Draytek Vigor2850 Series User Manual Download Page 214 | Manualshive

Page: 214 / 387

background image

Vigor2850 Series User’s Guide

204

Mutual Authentication
(PAP)

The Mutual Authentication function is mainly used to
communicate with other routers or clients who need
bi-directional authentication in order to provide stronger
security, for example, Cisco routers. So you should enable
this function when your peer router requires mutual
authentication. You should further specify the

User Name

and

Password

of the mutual authentication peer.

Assigned IP Start

Enter a start IP address for the dial-in PPP connection. You
should choose an IP address from the local private network.
For example, if the local private network is
192.168.1.0/255.255.255.0, you could choose
192.168.1.200 as the Start IP Address.
You can configure up to four start IP addresses for LAN.

3

3

.

.

1

1

0

0

.

.

5

5

I

I

P

P

S

S

e

e

c

c

G

G

e

e

n

n

e

e

r

r

a

a

l

l

S

S

e

e

t

t

u

u

p

p

In

IPSec General Setup,

there are two major parts of configuration.

There are two phases of IPSec.

¾

Phase 1: negotiation of IKE parameters including encryption, hash, Diffie-Hellman
parameter values, and lifetime to protect the following IKE exchange, authentication of
both peers using either a Pre-Shared Key or Digital Signature (x.509). The peer that
starts the negotiation proposes all its policies to the remote peer and then remote peer
tries to find a highest-priority match with its policies. Eventually to set up a secure tunnel
for IKE Phase 2.

¾

Phase 2: negotiation IPSec security methods including Authentication Header (AH) or
Encapsulating Security Payload (ESP) for the following IKE exchange and mutual
examination of the secure tunnel establishment.

There are two encapsulation methods used in IPSec,

Transport

and

Tunnel

. The

Transport

mode will add the AH/ESP payload and use original IP header to encapsulate the data payload
only. It can just apply to local packet, e.g., L2TP over IPSec. The

Tunnel

mode will not only

add the AH/ESP payload but also use a new IP header (Tunneled IP header) to encapsulate the
whole original IP packet.

Authentication Header (AH) provides data authentication and integrity for IP packets passed
between VPN peers. This is achieved by a keyed one-way hash function to the packet to create
a message digest. This digest will be put in the AH and transmitted along with packets. On the
receiving side, the peer will perform the same one-way hash on the packet and compare the
value with the one in the AH it receives.

Encapsulating Security Payload (ESP) is a security protocol that provides data confidentiality
and protection with optional authentication and replay detection service.

«
...
212
213
214
215
216
...
»

Summary of Contents for Vigor2850 Series

Page 1: ......

Page 2: ...Vigor2850 Series User s Guide ii...

Page 3: ...Vigor2850 Series User s Guide iii Vigor2850 Series VDSL2 Security Firewall User s Guide Version 2 0 Firmware Version V3 6 2_RC1 Date 12 03 2012...

Page 4: ...ons on conservation of the environment Warranty We warrant to the original end user purchaser that the router will be free from any defects in workmanship or materials for a period of two 2 years from...

Page 5: ...radio frequency energy and if not installed and used in accordance with the instructions may cause harmful interference to radio communications However there is no guarantee that interference will no...

Page 6: ...Vigor2850 Series User s Guide vi...

Page 7: ...Changing Password 19 2 3 Quick Start Wizard 20 2 3 1 For WAN1 ADSL VDSL 21 2 3 2 For WAN2 Ethernet 26 2 3 3 For WAN3 USB 34 2 4 Service Activation Wizard 35 2 5 Online Status 38 2 5 1 Physical Connect...

Page 8: ...gs 141 3 6 1 IP Object 141 3 6 2 IP Group 143 3 6 3 IPv6 Object 145 3 6 4 IPv6 Group 147 3 6 5 Service Type Object 148 3 6 6 Service Type Group 150 3 6 7 Keyword Object 151 3 6 8 Keyword Group 153 3 6...

Page 9: ...Call Control 263 3 14 Wireless LAN 264 3 14 1 Basic Concepts 264 3 14 2 General Setup 266 3 14 3 Security 270 3 14 4 Access Control 272 3 14 5 WPS 273 3 14 6 WDS 276 3 14 7 Advanced Setting 279 3 14 8...

Page 10: ...and Headquarter 336 4 4 Create a Remote Dial in User Connection Between the Teleworker and Headquarter 344 4 5 QoS Setting Example 348 4 6 Upgrade Firmware for Your Router 353 4 7 Request a certifica...

Page 11: ...s supports USB interface for connecting USB printer to share printing function or 3G USB modem for network connection Vigor2850 series provides two level management to simplify the configuration of ne...

Page 12: ...s ready to access Internet through ADSL link ADSL Blinking Slowly The ADSL connection is ready Quickly The connection is training On The router is ready to access Internet through VDSL link VDSL Blink...

Page 13: ...ACT LED begins to blink rapidly than usual release the button Then the router will restart with the factory default configuration GigaLAN 1 3 Connecters for local network devices 4 WAN Connecter for l...

Page 14: ...r is ready to access Internet through ADSL link ADSL Blinking Slowly The ADSL connection is ready Quickly The connection is training On The router is ready to access Internet through VDSL link VDSL Bl...

Page 15: ...settings Usage Turn on the router ACT LED is blinking Press the hole and keep for more than 5 seconds When you see the ACT LED begins to blink rapidly than usual release the button Then the router wi...

Page 16: ...king Slowly The ADSL connection is ready Quickly The connection is training On The router is ready to access Internet through VDSL link VDSL Blinking Slowly The VDSL connection is ready Quickly The co...

Page 17: ...T LED is blinking Press the hole and keep for more than 5 seconds When you see the ACT LED begins to blink rapidly than usual release the button Then the router will restart with the factory default c...

Page 18: ...On The router is ready to access Internet through VDSL link VDSL Blinking Slowly The VDSL connection is ready Quickly The connection is training On The DoS DDoS function is active DoS Blinking It will...

Page 19: ...blink rapidly than usual release the button Then the router will restart with the factory default configuration ISDN Connecter for ISDN line GigaLAN 1 3 Connecters for local network devices 4 WAN Con...

Page 20: ...to one of the LAN ports of the router and the other end of the cable RJ 45 into the Ethernet port on your computer 3 Connect the telephone set with phone lines for using VoIP function For the model w...

Page 21: ...s via the router The example provided here is made based on Windows XP 2000 For Windows 98 SE Vista please visit www DrayTek com Before using it please follow the steps below to configure settings for...

Page 22: ...Series User s Guide 12 4 Click Local printer attached to this computer and click Next 5 In this dialog choose Create a new port Type of port and use the drop down list to select Standard TCP IP Port C...

Page 23: ...following dialog type 192 168 1 1 router s LAN IP in the field of Printer Name or IP Address and type IP_192 168 1 1 as the port name Then click Next 7 Click Standard and choose Generic Network Card 8...

Page 24: ...rrect driver loaded onto your PC When you finish the selection click Next 10 For the final stage you need to go back to Control Panel Printers and edit the property of the new printer you have added 1...

Page 25: ...or other additional functions are not supported If you do not know whether your printer is supported or not please visit www draytek com to find out the printer list Open Support FAQ find out the link...

Page 26: ...Vigor2850 Series User s Guide 16 This page is left blank...

Page 27: ...ure your PC connects to the router correctly You may either simply set up your computer to get IP dynamically from the router or set up the IP address of the computer to be the same subnet as the defa...

Page 28: ...ferent slightly in accordance with the type of the router you have 5 The web page can be logged out according to the chosen condition The default setting is Auto Logout which means the web configurati...

Page 29: ...en to ask for username and password 2 Please type admin admin as Username Password for accessing into the web configurator with admin mode 3 Go to System Maintenance page and choose Administrator Pass...

Page 30: ...een of Quick Start Wizard is entering login password After typing the password please click Next On the next page as shown below please select the WAN interface that you use If DSL interface is used p...

Page 31: ...or example you should select PPPoE mode if the ISP provides you PPPoE interface In addition the field of For ADSL Only will be available only when ADSL is detected Then click Next for next step P PP P...

Page 32: ...ress Type the IP address if Fixed IP is enabled Primary DNS Type in the primary IP address for the router Secondary DNS Type in secondary IP address for necessity in the future Back Click it to return...

Page 33: ...assword Retype the password 3 Please manually enter the Username Password provided by your ISP Then click Next for viewing summary of such connection 4 Click Finish A page of Quick Start Wizard Setup...

Page 34: ...re two modes offered for you to choose for WAN1 interface Choose MPoA Static or Dynamic IP as the protocol For ADSL Only Such field is provided for ADSL only You have to choose encapsulation and type...

Page 35: ...the next setting page Cancel Click it to give up the quick start wizard 2 Please type in the IP address mask gateway information originally provided by your ISP Then click Next for viewing summary of...

Page 36: ...ick Next On the next page as shown below please select the appropriate Internet access type according to the information from your ISP For example you should select PPPoE mode if the ISP provides you...

Page 37: ...valid user name provided by the ISP Password Assign a valid password provided by the ISP Confirm Password Retype the password Back Click it to return to previous setting page Next Click it to get int...

Page 38: ...status of this protocol will be shown 5 Now you can enjoy surfing on the Internet P PP PT TP P L L2 2T TP P 1 Choose WAN2 as the WAN Interface and click the Next button The following page will be open...

Page 39: ...ubnet Mask Type the subnet mask Gateway Type the IP address of the gateway Primary DNS Type in the primary IP address for the router Second DNS Type in secondary IP address for necessity in the future...

Page 40: ...St ta at ti ic c I IP P 1 Choose WAN2 as the WAN Interface and click the Next button The following page will be open for you to specify Internet Access Type 2 Click Static IP as the Internet Access t...

Page 41: ...ss for necessity in the future Back Click it to return to previous setting page Next Click it to get into the next setting page Cancel Click it to give up the quick start wizard 3 Please type in the I...

Page 42: ...cess Type 2 Click DHCP as the Internet Access type Simply click Next to continue Available settings are explained as follows Item Description Host Name Type the name of the host MAC Some Cable service...

Page 43: ...ick it to give up the quick start wizard 3 After finished the settings above click Next for viewing summary of such connection 4 Click Finish A page of Quick Start Wizard Setup OK will appear Then the...

Page 44: ...3 3 U US SB B 1 Choose WAN3 as WAN Interface 2 Then click Next for viewing summary of such connection 3 Click Finish A page of Quick Start Wizard Setup OK will appear Then the system status of this pr...

Page 45: ...located on http myvigor draytek com For using Web Content Filter Profile please refer to later section Web Content Filter Profile for detailed information Now follow the steps listed below to activat...

Page 46: ...filter based on Commtouch operated in the worldwide There is a 30 day trial period After trial you can purchase DrayTek s prepared Commtouch GlobalView WCF package from retailing outlets 4 Setting co...

Page 47: ...splay the service that you have activated according to your selection s The valid time for the free trial of these services is one month Later if you need to extend the license valid time for the same...

Page 48: ...on n Such page displays the physical connection status such as LAN connection status WAN connection status ADSL information and so on P Ph hy ys si ic ca al l C Co on nn ne ec ct ti io on n f fo or r...

Page 49: ...the interface IP Displays the IP address of the WAN interface GW IP Displays the IP address of the default gateway TX Packets Displays the total transmitted packets at the WAN interface TX Rate Displa...

Page 50: ...gateway Note The words in green mean that the WAN connection of that interface is ready for accessing Internet the words in red mean that the WAN connection of that interface is not ready for accessi...

Page 51: ...tatus the firmware version of such router the profile used by such VDSL2 line the rates for upstream and downstream and so on 2 2 6 6 2 2 V VD DS SL L S Se et tu up p This page allows you to set VDSL2...

Page 52: ...DS SL L D De eb bu ug g Such feature can offer a system log while encountering the compatibility problem for VDSL connection Simply click the Generate button The system will generate the log for conne...

Page 53: ...register your Vigor router to MyVigor website for getting more service Please follow the steps below to finish the router registration 1 Please login the web configuration interface of Vigor router b...

Page 54: ...n 5 When the following page appears please type in Nickname for the router and choose the right registration date from the popup calendar it appears when you click on the box of Registration Date Afte...

Page 55: ...If you have not activated web content filter service by using Service Activation Wizard you can activate the service from this step Please click the serial number link 9 From the Device s Service sect...

Page 56: ...Vigor2850 Series User s Guide 46 11 When this page appears click Register 12 Wait for a moment until the following page appears 13 Click Close...

Page 57: ...In nt te er rn ne et t P Pr ro ot to oc co ol l I IP P N Ne et tw wo or rk k IP means Internet Protocol Every device in an IP based Network including routers print server and host PCs needs an IP addr...

Page 58: ...a router begins to connect to your ISP a serial of discovery process will occur to ask for a connection Then a session will be created Your user ID and password is authenticated via PAP or CHAP with R...

Page 59: ...ed and switched to the normal communication port for proper operation Please configure WAN1 WAN2 and WAN3 settings This webpage allows you to set general setup for WAN1 WAN2 and WAN3 respectively In d...

Page 60: ...rt is enabled W WA AN N1 1 w wi it th h A AD DS SL L V VD DS SL L Vigor router will detect the physical line is connected by ADSL or VDSL automatically Therefore this page allows you to configure sett...

Page 61: ...e priority for the packets sending by WAN1 Disable Disable the function of VLAN with tag Tag value Type the value as the VLAN ID number The range is form 0 to 4095 Priority Type the packet priority nu...

Page 62: ...nterface disconnects When all WAN disconnect Such backup WAN will be activated only when all master WAN interfaces disconnect W WA AN N2 2 w wi it th h E Et th he er rn ne et t WAN2 is fixed with phys...

Page 63: ...ber for such VLAN The range is from 0 to 7 Send SMS if the drops out Use the drop down list to choose one of the profiles which will be used to notify the administrator when the network connection is...

Page 64: ...g to Line Speed as the Load Balance Mode please type the line speed for downloading and uploading for such WAN interface The unit is kbps Active Mode Choose Always On to make the WAN3 connection being...

Page 65: ...ects When all WAN disconnect Such backup WAN will be activated only when all master WAN interfaces disconnect 3 3 1 1 3 3 I In nt te er rn ne et t A Ac cc ce es ss s For the router supports multi WAN...

Page 66: ...e Use the drop down list to choose a proper access mode The details page of that mode will be popped up If not click Details Page for accessing the page to configure the settings Details Page This but...

Page 67: ...gs that you adjusted in this page will be invalid Modem Settings for ADSL only Set up the DSL parameters required by your ISP These settings configured here are specified for ADSL only Multi PVC chann...

Page 68: ...se choose PPPoA protocol and check the box es here The router will behave like a modem which only serves the PPPoE client on the LAN That s the router will offer PPPoA dial up connection WAN Connectio...

Page 69: ...ease contact your ISP before you want to use this function WAN IP Alias If you have multiple public IP addresses and would like to utilize them on the WAN interface please use WAN IP Alias You can set...

Page 70: ...et Access WAN1 page The following web page will appear Available settings are explained as follows Item Description Enable Disable Click Enable for activating this function If you click Disable this f...

Page 71: ...er available the backup line will be activated automatically and always on until the broadband connection is restored We recommend you to enable this feature if you host a web server for your customer...

Page 72: ...ess and check the Enable box Then click OK to exit the dialog Obtain an IP address automatically Click this button to obtain the IP address automatically Router Name Type in the router name provided b...

Page 73: ...click Disable this function will be closed and all the settings that you adjusted in this page will be invalid ISP Access Setup Enter your allocated username password and authentication parameters ac...

Page 74: ...tion Detection Such function allows you to verify whether network connection is alive or not through ARP Detect or Ping Detect Mode Choose ARP Detect or Ping Detect for the system to execute for WAN d...

Page 75: ...in the box of Fixed IP Address Default MAC Address You can use Default MAC Address or specify another MAC address by typing on the boxes of MAC Address for the router Specify a MAC Address Type the MA...

Page 76: ...ature you must create a dial backup profile first Please click ISDN Dialing to a Single ISP to create the backup profile None Disable the backup function Packet Triggering The backup line is not on un...

Page 77: ...e to Live Displays value for your reference TTL value is set by telnet command RIP Protocol Routing Information Protocol is abbreviated as RIP RFC1058 specifying how routers exchange routing tables in...

Page 78: ...router if you want to use Static IP mode If necessary type in secondary IP address for necessity in the future After finishing all the settings here please click OK to activate them D De et ta ai il...

Page 79: ...tting is only available for the router supporting ISDN function Before utilizing the ISDN dial backup feature you must create a dial backup profile first Please click ISDN Dialing to a Single ISP to c...

Page 80: ...eld Please contact your ISP before you want to use this function Click Yes to use this function and type in a fixed IP address in the box Fixed IP Address Type a fixed IP address WAN IP Network Settin...

Page 81: ...ou adjusted in this page will be invalid SIM PIN code Type PIN code of the SIM card that will be used to access Internet Modem Initial String Such value is used to initialize USB modem Please use the...

Page 82: ...o execute for WAN detection Ping IP If you choose Ping Detect as detection mode you have to type IP address in this field for pinging TTL Time to Live Displays value for your reference TTL value is se...

Page 83: ...ion which could help you to connect to IPv6 network easily Please make sure your IPv4 WAN connection is OK and apply one free account from hexago http gogonet gogo6 com page freenet6 account before yo...

Page 84: ...gogo6 com page freenet6 account Password Type the password assigned with the user name Confirm Password Type the password again to make the confirmation Tunnel Broker Type the address for the tunnel b...

Page 85: ...address for the tunnel broker IP FQDN or an optional port number Subnet Prefix Type the subnet prefix address getting from service provider D De et ta ai il ls s P Pa ag ge e f fo or r I IP Pv v6 6 D...

Page 86: ...Available settings are explained as follows Item Description Static IPv6 Address configuration IPv6 Address Type the IPv6 Static IP Address Prefix Length Type the fixed value for prefix length Add Cli...

Page 87: ...t PVC line that will be used as multi PVCs Available settings are explained as follows Item Description Enable Check this box to enable that channel The channels that you enabled here will be shown in...

Page 88: ...ng to the protocol setting that you choose WAN link for Channel 5 6 and 7 are provided for router borne application such as TR 069 The settings must be applied and obtained from your ISP For your spec...

Page 89: ...C will be effective for VoIP data transmitting and receiving For other settings refer to Details Page for PPPoE PPPoA in WAN1 A AT TM M Q Qo oS S Such configuration is applied to upstream packets Such...

Page 90: ...ox to designate the LAN port for channel 3 to 8 Service Type Normally service type is used for the service of video stream e g IPTV It can divide the packets from remote control and from video stream...

Page 91: ...stem allows you to set up to eight channels for multi VLAN Available settings are explained as follows Item Description Channel Display the number of each channel Enable Check this box to enable that...

Page 92: ...oose the router service for channel 5 6 or 7 Management It can be specified for general management Web configuration telnet TR069 If you choose Management the configuration for this VLAN will be effec...

Page 93: ...ble Check this box to enable that channel Only channel 3 to 8 can be set in this page for channel 1 to 2 are reserved for NAT using P1 to P4 It means the LAN port 1 to 4 Check the box to designate the...

Page 94: ...d as follows Item Description Index Click the number of index to access into the load balance policy configuration web page Enable Check this box to enable this policy Protocol Use the drop down menu...

Page 95: ...tart Type the source IP start for the specified WAN interface Src IP End Type the source IP end for the specified WAN interface If this field is blank it means that all the source IPs inside the LAN w...

Page 96: ...does is to translate the packets from public IP address to private IP address to forward the right packets to the right host and vice versa Besides Vigor router has a built in DHCP server that assign...

Page 97: ...t ta at ti ic c R Ro ou ut te e When you have several subnets in your LAN sometimes a more effective and quicker way for connection is the Static routes function rather than other method You may simpl...

Page 98: ...explained as follows Item Description General Setup Allow to configure settings for each subnet respectively Index Display all of the LAN items Status Basically LAN1 status is enabled in default LAN2...

Page 99: ...able deactivate the RIP protocol It will lead to a stoppage of the exchange of routing information between routers Default Enable activate the RIP protocol DHCP Server Configuration DHCP stands for Dy...

Page 100: ...DNS server converts the user friendly name into its equivalent IP address Primary IPAddress You must specify a DNS server IP address here because your ISP should provide you with usually more than one...

Page 101: ...re explained as follows Item Description RADVD Configuration Enable Click it to enable RADVD server The router advertisement daemon radvd sends Router Advertisement messages specified by RFC 2461 to a...

Page 102: ...6 Address Type the start and end address for IPv6 server DNS Server IPv6 Address Primary DNS Sever Type the IPv6 address for Primary DNS server Secondary DNS Server Type another IPv6 address for DNS s...

Page 103: ...network so it automatically dispatch related IP settings to any local user configured as a DHCP client It is highly recommended that you leave the router enabled as a DHCP server if you do not have a...

Page 104: ...n Network Configuration Enable Disable Click Enable to enable such configuration click Disable to disable such configuration For Routing Usage Click this radio button to invoke this function IPAddress...

Page 105: ...an 192 168 1 254 IP Pool Counts Enter the maximum number of PCs that you want the DHCP server to assign IP addresses to The default is 50 and the maximum is 253 Use LAN Port Specify an IP for IP Route...

Page 106: ...R Ro ou ut te e f fo or r I IP Pv v4 4 Available settings are explained as follows Item Description Index The number 1 to 10 under Index allows you to open next page to set up static route Destination...

Page 107: ...er 1 to 40 under Index allows you to open next page to set up static route Destination Address Displays the destination address of the static route Status Displays the status of the static route Set t...

Page 108: ...e et tw wo or rk ks s Here is an example based on IPv4 of setting Static Route in Main Router so that user A and B locating in different subnet can talk to each other via the router Assuming the Inter...

Page 109: ...192 168 10 0 24 can access the Internet via the router and continuously exchange of IP routing information with different subnets 2 Click the LAN Static Route and click on the Index Number 1 Check the...

Page 110: ...tion Enable Click it to enable VLAN configuration VLAN Tag Enable Enable the function of VLAN with tag The router will add specific VLAN number to all packets on the LAN while sending them out Please...

Page 111: ...at least to prevent from not connecting to Vigor router due to unexpected error To add or remove a VLAN please refer to the following example 1 If VLAN 0 is consisted of hosts linked to P1 and P2 and...

Page 112: ...Enable Click this radio button to invoke this function However IP MAC which is not listed in IP Bind List also can connect to Internet Disable Click this radio button to disable this function All the...

Page 113: ...te Before you select Strict Bind you have to bind one set of IP MAC address for one PC If not no one of the PCs can access into Internet And the web configurator of the router might not be accessed 3...

Page 114: ...orize this address port mapping relationship When the public server response the incoming traffic of course is destined to the router s public IP address and the router will do the inversion based on...

Page 115: ...y located inside the LAN the network well protected by NAT of the router and identified by its private IP address port the goal of Port Redirection function is to forward all access request with publi...

Page 116: ...ias that can be selected and used for port redirection The default setting is All which means all the incoming data from any port will be redirected to specified range of IP address and port Public Po...

Page 117: ...l access the admin screen of by suffixing the IP address with 8080 e g http 192 168 1 1 8080 instead of port 80 3 3 3 3 2 2 D DM MZ Z H Ho os st t As mentioned above Port Redirection can redirect inco...

Page 118: ...ypassed if you set up DMZ host We suggest you to add additional filter rules or a secondary firewall Click DMZ Host to open the following page DMZ Host for WAN2 and WAN3 is slightly different with WAN...

Page 119: ...function Private IP Enter the private IP address of the DMZ host or click Choose PC to select one Choose PC Click this button and then a window will automatically pop up as depicted below The window...

Page 120: ...explained as follows Item Description Index Indicate the relative number for the particular entry that you want to offer service in a local host You should click the appropriate index number to edit...

Page 121: ...t Port Specify the starting port number of the service offered by the local host End Port Specify the ending port number of the service offered by the local host 3 3 3 3 4 4 A Ad dd dr re es ss s M Ma...

Page 122: ...vate IP Display the private IP set for this address mapping e g 192 168 1 10 Mask Display the subnet mask selected for this address mapping Status Display the status for the entry enable or disable Cl...

Page 123: ...address e g 192 168 1 10 or a subnet to be compared with the Public IP address for incoming packets Subnet Mask Select a value of subnet mask for private IP address 3 3 3 3 5 5 P Po or rt t T Tr ri i...

Page 124: ...t for the incoming data of such triggering profile Status Display if the rule is active or de active Click the index number link to open the configuration page Available settings are explained as foll...

Page 125: ...he users on the LAN are provided with secured protection by the following firewall facilities z User configurable IP filter Call Filter Data Filter z Stateful Packet Inspection SPI tracks packets and...

Page 126: ...ually categorized into two types the flooding type attacks and the vulnerability attacks The flooding type attacks will attempt to exhaust all your system s resource while the vulnerability attacks wi...

Page 127: ...l Filter or Data Filter Under some circumstance your filter set can be linked to work in a serial manner So here you assign the Start Filter Set only Also you can configure the Log Flag settings Apply...

Page 128: ...is in higher priority you cannot enable Accept large incoming fragmented UDP or ICMP Packets Enable Strict Security Firewall Check the box to enable such function All the packets while transmitting t...

Page 129: ...hoose one of the QoS rules to be applied as firewall rule For detailed information of setting QoS please refer to the related section later Load Balance Policy Choose the WAN interface for applying Lo...

Page 130: ...er for applying with this router Please set at least one profile for choosing in CSM URL Content Filter web page first Or choose Create New from the drop down list in this page to create a new profile...

Page 131: ...setting is ANSI 1252 Latin I If you do not choose any codepage no decoding job of URL will be processed Please use the drop down list to choose a codepage If you do not have any idea of choosing suit...

Page 132: ...Item Description Filter Rule Click a button numbered 1 7 to edit the filter rule Click the button will open Edit Filter Rule web page For the detailed information refer to the following page Active E...

Page 133: ...description Maximum length is 14 character long Index 1 15 Set PCs on LAN to work at certain time interval only You may choose up to 4 schedules out of the 15 schedules pre defined in Applications Sch...

Page 134: ...access into the following dialog to choose the source destination IP or IP ranges To set the IP address manually please choose Any Address Single Address Range Address Subnet Address as the Address Ty...

Page 135: ...available for this service type when the first and last value are the same it indicates all the ports except the port defined here when the first and last values are different it indicates that all th...

Page 136: ...filter rule any more Sessions Control The number typed here is the total sessions of the packets that do not match the filter rule configured in this page The default setting is 60000 MAC Bind IP Stri...

Page 137: ...r for applying with this router Please set at least one profile for anti virus in CSM Web Content Filter web page first Or choose Create New from the drop down list in this page to create a new profil...

Page 138: ...se a codepage If you do not have any idea of choosing suitable codepage please open Syslog From Codepage Information of Setup dialog you will see the recommended codepage listed on the dialog box Wind...

Page 139: ...two IP filters call filter or data filter You may preset 12 call filters and data filters in Filter Setup and even link them in a serial manner Each filter set is composed by 7 filter rules which can...

Page 140: ...ecting the Threshold of the TCP SYN packets from the Internet has exceeded the defined value the Vigor router will start to randomly discard the subsequent TCP SYN packets for a period defined in Time...

Page 141: ...outside might learn the details of your private networks Block Land Check the box to enforce the Vigor router to defense the Land attacks The Land attack combines the SYN attack technology with IP spo...

Page 142: ...ent function Any ICMP packets with more fragment bit set are dropped Block Unknown Protocol Check the box to activate the Block Unknown Protocol function Individual IP packet has a protocol field in t...

Page 143: ...nt User Management accounts This is more flexible and convenient for network management Not only offering the basic checking for Internet access User Management also provides additional firewall rules...

Page 144: ...plied to every user Available settings are explained as follows Item Description Mode There are two modes offered here for you to choose Each mode will bring different filtering effect to the users in...

Page 145: ...up to 200 which will be applied for users controlled under User Management Simply open User Management User Profile To set the user profile please click any index number link to open the following pag...

Page 146: ...he user has to type the password specified here to pass the authentication When the user passes the authentication he she can access Internet via this router with the limitation configured in this use...

Page 147: ...ayed on the screen with time remaining for connection if Idle Timeout is set However the system will update the time periodically to keep the connection always on Thus Idle Timeout will not interrupt...

Page 148: ...d by the router for the user with such profile Check the box to enable the function of time quota The first box displays the remaining time of the network connection The second box allows to type the...

Page 149: ...er objects that you have created will be shown in this box Notice that user object Admin and Dial In User are factory settings User defined profiles will be numbered with 3 4 5 and so on Selected Keyw...

Page 150: ...sers which connect to Vigor router currently You can click the link under the username to open the user profile setting page for that user IP Address Display the IP address of the device Last Login Ti...

Page 151: ...m with objects and bind them with groups for using conveniently Later we can select that object group that can apply it For example all the IPs in the same department can be defined with an IP object...

Page 152: ...choose LAN as the Interface here and choose LAN as the direction setting in Edit Filter Rule then all the IP addresses specified with LAN interface will be opened for you to choose in Edit Filter Rule...

Page 153: ...e Address type is selected Subnet Mask Type the subnet mask if the Subnet Address type is selected Invert Selection If it is checked all the IP addresses except the ones listed above will be applied l...

Page 154: ...Item Description Name Type a name for this profile Maximum 15 characters are allowed Interface Choose WAN LAN or Any to display all the available IP objects with the specified interface Available IP O...

Page 155: ...s with different conditions Available settings are explained as follows Item Description Set to Factory Default Clear all profiles Click the number under Index column for settings in detail Available...

Page 156: ...ddress if this object contains any IPv6 address Select Mac Address if this object contains Mac address MAC Address Type the MAC address of the network card which will be controlled Start IP Address Ty...

Page 157: ...allows you to bind several IPv6 objects into one IPv6 group Available settings are explained as follows Item Description Set to Factory Default Clear all profiles Click the number under Index column...

Page 158: ...Pv6 Objects Click button to add the selected IPv6 objects in this box 3 3 6 6 5 5 S Se er rv vi ic ce e T Ty yp pe e O Ob bj je ec ct t You can set up to 96 sets of Service Type Objects with different...

Page 159: ...the same it indicates one port when the first and last values are different it indicates a range for the port and available for this profile when the first and last value are the same it indicates all...

Page 160: ...3 3 6 6 6 6 S Se er rv vi ic ce e T Ty yp pe e G Gr ro ou up p This page allows you to bind several service types into one group Available settings are explained as follows Item Description Set to Fa...

Page 161: ...ble Service Type Objects All the available service objects that you have added on Objects Setting Service Type Object will be shown in this box Selected Service Type Objects Click button to add the se...

Page 162: ...column for setting in detail Available settings are explained as follows Item Description Name Type a name for this profile e g game Contents Type the content for such profile For example type gamblin...

Page 163: ...he keyword groups set here will be chosen as black white list in CSM URL Web Content Filter Profile Available settings are explained as follows Item Description Set to Factory Default Clear all profil...

Page 164: ...lected Keyword objects in this box 3 3 6 6 9 9 F Fi il le e E Ex xt te en ns si io on n O Ob bj je ec ct t This page allows you to set eight profiles which will be applied in CSM URL Content Filter Al...

Page 165: ...le settings are explained as follows Item Description Profile Name Type a name for this profile Type a name for such profile and check all the items of file extension that will be processed in the rou...

Page 166: ...Because it checks the URL strings or some of HTTP data hiding in the payload of TCP packets while legacy firewall inspects packets based on the fields of TCP IP headers only On the other hand Vigor r...

Page 167: ...ed in Default Rule of Firewall General Setup for filtering Available settings are explained as follows Item Description Set to Factory Default Clear all profiles Profile Display the number of the prof...

Page 168: ...ion Profile Name Type a name for the CSM profile Select All Click it to choose all of the items in this page Clear All Uncheck all the selected boxes The profiles configured here can be applied in the...

Page 169: ...Vigor2850 Series User s Guide 159 The items categorized under P2P The items categorized under Misc...

Page 170: ...ayload of TCP packets while legacy firewall inspects packets based on the fields of TCP IP headers only On the other hand Vigor router can prevent user from accidentally downloading malicious codes fr...

Page 171: ...ol and Web Feature below When you choose this setting both configuration set in this page for URL Access Control and Web Feature will be inactive Either URL Access Control First When all the packages...

Page 172: ...clear your browser cache first so that the URL content filtering facility operates properly on a web page that you visited before Action This setting is available only when Either URL Access Control...

Page 173: ...cessing into the corresponding webpage with the keywords listed on the box below If the web pages do not match with the specified feature set here it will be processed with reverse action Cookie Check...

Page 174: ...pts the mechanism developed and offered by certain service provider e g DrayTek No matter activating WCF feature or getting a new license for web content filter you have to click Activate to satisfy y...

Page 175: ...L2 the router will check the URL that the user wants to access via WCF If the data has been accessed previously the IP addresses of source and destination IDs will be memorized for a short time about...

Page 176: ...ass allow accessing into the corresponding webpage with the characters listed on Group Object Selections If the web pages do not match with the specified feature set here they will be processed with t...

Page 177: ...ll the actions Pass and Block will be recorded in Syslog 3 3 8 8 B Ba an nd dw wi id dt th h M Ma an na ag ge em me en nt t Below shows the menu items for Bandwidth Management 3 3 8 8 1 1 S Se es ss s...

Page 178: ...plained as follows Item Description Session Limit Enable Click this button to activate the function of limit session Disable Click this button to close the function of limit session Default session li...

Page 179: ...Adds the specific session limitation onto the list above Edit Allows you to edit the settings for the selected limitation Delete Remove the selected settings existing on the limitation list Administra...

Page 180: ...ick Bandwidth Limit to open the web page To activate the function of limit bandwidth simply click Enable and set the default upstream and downstream limit Available settings are explained as follows I...

Page 181: ...e list above Edit Allow you to edit the settings for the selected limitation Delete Remove the selected settings existing on the limitation list Smart Bandwidth Limit Check this box to have the bandwi...

Page 182: ...apply DSCP Differentiated Service Code Point and IP Precedence disciplines at Layer 3 Compared with legacy IP Precedence that uses Type of Service ToS field in the IP header to define 8 service classe...

Page 183: ...ick the Setup link to access into next page for the general setup of WAN interface As to class rule simply click the Edit link to access into next for configuration You can configure general setup for...

Page 184: ...N N I In nt te er rf fa ac ce e When you click Setup you can configure the bandwidth ratio for QoS of the WAN interface There are four queues allowed for QoS control The first three Class 1 to Class 3...

Page 185: ...default value is 10000kbps Reserved Bandwidth Ratio It is reserved for the group index in the form of ratio of reserved bandwidth to upstream speed and reserved bandwidth to downstream speed Enable UD...

Page 186: ...usted for your necessity To add edit or delete the class rule please click the Edit link of that one After you click the Edit link you will see the following page Now you can define the name for that...

Page 187: ...dress you have to fill in Start IP address and Subnet Mask DiffServ CodePoint All the packets of data will be divided with different levels and will be processed according to the level type by the sys...

Page 188: ...e S Se er rv vi ic ce e T Ty yp pe e f fo or r C Cl la as ss s R Ru ul le e To add a new service type edit or delete an existed service type please click the Edit link under Service Type field After y...

Page 189: ...ns s Below shows the menu items for Applications 3 3 9 9 1 1 D Dy yn na am mi ic c D DN NS S The ISP often provides you with a dynamic IP address when you connect to the Internet via your ISP It means...

Page 190: ...lear all profiles and recover to factory settings View Log Display DDNS log status Force Update Force the router updates its information to DDNS server Auto Update interval Set the time for the router...

Page 191: ...ing the router will use WAN1 WAN2 WAN3 as the only channel for such account Service Provider Select the service provider for the DDNS account Service Type Select a service type Dynamic Custom or Stati...

Page 192: ...by means of Network Time Protocols NTP As a result you can not only schedule the router to dialup to the Internet at a specified time but also restrict Internet access to certain hours so that users c...

Page 193: ...od for the schedule Action Specify which action Call Schedule should apply during the period of the schedule Force On Force the connection to be always on Force Down Force the connection to be always...

Page 194: ...been pre defined in the schedule profiles 3 3 9 9 3 3 R RA AD DI IU US S Remote Authentication Dial In User Service RADIUS is a security authentication client server protocol that supports authentica...

Page 195: ...complexity of other directory service protocols For LDAP is defined to perform inquire and modify the information within the directory and acquire the data in the directory securely therefore users ca...

Page 196: ...and the router provide the associated support for MSN Messenger to allow full use of the voice video and messaging features Available settings are explained as follows Item Description Enable UPNP Ser...

Page 197: ...cessing ability of some network ports Security Considerations Activating the UPnP function on your network may incur some security threats You should consider carefully these risks before activating t...

Page 198: ...ill be executed through WAN port In addition such function is available in NAT mode Enable IGMP Snooping Check this box to enable this function Multicast traffic will be forwarded to ports that have m...

Page 199: ...le settings are explained as follows Item Description Wake by Two types provide for you to wake up the binded IP If you choose Wake by MAC Address you have to type the correct MAC address of the host...

Page 200: ...is that Vigor router sends a message to user s mobile through specified service provider to assist the user knowing the real time abnormal situations Vigor router allows you to set up to 8 SMS profil...

Page 201: ...can use to register to selected SMS provider Password Type a password that the sender can use to register to selected SMS provider Destination Number Type the telephone number that you want it to rece...

Page 202: ...shows the menu items for VPN and Remote Access 3 3 1 10 0 1 1 V VP PN N C Cl li ie en nt t W Wi iz za ar rd d Such wizard is used to configure VPN settings for VPN client Such wizard will guide to se...

Page 203: ...or2850 Series User s Guide 193 Please choose a LAN to LAN Profile There are 32 VPN profiles for users to set 2 When you finish the mode and profile selection please click Next to open the following pa...

Page 204: ...ifferent type will lead to different configuration page After making the choices for the client profile please click Next You will see different configurations based on the selection s you made z When...

Page 205: ...llowing graphic z When you choose L2TP over IPSec Nice to Have or L2TP over IPSec Must you will see the following graphic Available settings are explained as follows Item Description Profile Name Type...

Page 206: ...gnature X 509 Click Digital Signature to invoke this function Use the drop down list to choose one of the certificates for using You have to configure one certificate at least previously in Certificat...

Page 207: ...ilable settings are explained as follows Item Description Go to the VPN Connection Management Click this radio button to access VPN and Remote Access Connection Management for viewing VPN Connection s...

Page 208: ...by step 1 Open VPN and Remote Access VPN Server Wizard The following page will appear Available settings are explained as follows Item Description VPN Server Mode Selection Choose the direction for t...

Page 209: ...choose any one of dial in user account profiles Next you have to select suitable dial in type for the VPN server profile There are several types provided here similar to VPN Client Wizard Different Di...

Page 210: ...User s Guide 200 z When you check PPTP you will see the following graphic z When you check PPTP IPSec L2TP three types or PPTP IPSec two types or L2TP with Policy Nice to Have Must you will see the f...

Page 211: ...Confirm Pre Shared Key Type the pre shared key again for confirmation Digital Signature X 509 Check the box of Digital Signature to invoke this function Use the drop down list to choose one of the ce...

Page 212: ...n Management for viewing VPN Connection status Do another VPN Server Wizard Setup Click this radio button to set another profile of VPN Server through VPN Server Wizard View more detailed configuratio...

Page 213: ...Optional MPPE This option represents that the MPPE encryption method will be optionally employed in the router for the remote dial in user If the remote dial in user does not support the MPPE encrypt...

Page 214: ...hat starts the negotiation proposes all its policies to the remote peer and then remote peer tries to find a highest priority match with its policies Eventually to set up a secure tunnel for IKE Phase...

Page 215: ...y Currently only support Pre Shared Key authentication Pre Shared Key Specify a key for IKE authentication Confirm Pre Shared Key Retype the characters to confirm the pre shared key IPSec Security Met...

Page 216: ...certificates for peer dial in users Available settings are explained as follows Item Description Set to Factory Default Click it to clear all indexes Index Click the number below Index to access into...

Page 217: ...ific field of digital signature to accept the peer with matching value The field can be IP Address Domain or E mail Address The box under the Type will appear according to the type you select and ask...

Page 218: ...he following figure shows the summary table Available settings are explained as follows Item Description Set to Factory Default Click to clear all indexes Index Click the number below Index to access...

Page 219: ...PPTP Allow the remote dial in user to make a PPTP VPN connection through the Internet You should set the User Name and Password of remote dial in user below IPSec Tunnel Allow the remote dial in user...

Page 220: ...ock This is default setting Click this button to let multicast packets be blocked by the router Subnet Chose one of the subnet selections for such VPN profile Assign Static IP Address Allows you to sp...

Page 221: ...n the LAN to LAN Profile setup This item is optional and can be used only in IKE aggressive mode Callback Function The callback function provides a callback service only for the ISDN LAN to LAN connec...

Page 222: ...mmary table Available settings are explained as follows Item Description Set to Factory Default Click to clear all indexes Name Indicate the name of the LAN to LAN profile The symbol represents that t...

Page 223: ...ection Enable this profile Check here to activate this profile VPN Dial Out Through Use the drop down menu to choose a proper WAN interface for this profile This setting is useful for dial out only z...

Page 224: ...er will drop the connection Enable PING to keep alive This function is to help the router to determine the status of IPSec VPN connection especially useful in the case of abnormal VPN IPSec tunnel dis...

Page 225: ...he most common selection due to wild compatibility VJ compression This field is applicable when you select PPTP or L2TP with or without IPSec policy above VJ Compression is used for TCP IP protocol he...

Page 226: ...cryption algorithms to the VPN peers and get its feedback to find a match Two combinations are available for Aggressive mode and nine for Main mode We suggest you select the combination that covers th...

Page 227: ...to callback for the connection afterwards Provide ISDN Number to Remote In the case that the remote peer requires the Vigor router to callback the local ISDN number will be provided to the remote pee...

Page 228: ...in the general settings User Name This field is applicable when you select PPTP or L2TP with or without IPSec policy above Password This field is applicable when you select PPTP or L2TP with or witho...

Page 229: ...unication Logical Traffic Such technique comes from RFC2890 Define logical traffic for data transmission between both sides of VPN tunnel by using the characteristic of GRE Even hacker can decipher IP...

Page 230: ...n enable disable one of direction here Herein we provide four options TX RX Both TX Only RX Only and Disable From first subnet to remote network you have to do If the remote network only allows you to...

Page 231: ...e es s o of f V VP PN N T TR RU UN NK K V VP PN N L Lo oa ad d B Ba al la an nc ce e M Me ec ch ha an ni is sm m VPN Load Balance Mechanism can set multiple VPN tunnels for using as traffic load balan...

Page 232: ...profile Status v means such profile is enabled x means such profile is disabled Name Display the name of VPN TRUNK VPN Backup mechanism profile Member1 Display the dial out profile selected from the...

Page 233: ...nce mechanism profile Status v means such profile is enabled x means such profile is disabled Name Display the name of VPN TRUNK VPN Load Balance mechanism profile Member1 Display the dial out profile...

Page 234: ...mote Access LAN to LAN for you to choose for grouping under certain VPN TRUNK VPN Backup Load Balance mechanism profile z No Index number of LAN to LAN dial out profile z Name Profile name of LAN to L...

Page 235: ...n ng g V VP PN N T TR RU UN NK K D Di ia al l o ou ut t w wh he en n V VP PN N L Lo oa ad d B Ba al la an nc ce e D Di is sc co on nn ne ec ct te ed d For there is one Tunnel created and connected suc...

Page 236: ...N to LAN to set a profile with IPSec 2 If the router will be used as the VPN Server i e with virtual address 192 168 50 200 Please type 192 168 50 200 in the field of My GRE IP Type IP address 192 168...

Page 237: ...ound Robin Based on packet base both tunnels will send the packet alternatively Such method can reach the balance of packet transmission with fixed rate Weighted Round Robin Such method can reach the...

Page 238: ...tion port and fragment conditions match with the settings specified here and TCP Service Port also fits the number here such binding tunnel table can be established UDP means when the source IP destin...

Page 239: ...dvanced Backup Available settings are explained as follows Item Description Profile Name List the backup profile name ERD Mode ERD means Environment Recovers Detection Normal choose this mode to make...

Page 240: ...d as follows Item Description Dial out Tool General Mode This filed displays the profile configured in LAN to LAN with Index number and VPN Server IP address The VPN connection built by General Mode d...

Page 241: ...09 Any entity wants to utilize digital certificates should first request a certificate issued by a CA server It should also retrieve certificates of other trusted CA servers so it can authenticate the...

Page 242: ...Import Click this button to import a saved file as the certification information Refresh Click this button to refresh the information listed below View Click this button to view the detailed settings...

Page 243: ...ick IMPORT to open the following window Use Browse to find out the saved text file Then click Import The one you imported will be listed on the Trusted CA Certificate window Then click Import to use t...

Page 244: ...ed SIP is an end to end signaling protocol that establishes user presence and mobility in VoIP structure Every one who wants to talk using his her SIP Uniform Resource Identifier SIP Address The stand...

Page 245: ...d of that you will only have to using dial plan or directly dial your friend s account name if you are with the same SIP Registrar z Peer to Peer Before calling you have to know your friend s IP Addre...

Page 246: ...on established vigor router A will send SAS voice prompt to A and vigor router B will send the SAS voice prompt to B 2 Then the RTP traffic is secured until the call ends 3 If vigor router A wants to...

Page 247: ...honebook for you to store all your friends and family members SIP addresses Loop through and Backup Phone Number will be displayed if you are using Vigor2850Vn for setting the phone book Click any ind...

Page 248: ...one call will be changed from VoIP phone into PSTN call according to the loop through direction chosen Note that during the phone switch the blare of phone will appear for a short time And when the Vo...

Page 249: ...ce When you choose this mode the OP number will be replaced by the prefix number for calling out through the specific VoIP interface Take the above picture Prefix Table Setup web page as an example th...

Page 250: ...settings configured in VoIP Phone Settings Move UP Move Down Click the link to move the selected entry up or down C Ca al ll l B Ba ar rr ri in ng g Call barring is used to block phone calls coming fr...

Page 251: ...ring according to the preconfigured schedules Refer to section Applications Schedule for detailed configuration Additionally you can set advanced settings for call barring such as Block Anonymous Bloc...

Page 252: ...Vigor2850 Series User s Guide 242...

Page 253: ...n this web page You can change the number based on the region that the router is placed Available settings are explained as follows Item Description Enable Regional Check this box to enable this funct...

Page 254: ...e number typed in this field to make your phone number ID not displayed on the display panel of remote end Hide caller ID Deact Dial the number typed in this field to release this function Call Waitin...

Page 255: ...d 3 3 1 12 2 2 2 S SI IP P A Ac cc co ou un nt ts s In this section you set up your own SIP settings When you apply for an account your SIP service provider will give you an Account Name or user name...

Page 256: ...which port will ring when receiving a phone call Set Phone ISDN1 S0 or ISDN TE as the default ring port for the SIP account If you choose Phone or ISDN1 S0 the ISDN2 TE selection will be dimmed vice...

Page 257: ...s profile for identifying You can type similar name with the domain For example if the domain name is draytel org then you might set draytel 1 in this field Register via If you want to make VoIP call...

Page 258: ...ntication ID Check the box to invoke this function and enter the name or number used for SIP Authorization with SIP Registrar If this setting value is the same as Account Name it is not necessary for...

Page 259: ...etting is 30 sec Ring Port Set Phone 1 and or Phone 2 as the default ring port s for this SIP account Ring Pattern Choose a ring tone type for the VoIP phone call Prefer Codec Select one of five codec...

Page 260: ...0 Voice Active Detector This function can detect if the voice on both sides is active or not If not the router will do something to save the bandwidth for other using Click On to invoke this function...

Page 261: ...that configured in the advanced settings page of Phone Index Default SIP Account draytel_1 is the default SIP account You can click the number below the Index field to change SIP account for each phon...

Page 262: ...ess into the following page for configuring Phone settings Available settings are explained as follows Item Description Hotline Check the box to enable it Type in the SIP URL in the field for dialing...

Page 263: ...ponse Click hook flash to pick up the waiting phone call Call Transfer Check this box to invoke this function Click hook flash to initiate another phone call When the phone call connection succeeds ha...

Page 264: ...h you are located The common settings of Caller ID Type Dial tone Ringing tone Busy tone and Congestion tone will be shown automatically on the page If you cannot find out a suitable one please choose...

Page 265: ...The smaller the number is the louder the dial tone is It is recommended for you to use the default setting Ring Frequency This setting is used to drive the frequency of the ring tone It is recommended...

Page 266: ...Vigor will capture the DTMF tone and transfer it into SIP form Then it will be sent to the remote end with SIP message Payload Type rfc2833 Choose a number from 96 to 127 the default value was 101 Th...

Page 267: ...as hours minutes seconds Tx Pkts Total number of transmitted voice packets during this connection session Rx Pkts Total number of received voice packets during this connection session Rx Losts Total...

Page 268: ...rotocol as Point to Point Configure ISDN port to use static TEI Terminal Endpoint Identifier Point to Multipoint Configure ISDN port to use Dynamic TEI Own Number Enter your ISDN number that you got f...

Page 269: ...in ng gl le e D Du ua al l I IS SP Ps s Select Dialing to a Single ISP if you access the Internet via a single ISP Available settings are explained as follows Item Description ISP Access Setup ISP Na...

Page 270: ...AP or CHAP is to configure the PPP session to use the PAP or CHAP protocols to negotiate the username and password with the ISP Idle Timeout Idle timeout means the router will be disconnect after bein...

Page 271: ...to negotiate the username and password with the ISP Idle Timeout Idle timeout means the router will be disconnect after being idle for a preset amount of time The default is 180 seconds If you set the...

Page 272: ...you will see Goto ISDN Diagnostic link appears on the bottom of the webpage To have an ISDN connection please click this link Now the system will guide you to click Dial ISDN Wait for a moment after...

Page 273: ...to 5 for each triggered packet the router will dial 5 times until it is connected to the ISP or remote access router Dial Delay Interval It specifies the interval between dialup retries By default the...

Page 274: ...r Time the additional channel will be activated Thus the total link speed will be 128kbps two B channels Low Water Mark and Low Water Time These parameters specify the situation in which the second ch...

Page 275: ...channel etc M Mu ul lt ti ip pl le e S SS SI ID Ds s Vigor router supports four SSID settings for wireless connections Each SSID can be defined with different name and download upload rate for selecti...

Page 276: ...time Separate the Wireless and the Wired LAN WLAN Isolation enables you to isolate your wireless LAN from wired LAN for either quarantine or limit access reasons To isolate means neither of the partie...

Page 277: ...e box to enable wireless function Mode At present the router can connect to 11n Only 11g Only Mixed 11b 11g Mixed 11a 11n Mixed 11g 11n and Mixed 11b 11g 11n stations simultaneously Simply choose Mixe...

Page 278: ...l characters The default SSID is DrayTek We suggest you to change it Isolate VPN Check this box to make the wireless clients stations with different VPN not accessing for each other Member Check this...

Page 279: ...install it into your PC for matching with Packet OVERDRIVE refer to the following picture of Vigor N61 wireless utility window choose Enable for TxBURST on the tab of Option Note means the real transm...

Page 280: ...default security mode is Mixed WPA WPA2 PSK Default Pre Shared Key PSK is provided and stated on the label pasted on the bottom of the router For the wireless client who wants to access into Internet...

Page 281: ...and the encryption key is obtained dynamically from RADIUS server with 802 1X protocol WPA PSK Accepts only WPA clients and the encryption key should be entered in PSK WPA2 PSK Accepts only WPA2 clie...

Page 282: ...o on nt tr ro ol l In the Access Control the router may restrict wireless access to certain wireless clients only by locking their MAC address into a black or white list The user may block wireless cl...

Page 283: ...list Edit Edit the selected MAC address in the list Cancel Give up the access control set up OK Click it to save the access control list Clear All Clean all entries in the MAC address list 3 3 1 14 4...

Page 284: ...rt PBC button of network card z If you want to use PIN code you have to know the PIN code specified in wireless client Then provide the PIN code of the wireless client you wish to connect to the vigor...

Page 285: ...de of the router Only WPA2 PSK and WPA PSK support WPS Configure via Push Button Click Start PBC to invoke Push Button style WPS setup procedure The router will wait for WPS requests from wireless cli...

Page 286: ...Ns through the air y Extend the coverage range of a WLAN To meet the above requirement two WDS modes are implemented in Vigor router One is Bridge the other is Repeater Below shows the function of WDS...

Page 287: ...do WDS to WDS packet forwarding In the following examples hosts connected to Bridge 1 or 3 can communicate with hosts connected to Bridge 2 through WDS links However hosts connected to Bridge 1 CANNOT...

Page 288: ...tween AP and the router Key Type 8 63 ASCII characters or 64 hexadecimal digits leading by 0x Bridge If you choose Bridge as the connecting mode please type in the peer MAC address in these fields Fou...

Page 289: ...nly In addition it does not have protection mechanism to avoid the conflict with neighboring devices of 802 11a b g Channel Bandwidth 20 the router will use 20Mhz for data transmission and receiving b...

Page 290: ...re explained as follows Item Description WMM Capable To apply WMM parameters for wireless data transmission please click the Enable radio button APSD Capable The default setting is Disable Aifsn It co...

Page 291: ...he box means the AP router will answer the response request while transmitting WMM packets through wireless connection It can assure that the peer must receive the WMM packets Check the box means the...

Page 292: ...WDS settings please type in the AP s MAC address on the bottom of the page and click Bridge or Repeater Next click Add to Later the MAC address of the AP will be added to Bridge or Repeater field of W...

Page 293: ...l L Lo og g i in n This page allows you to specify an URL for accessing into or display a message when a remote user connects to Internet through this router No matter what purpose of the wireless cli...

Page 294: ...es here The message will be displayed on the screen for several seconds when the wireless users access into the web page through the router 3 3 1 15 5 U US SB B A Ap pp pl li ic ca at ti io on n USB s...

Page 295: ...FAT32 It is recommended for you to use FAT32 for viewing the filename completely FAT16 cannot support long filename Available settings are explained as follows Item Description General Settings Simult...

Page 296: ...an have as many as 23 characters Both them cannot contain any of the following Workgroup Name Type a name for the workgroup Host Name Type the host name for the router 3 3 1 15 5 2 2 U US SB B U Us se...

Page 297: ...rd is specified for accessing into web pages of Vigor router only Also it is reserved for FTP firmware upgrade usage Note FTP Passive mode is not supported by Vigor Router Please disable the mode on t...

Page 298: ...uch profile Any user who uses such profile for accessing into USB storage disk must follow the rule specified here File Check the items Read Write and Delete for such profile Directory Check the items...

Page 299: ...con to add a new folder Current Path Display current folder Upload Click this button to upload the selected file to the USB storage disk The uploaded file in the USB diskette can be shared for other u...

Page 300: ...r s host which connecting to the FTP server Username It displays the username that user uses to login to the FTP server When you insert USB storage disk into the Vigor router the system will start to...

Page 301: ...the system Time Display the time of the event occurred Message Display the information for each event F Fo or r U US SB B S Sy ys sl lo og g This page displays the syslog recorded on the USB storage d...

Page 302: ...Maintenance 3 3 1 16 6 1 1 S Sy ys st te em m S St ta at tu us s The System Status provides basic network settings of Vigor router It includes LAN and WAN interface information Also you could get the...

Page 303: ...us Firmware Version It indicates information about equipped WLAN miniPCi card This also helps to provide availability of some features that are bound with some WLAN miniPCi SSID Display the SSID of th...

Page 304: ...r detailed information CPE Client Such information is useful for Auto Configuration Server Enable Disable Allow Deny the CPE Client to connect with Auto Configuration Server Port Sometimes port confli...

Page 305: ...request to the server for the purpose of maintaining the binding in the Gateway Please type a number as the maximum period A value of 1 indicates that no maximum period is specified 3 3 1 16 6 3 3 A...

Page 306: ...into the web configurator with the password typed here for simple web configuration The settings on simple web configurator will be different with full web configurator accessed by using the administr...

Page 307: ...low the steps below to backup your configuration 1 Go to System Maintenance Configuration Backup The following windows will be popped up as shown below 2 Click Backup button to get into the following...

Page 308: ...e Note Backup for Certification must be done independently The Configuration Backup does not include information of Certificate R Re es st to or re e C Co on nf fi ig gu ur ra at ti io on n 1 Go to Sy...

Page 309: ...save the log to Syslog server Check USB Disk to save the log to the attached USB storage disk Router Name Display the name for such router configured in System Maintenance Management If there is no n...

Page 310: ...ntication Check this box to activate this function while using e mail application User Name Type the user name for authentication Password Type the password for authentication Enable E mail Alert Chec...

Page 311: ...Vigor2850 Series User s Guide 301...

Page 312: ...m the remote administrator PC host as router s system time Use Internet Time Select to inquire time information from Time Server on the Internet using assigned protocol Time Protocol Select a time pro...

Page 313: ...nt Access Control Allow management from the Internet Enable the checkbox to allow system administrators to login from the Internet There are several servers provided by the system to allow you managin...

Page 314: ...specify certain host Trap Community Set trap community by typing a proper name The default setting is public Notification Host IP Set the IP address of the host that will receive the trap community Tr...

Page 315: ...dule for performing system reboot All the schedules can be set previously in Applications Schedule web page and you can use the number that you have set in that web page If you want to reboot the rout...

Page 316: ...ng an example Note that this example is running over Windows OS Operating System Download the newest firmware from DrayTek s web site or FTP site The DrayTek web site is www DrayTek com or local DrayT...

Page 317: ...mechanism for your computer Click System Maintenance Activation to open the following page for accessing http myvigor draytek com Available settings are explained as follows Item Description Activate...

Page 318: ...Vigor2850 Series User s Guide 308 Below shows the successful activation of Web Content Filter...

Page 319: ...i ia al l o ou ut t T Tr ri ig gg ge er ri in ng g Click Diagnostics and click Dial out Trigger to open the web page The internet connection e g PPPoE is triggered by a package sending from the source...

Page 320: ...ttings are explained as follows Item Description Refresh Click it to reload the page 3 3 1 17 7 3 3 A AR RP P C Ca ac ch he e T Ta ab bl le e Click Diagnostics and click ARP Cache Table to view the co...

Page 321: ...ou ur r T Ta ab bl le e The table shows a mapping between an Ethernet hardware address MAC Address and an IPv6 address This information is helpful in diagnosing network problems such as IP address co...

Page 322: ...Table to open the web page Available settings are explained as follows Item Description Index It displays the connection item number IP Address It displays the IP address assigned by this router for s...

Page 323: ...settings are explained as follows Item Description Private IP Port It indicates the source IP address and port of local PC Pseudo Port It indicates the temporary port of the router used for NAT Peer...

Page 324: ...eb page Available settings are explained as follows Item Description IPV4 IPV6 Choose the interface for such function Ping through Use the drop down list to choose the WAN interface that you want to p...

Page 325: ...a F Fl lo ow w M Mo on ni it to or r This page displays the running procedure for the IP address monitored and refreshes the data in an interval of several seconds The IP address listed here is confi...

Page 326: ...speed of the monitored device RX rate kbps Display the receiving speed of the monitored device Sessions Display the session number that you specified in Limit Session web page Action Block can prevent...

Page 327: ...ng different traffic graph Click Refresh to renew the graph at any time The horizontal axis represents time Yet the vertical axis has different meanings For WAN1 WAN2 WAN3Bandwidth chart the numbers d...

Page 328: ...n the web page This page allows you to trace the routes from router to the host Simply type the IP address of the host in the box and click Run The result of route trace will be shown on the screen or...

Page 329: ...through Protocol Use the drop down list to choose the protocol that you want to ping through Host IP Address It indicates the IP address of the host Trace Host IP Address It indicates the IPv6 address...

Page 330: ...own for your reference Available settings are explained as follows Item Description Enable Web Syslog Check this box to enable the function of Web Syslog Syslog Type Use the drop down list to specify...

Page 331: ...splay the type of the record Message Display the information for each event 3 3 1 17 7 1 12 2 T TS SP PC C S St ta at tu us s IPv6 TSPC status web page could help you to diagnose the connection status...

Page 332: ...v vi ic ce es s This page allows you to enable or disable the function of detecting external devices Available settings are explained as follows Item Description External Device Auto Discovery Check t...

Page 333: ...other via existing IPv4 network environment The IPv6 packets will be encapsulated with the header of IPv4 first Later the packets will be transformed and judged by IPv4 router Once the packets arrive...

Page 334: ...use the drop down list to choose a proper connection type Different connection types will bring out different configuration page Refer to the following z PPP Dual Stack application IPv4 and IPv6 servi...

Page 335: ...Vigor2850 Series User s Guide 325 Click OK and open Online Status If the connection is successful you will get the IP address for IPv4 and IPv6 at the same time...

Page 336: ...nformation for TSPC service Note While using such mode you have to make sure the IPv4 network connection is normal In the following figure the TSPC information is obtained from http gogo6 com after ap...

Page 337: ...Note While using such mode you have to make sure the IPv4 network connection is normal In the following figure the AICCU information is obtained from https www sixxs net main after applied for the ser...

Page 338: ...Guide 328 z DHCPv6 Client Choose DHCPv6 Client Click one of the identity associations and type the IAID number Click OK and open Online Status If the connection is successful the physical connection w...

Page 339: ...User s Guide 329 z Static IPv6 Choose Static IPv6 Type IPv6 address Prefix Length and Gateway Address Click OK and open Online Status If the connection is successful the physical connection will be s...

Page 340: ...the subnet of LAN1 supports IPv6 feature 2 In the field of RADVD Configuration the default setting is Enable The client s PC will ask RADVD service for the Prefix of IPv6 address automatically and ge...

Page 341: ...mmand of ipconfig Refer to the following figure From the above figure we can see IPv6 IP address has been captured by the system 2 Use the Ping command to ping any IPv6 address indicating an IPv6 webs...

Page 342: ...pe an URL of IPv6 e g www kame net If your computer accesses into the website by using IPv6 address you may see a turtle dancing on the screen If not only a steady turtle will be seen If you can see a...

Page 343: ...be done through SAMBA server or FTP server Samba service is based on the original USB FTP service You will need to setup USB FTP first We would like to give brief instructions on USB FTP setup here 1...

Page 344: ...Vigor2850 Series User s Guide 334 4 Click OK to save the configuration 5 Make sure the FTP service is running properly Please open a browser and type ftp 192 168 1 1 Use the account user1 to login...

Page 345: ...SB Application USB Disk Status The information for FTP server will be shown as below Now users in LAN of Vigor2710 can access into the USB storage device by typing ftp 192 168 1 1 on any browser They...

Page 346: ...own in the below illustration you may follow the steps to create a LAN to LAN profile These two networks LANs should NOT have the same network address Settings in Router A in headquarter 1 Go to VPN a...

Page 347: ...ser s Guide 337 3 Go to LAN to LAN Click on one index number to edit a profile 4 Set Common Settings as shown below You should enable both of VPN connections because any one of the parties may start t...

Page 348: ...d If an IPSec based service is selected you should further specify the remote peer IP Address IKE Authentication Method and IPSec Security Method for this Dial Out connection If a PPP based service is...

Page 349: ...d you may further specify the remote peer IP Address IKE Authentication Method and IPSec Security Method for this Dial In connection Otherwise it will apply the settings defined in IPSec General Setup...

Page 350: ...r B in the remote office 1 Go to VPN and Remote Access and select Remote Access Control to enable the necessary VPN service and click OK 2 Then for using PPP based services such as PPTP L2TP you have...

Page 351: ...connections because any one of the parties may start the VPN connection 5 Set Dial Out Settings as shown below to dial to connect to Router B aggressively with the selected Dial Out method If an IPSe...

Page 352: ...ression for this Dial Out connection 6 Set Dial In settings to as shown below to allow Router A dial in to build VPN connection If an IPSec based service is selected you may further specify the remote...

Page 353: ...rther specify the remote peer IP Address Username Password and VJ Compression for this Dial In connection 7 At last set the remote network IP subnet in TCP IP Network Settings so that Router B can dir...

Page 354: ...as shown in the below illustration you may follow the steps to create a Remote User Profile and install Smart VPN Client on the remote host Settings in VPN Router in the enterprise office 1 Go to VPN...

Page 355: ...tings to as shown below to allow the remote user dial in to build VPN connection If an IPSec based service is selected you may further specify the remote peer IP Address IKE Authentication Method and...

Page 356: ...or Win2000 XP please use Network and Dial up connections or Smart VPN Client complimentary software to help you create PPTP L2TP and L2TP over IPSec tunnel You can find it in CD ROM in the package or...

Page 357: ...based service is selected you should further specify the remote VPN server IP address Username Password and encryption method The User Name and Password should be consistent with the one set up in th...

Page 358: ...ometimes works at home and takes care of children When working time he would use Vigor router at home to connect to the server in the headquarter office downtown via either HTTPS or VPN to check email...

Page 359: ...an the real bandwidth to ensure correct calculation of QoS It is suggested to set the bandwidth value for inbound outbound as 80 85 of physical network speed provided by ISP to maximize the QoS perfor...

Page 360: ...r will set reserved bandwidth e g 25 for E mail using protocol POP3 and SMTP 6 Return to previous page Enter the Name of Index Class 2 by clicking Edit link In this index the user will set reserved ba...

Page 361: ...luent other application Click OK 9 If the worker has connected to the headquarter using host to host VPN tunnel Please refer to Chapter 3 VPN for detail instruction he may set up an index for it Enter...

Page 362: ...52 11 Click Add to open the following window Check the ACT box first 12 Then click Edit of Local Address to set a worker s subnet address Click Edit of Remote Address to set headquarter s IP address L...

Page 363: ...ll the Router Tools The Firmware Upgrade Utility is included in the tools 1 Go to www DrayTek com 2 Access into Support Downloads Please find out Firmware menu and click it Search the model you have a...

Page 364: ...Programs and choose Router Tools XXX Firmware Upgrade Utility 8 Type in your router IP usually 192 168 1 1 9 Click the button to the right side of Firmware file typing box Locate the files that you d...

Page 365: ...are Note that this example is running over Windows OS Operating System 1 Download the newest firmware from DrayTek s web site or FTP site The DrayTek web site is www DrayTek com or local DrayTek s web...

Page 366: ...356 4 4 7 7 R Re eq qu ue es st t a a c ce er rt ti if fi ic ca at te e f fr ro om m a a C CA A s se er rv ve er r o on n W Wi in nd do ow ws s C CA A S Se er rv ve er r 1 Go to Certificate Management...

Page 367: ...Enter the information in the certificate request 3 Copy and save the X509 Local Certificate Requet as a text file and save it for later use 4 Connect to CA server via web browser Follow the instructi...

Page 368: ...st using a base64 encoded PKCS 7 file Import the X509 Local Certificate Requet text file Select Router Offline request or IPSec Offline request below Then you have done the request and the server now...

Page 369: ...ificate Click IMPORT button and browse the file to import the certificate cer file into Vigor router When finished click refresh and you will find the below window showing BEGINE CERTIFICATE 6 You may...

Page 370: ...ti if fi ic ca at te e a an nd d S Se et t a as s T Tr ru us st te ed d o on n W Wi in nd do ow ws s C CA A S Se er rv ve er r 1 Use web browser connecting to the CA server that you would like to retr...

Page 371: ...d CA Certificate Click IMPORT button and browse the file to import the certificate cer file into Vigor router When finished click refresh and you will find the below illustration 4 You may review the...

Page 372: ...m Web Content Filter Anti Intrusion and etc to filtering the web pages for the sake of protecting your system To access into MyVigor for getting more information please create an account for MyVigor 4...

Page 373: ...es User s Guide 363 2 Click the Activate link A login page for MyVigor web site will pop up automatically 3 Click the link of Create an account now 4 Check to confirm that you accept the Agreement and...

Page 374: ...Vigor2850 Series User s Guide 364 5 Type your personal information in this page and then click Continue 6 Choose proper selection for your computer and click Continue...

Page 375: ...ART 8 Check to see the confirmation email with the title of New Account Confirmation Letter from myvigor draytek com 9 Click the Activate my Account link to enable the account that you created The fol...

Page 376: ...click Login Your account has been activated You can access into MyVigor server to activate the service e g WCF that you want 4 4 9 9 2 2 C Cr re ea at ti in ng g a an n A Ac cc co ou un nt t v vi ia a...

Page 377: ...User s Guide 367 2 Check to confirm that you accept the Agreement and click Accept 3 Type your personal information in this page and then click Continue 4 Choose proper selection for your computer an...

Page 378: ...ART 6 Check to see the confirmation email with the title of New Account Confirmation Letter from myvigor draytek com 7 Click the Activate my Account link to enable the account that you created The fol...

Page 379: ...password that you just created in the fields of UserName and Password Then type the code in the box of Auth Code according to the value displayed on the right side of it Now click Login Your account h...

Page 380: ...Vigor2850 Series User s Guide 370 This page is left blank...

Page 381: ...king to factory default setting if necessary If all above stages are done and the router still cannot run normally it is the time for you to contact your dealer for advanced help 5 5 1 1 C Ch he ec ck...

Page 382: ...er trying the above section if the link is stilled failed please do the steps listed below to make sure the network connection settings is OK F Fo or r W Wi in nd do ow ws s The example is based on Wi...

Page 383: ...tically and Obtain DNS server address automatically F Fo or r M Ma ac c O OS S 1 Double click on the current used Mac OS on the desktop 2 Open the Application folder and get into Network 3 On the Netw...

Page 384: ...uter correctly F Fo or r W Wi in nd do ow ws s 1 Open the Command Prompt window from Start menu Run 2 Type command for Windows 95 98 ME or cmd for Windows NT 2000 XP Vista The DOS command dialog will...

Page 385: ...ff f You have to wait about 15 seconds after inserting 3G USB Modem into your Vigor2850 Later the USB LED will light on which means the installation of USB Modem is successful If the USB LED does not...

Page 386: ...g g I If f N Ne ec ce es ss sa ar ry y Sometimes a wrong connection can be improved by returning to the default settings Try to reset the router by software or hardware Such function is available in A...

Page 387: ...Then the router will restart with the default configuration After restore the factory default setting you can configure the settings for the router again to fit your personal request 5 5 7 7 C Co on n...

Reviews:

No comments

Related manuals for Vigor2850 Series

Brand: SonicWALL Pages: 6

Brand: SonicWALL Pages: 2

UTM25 - ProSecure Unified Threat Management Appliance

Brand: NETGEAR Pages: 2

UTM5 - ProSecure Unified Threat Management Appliance

Brand: NETGEAR Pages: 2

ProSecure UTM150

Brand: NETGEAR Pages: 2

ProSecure UTM25S

Brand: NETGEAR Pages: 2

ProSAFE FVS336G v3

Brand: NETGEAR Pages: 2

SRXN3205 - ProSafe Wireless-N VPN Firewall Wireless Router

Brand: NETGEAR Pages: 150

UTM10 - ProSecure Unified Threat Management Appliance

Brand: NETGEAR Pages: 480

Brand: Forcepoint Pages: 2

Brand: Forcepoint Pages: 2

Brand: Forcepoint Pages: 9

Brand: Forcepoint Pages: 12

Brand: Forcepoint Pages: 90

Brand: Check Point Pages: 4

Quantum LightSpeed Appliance QLS250

Brand: Check Point Pages: 24

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands