to forward the right packets to the right ho...

Page 132: ...h ha at t i is s R Ro ou ut ti in ng g I In nf fo or rm ma at ti io on n P Pr ro ot to oc co ol l R RI IP P Vigor router will exchange routing information with neighboring routers using the RIP to accomplish IP routing This allows users to change the information of the router such as IP address and the routers will automatically inform for each other W Wh ha at t i is s S St ta at ti ic c R Ro ou ...

Page 133: ...ra al l S Se et tu up p This page provides you the general settings for LAN Vigor3200 series provides four LANs one DMZ and one IP Routed Subnet Click LAN to open the LAN settings page and choose General Setup There are four subnets provided by the router which allow users to divide groups into different subnets LAN1 LAN4 In addition different subnets can link for each other by configuring Inter L...

Page 134: ...N configuration LAN1 is configured with DHCP in default If required please check the DHCP box for each LAN IP Address Display the IP address of the LAN configuration Display the IP address for each LAN item Such information is set in default and you can not modify it Details Page Click it to access into the setting page Each LAN will have different LAN configuration page Each LAN must be configure...

Page 135: ...rmines the size of the network Default 255 255 255 0 24 RIP Protocol Control Disable deactivates the RIP protocol It will lead to a stoppage of the exchange of routing information between routers Default Enable can activate the RIP protocol DHCP Server Configuration DHCP stands for Dynamic Host Configuration Protocol The router by factory default acts a DHCP server for your network so it automatic...

Page 136: ...ave a unique IP address also they may have a human friendly easy to remember name such as www yahoo com The DNS server converts the user friendly name into its equivalent IP address Force DNS manual setting Force Vigor router to use DNS servers in this page instead of DNS servers given by the Internet Access server PPPoE PPTP L2TP or DHCP server Primary IPAddress You must specify a DNS server IP a...

Page 137: ...igor router LAN2 LAN4 are used for different subnets Available settings are explained as follows Item Description Network Configuration Click Enable to enable such configuration Click Disable to disable such configuration For NAT Usage Click this item to invoke NAT usage For Routing Usage Click this item to invoke Routing usage IPAddress Type in private IP address for connecting to a local private...

Page 138: ...Start IPAddress Enter a value of the IP address pool for the DHCP server to start with when issuing IP addresses If the 1st IP address of your router is 192 168 1 1 the starting IP address must be 192 168 1 2 or greater but smaller than 192 168 1 254 IP Pool Counts Enter the maximum number of PCs that you want the DHCP server to assign IP addresses to The default is 50 and the maximum is 253 Gatew...

Page 139: ...rect the DHCP request to the specified location Enable Server Let the router assign IP address to every host in the LAN Disable Server Let you manually assign IP address to every host in the LAN Start IPAddress Enter a value of the IP address pool for the DHCP server to start with when issuing IP addresses If the 1st IP address of your router is 192 168 9 10 the starting IP address must be 192 168...

Page 140: ...ge of the exchange of routing information between routers Default Enable Trigger the router to exchange the entire routing table with the other nodes in the same subnet by sending receiving RIP packets DHCP Server Configuration DHCP stands for Dynamic Host Configuration Protocol The router by factory default acts a DHCP server for your network so it automatically dispatch related IP settings to an...

Page 141: ...the correct subnet to the correct host So those hosts in 2nd subnet won t get an IP address belonging to 1st subnet Add Type the MAC address in the boxes and click this button to add Delete Click it to delete the selected MAC address Edit Click it to edit the selected MAC address Cancel Click it to cancel the job of adding deleting and editing After finishing all the settings here please click OK ...

Page 142: ... Router B 192 168 1 3 z have set Main Router 192 168 1 1 as the default gateway for the Router A 192 168 1 2 Before setting Static Route user A cannot talk to user B for Router A can only forward recognized packets to its default gateway Main Router 1 Go to LAN page and click General Setup select 1st Subnet as the RIP Protocol Control Then click the OK button Note There are two reasons that we hav...

Page 143: ...s all packets destined to 192 168 10 0 will be forwarded to 192 168 1 2 Click OK 3 Return to Static Route Setup page Click on another Index Number to add another static route as show below which regulates all packets destined to 211 100 88 0 will be forwarded to 192 168 1 3 4 Go to Diagnostics and choose Routing Table to verify current routing table ...

Page 144: ...nction of VLAN with tag The router will add specific VLAN number to all packets on the LAN while sending them out Please type the tag value and specify the priority for the packets sending by LAN VID Type the value as the VLAN ID number The range is form 0 to 4095 Priority Type the packet priority number for such VLAN The range is from 0 to 7 LAN Port Check this box to make the VLAN settings such ...

Page 145: ... This function is used to bind the IP and MAC address in LAN to have a strengthening control in network When this function is enabled all the assigned IP and MAC address binding together cannot be changed If you modified the binding IP or MAC address it might cause you not access into the Internet Click LAN and click Bind IP to MAC to open the setup page Available settings are explained as follows...

Page 146: ...elected IP address and MAC address that you create before Delete You can remove any item listed in IP Bind List Simply click and select the one and click Delete The selected item will be removed from the IP Bind List Note Before you select Strict Bind you have to bind one set of IP MAC address for one PC If not no one of the PCs can access into Internet And the web configurator of the router might...

Page 147: ...function Mirror Port Select a port to view traffic sent from mirrored ports At present only WAN4 will be treated as mirror port When Port Mirror is enabled the Mirror Port WAN4 will be disabled Mirrored port Select which ports LAN port or WAN port are necessary to be mirrored P1 represents LAN port After finishing all the settings here please click OK to save the configuration ...

Page 148: ...the router will do the inversion based on its table Therefore the internal host can communicate with external host smoothly The benefit of the NAT includes z Save cost on applying public IP address and apply efficient usage of IP address NAT allows the internal IP addresses of local hosts to be translated into one public IP address thus you can have only one IP address on behalf of the entire inte...

Page 149: ...zed by all users Since the server is actually located inside the LAN the network well protected by NAT of the router and identified by its private IP address port the goal of Port Redirection function is to forward all access request with public IP address from external users to the mapping private IP address port of the server The port redirection can only apply to incoming traffic To use this fu...

Page 150: ...ble Check this box to enable such port redirection setting Mode Two options Single and Range are provided here for you to choose To set a range for the specific service select Range In Range mode if the public port start port and end port and the starting IP of private IP had been entered the system will calculate and display the ending IP of private IP automatically Service Name Enter the descrip...

Page 151: ...n Note that the router has its own built in services servers such as Telnet HTTP and FTP etc Since the common port numbers of these services servers are all the same you may need to reset the router in order to avoid confliction For example the built in web configurator in the router is with default port 80 which may conflict with the web server in the local network http 192 168 1 13 80 Therefore ...

Page 152: ... surfing and other such Internet activities from other clients will continue to work without inappropriate interruption DMZ Host allows a defined internal user to be totally exposed to the Internet which usually helps some special applications such as NetMeeting or Internet Games etc The security properties of NAT are somewhat bypassed if you set up DMZ host We suggest you to add additional filter...

Page 153: ...button and then a window will automatically pop up as depicted below The window consists of a list of private IP addresses of all hosts in your LAN network Select one private IP address in the list to be the DMZ host When you have selected one private IP from the above dialog the IP address will be shown on the following screen Click OK to save the setting DMZ Host for WAN2 WAN5 are slightly diffe...

Page 154: ...private IP address of the DMZ host or click Choose PC to select one Choose PC Click this button and then a window will automatically pop up as depicted below The window consists of a list of private IP addresses of all hosts in your LAN network Select one private IP address in the list to be the DMZ host When you have selected one private IP from the above dialog the IP address will be shown on th...

Page 155: ...ption Index Indicate the relative number for the particular entry that you want to offer service in a local host You should click the appropriate index number to edit or clear the corresponding entry Comment Specify the name for the defined network service WAN Interface Display the WAN interface used by such index Local IP Address Display the private IP address of the local host offering the servi...

Page 156: ...tion Start Port Specify the starting port number of the service offered by the local host End Port Specify the ending port number of the service offered by the local host After finishing all the settings here please click OK to save the configuration 4 4 3 3 4 4 A Ad dd dr re es ss s M Ma ap pp pi in ng g This page is used to map specific private IP to specific WAN IP alias If you have a group of ...

Page 157: ...You should click the appropriate index number to edit or clear the corresponding entry Protocol Display the protocol used for this address mapping Public IP Display the public IP address selected for this entry e g 172 16 3 102 Private IP Display the private IP set for this address mapping e g 192 168 1 10 Mask Display the subnet mask selected for this address mapping Status Display the status for...

Page 158: ...t to be compared with the Public IP address for incoming packets Subnet Mask Select a value of subnet mask for private IP address After finishing all the settings here please click OK to save the configuration 4 4 3 3 5 5 P Po or rt t T Tr ri ig gg ge er ri in ng g Port Triggering is a variation of open ports function The key difference between open port and port triggering is z Once the OK button...

Page 159: ...s Triggering Port Display the port of the triggering packets Incoming Protocol Display the protocol for the incoming data of such triggering profile Incoming Port Display the port for the incoming data of such triggering profile Status Display if the rule is active or de active Click the index number link to open the configuration page Available settings are explained as follows Item Description E...

Page 160: ...ggering profile Triggering Port Type the port or port range for such trigger profile Incoming Protocol When the triggering packets received it is expected the incoming packets will use the selected protocol Select the protocol TCP UDP or TCP UDP for the incoming data of such triggering profile Incoming Port Type the port or port range for the incoming packets After finishing all the settings here ...

Page 161: ...tion SPI tracks packets and denies unsolicited incoming data z Selectable Denial of Service DoS Distributed DoS DDoS attacks protection I IP P F Fi il lt te er rs s Depending on whether there is an existing Internet connection or in other words the WAN link status is up or down the IP filter architecture categorizes traffic into two Call Filter and Data Filter z Call Filter When there is no existi...

Page 162: ...tem s resource while the vulnerability attacks will try to paralyze the system by offending the vulnerabilities of the protocol or operation system The DoS Defense function enables the Vigor router to inspect every incoming packet based on the attack signature database Any malicious packet that might duplicate itself to paralyze the host in the secure LAN will be strictly blocked and a Syslog mess...

Page 163: ...Filter and Data Filter determine general rule for filtering the incoming and outgoing data Available settings are explained as follows Item Description Call Filter Check Enable to activate the Call Filter function Assign a start filter set for the Call Filter Data Filter Check Enable to activate the Data Filter function Assign a start filter set for the Data Filter Accept large incoming Some on li...

Page 164: ...au ul lt t R Ru ul le e P Pa ag ge e Such page allows you to choose filtering profiles including QoS Load Balance policy WCF APP Enforcement URL Content Filter AI AV AS for data transmission via Vigor router Available settings are explained as follows Item Description Filter Select Pass or Block for the packets that do not match with the filter rules Sessions Control The number typed here is the t...

Page 165: ...ndard configured in the APP Enforcement profile selected here For detailed information refer to the section of APP Enforcement profile setup For troubleshooting needs you can specify to record information for IM P2P by checking the Log box It will be sent to Syslog server Please refer to section Syslog Mail Alert for more detailed information URL Content Filter Select one of the URL Content Filter...

Page 166: ...ge This function is used to compare the characters among different languages Choose correct codepage can help the system obtaining correct ASCII after decoding data from URL and enhance the correctness of URL Content Filter The default value for this setting is ANSI 1252 Latin I If you do not choose any codepage no decoding job of URL will be processed Please use the drop down list to choose a cod...

Page 167: ...Vigor3200 Series User s Guide 157 Item Description best utilization of network resources After finishing all the settings here please click OK to save the configuration ...

Page 168: ...ule Available settings are explained as follows Item Description Filter Rule Click a button numbered 1 7 to edit the filter rule Click the button will open Edit Filter Rule web page For the detailed information refer to the following page Active Enable or disable the filter rule Comment Enter filter set comments description Maximum length is 23 character long Move Up Down Use Up or Down link to mo...

Page 169: ...s 14 character long Index 1 15 Set PCs on LAN to work at certain time interval only You may choose up to 4 schedules out of the 15 schedules pre defined in Applications Schedule setup The default setting of this field is blank and the function will always work Clear sessions when schedule ON Check this box to clear all the sessions when the schedule is configured and specified above Direction Set ...

Page 170: ...ou want to use the IP range from defined groups or objects please choose Group and Objects as the Address Type From the IP Group drop down list choose the one that you want to apply Or use the IP Object drop down list to choose the object that you want Service Type Click Edit to access into the following dialog to choose a suitable service type To set the service type manually please choose User d...

Page 171: ...y the rule to unfragmented packets Fragmented Apply the rule to fragmented packets Too Short Apply the rule only to packets that are too short to contain a complete header Filter Specifies the action to be taken when packets match the rule Block Immediately Packets matching the rule will be dropped immediately Pass Immediately Packets matching the rule will be passed immediately Block If No Furthe...

Page 172: ...n this page to create a new profile All the hosts in LAN must follow the standard configured in the APP Enforcement profile selected here For detailed information refer to the section of APP Enforcement profile setup For troubleshooting needs you can specify to record information for IM P2P by checking the Log box It will be sent to Syslog server Please refer to section Syslog Mail Alert for more ...

Page 173: ...e Codepage This function is used to compare the characters among different languages Choose correct codepage can help the system obtaining correct ASCII after decoding data from URL and enhance the correctness of URL Content Filter The default value for this setting is ANSI 1252 Latin I If you do not choose any codepage no decoding job of URL will be processed Please use the drop down list to choo...

Page 174: ...a flow which matched with the firewall rule DrayTek Banner Please uncheck this box and the following screen will not be shown for the unreachable web page The default setting is Enabled Strict Security Checking All the packets while transmitting through Vigor router will be filtered by firewall settings configured by Vigor router When the resource is inadequate the packets will be blocked if Stric...

Page 175: ...f two IP filters call filter or data filter You may preset 12 call filters and data filters in Filter Setup and even link them in a serial manner Each filter set is composed by 7 filter rules which can be further defined After that in General Setup you may specify one set for call filter and one set for data filter to execute first ...

Page 176: ...ackets from the Internet has exceeded the defined value the Vigor router will start to randomly discard the subsequent TCP SYN packets for a period defined in Timeout The goal for this is prevent the TCP SYN packets attempt to exhaust the limited resource of Vigor router By default the threshold and timeout values are set to 50 packets per second and 10 seconds respectively Enable UDP flood defens...

Page 177: ... the Land attacks The Land attack combines the SYN attack technology with IP spoofing A Land attack occurs when an attacker sends spoofed SYN packets with the identical source and destination addresses as well as the port number to victims Block Smurf Check the box to activate the Block Smurf function The Vigor router will ignore any broadcasting ICMP echo request Block trace router Check the box ...

Page 178: ...Block Unknown Protocol function Individual IP packet has a protocol field in the datagram header to indicate the protocol type running over the upper layer However the protocol types greater than 100 are reserved and undefined at this time Therefore the router should have ability to detect and reject this kind of packets Warning Messages We provide Syslog function for user to retrieve message from...

Page 179: ...ules configured under Firewall usually are applied to the host the one that the router installed only With user management the rules can be applied to every user connected to the router with customized profiles Note If Transparency Mode is selected in Firewall General Setup User Management cannot be used any more Please uncheck Transparency Mode first if you want to utilize user management to hand...

Page 180: ...please click OK to save the configuration 4 4 5 5 2 2 U Us se er r P Pr ro of fi il le e R Re es se er rv ve ed d This page allows you to set customized profiles up to 200 which will be applied for users controlled under User Management Simply open User Management User Profile Reserved To set the user profile please click any index number link to open the following page Notice that profile 1 Admin...

Page 181: ... wug123 wug456 etc When a user tries to access Internet through this router an authentication step must be performed first The user has to type the password specified here to pass the authentication When the user passes the authentication he she can access Internet via this router with the limitation configured in this user profile Confirm Password Type the password again for confirmation Idle Tim...

Page 182: ...y itself or by external service such as LDAP server or Radius server If LDAP or Radius is selected here it is not necessary to configure the password setting above Log Time of login log out block unblock for the user s can be sent to and displayed in Syslog Please choose any one of the log items to take down relational records for the user s Pop Browser Tracking Window If such function is enabled ...

Page 183: ...urator of Vigor3200 series with the user name and password specified in this profile he she will be lead into the web page configured in Landing Page field in User Management General Setup Check this box to enable such function Enable Time Quota Time quota means the total connection time allowed by the router for the user with such profile Check the box to enable the function of time quota The fir...

Page 184: ...user profiles objects from User Profile page within one user group All the available user objects that you have created will be shown in this box Notice that user object Admin and Dial In User are factory settings User defined profiles will be numbered with 3 4 5 and so on Selected User Objects Click button to add the selected user objects in this box After finishing all the settings here please c...

Page 185: ...refresh this page manually Index Display the number of the data flow Active User Display the users which connect to Vigor router currently You can click the link under the username to open the user profile setting page for that user IP Address Display the IP address of the device Last Login Time Display the login time that such user connects to the router last time Expired Time Display the expired...

Page 186: ...ing conveniently Later we can select that object group that can apply it For example all the IPs in the same department can be defined with an IP object a range of IP address 4 4 6 6 1 1 I IP P O Ob bj je ec ct t You can set up to 192 sets of IP Objects with different conditions Available settings are explained as follows Item Description Name Display a name for this profile Set to Factory Default...

Page 187: ...tting in Edit Filter Rule then all the IP addresses specified with LAN interface will be opened for you to choose in Edit Filter Rule page Address Type Determine the address type for the IP address Select Single Address if this object contains one IP address only Select Range Address if this object contains several IPs within a range Select Subnet Address if this object contains one subnet for IP ...

Page 188: ... Address type is selected Invert Selection If it is checked all the IP addresses except the ones listed above will be applied later while it is chosen Below is an example of IP objects settings 4 4 6 6 2 2 I IP P G Gr ro ou up p This page allows you to bind several IP objects into one IP group Available settings are explained as follows Item Description Name Display a name for this IP group profil...

Page 189: ...5 characters are allowed Interface Choose WAN LAN or Any to display all the available IP objects with the specified interface Available IP Objects All the available IP objects with the specified interface chosen above will be shown in this box Selected IP Objects Click button to add the selected IP objects in this box After finishing all the settings here please click OK to save the configuration ...

Page 190: ...onditions Available settings are explained as follows Item Description Name Display a name for this profile Set to Factory Default Clear all profiles Click the number under Index column for settings in detail Available settings are explained as follows Item Description Name Type a name for this profile Protocol Specify the protocol s which this profile will apply to ...

Page 191: ...ndicates a range for the port and available for this profile when the first and last value are the same it indicates all the ports except the port defined here when the first and last values are different it indicates that all the ports except the range defined here are available for this service type the port number greater than this value is available the port number less than this value is avai...

Page 192: ... er rv vi ic ce e T Ty yp pe e G Gr ro ou up p This page allows you to bind several service types into one group Available settings are explained as follows Item Description Name Display a name for this profile Set to Factory Default Clear all profiles ...

Page 193: ...on Name Type a name for this profile Available Service Type Objects All the available service objects that you have added on Objects Setting Service Type Object will be shown in this box Selected Service Type Objects Click button to add the selected IP objects in this box After finishing all the settings here please click OK to save the configuration ...

Page 194: ...rofiles for choosing as black white list in CSM URL Web Content Filter Profile Available settings are explained as follows Item Description Name Display a name for this profile Set to Factory Default Clear all profiles Click the number under Index column for setting in detail Available settings are explained as follows ...

Page 195: ...irewall settings After finishing all the settings here please click OK to save the configuration 4 4 6 6 6 6 K Ke ey yw wo or rd d G Gr ro ou up p This page allows you to bind several keyword objects into one group The keyword groups set here will be chosen as black white list in CSM URL Web Content Filter Profile Available settings are explained as follows Item Description Name Display a name for...

Page 196: ...s here please click OK to save the configuration 4 4 6 6 7 7 F Fi il le e E Ex xt te en ns si io on n O Ob bj je ec ct t This page allows you to set eight profiles which will be applied in CSM URL Content Filter All the files with the extension names specified in these profiles will be processed according to the chosen action Profile 1 with name of default is the default profile some files with th...

Page 197: ...r configuration in details Available settings are explained as follows Item Description Profile Name Type a name for this profile Type a name for such profile and check all the items of file extension that will be processed in the router Finally click OK to save this profile ...

Page 198: ...g Because it checks the URL strings or some of HTTP data hiding in the payload of TCP packets while legacy firewall inspects packets based on the fields of TCP IP headers only On the other hand Vigor router can prevent user from accidentally downloading malicious codes from web pages It s very common that malicious codes conceal in the executable objects such as ActiveX Java Applet compressed file...

Page 199: ... applied in Default Rule of Firewall General Setup for filtering Each item is explained as follows Item Description Set to Factory Default Clear all profiles Profile Display the number of the profile which allows you to click to set different policy Name Display the name of the APP Enforcement Profile Click the number under Index column for settings in detail There are four tabs IM P2P Protocol an...

Page 200: ...rofile Select All Click it to choose all of the items in this page Clear All Uncheck all the selected boxes After finishing all the settings here please click OK to save the configuration The profiles configured here can be applied in the Firewall General Setup and Firewall Filter Setup pages as the standard for the host s to follow Below shows the items which are categorized under P2P ...

Page 201: ...Vigor3200 Series User s Guide 191 Below shows the items which are categorized under Protocol ...

Page 202: ...Vigor3200 Series User s Guide 192 The items categorized under Misc ...

Page 203: ...ts based on the fields of TCP IP headers only On the other hand Vigor router can prevent user from accidentally downloading malicious codes from web pages It s very common that malicious codes conceal in the executable objects such as ActiveX Java Applet compressed files and other executable files Once downloading these types of files from websites you may risk bringing threat to your system For e...

Page 204: ...th configuration set in this page for URL Access Control and Web Feature will be inactive Both Block The router will block all the packages that match with the conditions specified in URL Access Control and Web Feature below When you choose this setting both configuration set in this page for URL Access Control and Web Feature will be inactive Either URL Access Control First When all the packages ...

Page 205: ...ess such as http 202 6 3 2 The reason for this is to prevent someone dodges the URL Access Control You must clear your browser cache first so that the URL content filtering facility operates properly on a web page that you visited before Action This setting is available only when Either URL Access Control First or Either Web Feature First is selected Pass Allow accessing into the corresponding web...

Page 206: ... with the keywords listed on the box below Block Restrict accessing into the corresponding webpage with the keywords listed on the box below If the web pages do not match with the specified feature set here it will be processed with reverse action Cookie Check the box to filter out the cookie transmission from inside to outside world to protect the local user s privacy Proxy Check the box to rejec...

Page 207: ...Vigor3200 Series User s Guide 197 Item Description After finishing all the settings here please click OK to save the configuration ...

Page 208: ... mechanism developed and offered by certain service provider e g DrayTek No matter activating WCF feature or getting a new license for web content filter you have to click Activate to satisfy your request Be aware that service provider matching with Vigor router currently offers a period of time for trial version for users to experiment If you want to purchase a formal edition simply contact with ...

Page 209: ...to be accessed quickly if required Such item can provide accurate URL matching with faster rate L2 the router will check the URL that the user wants to access via WCF If the data has been accessed previously the IP addresses of source and destination IDs will be memorized for a short time about 1 second in the router When the user tries to access the same destination ID the router will check it by...

Page 210: ...ocessed with the categories listed on the box below Block restrict accessing into the corresponding webpage with the characters listed on Group Object Selections If the web pages do not match with the specified feature set here they will be processed with the categories listed on the box below Action Pass allow accessing into the corresponding webpage with the categories listed on the box below Bl...

Page 211: ...e menu items for Bandwidth Management 4 4 8 8 1 1 S Se es ss si io on ns s L Li im mi it t A PC with private IP address can access to the Internet via NAT router The router will generate the records of NAT sessions for such connection The P2P Peer to Peer applications e g BitTorrent always need many sessions for procession and also they will occupy over resources which might result in important ac...

Page 212: ...ch computer in LAN Limitation List Displays a list of specific limitations that you set on this web page Start IP Defines the start IP address for limit session End IP Defines the end IP address for limit session Maximum Sessions Defines the available session number for each host in the specific range of IP addresses If you do not set the session number in this field the system will use the defaul...

Page 213: ...edule web page and you can use the number that you have set in that web page After finishing all the settings here please click OK to save the configuration 4 4 8 8 2 2 B Ba an nd dw wi id dt th h L Li im mi it t The downstream or upstream from FTP HTTP or some P2P applications will occupy large of bandwidth and affect the applications for other programs Please use Limit Bandwidth to make the band...

Page 214: ...speed defined in TX limit and RX limit fields select Shared to make all the IPs within the range of Start IP and End IP share the speed defined in TX limit and RX limit fields TX limit Define the limitation for the speed of the upstream If you do not set the limit in this field the system will use the default speed for the specific limitation you set for each index RX limit Define the limitation f...

Page 215: ...ts to queues and associated service types The basic QoS implementation in Vigor routers is to classify and schedule packets based on the service type information in the IP header For instance to ensure the connection with the headquarter a teleworker may enforce an index of QoS Control to reserve bandwidth for HTTPS connection while using lots of application at the same time One more larger scale ...

Page 216: ... or not Bandwidth Display the inbound and outbound bandwidth setting for the WAN interface Direction Display which direction that such function will influence Class 1 Class2 Class 3 Others Display the bandwidth percentage for each class UDP Bandwidth Control Display the UDP bandwidth control is enabled or not Online Statistics Display an online statistics for quality of service for your reference ...

Page 217: ...interface As to class rule simply click the Edit link to access into next for configuration You can configure general setup for the WAN interface edit the Class Rule and edit the Service Type for the Class Rule for your request O On nl li in ne e S St ta at ti is st ti ic cs s Display an online statistics for quality of service for your reference This feature is available only when the Quality of ...

Page 218: ...to outgoing traffic only BOTH apply to both incoming and outgoing traffic Check this box and click OK then click Setup link again You will see the Online Statistics link appearing on this page WAN Inbound Bandwidth It allows you to set the connecting rate of data input for WAN For example if your ADSL supports 1M of downstream and 256K upstream please set 1000kbps for this box The default value is...

Page 219: ...re great in ADSL2 environment For the download speed might be impacted by the uploading TCP ACK you can check this box to push ACK of upload faster to speed the network traffic Limited_bandwidth Ratio The ratio typed here is reserved for limited bandwidth of UDP application E Ed di it t t th he e C Cl la as ss s R Ru ul le e f fo or r Q Qo oS S 1 The first three Class 1 to Class 3 class rules can ...

Page 220: ...s For Single Address you have to fill in Start IP address For Range Address you have to fill in Start IP address and End IP address For Subnet Address you have to fill in Start IP address and Subnet Mask DiffServ CodePoint All the packets of data will be divided with different levels and will be processed according to the level type by the system Please assign one of the levels of the data for pro...

Page 221: ...e Class If you want to edit an existed rule please select the radio button of that one and click Edit to open the rule edit page for modification E Ed di it t t th he e S Se er rv vi ic ce e T Ty yp pe e f fo or r C Cl la as ss s R Ru ul le e 1 To add a new service type edit or delete an existed service type please click the Edit link under Service Type field ...

Page 222: ... type click Add to open the following page E Ed di it t t th he e S Se er rv vi ic ce e T Ty yp pe e f fo or r C Cl la as ss s R Ru ul le e 1 To add a new service type edit or delete an existed service type please click the Edit link under Service Type field 2 After you click the Edit link you will see the following page ...

Page 223: ... the new service Port Configuration Click Single or Range as the Type If you select Range you have to type in the starting port number and the end porting number on the boxes below Port Number Type in the starting port number and the end porting number here if you choose Range as the type 4 By the way you can set up to 10 service types If you want to edit delete an existed service type please sele...

Page 224: ... or other server behind the router Before you use the Dynamic DNS feature you have to apply for free DDNS service to the DDNS service providers The router provides up to three accounts from three different DDNS service providers Basically Vigor routers are compatible with the DDNS services supplied by most popular DDNS service providers such as www dyndns org www no ip com www dtdns com www change...

Page 225: ...DNS Account and choose correct Service Provider dyndns org type the registered hostname hostname and domain name suffix dyndns org in the Domain Name block The following two blocks should be typed your account Login Name test and Password test Available settings are explained as follows Item Description Enable Dynamic DNS Account Check this box to enable the current account If you did check the bo...

Page 226: ... and use that Public IP to update DDNS server forcefully 4 Click OK button to activate the settings You will see your setting has been saved Disable the Function and Clear all Dynamic DNS Accounts In the DDNS setup menu uncheck Enable Dynamic DNS Setup and push Clear All button to disable the function and clear all accounts from the router Delete a Dynamic DNS Account In the DDNS setup menu click ...

Page 227: ...ed as follows Item Description Set to Factory Default Clear all profiles and recover to factory settings Index Click the number below Index to access into the setting page of schedule Status Display if this schedule setting is active or inactive You can set up to 15 schedules Then you can apply them to your Internet Access or VPN and Remote Access LAN to LAN settings To add a schedule 1 Click any ...

Page 228: ...ce On Force the connection to be always on Force Down Force the connection to be always down Enable Dial On Demand Specify the connection to be dial on demand and the value of idle timeout should be specified in Idle Timeout field Disable Dial On Demand Specify the connection to be up when it has traffic on the line Once there is no traffic over idle timeout the connection will be down and never u...

Page 229: ...0 am to 6 00 pm 1 Make sure the PPPoE connection and Time Setup is working properly 2 Configure the PPPoE always on from 9 00 to 18 00 for whole week 3 Configure the Force Down from 18 00 to next day 9 00 for whole week 4 Assign these two profiles to the PPPoE Internet access profile Now the PPPoE Internet connection will follow the schedule order to perform Force On or Force Down action according...

Page 230: ...ver in performing mutual authentication It enables centralized remote access authentication for network management Available settings are explained as follows Item Description Enable Check to enable RADIUS client feature Server IP Address Enter the IP address of RADIUS server Destination Port The UDP port number that the RADIUS server is using The default value is 1812 based on RFC 2138 Shared Sec...

Page 231: ... service protocols For LDAP is defined to perform inquire and modify the information within the directory and acquire the data in the directory securely therefore users can apply LDAP to search or list the directory object inquire or manage the active directory G Ge en ne er ra al l S Se et tu up p This page allows you to enable the function and specify general settings for LDAP server Available s...

Page 232: ...or LDAP server Use SSL Check it to enable LDAP over SSL LDAPS which is a common method of securing LDAP communication Regular DN Type this setting if Regular Mode is selected as Bind Type Regular Password Specify a password if Regular Mode is selected as Bind Type P Pr ro of fi il le es s You can configure eight AD LDAP profiles These profiles would be used with User Management for different purpo...

Page 233: ...connected devices the ease of installation and configuration which is already available for directly connected PC peripherals with the existing Windows Plug and Play system For NAT routers the major feature of UPnP on the router is NAT Traversal This enables applications inside the firewall to automatically open the ports that they need to pass through a router It is more reliable than requiring a...

Page 234: ... by the application The reminder as regards concern about Firewall and UPnP Can t work with Firewall Software Enabling firewall applications on your PC may cause the UPnP function not working properly This is because these applications will block the accessing ability of some network ports Security Considerations Activating the UPnP function on your network may incur some security threats You shou...

Page 235: ...ble this function The application of multicast will be executed through WAN port In addition such function is available in NAT mode Enable IGMP Snooping Check this box to enable this function Multicast traffic will be forwarded to ports that have members of that group Disabling IGMP snooping will make multicast traffic treated in the same manner as broadcast traffic Group ID This field displays th...

Page 236: ...e settings are explained as follows Item Description Wake by Two types provide for you to wake up the binded IP If you choose Wake by MAC Address you have to type the correct MAC address of the host in MAC Address boxes If you choose Wake by IP Address you have to choose the correct IP address IP Address The IP addresses that have been configured in Firewall Bind IP to MAC will be shown in this dr...

Page 237: ...s of a point to point private link Below shows the menu items for VPN and Remote Access 4 4 1 10 0 1 1 V VP PN N C Cl li ie en nt t W Wi iz za ar rd d Such wizard is used to configure VPN settings for VPN client Such wizard will guide to set the LAN to LAN profile for VPN dial out connection from server to client step by step Available settings are explained as follows Item Description LAN to LAN ...

Page 238: ...s for users to set When you finish the mode and profile selection please click Next to open the following page In this page you have to select suitable VPN type for the VPN client profile There are six types provided here Different type will lead to different configuration page After making the ...

Page 239: ...ient profile please click Next You will see different configurations based on the selection s you made z When you choose PPTP None Encryption or PPTP Encryption you will see the following graphic z When you choose IPSec you will see the following graphic ...

Page 240: ...Vigor3200 Series User s Guide 230 z When you choose L2TP you will see the following graphic z When you choose L2TP over IPSec Nice to Have you will see the following graphic ...

Page 241: ...ill use WAN1 WAN2 WAN3 WAN4 WAN5 as the first channel for VPN connection If WAN1 WAN2 WAN3 WAN4 WAN5 fails the router will use another WAN interface instead WAN1 Only WAN2 Only WAN3 Only WAN4 Only WAN5 Only While connecting the router will use WAN1 WAN2 WAN3 WAN4 WAN5 as the only channel for VPN connection Always On Check to enable router always keep VPN connection Pre Shared Key IKE Authenticatio...

Page 242: ... data will be encrypted and authenticated You may select encryption algorithm from Data Encryption Standard DES Triple DES 3DES and AES User Name This field is used to authenticate for connection when you select PPTP or L2TP with or without IPSec policy above Password This field is used to authenticate for connection when you select PPTP or L2TP with or without IPSec policy above Remote Network IP...

Page 243: ...er r W Wi iz za ar rd d Such wizard is used to configure VPN settings for VPN server Such wizard will guide to set the LAN to LAN profile for VPN dial in connection from client to server step by step Available settings are explained as follows Item Description VPN Server Mode Selection Choose the direction for the VPN server Site to Site VPN To set a LAN to LAN profile automatically please choose ...

Page 244: ...VPN server mode There are 32 VPN tunnels for users to set Allowed Dial in Type This item is available after you choose any one of dial in user account profiles Next you have to select suitable dial in type for the VPN server profile There are several types provided here similar to VPN Client Wizard Different Dial in Type will lead to different configuration page ...

Page 245: ...erver profile 3 After making the choices for the server profile please click Next You will see different configurations based on the selection dial in type you made z When you check PPTP you will see the following graphic z When you check PPTP IPSec L2TP three types or PPTP IPSec two types or L2TP with Policy Nice to Have Must you will see the following graphic ...

Page 246: ...er authentication type for VPN connection Pre Shared Key For IPSec L2TP IPSec authentication you have to type a pre shared key Confirm Pre Shared Key Type the pre shared key again for confirmation Digital Signature X 509 Check the box of Digital Signature to invoke this function Use the drop down list to choose one of the certificates for using You have to configure one certificate at least previo...

Page 247: ... as follows Item Description Go to the VPN Connection Management Click this radio button to access VPN and Remote Access Connection Management for viewing VPN Connection status Do another VPN Server Wizard Setup Click this radio button to set another profile of VPN Server through VPN Server Wizard View more detailed configuration Click this radio button to access VPN and Remote Access LAN to LAN f...

Page 248: ...finishing all the settings here please click OK to save the configuration 4 4 1 10 0 4 4 P PP PP P G Ge en ne er ra al l S Se et tu up p This submenu only applies to PPP related VPN connections such as PPTP L2TP L2TP over IPSec Available settings are explained as follows Item Description Dial In PPP Authentication PAP Only PAP Only elect this option to force the router to authenticate dial in user...

Page 249: ...l Authentication PAP The Mutual Authentication function is mainly used to communicate with other routers or clients who need bi directional authentication in order to provide stronger security for example Cisco routers So you should enable this function when your peer router requires mutual authentication You should further specify the User Name and Password of the mutual authentication peer Assig...

Page 250: ...rt mode will add the AH ESP payload and use original IP header to encapsulate the data payload only It can just apply to local packet e g L2TP over IPSec The Tunnel mode will not only add the AH ESP payload but also use a new IP header Tunneled IP header to encapsulate the whole original IP packet Authentication Header AH provides data authentication and integrity for IP packets passed between VPN...

Page 251: ...from Data Encryption Standard DES Triple DES 3DES and AES After finishing all the settings here please click OK to save the configuration 4 4 1 10 0 6 6 I IP PS Se ec c P Pe ee er r I Id de en nt ti it ty y To use digital certificate for peer authentication in either LAN to LAN connection or Remote User Dial In connection here you may edit a table of peer certificate for selection As shown below t...

Page 252: ... peer regardless of its identity Accept Subject Alternative Name Click to check one specific field of digital signature to accept the peer with matching value The field can be IP Address Domain or E mail Address The box under the Type will appear according to the type you select and ask you to fill in corresponding setting Accept Subject Name Click to check the specific fields of digital signature...

Page 253: ...sers Besides you can extend the user accounts to the RADIUS server through the built in RADIUS client function The following figure shows the summary table Each item will be explained as follows Item Description Set to Factory Default Click to clear all indexes Index Click the number below Index to access into the setting page of Remote Dial in User User Display the username for the specific dial ...

Page 254: ...al in user is idle over the limitation of the timer the router will drop this connection By default the Idle Timeout is set to 300 seconds Allowed Dial In Type PPTP Allow the remote dial in user to make a PPTP VPN connection through the Internet You should set the User Name and Password of remote dial in user below IPSec Tunnel Allow the remote dial in user to make an IPSec VPN connection through ...

Page 255: ...ios Naming Packet z Pass Click it to have an inquiry for data transmission between the hosts located on both sides of VPN Tunnel while connecting z Block When there is conflict occurred between the hosts on both sides of VPN Tunnel in connecting such function can block data transmission of Netbios Naming Packet inside the tunnel Multicast via VPN Some programs might send multicast packets via VPN ...

Page 256: ...P in the mobile phone e g e759bb6f0e94c7ab4fe6 IKE Authentication Method This group of fields is applicable for IPSec Tunnels and L2TP with IPSec Policy when you specify the IP address of the remote node The only exception is Digital Signature X 509 can be set when you select IPSec tunnel either with or without specify the IP address of the remote node Pre Shared Key Check the box of Pre Shared Ke...

Page 257: ...ttings here please click OK to save the configuration 4 4 1 10 0 8 8 L LA AN N t to o L LA AN N Here you can manage LAN to LAN connections by maintaining a table of connection profiles You may set parameters including specified connection direction dial in or dial out connection peer ID connection type VPN connection including PPTP IPSec Tunnel and L2TP by itself or over IPSec and corresponding se...

Page 258: ... box to enable the selected profile Status Indicate the status of individual profiles The symbol V and X represent the profile to be active and inactive respectively To edit each profile 1 Click each index to edit each profile and you will get the following page Each LAN to LAN profile includes 4 subgroups If the fields gray out it means you may leave it untouched The following explanations will g...

Page 259: ...the tunnel Multicast via VPN Some programs might send multicast packets via VPN connection Pass Click this button to let multicast packets pass through the router Block This is default setting Click this button to let multicast packets be blocked by the router Call Direction Specify the allowed call direction of this LAN to LAN profile Both initiator responder Dial Out initiator only Dial In respo...

Page 260: ...se the dial out VPN connection becomes one pure L2TP connection Must Specify the IPSec policy to be definitely applied on the L2TP connection User Name This field is applicable when you select PPTP or L2TP with or without IPSec policy above Password This field is applicable when you select PPTP or L2TP with or without IPSec policy above PPP Authentication This field is applicable when you select P...

Page 261: ...n Use AES encryption algorithm and not apply any authentication scheme AES with Authentication Use AES encryption algorithm and apply MD5 or SHA 1 authentication algorithm Advanced Specify mode proposal and key life of each IKE phase Gateway etc The window of advance setup is shown as below IKE phase 1 mode Select from Main mode and Aggressive mode The ultimate outcome is to exchange security prop...

Page 262: ... defined The default value is 3600 seconds You may specify a value in between 600 and 86400 seconds Perfect Forward Secret PFS The IKE Phase 1 key will be reused to avoid the computation complexity in phase 2 The default value is inactive this function Local ID In Aggressive mode Local ID is on behalf of the IP address while identity authenticating with remote VPN server The length of the ID is li...

Page 263: ...ect above will apply the authentication methods and security methods in the general settings User Name This field is applicable when you select PPTP or L2TP with or without IPSec policy above Password This field is applicable when you select PPTP or L2TP with or without IPSec policy above VJ Compression VJ Compression is used for TCP IP protocol header compression This field is applicable when you...

Page 264: ...ta transmitted on VPN tunnel is really sent out from both sides This is an optional function However if one side wants to use it the peer must enable it too My GRE IP Type the virtual IP for router itself for verified by peer Peer GRE IP Type the virtual IP of peer host for verified by router TCP IP Network Settings My WAN IP This field is only applicable when you select PPTP or L2TP with or witho...

Page 265: ...ute to this VPN tunnel Check this box to change the default route with this VPN tunnel Note that this setting is available only for one WAN interface is enabled It is not available when both WAN interfaces are enabled 2 After finishing all the settings here please click OK to save the configuration 4 4 1 10 0 9 9 V VP PN N T TR RU UN NK K M Ma an na ag ge em me en nt t VPN trunk includes four feat...

Page 266: ... K V VP PN N L Lo oa ad d B Ba al la an nc ce e M Me ec ch ha an ni is sm m VPN Load Balance Mechanism can set multiple VPN tunnels for using as traffic load balance tunnel It can assist users to do effective load sharing for multiple VPN tunnels according to real line bandwidth Moreover it offers three types of algorithms for load balancing and binding tunnel policy mechanism to let the administr...

Page 267: ... Backup Profile field v means such profile is enabled x means such profile is disabled Name on Backup Profile field Display the name of VPN TRUNK VPN Backup mechanism profile Member1 on Backup Profile field Display the dial out profile selected from the Member1 drop down list below Active on Backup Profile field Yes means normal condition No means the state might be disabled or that profile curren...

Page 268: ...hanism profile No The order of VPN TRUNK VPN Load Balance mechanism profile Status v means such profile is enabled x means such profile is disabled Name Display the name of VPN TRUNK VPN Load Balance mechanism profile Member1 Display the dial out profile selected from the Member1 drop down list below Active Yes means normal condition No means the state might be disabled or that profile currently i...

Page 269: ...profiles configured in VPN and Remote Access LAN to LAN for you to choose for grouping under certain VPN TRUNK VPN Backup Load Balance mechanism profile No Index number of LAN to LAN dial out profile Name Profile name of LAN to LAN dial out profile Connection Type Connection type of LAN to LAN dial out profile VPN ServerIP Private Network VPN Server IP of LAN to LAN dial out profiles Aactive Mode ...

Page 270: ...ance for dialing out T Ti im me e f fo or r a ac ct ti iv va at ti in ng g V VP PN N T TR RU UN NK K D Di ia al l o ou ut t w wh he en n V VP PN N L Lo oa ad d B Ba al la an nc ce e D Di is sc co on nn ne ec ct te ed d For there is one Tunnel created and connected successfully to keep the load balance effect between two tunnels auto dial will be executed within two seconds To close two tunnels of ...

Page 271: ...p pr ro of fi il le e 1 Please go to LAN to LAN to set a profile with IPSec 2 If the router will be used as the VPN Server i e with virtual address 192 168 50 200 Please type 192 168 50 200 in the field of My GRE IP Type IP address 192 168 50 100 of the client in the field of Peer GRE IP See the following graphic for an example 3 Later on peer side as VPN Client please type 192 168 50 100 in the f...

Page 272: ...nd Robin Based on packet base both tunnels will send the packet alternatively Such method can reach the balance of packet transmission with fixed rate Weighted Round Robin Such method can reach the balance of packet transmission with flexible rate It can be divided into Auto Weighted and According to Speed Ratio Auto Weighted can detect the device speed 10Mbps 100Mbps and switch with fixed value r...

Page 273: ...cified here TCP means when the source IP destination IP destination port and fragment conditions match with the settings specified here and TCP Service Port also fits the number here such binding tunnel table can be established UDP means when the source IP destination IP destination port and fragment conditions match with the settings specified here and UDP Service Port also fits the number here s...

Page 274: ... Binding Src IP range Start and End and Binding Des IP range Start and End Choose TCP UDP IGMP ICMP or Other as Binding Protocol Advanced Backup Available settings are explained as follows Item Description Profile Name List the backup profile name ERD Mode ERD means Environment Recovers Detection Normal choose this mode to make all dial out VPN TRUNK backup profiles being activated alternatively R...

Page 275: ...PN connection by clicking Drop button You may also aggressively Dial out by using Dial out Tool and clicking Dial button Available settings are explained as follows Item Description Dial out Tool General Mode This filed displays the profile configured in LAN to LAN with Index number and VPN Server IP address The VPN connection built by General Mode does not support VPN backup function Backup Mode ...

Page 276: ...isplay the name of the VPN profile Type Display the VPN connection mode such as PPTP or IPSec Remote IP Display the IP address of remote peer Virtual Network Display the remote network IP address with subnet address Tx Pkts Display the transmission packets passing through such VPN channel Tx Rate Display the transmission rate for data through such VPN tunnel Rx Pkts Display the receiving packets p...

Page 277: ...nd set trusted CA certificates Remember to adjust the time of Vigor router before using the certificate so that you can get the correct valid period of certificate Below shows the menu items for Certificate Management 4 4 1 11 1 1 1 L Lo oc ca al l C Ce er rt ti if fi ic ca at te e Available settings are explained as follows Item Description Generate Click this button to open Generate Certificate ...

Page 278: ...or router allows you to generate a certificate request and submit it the CA server then import it as Local Certificate If you have already gotten a certificate from a third party you may import it directly The supported types are PKCS12 Certificate and Certificate with a private key Click this button to import a saved file as the certification information There are three types of local certificate...

Page 279: ...n as OK Upload PKCS12 Certificate It allows users to import the certificate whose extensions are usually pfx or p12 And these certificates usually need passwords Note PKCS12 is a standard for storing private keys and certificates securely It is used in among other things Netscape and Microsoft Internet Explorer with their import and export options Upload Certificate and Private Key It is useful wh...

Page 280: ...n to view the detailed settings for certificate request Note You have to copy the certificate request information from above window Next access your CA server and enter the page of certificate request copy the information into it and submit a request A new certificate will be issued to you by the CA server You can save it ...

Page 281: ...lick IMPORT to open the following window Use Browse to find out the saved text file Then click Import The one you imported will be listed on the Trusted CA Certificate window Then click Import to use the pre saved file For viewing each trusted CA certificate click View to open the certificate detail information window If you want to delete a CA certificate choose the one and click Delete to remove...

Page 282: ...cy of a small office home Any authorized staff can bring a built in WLAN client PDA or notebook into a meeting room for conference without laying a clot of LAN cable or drilling holes everywhere Wireless LAN enables high mobility so WLAN users can simultaneously access all LAN facilities just like on a wired LAN as well as Internet access The Vigor wireless routers are equipped with a wireless LAN...

Page 283: ...ss point will preset a set of four keys and it will communicate with each station using only one out of the four keys WPA Wi Fi Protected Access the most dominating security mechanism in industry is separated into two categories WPA personal or called WPA Pre Share Key WPA PSK and WPA Enterprise or called WPA 802 1x In WPA Personal a pre defined key is used for encryption during data transmission ...

Page 284: ... To elaborate an example for business use you may set up a wireless LAN for visitors only so they can connect to Internet without hassle of the confidential information leakage For a more flexible deployment you may add filters of MAC addresses to isolate users access from wired LAN Manage Wireless Stations Station List will display all the station in your wireless network and the status of their ...

Page 285: ...nd the wireless channel Please refer to the following figure for more information Available settings are explained as follows Item Description Enable Wireless LAN Check the box to enable wireless function Mode At present the router can connect to 11n Only 11g Only Mixed 11b 11g Mixed 11a 11n Mixed 11g 11n and Mixed 11b 11g 11n stations simultaneously Simply choose Mix 11b 11g 11n mode ...

Page 286: ...y thing about Vigor wireless router while site surveying The system allows you to set four sets of SSID for different usage In default the first set of SSID will be enabled You can hide it for your necessity SSID Means the identification of the wireless LAN SSID can be any text numbers or various special characters The default SSID is DrayTek We suggest you to change it Isolate VPN Check this box ...

Page 287: ...acket OVERDRIVE This feature can enhance the performance in data transmission about 40 more by checking Tx Burst It is active only when both sides of Access Point and Station in wireless client invoke this function at the same time That is the wireless client must support this feature and invoke the function too Note Vigor N61 wireless adapter supports this function Therefore you can use and insta...

Page 288: ...data transmission rate through wireless connection Upload Check Enable and type the transmitting rate for data upload Default value is 30 000 kbps Download Type the transmitting rate for data download Default value is 30 000 kbps After finishing all the settings here please click OK to save the configuration ...

Page 289: ...ect settings please click OK to save and invoke it Default Pre Shared Key PSK is provided and stated on the label pasted on the bottom of the router For the wireless client who wants to access into Internet through such router please input the default PSK value for connection By clicking the Security Settings a new web page will appear so that you could configure the settings of WEP and WPA ...

Page 290: ...rver with 802 1X protocol Mixed WPA WPA2 802 1x only Accepts WPA and WPA2 clients simultaneously and the encryption key is obtained dynamically from RADIUS server with 802 1X protocol WPA PSK Accepts only WPA clients and the encryption key should be entered in PSK WPA2 PSK Accepts only WPA2 clients and the encryption key should be entered in PSK Mixed WPA WPA2 PSK Accepts WPA and WPA2 clients simu...

Page 291: ...e keys can be entered in ASCII or Hexadecimal Check the key you wish to use After finishing all the settings here please click OK to save the configuration 4 4 1 12 2 4 4 A Ac cc ce es ss s C Co on nt tr ro ol l In the Access Control the router may restrict wireless access to certain wireless clients only by locking their MAC address into a black or white list The user may block wireless clients b...

Page 292: ...AC address from LAN Add Add a new MAC address into the list Delete Delete the selected MAC address in the list Edit Edit the selected MAC address in the list Cancel Give up the access control set up OK Click it to save the access control list Clear All Clean all entries in the MAC address list After finishing all the settings here please click OK to save the configuration 4 4 1 12 2 5 5 W WP PS S ...

Page 293: ... a station with network card installed press Start PBC button of network card z If you want to use PIN code you have to know the PIN code specified in wireless client Then provide the PIN code of the wireless client you wish to connect to the vigor router For WPS is supported in WPA PSK or WPA2 PSK mode if you do not choose such mode in Wireless LAN Security you will see the following message box ...

Page 294: ...nly WPA2 PSK and WPA PSK support WPS Configure via Push Button Click Start PBC to invoke Push Button style WPS setup procedure The router will wait for WPS requests from wireless clients about two minutes The WPS LED on the router will blink fast when WPS is in progress It will return to normal condition after two minutes You need to setup WPS within two minutes Configure via Client PinCode Please...

Page 295: ...lly it can be used for the following application y Provide bridge traffic between two LANs through the air y Extend the coverage range of a WLAN To meet the above requirement two WDS modes are implemented in Vigor router One is Bridge the other is Repeater Below shows the function of WDS bridge interface The application for the WDS Repeater mode is depicted as below ...

Page 296: ...from a WDS link will only be forwarded to local wired or wireless hosts In other words only Repeater mode can do WDS to WDS packet forwarding In the following examples hosts connected to Bridge 1 or 3 can communicate with hosts connected to Bridge 2 through WDS links However hosts connected to Bridge 1 CANNOT communicate with hosts connected to Bridge 3 through Bridge 2 Click WDS from Wireless LAN...

Page 297: ...WEP and Pre shared key The setting you choose here will make the following WEP or Pre shared key field valid or not Choose one of the types for the router WEP Check this box to use the same key set in Security Settings page If you did not set any key in Security Settings page this check box will be dimmed Pre shared Key Type There are some types for you to choose WPA and WPA2 are used for WDS devi...

Page 298: ...l this function Status It allows user to send hello message to peers Yet it is valid only when the peer also supports this function After finishing all the settings here please click OK to save the configuration 4 4 1 12 2 7 7 A Ad dv va an nc ce ed d S Se et tt ti in ng g This page allows users to set advanced settings such as operation mode channel bandwidth guard interval and aggregation MSDU f...

Page 299: ...ing is Enable After finishing all the settings here please click OK to save the configuration 4 4 1 12 2 8 8 W WM MM M C Co on nf fi ig gu ur ra at ti io on n WMM is an abbreviation of Wi Fi Multimedia It defines the priority levels for four access categories derived from 802 1d prioritization tabs The categories are designed with specific types of traffic voice video best effort and low priority ...

Page 300: ...fference between AC_BE and AC_BK categories must be greater Txop It means transmission opportunity For WMM categories of AC_VI and AC_VO that need higher priorities in data transmission please set greater value for them to get highest transmission opportunity Specify the value ranging from 0 to 65535 ACM It is an abbreviation of Admission control Mandatory It can restrict stations from using speci...

Page 301: ... of the APs on the wireless LAN Yet only the AP which is in the same channel of this router can be found Please click Scan to discover all the connected APs Available settings are explained as follows Item Description Scan It is used to discover all the connected AP The results will be shown on the box above this button Statistics It displays the statistics for the channels used by APs Add to If y...

Page 302: ... with its status code There is a code summary below for explanation For convenient Access Control you can select a WLAN station and click Add to Access Control below Available settings are explained as follows Item Description Refresh Click this button to refresh the status of station list Add Click this button to add current typed MAC address into Access Control ...

Page 303: ...he URL in this page to reach its goal Available settings are explained as follows Item Description Disable Click this button to close this function Redirect to URL Any user who wants to access into Internet through this router will be redirected to the URL specified here first It is a useful method for the purpose of advertisement For example force the wireless user s in hotel to access into the w...

Page 304: ...N Server and SSL Tunnel Available settings are explained as follows Item Description Port Such port is set for SSL VPN server It will not affect the HTTPS Port configuration set in System Maintenance Management In general the default setting is 443 Server Certificate When the client does not set any certificate default certificate will be used for HTTPS and SSL VPN server Choose any one of the use...

Page 305: ...le that you create URL Display the URL Active Display current status active or inactive of such profile Click number link under Index filed to set detailed configuration Available settings are explained as follows Item Description Name Type name of the profile URL Type the address function variation or IP address or path of the proxy server Host IP Address If you type function variation as URL you...

Page 306: ...m WAN port There are two restrictions for proxy web server for such selection 1 it is only used for WAN to LAN access the web server must be configured behind vigor router 2 web server gateway must be indicated to vigor router In addition users must execute Connect manually in SSL Client Portal page SSL if you choose such selection web proxy over SSL will be applied for VPN After finishing all the...

Page 307: ...tion name of the profile that you create Host Address Display the IP address for VNC RDP or SAMBA path Service Display the type of the service selected e g VNC RDP SAMBA Active Display current status active or inactive of the selected profile Click number link under Index filed to make detailed configuration Available settings are explained as follows Item Description Enable Application Service Ch...

Page 308: ...IP Address Type the IP address for this protocol Port Specify the port used for this protocol The default setting is 5900 Scaling Chose the percentage 100 80 60 for such application z Remote Desktop Protocol Choose this item for accessing and controlling a remote PC through RDP protocol IP Address Type the IP address for this protocol Port Specify the port used for this protocol Screen Size Chose ...

Page 309: ... t For SSL VPN identity authentication and power management are implemented through deploying user accounts Therefore the user account for SSL VPN must be set together with remote dial in user web page Such menu item is similar to VPN and Remote Access Remote Dial in user You can find out the link of Set SSL Web Proxy on the profile setting page If you haven t set any SSL Web Proxy Profile in SSL ...

Page 310: ...3200 Series User s Guide 300 However if you have set several SSL Web Proxy Profiles in SSL VPN SSL Web Proxy web page The SSL Web Proxy profile names will be displayed together with check box as shown below ...

Page 311: ...cation by LDAP server Such profiles will be used by applications such as User Management VPN and etc Each item is explained as follows Item Description Index Display the number of the client which connecting to FTP server Name Display the name of the group profile Click any index number link to open the following page for detailed configuration ...

Page 312: ...k the button It will be displayed in the Selected User Account on the right box For detailed information about configuring the profile setting refer to Objects Setting IP Group RADIUS The RADIUS server will do the authentication by using the username and password LDAP Active Directory If it is checked the LDAP AD server will do the authentication by using the username password information stated o...

Page 313: ...of SSL VPN Each item is explained as follows Item Description Active User Display current user who visit SSL VPN server Host IP Display the IP address for the host Time out Display the time remaining for logging out Action You can click Drop to drop certain login user from the router s SSL Portal UI ...

Page 314: ... Se et tt ti in ng gs s This page will determine the number of concurrent FTP connection default charset for FTP server and enable Samba service At present the Vigor router can support USB diskette with formats of FAT16 and FAT32 only Therefore before connecting the USB diskette into the Vigor router please make sure the memory format for the USB diskette is FAT16 or FAT32 It is recommended for yo...

Page 315: ...th them cannot contain any of the following Workgroup Name Type a name for the workgroup Host Name Type the host name for the router After finishing all the settings here please click OK to save the configuration 4 4 1 14 4 2 2 U US SB B U Us se er r M Ma an na ag ge em me en nt t This page allows you to set profiles for FTP Samba users Any user who wants to access into the USB diskette must type ...

Page 316: ...orage disk Note Admin could not be typed here as username for the word is specified for accessing into web pages of Vigor router only Also it is reserved for FTP firmware upgrade usage Note FTP Passive mode is not supported by Vigor Router Please disable the mode on the FTP client Password Type the password for FTP Samba users for accessing FTP server Later you can open FTP client software and typ...

Page 317: ... Folder Access Rule It determines the authority for such profile Any user who uses such profile for accessing into USB storage disk must follow the rule specified here File Check the items Read Write and Delete for such profile Directory Check the items List Create and Remove for such profile Before you click OK you have to insert a USB diskette into the USB interface of the Vigor router Otherwise...

Page 318: ...ectory Create Click this icon to add a new folder Current Path Display current folder Upload Click this button to upload the selected file to the USB storage disk The uploaded file in the USB storage disk can be shared for other user through FTP 4 4 1 14 4 4 4 U US SB B D Di is sk k S St ta at tu us s This page is to monitor the status for the users who accessing into FTP or Samba server USB diske...

Page 319: ...ss of the user s host which connecting to the FTP server Username Display the username that user uses to login to the FTP server When you insert USB diskette into the Vigor router the system will start to find out such device within several seconds 4 4 1 14 4 5 5 S Sy ys sl lo og g E Ex xp pl lo or re er r Such page provides real time syslog and displays the information on the screen F Fo or r W W...

Page 320: ...e recorded by the system Time Display the time of the event occurred Message Display the information for each event F Fo or r U US SB B S Sy ys sl lo og g This page displays the syslog recorded on the USB storage disk Each item is explained as follows Item Description Time Display the time of the event occurred Log Type Display the type of the record Message Display the information for each event ...

Page 321: ...ade Below shows the menu items for System Maintenance 4 4 1 15 5 1 1 S Sy ys st te em m S St ta at tu us s The System Status provides basic network settings of Vigor router It includes LAN and WAN interface information Also you could get the current running firmware version or firmware related information from this presentation Each item is explained as follows Item Description Model Name Display ...

Page 322: ...ope 13 usable channels USA 11 usable channels etc The available channels supported by the wireless products in different countries are various Firmware Version It indicates information about equipped WLAN miniPCi card This also helps to provide availability of some features that are bound with some WLAN miniPCi SSID Display the SSID of the router WAN Link Status Display current connection status M...

Page 323: ...ame Password Such data must be typed according to the ACS Auto Configuration Server you want to link Please refer to Auto Configuration Server user s manual for detailed information CPE Client Such information is useful for Auto Configuration Server Enable Disable Allow Deny the CPE Client to connect with Auto Configuration Server Port Sometimes port conflict might be occurred To solve such proble...

Page 324: ...nabled the CPE must send binding request to the server for the purpose of maintaining the binding in the Gateway Please type a number as the maximum period A value of 1 indicates that no maximum period is specified After finishing all the settings here please click OK to save the configuration 4 4 1 15 5 3 3 A Ad dm mi in ni is st tr ra at to or r P Pa as ss sw wo or rd d This page allows you to s...

Page 325: ... box to enable user mode operation If you do not check this box you cannot access into the user mode operation even if you enter user password in login page Password Type in new password in this field Confirm Password Type in the new password again When you click OK the login window will appear Please use the new password to access into the web configurator again Below shows an example for accessi...

Page 326: ...ll appear Simply click OK 4 Log out Vigor router Web Configurator 5 The following window will be open to ask for username and password Type the new user password in the filed of Password and click Login 6 The main screen with User Mode will be shown as follows ...

Page 327: ... Admin Mode 4 4 1 15 5 5 5 L Lo og gi in n C Cu us st to om mi iz za at ti io on n When you want to access into the web configurator of Vigor router the system will ask you to offer username and password first At that moment the background of the web page is blank and no heading will be displayed on the Login window This page allows you to specify background message and the heading on the Login wi...

Page 328: ...n e g Welcome to DrayTek which will be shown on the heading of the login dialog Bulletin Type words or sentences here It will be displayed for bulletin message In addition it can be displayed on the login dialog at the bottom Below shows an example of login customization with the information typed in Login Description and Bulletin Please refer to 3 4 How to Customize Your Login Page for more detai...

Page 329: ...llow the steps below to backup your configuration 1 Go to System Maintenance Configuration Backup The following windows will be popped up as shown below 2 Click Backup button to get into the following dialog Click Save button to open another dialog for saving configuration as a file 3 In Save As dialog the default filename is config cfg You could give it another name by yourself ...

Page 330: ...le Note Backup for Certification must be done independently The Configuration Backup does not include information of Certificate R Re es st to or re e C Co on nf fi ig gu ur ra at ti io on n 1 Go to System Maintenance Configuration Backup The following windows will be popped up as shown below 2 Click Browse button to choose the correct configuration file for uploading to the router 3 Click Restore...

Page 331: ...eck USB Disk to save the log to the attached USB storage disk Router Name Display the name for such router configured in System Maintenance Management If there is no name here simply lick the link to access into System Maintenance Management to set the router name Server IP Address The IP address of the Syslog server Destination Port Assign a port for the Syslog protocol Enable syslog message Chec...

Page 332: ...e mail application User Name Type the user name for authentication Password Type the password for authentication Enable E mail Alert Check the box to send alert message to the e mail box while the router detecting the item s you specify here Click OK to save these settings For viewing the Syslog please do the following 1 Just set your monitor PC s IP address in the field of Server IP Address 2 Ins...

Page 333: ...Vigor3200 Series User s Guide 323 ...

Page 334: ...rom the remote administrator PC host as router s system time Use Internet Time Select to inquire time information from Time Server on the Internet using assigned protocol Time Protocol Select a time protocol Server IP Address Type the IP address of the time server Time Zone Select the time zone where the router is located Enable Daylight Saving Check the box to enable the daylight saving Such feat...

Page 335: ...om the Internet Enable the checkbox to allow system administrators to login from the Internet There are several servers provided by the system to allow you managing the router from Internet Check the box es to specify Disable PING from the Internet Check the checkbox to reject all PING packets from the Internet For security issue this function is enabled by default Access List You could specify th...

Page 336: ...munity Trap Timeout The default setting is 10 seconds 4 4 1 15 5 1 10 0 R Re eb bo oo ot t S Sy ys st te em m The Web Configurator may be used to restart your router Click Reboot System from System Maintenance to open the following page Index 1 15 in Schedule Setup You can type in four sets of time schedule for performing system reboot All the schedules can be set previously in Applications Schedu...

Page 337: ...l guide you to upgrade firmware by using an example Note that this example is running over Windows OS Operating System Download the newest firmware from DrayTek s web site or FTP site The DrayTek web site is www DrayTek com or local DrayTek s web site and FTP site is ftp DrayTek com Click System Maintenance Firmware Upgrade to launch the Firmware Upgrade Utility Click OK The following screen will ...

Page 338: ...hanism for your computer Click System Maintenance Activation to open the following page for accessing http myvigor draytek com Available parameters are explained as follows Item Description Activate via Interface Choose WAN interface used by such device for activating Web Content Filter Activate The Activate link brings you accessing into http myvigor draytek com to finish the activation of the ac...

Page 339: ...elow shows the successful activation of Web Content Filter 4 4 1 16 6 D Di ia ag gn no os st ti ic cs s Diagnostic Tools provide a useful way to view or diagnose the status of your Vigor router Below shows the menu items for Diagnostics ...

Page 340: ... the source IP address Each item is explained as follows Item Description Decoded Format It shows the source IP address local destination IP remote address the protocol and length of the package Refresh Click it to reload the page 4 4 1 16 6 2 2 R Ro ou ut ti in ng g T Ta ab bl le e Click Diagnostics and click Routing Table to open the web page Each item is explained as follows Item Description Re...

Page 341: ...n IP address Each item is explained as follows Item Description Clear Click it to clear the whole table Refresh Click it to reload the page 4 4 1 16 6 4 4 D DH HC CP P T Ta ab bl le e The facility provides information on IP address assignments This information is helpful in diagnosing network problems such as IP address conflicts etc Click Diagnostics and click DHCP Table to open the web page Avai...

Page 342: ...lick it to reload the page 4 4 1 16 6 5 5 N NA AT T S Se es ss si io on ns s T Ta ab bl le e Click Diagnostics and click NAT Sessions Table to open the list page Each item is explained as follows Item Description Private IP Port It indicates the source IP address and port of local PC Pseudo Port It indicates the temporary port of the router used for NAT Peer IP Port It indicates the destination IP...

Page 343: ...limit and IP session limit before invoke Data Flow Monitor If not a notification dialog box will appear to remind you enabling it Click Diagnostics and click Data Flow Monitor to open the web page You can click IP Address TX rate RX rate or Session link for arranging the data display Each item is explained as follows Item Description Enable Data Flow Monitor Check this box to enable this function ...

Page 344: ...e session number that you specified in Limit Session web page Action Block can prevent specified PC accessing into Internet within 5 minutes Unblock the device with the IP address will be blocked in five minutes The remaining time will be shown on the session column Current Peak Speed Current means current transmission rate and receiving rate for WAN interface Peak means the highest peak value det...

Page 345: ...ng different traffic graph Click Refresh to renew the graph at any time The horizontal axis represents time Yet the vertical axis has different meanings For WAN1 WAN2 WAN3 WAN4 WAN5 Bandwidth chart the numbers displayed on vertical axis represent the numbers of the transmitted and received packets in the past For Sessions chart the numbers displayed on vertical axis represent the numbers of the NA...

Page 346: ... down list to choose the WAN interface that you want to ping through or choose Unspecified to be determined by the router automatically Ping to Use the drop down list to choose the destination that you want to ping IP Address Type in the IP address of the Host IP that you want to ping Run Click this button to start the ping work The result will be displayed on the screen Clear Click this link to r...

Page 347: ...nd click Run The result of route trace will be shown on the screen Each item is explained as follows Item Description Trace through Use the drop down list to choose the WAN interface that you want to ping through Protocol Use the drop down list to choose the protocol that you want to ping through Host IP Address It indicates the IP address of the host Run Click this button to start route tracing w...

Page 348: ...ernal Devices to make detailed configuration From this web page check the box of External Device Auto Discovery Later all the available devices will be displayed in this page with icons and corresponding information You can change the device name if required or remove the information for off line device whenever you want When you finished the configuration click OK to save it Note Only DrayTek pro...

Page 349: ...cking to factory default setting if necessary If all above stages are done and the router still cannot run normally it is the time for you to contact your dealer for advanced help 5 5 1 1 C Ch he ec ck ki in ng g I If f t th he e H Ha ar rd dw wa ar re e S St ta at tu us s I Is s O OK K o or r N No ot t Follow the steps below to verify the hardware status 1 Check the power line and WLAN LAN cable ...

Page 350: ...ter trying the above section if the link is stilled failed please do the steps listed below to make sure the network connection settings is OK F Fo or r W Wi in nd do ow ws s The example is based on Windows XP As to the examples for other operation systems please refer to the similar steps or find support notes in www DrayTek com 1 Go to Control Panel and then double click on Network Connections 2...

Page 351: ...atically and Obtain DNS server address automatically F Fo or r M Ma ac c O OS S 1 Double click on the current used Mac OS on the desktop 2 Open the Application folder and get into Network 3 On the Network screen select Using DHCP from the drop down list of Configure IPv4 ...

Page 352: ...uter correctly F Fo or r W Wi in nd do ow ws s 1 Open the Command Prompt window from Start menu Run 2 Type command for Windows 95 98 ME or cmd for Windows NT 2000 XP Vista The DOS command dialog will appear 3 Type ping 192 168 1 1 and press Enter If the link is OK the line of Reply from 192 168 1 1 bytes 32 time 1ms TTL 255 will appear 4 If the line does not appear please check the IP address sett...

Page 353: ...I If f t th he e I IS SP P S Se et tt ti in ng gs s a ar re e O OK K o or r N No ot t Open WAN Internet Access page and then check whether the ISP settings are set correctly Click Details Page of each WAN interface to review the settings that you configured previously ...

Page 354: ... open DrayTek Syslog Tool to capture the connection information WAN Log and send the page similar to the following graphic to the service center of DrayTek T Tr ra an ns sm mi is ss si io on n R Ra at te e i is s n no ot t f fa as st t e en no ou ug gh h Please connect your Notebook with 3G USB Modem to test the connection speed to verify if the problem is caused by Vigor3200 In addition please re...

Page 355: ...configuration and click OK After few seconds the router will return all the settings to the factory settings H Ha ar rd dw wa ar re e R Re es se et t While the router is running ACT LED blinking press the Factory Reset button and hold for more than 5 seconds When you see the ACT LED blinks rapidly please release the button Then the router will restart with the default configuration After restore t...

Page 356: ... nt ta ac ct ti in ng g Y Yo ou ur r D De ea al le er r If the router still cannot work correctly after trying many efforts please contact your dealer for further help right away For any questions please feel free to send e mail to support draytek com ...

Reviews:

No comments