manualshive.com logo in svg

Draytek Vigor2900 Series Security Router, User Manual

The Draytek Vigor2900 Series Security Router is a reliable and robust network device designed to ensure secure connectivity. Enhance your troubleshooting skills with our comprehensive Troubleshooting Manual, available for free download at manualshive.com. Easily access this valuable resource to optimize your product usage and resolve any technical issues.

Share
Download
background image

 

Vigor2900 Series User’s Guide

 

76 

 

Filter Rule 

Click a button numbered (1 ~ 7) to edit the filter rule. Click the button 
will open Edit Filter Rule web page. For the detailed information, 
refer to the following page. 

Active 

Enable or disable the filter rule. 

Comment

 

Enter filter set comments/description. Maximum length is 
23–character long 

Next Filter Set 

Set the link to the next filter set to be executed after the current filter 
run. Do not make a loop with many filter sets.

   

To edit 

Filter Rule

, click the 

Filter Rule

 index button to enter the Filter Rule setup page. 

 

Comments 

Enter filter set comments/description. Maximum length is 14- 
character long. 

Check to enable the 
Filter Rule

 

Check this box to enable the filter rule. 

Summary of Contents for Vigor2900 Series Security Router

Page 1: ... translated into any language without written permission from the copyright holders The scope of delivery and other details are subject to change without prior notice Microsoft is a registered trademark of Microsoft Corp Windows Windows 95 98 Me NT 2000 XP and Explorer are trademarks of Microsoft Corp Apple and Mac OS are registered trademarks of Apple Computer Inc Other products may be trademarks...

Page 2: ...Vigor2900 Series User s Guide ii ...

Page 3: ...Hardware Installation 10 2 Configuring Basic Settings 11 2 1 Changing Password 11 2 2 Quick Start Wizard 13 2 2 1 Selecting Protocol 14 2 2 2 PPPoE 14 2 2 3 PPTP 16 2 2 4 L2TP 18 2 2 5 Static IP 19 2 2 6 DHCP 21 2 3 LAN TCP IP and DHCP Server 22 2 4 ISDN Setup 27 2 5 Wireless LAN Setup 28 2 5 1 Basic Concepts 28 2 5 2 General Settings 31 2 5 3 Security 33 2 5 4 Access Control 35 2 5 5 Station List...

Page 4: ...ocking 88 3 7 8 P2P Blocking 88 3 8 VPN and Remote Access Setup 90 3 8 1 Remote Access Control Setup 90 3 8 2 PPP General Setup 90 3 8 3 VPN IKE IPSec General Setup 92 3 8 4 Remote User Profile Setup Teleworker 93 3 8 5 LAN to LAN Profile Setup 95 3 9 UPNP Service Setup 102 3 10 VoIP Setup 104 3 10 1 DialPlan Setup 106 3 10 2 SIP Related Functions Setup 107 3 10 3 CODEC RTP DTMF Setup 109 3 10 4 T...

Page 5: ...37 5 2 Create a Remote Dial in User Connection Between the Teleworker and Headquarter 145 5 3 QoS Setting Example 150 5 4 LAN Created by Using NAT 151 5 5 Calling Scenario for VoIP function 154 5 5 1 Calling via SIP Sever 154 5 5 2 Peer to Peer Calling 156 5 6 Upgrade Firmware for Your Router 157 6 Trouble Shooting 161 6 1 Checking If the Hardware Status Is OK or Not 161 6 2 Checking If the Networ...

Page 6: ......

Page 7: ... network abuse etc Vigor2900 series is embedded with an 802 11g compliant wireless module which provides wireless LAN access with data rate as much as up to 54Mbps for Vigor2900G VG VGi only As for data privacy of wireless network the Vigor2900 series can encode all transmissions data with standard WEP and industrial strength WPA2 IEEE 802 11i encryption Additional features include Wireless Client...

Page 8: ...N link is ready WAN Blinking Ethernet packets are transmitting Orange A normal 10Mbps connection is through its corresponding port Green A normal 100Mbps connection is through its corresponding port LAN 1 2 3 4 Blinking Ethernet packets are transmitting Factory Reset WAN P1 P2 P3 P4 PWR Printer Interface Description Printer Connecter for a USB printer PWR Connecter for a power adapter 0 1 Power Sw...

Page 9: ...s ready Green A normal 100Mbps WAN link is ready WAN Blinking Ethernet packets are transmitting Orange A normal 10Mbps connection is through its corresponding port Green A normal 100Mbps connection is through its corresponding port LAN 1 2 3 4 Blinking Ethernet packets are transmitting Factory Reset WAN P1 P2 P3 P4 PWR Printer Interface Description Printer Connecter for a USB printer PWR Connecter...

Page 10: ...ink is ready Green A normal 100Mbps WAN link is ready WAN Blinking Ethernet packets are transmitting Orange A normal 10Mbps connection is through its corresponding port Green A normal 100Mbps connection is through its corresponding port LAN 1 2 3 4 Blinking Ethernet packets are transmitting Factory Reset WAN P1 P2 P3 P4 PWR Printer ISDN Interface Description Printer Connecter for a USB printer PWR...

Page 11: ...AN link is ready WAN Blinking Ethernet packets are transmitting Orange A normal 10Mbps connection is through its corresponding port Green A normal 100Mbps connection is through its corresponding port LAN 1 2 3 4 Blinking Ethernet packets are transmitting Factory Reset WAN P1 P2 P3 P4 PWR Printer ISDN Interface Description Printer Connecter for a USB printer PWR Connecter for a power adapter 0 1 Po...

Page 12: ...t packets are transmitting Orange A normal 10Mbps connection is through its corresponding port Green A normal 100Mbps connection is through its corresponding port LAN 1 2 3 4 Blinking Ethernet packets are transmitting Interface Description Printer Connecter for a USB printer PWR Connecter for a power adapter 0 1 Power Switch FXS 2 1 Connecter of analog phone for VoIP communication P1 P4 Connecter ...

Page 13: ...AN link is ready WAN Blinking Ethernet packets are transmitting Orange A normal 10Mbps connection is through its corresponding port Green A normal 100Mbps connection is through its corresponding port LAN 1 2 3 4 Blinking Ethernet packets are transmitting Interface Description Printer Connecter for a USB printer PWR Connecter for a power adapter 0 1 Power Switch FXS 2 1 Connecter of analog phone fo...

Page 14: ...WAN link is ready Green A normal 100Mbps WAN link is ready WAN Blinking Ethernet packets are transmitting Orange A normal 10Mbps connection is through its corresponding port Green A normal 100Mbps connection is through its corresponding port LAN 1 2 3 4 Blinking Ethernet packets are transmitting Interface Description Printer Connecter for a USB printer PWR Connecter for a power adapter 0 1 Power S...

Page 15: ...ps WAN link is ready WAN Blinking Ethernet packets are transmitting Orange A normal 10Mbps connection is through its corresponding port Green A normal 100Mbps connection is through its corresponding port LAN 1 2 3 4 Blinking Ethernet packets are transmitting Interface Description Printer Connecter for a USB printer PWR Connecter for a power adapter 0 1 Power Switch FXS 2 1 Connecter of analog phon...

Page 16: ...th a RJ 45 cable This device allows you to connect 4 PCs directly 3 Connect one end of the power cord to the power port of this device Connect the other end to the wall outlet of electricity 4 Connect detachable antennas to the router for Vigor2900 Series 5 Power on the router 6 Check the ACT and WAN LAN LEDs to assure network connections For the detailed information of LED status please refer to ...

Page 17: ... configured the router will be open to any user in the LAN or the Internet and users can log into the router unlimitedly and change the settings To change the password for this device you have to access into the web browse with default password first 1 Make sure your computer connects to the router correctly Notice You may either simply set up your computer to get IP dynamically from the router or...

Page 18: ...s 4 Click Administrator Password Setup from the Basic Setup group 5 Enter the login password the default is blank on the field of Old Password Type a new one in the field of New Password and retype it on the field of Retype New Password Then click OK to continue 6 Now the password has been changed Next time use the new password to access the Web Configurator for this router ...

Page 19: ...d d If your router can be under an environment with high speed NAT the configuration provide here can help you to deploy and use the router quickly The first screen of Quick Start Wizard is entering login password After typing the password please click Next The following screen will appear ...

Page 20: ...router supports the DSL WAN interface for Internet access 2 2 2 2 2 2 P PP PP Po oE E PPPoE stands for Point to Point Protocol over Ethernet It relies on two widely accepted standards PPP and Ethernet It connects users through an Ethernet to the Internet with a common broadband medium such as a single DSL line wireless device or cable modem All the users over the Ethernet can share a common connec...

Page 21: ...The following page will be shown User Name Assign a specific valid user name provided by the ISP Password Assign a valid password provided by the ISP Retype Password Retype the password Always On Check this box to allow the router connecting to Internet forever Idle Timeout Type in the value unit is second as the idle timeout of the connection When the time is expired the internet connection will ...

Page 22: ...SP Password Assign a valid password provided by the ISP Retype Password Retype the password Obtain an IP address automatically Click this selection to get the IP address from the router automatically Specify an IP address Click this selection to specify an IP address and subnet mask manually IP Address Type a specific IP address for PPTP connection mode that obtained from ISP Subnet Mask Type the ...

Page 23: ...es User s Guide 17 PPTP Server IP Specify the IP address of the PPTP Server After finishing the settings in this page click Next to see the following page Click Finish to save current settings and restart the router ...

Page 24: ...sign a specific valid user name provided by the ISP Password Assign a valid password provided by the ISP Retype Password Retype the password Obtain an IP address automatically Click this selection to get the IP address from the router automatically Specify an IP address Click this selection to specify an IP address and subnet mask manually IP Address Type a specific IP address for PPTP connection ...

Page 25: ... PPTP Server IP Specify the IP address of the PPTP Server After finishing the settings in this page click Next to see the following page Click Finish to save current settings and restart the router 2 2 2 2 5 5 S St ta at ti ic c I IP P Click Static IP as the protocol ...

Page 26: ...subnet mask obtained from ISP Gateway Type the gateway address obtained from ISP Primary DNS Type the IP address as the primary DNS obtained from ISP Second DNS Type the IP address as the secondary DNS After finishing the settings in the above page click Next to see the following page Click Finish to save current settings and restart the router ...

Page 27: ...Host Name Specify the host name for the router MAC This is an optional setting The router will detect the MAC address automatically If not click Clone MAC Address to obtain it Type in all the information that your ISP provides for this protocol After finishing the settings in this page click Next to see the following page ...

Page 28: ...king to local hosts by using its private IP address What NAT does is to translate the packets from public IP address to private IP address to forward the right packets to the right host and vice versa Besides Vigor router has a built in DHCP server that assigns private IP address to each local host See the following diagram for a briefly understanding In some special case you may have a public IP ...

Page 29: ...nge routing information with neighboring routers using the RIP to accomplish IP routing This allows users to change the information of the router such as IP address and the routers will automatically inform for each other W Wh ha at t i is s S St ta at ti ic c R Ro ou ut te e When you have several subnets in your LAN sometimes a more effective and quicker way for connection is the Static routes fu...

Page 30: ...the general settings for LAN Click LAN to open the LAN settings page and choose General Setup 1st IPAddress Type in private IP address for connecting to a local private network Default 192 168 1 1 1st Subnet Mask Type in an address code that determines the size of the network Default 255 255 255 0 24 For IP Routing Usage Click Enable to invoke this function The default setting is Disable 2nd IPAdd...

Page 31: ...ted or edited IP address from above pool Set a list of MAC Address for 2nd DHCP server will help router to assign the correct IP address of the correct subnet to the correct host So those hosts in 2nd subnet won t get an IP address belonging to 1st subnet RIP Protocol Control Disable deactivates the RIP protocol It will lead to a stoppage of the exchange of routing information between routers Defa...

Page 32: ...DHCP server DNS Server Configuration DNS stands for Domain Name System Every Internet host must have a unique IP address also they may have a human friendly easy to remember name such as www yahoo com The DNS server converts the user friendly name into its equivalent IP address Primary IPAddress You must specify a DNS server IP address here because your ISP should provide you with usually more tha...

Page 33: ...lds for MSN numbers Note that MSN services must be acquired from your local telecommunication operators By default MSN function is disabled If you leave the fields blank all incoming calls will be accepted without number matching Blocked MSN Numbers for the router Enter the specified MSN number into the fields to prevent the router from dialing the specific MSN number For example DrayTek provides ...

Page 34: ...home Any authorized staff can bring a built in WLAN client PDA or notebook into a meeting room for conference without laying a clot of LAN cable or drilling holes everywhere Wireless LAN enables high mobility so WLAN users can simultaneously access all LAN facilities just like on a wired LAN as well as Internet access The Vigor wireless routers are equipped with a wireless LAN interface compliant ...

Page 35: ...otected Access the most dominating security mechanism in industry is separated into two categories WPA personal or called WPA Pre Share Key WPA PSK and WPA Enterprise or called WPA 802 1x In WPA Personal a pre defined key is used for encryption during data transmission WPA applies Temporal Key Integrity Protocol TKIP for data encryption while WPA2 applies AES The WPA Enterprise combines not only e...

Page 36: ...ample for business use you may set up a wireless LAN for visitors only so they can connect to Internet without hassle of the confidential information leakage For a more flexible deployment you may add a filter of MAC address to isolate single user s access from wired LAN Manage Wireless Stations Station List will display all the station in your wireless network and the status of their connection C...

Page 37: ...Mixed 11b 11g The radio can support both IEEE802 11b and IEEE802 11g protocols simultaneously 11g only The radio only supports IEEE802 11g 11b only The radio only supports IEEE802 11b Scheduler 1 15 Set the wireless LAN to work at certain time interval only You may choose up to 4 schedules out of the 15 schedules pre defined in Call Schedule Setup in Advanced Setup group setup The default setting ...

Page 38: ...s to join your wireless LAN Depending on the wireless utility the user may only see the information except SSID or just cannot see any thing about Vigor wireless router while site surveying Long Preamble This option is to define the length of the sync field in a 802 11 packet Most modern wireless network uses short preamble with 56 bit sync filed instead of long preamble with 128 bit sync field Ho...

Page 39: ...d for you to choose Disable Turn off the encryption mechanism WEP Only Accepts only WEP clients and the encryption key should be entered in WEP Key WEP 802 1x Only Accept WEP clients with 802 1x authentication Since the key will be auto negotiated during authentication the field of key setting below will be not available for input WEP or WPA PSK Accepts WEP and WPA clients with legal key according...

Page 40: ...r WPA 802 1x or WPA 802 1x Only as the security mode you have to set up RADIUS Server for using with those modes Click the Radius Server link to open the following page Check Enable Type the IP address for the Radius server Specify the destination port The default setting is 1812 Then type the shared secret and confirm the key again When you finish the settings please click OK to leave the page an...

Page 41: ...of client Only the valid MAC address that has been configured can access the wireless LAN interface By clicking the Access Control a new web page will appear as depicted below so that you could edit the clients MAC addresses to control their access rights Enable Access Control Select to enable the MAC Address access control feature Policy Select to enable any one of the following policy Choose Act...

Page 42: ...es the construction of VPN tunnels PPTP L2TP L2TP over IPSec over Wireless LAN For instance you can adopt WEP plus VPN over WLAN to provide double protection mechanisms for data frames Clear All Clean all entries in the MAC address list OK Click it to save the access control list 2 2 5 5 5 5 S St ta at ti io on n L Li is st t Station List provides the knowledge of connecting wireless clients now a...

Page 43: ...1 to communicate with the local hosts Meanwhile Vigor router will communicate with other network devices through a public IP address When the data flow passing through the Network Address Translation NAT function of the router will dedicate to translate public private addresses and the packets will be delivered to the correct host PC in the local area network Thus all the host PCs can share a comm...

Page 44: ...troduce the Internet Access Modes 2 2 6 6 2 2 P PP PP Po oE E As a CPE device Vigor router encapsulates the PPP session based for transport across the ADSL loop and your ISP s Digital Subscriber Line Access Multiplexer DSLAM To choose PPPoE as the accessing protocol of the internet please select PPPoE from the Internet Access menu The following web page will be shown ...

Page 45: ...p feature and its associated setup options are not available to them Please refer to the previous part for further information None Disable the backup function Packet Trigger The backup line is not on until a packet from a local host triggers the router to establish a connection PPP Authentication Select PAP only or PAP or CHAP for PPP Always On Check this box if you want the router keeping connec...

Page 46: ...2900 Series User s Guide 40 By checking the checkbox Join NAT IP Pool data from NAT hosts will be round robin forwarded on a session basis If you do not check Join NAT IP Pool you can still use these public ...

Page 47: ... them 2 2 6 6 3 3 S St ta at ti ic c o or r D Dy yn na am mi ic c I IP P For static IP mode you usually receive a fixed public IP address or a public subnet namely multiple public IP addresses from your DSL or Cable ISP service providers In most cases a Cable service provider will offer a fixed public IP while a DSL service provider will offer a public subnet If you have a public subnet you could ...

Page 48: ...ilable to them Please refer to the previous part for further information None Disable the backup function Packet Trigger The backup line is not on until a packet from a local host triggers the router to establish a connection Always On If the broadband connection is no longer available the backup line will be activated automatically and always on until the broadband connection is restored We recom...

Page 49: ...User Name Type the user name obtained from ISP Password Type the password obtained from ISP WAN IP Network Settings This group allows you to obtain an IP address automatically and allows you type in IP address manually Obtain an IP address automatically Click this button to obtain the IP address automatically if you want to use Dynamic IP mode Router Name Type in the router name provided by ISP Do...

Page 50: ...DNS Server IP Address Type in the primary IP address for the router if you want to use Static IP mode If necessary type in secondary IP address for necessity in the future After finishing all the settings here please click OK to activate them 2 2 6 6 4 4 P PP PT TP P To choose PPTP as the accessing protocol of the internet please select Internet Access Setup on the Quick Setup page Next choose the...

Page 51: ...ial backup feature you must create a dial backup profile first Please click Internet Access Setup Dialing to a Single ISP to enter the backup profile Due to the absence of the ISDN interface in some models e g Vigor2900V and Vigor2900VG the ISDN dial backup feature and its associated setup options are not available to them Please refer to the previous part for further information None Disable the ...

Page 52: ...s Type a fixed IP address LAN2 WAN IP Network Settings Obtain an IP address automatically Click this button to obtain the IP address automatically Specify an IP address Click this radio button to specify some data IP Address Type the IP address Subnet Mask Type the subnet mask WAN physical type Check and choose a proper type used for duplex between this device and other router that you want to com...

Page 53: ...ut for breaking down the Internet after passing through the time without any action IP Address Assignment Method IPCP Fixed IP Usually ISP dynamically assigns IP address to you each time you connect to it and request In some case your ISP provides service to always assign you the same IP address whenever you request In this case you can fill in this IP address in the Fixed IP field Please contact ...

Page 54: ...o control the Internet access according to the preconfigured schedules Link Type There are four link types Link Disable Dialup 64 Kbps Dialup 128 Kbps and Dialup BOD Link Disable Disable the ISDN dial out function Dialup 64Kbps Use one ISDN B channel for Internet access Dialup 128Kbps Use both ISDN B channels for Internet access Dialup BOD BOD stands for bandwidth on demand The router will use onl...

Page 55: ...ost configuration parameters are the same as those of the previous part This screen provides a checkbox to enable the Dual ISPs function and adds the secondary ISP Setup section field Check the corresponding box and enter the second ISP information About the details please refer to the descriptions of the previous part 2 2 7 7 V Vi ir rt tu ua al l T TA A R Re em mo ot te e C CA AP PI I S Se et tu...

Page 56: ... computer After the computer restarts you will see a VT icon in the taskbar usually in the bottom right of the screen near the clock as shown below When the icon text is GREEN the Virtual TA client is connected to the Virtual TA server and you can launch your CAPI based software to use the client to access the router Please read your software user guide for detailed configuration If the icon text ...

Page 57: ...ubscribed line Note that the service must be acquired from your telecom Specify the MSN numbers for a specific client If you have no MSN services leave this field blank Active Check it to enable the client to access the server U Us se er r P Pr ro of fi il le e Note that creating a single user access account will limit the access to the Virtual TA server to only the specified account holders Assum...

Page 58: ...an MSN number service the Virtual TA server can assign which client has the specified MSN number When an incoming call arrives the server will inform the appropriate client Now we set an example to describe the configuration of the MSN number Suppose that you could assign the MSN number 123 to the client alan Type the specified MSN number in the CAPI based software When the Virtual TA server sends...

Page 59: ...access the router or internal virtual servers from the Internet It is particularly helpful if you host a web server FTP server or other server behind the router Before you use the Dynamic DNS feature you have to apply for free DDNS service to the DDNS service providers The router provides up to three accounts from three different DDNS service providers Basically Vigor routers are compatible with t...

Page 60: ...count Service Type Select a service type Dynamic Custom Static Domain Name Type in a domain name that you applied previously Login Name Type in the login name that you set for applying domain Password Type in the password that you set for applying domain Mail Extender Some DDNS Server might ask to provide additional information e g e mail address Type in necessary e mail address in this field in a...

Page 61: ...p Note Please set Dialing to a Single ISP first before configuring this web page Dial Retry It specifies the dial retry counts per triggered packet A triggered packet is the packet whose destination is outside the local network The default setting is no dial retry If set to 5 for each triggered packet the router will dial 5 times until it is connected to the ISP or remote access router Dial Delay ...

Page 62: ...ter Mark and Low Water Time These parameters specify the situation in which the second channel will be dropped In terms of the two B channels if their utilization is under the Low Water Mark and these two channels are being used over the High Water Time the additional channel will be dropped As a result the total link speed will be 64kbps one B channel Note If you are not sure whether your ISP can...

Page 63: ...le with index 1 are shown below Enable Schedule Setup Check to enable the schedule Start Date yyyy mm dd Specify the starting date of the schedule Start Time hh mm Specify the starting time of the schedule Duration Time hh mm Specify the duration or period for the schedule Action Specify which action Call Schedule should apply during the period of the schedule Force On Force the connection to be a...

Page 64: ...ally the router serves as an NAT Network Address Translation router NAT is a mechanism that one or more private IP addresses can be mapped into a single public one Public IP address is usually assigned by your ISP for which you may get charged Private IP addresses are recognized only among internal hosts When the outgoing packets destined to some public server on the Internet reach the NAT router ...

Page 65: ...lly set up for server related service inside the local network LAN such as web servers FTP servers E mail servers etc Most of the case you need a public IP address for each server and this public IP address domain name are recognized by all users Since the server is actually located inside the LAN the network well protected by NAT of the router and identified by its private IP address port the goa...

Page 66: ...ed Note that the router has its own built in services servers such as Telnet HTTP and FTP etc Since the common port numbers of these services servers are all the same you may need to reset the router in order to avoid confliction For example the built in web configurator in the router is with default port 80 which may conflict with the web server in the local network http 192 168 1 13 80 Therefore...

Page 67: ...single host in the LAN Regular web surfing and other such Internet activities from other clients will continue to work without inappropriate interruption DMZ Host allows a defined internal user to be totally exposed to the Internet which usually helps some special applications such as Netmeeting or Internet Games etc The inherent security properties of NAT are somewhat bypassed if you set up DMZ h...

Page 68: ...list to be the DMZ host When you have selected one private IP from the above dialog the IP address will be shown on the following screen Click OK to save the setting 3 3 4 4 3 3 O Op pe en n P Po or rt ts s S Se et tu up p Open Ports allows you to open a range of ports for the traffic of special applications Common application of Open Ports includes P2P application e g BT KaZaA Gnutella WinMX eMul...

Page 69: ...ivate IP address of the local host that you specify in WAN Alias If you did not specify any IP address in WAN Alias this item will not be shown Local IP Address Display the private IP address of the local host offering the service Status Display the state for the corresponding entry X or V is to represent the Inactive or Active state To add or edit port settings click one index number on the page ...

Page 70: ...ick this button and subsequently a window having a list of private IP addresses of local hosts will automatically pop up Select the appropriate IP address of the local host in the list Protocol Specify the transport layer protocol It could be TCP UDP or none for selection Start Port Specify the starting port number of the service offered by the local host End Port Specify the ending port number of...

Page 71: ...ons for your reference 3 3 4 4 5 5 M Mu ul lt ti i N NA AT T S Se et tu up p If you have a group of static public IP addresses obtained from your ISP you can use the Multi NAT feature to set up multiple DMZ hosts or multiple hosts with open ports on your Vigor router Click Internet Access Setup on the Quick Setup group of the main page Next click Static or Dynamic IP The following screen will appe...

Page 72: ...ic IP addresses The Join NAT IP Pool check box indicates that the local users can use this IP to connect to the Internet If you do not chick this check box this IP address will not be available to the local users After you configure the WAN IP Alias feature these addresses can be selected on DMZ Hosts or Open Ports pages ...

Page 73: ...uthenticating and authorizing dial up and tunneled network users The built in RADIUS client feature enables the router to assist the remote dial in user or a wireless station and the RADIUS server in performing mutual authentication It enables centralized remote access authentication for network management Enable Check to enable RADIUS client feature Server IP Address Enter the IP address of RADIU...

Page 74: ...e er rs s t to o P Pr ri iv va at te e a an nd d P Pu ub bl li ic c N Ne et tw wo or rk ks s Assuming the Internet access has been configured and the router works properly you use the 1st subnet address 192 168 1 0 24 to surf the Internet and also an internal private subnet 192 168 10 0 24 via an internal router 192 168 1 2 24 an internal public subnet 211 100 88 0 28 via an internal router 192 16...

Page 75: ...nfiguration page Please add a static route as shown below which regulates all packets destined to 192 168 10 0 will be forwarded to 192 168 1 2 Click OK 3 Return to Static Route Setup page Click on another Index Number to add another static route as show below which regulates all packets destined to 211 100 88 0 will be forwarded to 192 168 1 2 4 Click Diagnostics Tools on the System Management gr...

Page 76: ... De el le et te e S St ta at ti ic c R Ro ou ut te e 1 Click the Index Number that you want to delete from the Static Route Configuration page 2 Select Empty Clear from the drop down menu and then click the OK button to delete the route ...

Page 77: ... ct ti iv va at te e S St ta at ti ic c R Ro ou ut te e 1 Click the Index Number that you want to disable from the Static Route Configuration page 2 Select Inactive Disable from the drop down menu and then click the OK button to delete the route ...

Page 78: ...ss to the router configuration from your router F Fi ir re ew wa al ll l F Fa ac ci il li it ti ie es s The users on the LAN are provided with secured protection by the following firewall facilities z User configurable IP filter Call Filter Data Filter z Stateful Packet Inspection SPI tracks packets and denies unsolicited incoming data z Selectable Denial of Service DoS Distributed DoS DDoS attack...

Page 79: ...traversing all interfaces of the firewall and makes sure they are valid The stateful firewall of Vigor router not just examine the header information also monitor the state of the connection I In ns st ta an nt t M Me es ss se en ng ge er r I IM M a an nd d P Pe ee er r t to o P Pe ee er r P P2 2P P A Ap pp pl li ic ca at ti io on n B Bl lo oc ck ki in ng g As the popularity of all kinds of instan...

Page 80: ... 13 Fraggle attack 14 Ping of Death attack 15 TCP UDP port scan U UR RL L C Co on nt te en nt t F Fi il lt te er r To provide an appropriate cyberspace to users Vigor router equips with URL Content Filter not only to limit illegal traffic from to the inappropriate web sites but also prohibit other web feature where malicious code may conceal Once a user type in or click on an URL with objectionabl...

Page 81: ...ked against our server database powered by SurfControl The database covering over 70 languages and 200 countries over 1 billion Web pages divided into 40 easy to understand categories This database is updated as frequent as daily by a global team of Internet researchers The server will look up the URL and return a category to your router Your Vigor router will then decide whether to allow access t...

Page 82: ...Enter filter set comments description Maximum length is 23 character long Next Filter Set Set the link to the next filter set to be executed after the current filter run Do not make a loop with many filter sets To edit Filter Rule click the Filter Rule index button to enter the Filter Rule setup page Comments Enter filter set comments description Maximum length is 14 character long Check to enable...

Page 83: ...cified filter set Log Check this box to enable the log function Use the Telnet command log f to view the logs Keep State It is used for Data Filter only Keep State is in the same nature of modern term Stateful Packet Inspection If enabled this rule will be added to State table when it is matched by a packet When other packets in the same session as the matched packet is applied to Data Filer they ...

Page 84: ...lumn will be ignored The filter rule will filter out any port number If the End Port is empty the filter rule will set the port number to be the value of the Start Port Otherwise the port number ranges between the Start Port and the End Port including the Start Port and the End Port If the End Port is empty the port number is not equal to the value of the Start Port Otherwise this port number is n...

Page 85: ...r set and is shown as below 3 3 7 7 2 2 G Ge en ne er ra al l S Se et tu up p General Setup allows you to adjust settings of IP Filter and common options Here you can enable or disable the Call Filter or Data Filter Under some circumstance your filter set can be linked to work in a serial manner So here you assign the Start Filter Set only Also you can configure the Log Flag settings Apply IP filt...

Page 86: ... will be displayed on the Telnet terminal when you type the log f command Time Schedule Specify what time should perform the IP filtering facility Some on line games for example Half Life will use lots of fragmented UDP packets to transfer game data Instinctively as a secure firewall Vigor router will reject these fragmented packets to prevent attack unless you enable Accept Incoming Fragmented UD...

Page 87: ...AC address is always pass If only one disabled schedule typed in the box it means the related MAC address will be always blocked For hosts not listed in this table This setting allows you to set for all other hosts that not listed in the above table to be passed or be blocked in certain time Again please choose four schedules from Call Schedule Setup 3 3 7 7 4 4 D Do oS S D De ef fe en ns se e As ...

Page 88: ... The default setting for threshold and timeout are 150 packets per second and 10 seconds respectively Enable ICMP flood defense Check the box to activate the ICMP flood defense function Similar to the UDP flood defense function once if the Threshold of ICMP packets has exceeded the defined value the router will discard the ICMP echo requests coming from the Internet The default setting for thresho...

Page 89: ...ed Therefore the RIP packets from the Internet might be dropped Block TCP flag scan Check the box to activate the Block TCP flag scan function Any TCP packet with anomaly flag setting is dropped Those scanning activities include no flag scan FIN without ACK scan SYN FINscan Xmas scan and full Xmas scan Block Tear Drop Check the box to activate the Block Tear Drop function Many machines may crash w...

Page 90: ...acks is detected 3 3 7 7 5 5 U UR RL L C Co on nt te en nt t F Fi il lt te er r Based on the list of user defined keywords the URL Content Filter facility in Vigor router inspects the URL string in every outgoing HTTP request No matter the URL string is found full or partial matched with a keyword the Vigor router will block the associated HTTP connection For example if you add key words such as s...

Page 91: ...ox below Keyword The Vigor router provides 8 frames for users to define keywords and each frame supports multiple keywords The keyword could be a noun a partial noun or a complete URL string Multiple keywords within a frame are separated by space comma or semicolon In addition the maximal length of each frame is 32 character long After specifying keywords the Vigor router will decline the connecti...

Page 92: ...types of compressed files that can be blocked by the Vigor router zip rar arj ace cab sit Executable file Check the box to reject any downloading behavior of the executable file from the Internet exe com scr pif bas bat inf reg Cookie Check the box to filter out the cookie transmission from inside to outside world to protect the local user s privacy Proxy Check the box to reject any proxy transmis...

Page 93: ...b b C Co on nt te en nt t F Fi il lt te er r f fo or r V V m mo od de el ls s o on nl ly y Choose IP Filter Firewall Setup on the Advanced Setup group and click the Web Content Filter link For this section please refer to Web Content Filter user s guide ...

Page 94: ... predefined in Call Schedule Setup Choose IP Filter Firewall Setup on the Advanced Setup group and click the IM Blocking link 3 3 7 7 8 8 P P2 2P P B Bl lo oc ck ki in ng g P2P is the short name of peer to peer You will see a list of common P2P applications Check Enable P2P Blocking and select the one s to block To block selected P2P applications during specific periods enter the number of the sch...

Page 95: ...client to access into the application through the specified protocol Disallow Forbid the client to access into the application through the specified protocol Disallow upload Forbid the client to access into the application through the specified protocol for uploading Yet downloading is allowed ...

Page 96: ... point to point private link Choose VPN and Remote Access Setup on the Advanced Setup group you can see the following page 3 3 8 8 1 1 R Re em mo ot te e A Ac cc ce es ss s C Co on nt tr ro ol l S Se et tu up p Enable the necessary VPN service as you need If you intend to run a VPN server inside your LAN you should disable the VPN service of Vigor Router to allow VPN tunnel pass through as well as...

Page 97: ...t to perform encryption prior to using 128 bit for encryption In other words if 1280 bit MPPE encryption method is not available then 40 bit encryption scheme will be applied to encrypt the data Maximum MPPE This option indicates that the router will use the MPPE encryption scheme with maximum bits 128 bits to encrypt the data Mutual Authentication PAP The Mutual Authentication function is mainly ...

Page 98: ... L2TP over IPSec The Tunnel mode will not only add the AH ESP payload but also use a new IP header Tunneled IP header to encapsulate the whole original IP packet Authentication Header AH provides data authentication and integrity for IP packets passed between VPN peers This is achieved by a keyed one way hash function to the packet to create a message digest This digest will be put in the AH and t...

Page 99: ...ou can extend the user accounts to the RADIUS server through the built in RADIUS client function The following figure shows the summary table Click to clear all indexes Index Click the number below Index to access into the setting page of Remote Dial in User User Display the username for the specific dial in user of the LAN to LAN profile The symbol represents that the profile is empty Status Disp...

Page 100: ...connection through the Internet You can select to use L2TP alone or with IPSec Select from below None Do not apply the IPSec policy Accordingly the VPN connection employed the L2TP without IPSec policy can be viewed as one pure L2TP connection Nice to Have Apply the IPSec policy first if it is applicable during negotiation Otherwise the dial in VPN connection becomes one pure L2TP connection Must ...

Page 101: ... user for i model only The router owner will be charged the connection fee by the telecom Check to enable Callback function Enables the callback function Specify the callback number The option is for extra security Once enabled the router will ONLY call back to the specified Callback Number Check to enable callback budget control By default the callback function has a time restriction Once the cal...

Page 102: ...ymbol V and X represent the profile to be active and inactive respectively Click each index to edit each profile and you will get the following page Each LAN to LAN profile includes 4 subgroups If the fields gray out it means you may leave it untouched The following explanations will guide you to fill all the necessary fields For the web page is too long we divide the page into several sections fo...

Page 103: ...llow a serial of packet exchange procedure to inform each other However if the remote peer disconnect without notice Vigor router will by no where to know this situation To resolve this dilemma by continuously sending PING packets to the remote host the Vigor router can know the true existence of this VPN connection and react accordingly This is independent of DPD dead peer detection ISDN Build IS...

Page 104: ... payload data will be encrypted and authenticated Select from below DES without Authentication Use DES encryption algorithm and not apply any authentication scheme DES with Authentication Use DES encryption algorithm and apply MD5 or SHA 1 authentication algorithm 3DES without Authentication Use triple DES encryption algorithm and not apply any authentication scheme 3DES with Authentication Use tr...

Page 105: ...ed The default value is 3600 seconds You may specify a value in between 600 and 86400 seconds Perfect Forward Secret PFS The IKE Phase 1 key will be reused to avoid the computation complexity in phase 2 The default value is inactive this function Local ID In Aggressive mode Local ID is on behalf of the IP address while identity authenticating with remote VPN server The length of the ID is limited ...

Page 106: ...ake a L2TP VPN connection through the Internet You can select to use L2TP alone or with IPSec Select from below None Do not apply the IPSec policy Accordingly the VPN connection employed the L2TP without IPSec policy can be viewed as one pure L2TP connection Nice to Have Apply the IPSec policy first if it is applicable during negotiation Otherwise the dial in VPN connection becomes one pure L2TP c...

Page 107: ...on algorithm from Data Encryption Standard DES Triple DES 3DES and AES Callback Function The callback function provides a callback service only for the ISDN dial in user this feature is useful for i model only The router owner will be charged the connection fee by the telecom Check to enable Callback function Enables the callback function Callback number The option is for extra security Once enabl...

Page 108: ...as public subnet by sending packets with the router s public IP address 3 3 9 9 U UP PN NP P S Se er rv vi ic ce e S Se et tu up p The UPnP Universal Plug and Play protocol is supported to bring to network connected devices the ease of installation and configuration which is already available for directly connected PC peripherals with the existing Windows Plug and Play system For NAT routers the m...

Page 109: ...gs on the router Subsequently such a facility forwards packets from the external ports of the router to the internal ports used by the application The reminder as regards concern about Firewall and UPnP Can t work with Firewall Software Enabling firewall applications on your PC may cause the UPnP function not working properly This is because these applications will block the accessing ability of s...

Page 110: ...source Identifier SIP Address The standard format of SIP URI is sip user password host port Some fields may be optional in different use In general host refers to a domain The userinfo includes the user field the password field and the sign following them This is very similar to a URL so some may call it SIP URL SIP supports peer to peer direct calling and also calling via a SIP proxy server a rol...

Page 111: ...ss The Vigor VoIP Routers will build connection between each other Please refer to the Example 3 in the Calling Scenario Our Vigor V models firstly apply efficient codecs designed to make the best use of available bandwidth but Vigor V models also equip with automatic QoS assurance QoS Assurance assists to assign high priority to voice traffic via Internet You will always have the required inbound...

Page 112: ... The speed dial number of this index This can be any number you choose using digits 0 9 and Display Name The Caller ID that you want to be displayed on your friend s screen This let your friend can easily know who s calling without memorizing lots of SIP URL Address SIP URL Enter your friend s SIP Address Example 1 If Tom gives you a SIP URL as sip 1112 fwd pulver com then you can input the number...

Page 113: ...ver this situation needs other party to change simultaneously to the same number By the time you can type port number after the domain name to specify that port as the destination of data transmission e g nat draytel org 5065 Domain You can enter domain name or IP address of SIP Registrar server For example iptel org or 195 37 77 101 is identical You have to apply an account of SIP Registrar serve...

Page 114: ...unt name usually the part of SIP URL before the character provided by your service provider or IP address for peer to peer connection Authentication ID You can enter the authentication ID provided by your service provider Enter the name or number used for SIP Authorization with SIP Registrar Password Enter the password when you use a SIP registrar server that needs password Expire Time The time du...

Page 115: ... five different CODECs you can choose as your prefer CODEC that you wish to use However the real CODEC be used was negotiate with peer party before session was established The default CODEC is G 729A B it occupied less bandwidth while still have good voice quality It is better for you to have at least 256Kbps upstream if you would like to use G 711 NOTE If your upstream speed only supports 64Kbps ...

Page 116: ...m then send to the other side the receiver will generate the tone according to the digital form it receive This function is very useful when the network traffic congestion occurs and it still can remain the accuracy of DTMF tone SIP INFO Choose this one then the Vigor will capture the DTMF tone and transfer it into SIP form Then it will be sent to the remote end with SIP message Payload Type Choos...

Page 117: ...ystem find out the preset tone settings and caller ID type automatically Or you can adjust tone settings manually if you choose User Defined TOn1 TOff1 TOn2 and TOff2 mean the cadence of the tone pattern TOn1 and TOn2 represent sound on TOff1 and TOff2 represent the sound off Region Select the proper region which you are located The common settings of Caller ID Type Dial tone Ringing tone Busy ton...

Page 118: ...ection status for the port of VoIP1 and VoIP2 Status It shows the VoIP connection status IDLE Indicates that the VoIP function is idle HANG_UP Indicates that the connection is not established busy tone CONNECTING Indicates that the user is calling out WAIT_ANS Indicates that a connection is launched and waiting for remote user s answer ALERTING Indicates that a call is coming ACTIVE Indicates that...

Page 119: ...ll times Volume Gain The volume of present call Log Display logs of VoIP calls 3 3 1 11 1 V VL LA AN N R Ra at te e C Co on nt tr ro ol l Virtual LAN function provides you a very convenient way to manage hosts by grouping them based on the physical port You can also manage the in out rate of each port Click VLAN Rate Control on the Advanced Setup group The following page will appear Click Enable t...

Page 120: ...r Rate Control The rate control will limit the transmission rate for data in and out Check the corresponding boxes to enable the rate control function for different ports Out It decides the rate of data transmission for output When you check the box of Enable please also decide the rate by using the drop down list of Rate In It decides the rate of data transmission for input When you check the box...

Page 121: ...in Primary configuration of QoS deployment z Classification Identifying low latency or crucial applications and marking them for high priority service level enforcement throughout the network z Scheduling Based on classification of service level to assign packets to queues and associated service types The basic QoS implementation in Vigor routers is to classify and schedule packets based on the se...

Page 122: ...rk with merely Vigor router s effort The following QoS policies will be defined in the form of ratio of upstream downstream speed We will also provide application QoS requirement as reference to help you accomplish this task The setting values will vary depending on the network condition Click on QoS Control on the Advanced Setup group The following screen will appear WAN Inbound Bandwidth Type th...

Page 123: ...ain and click Remove Advance custom setting of Reserved Bandwidth Ratio based on the source address destination address DiffServ CodePoint and service type Click this button to open advanced configuration for each index number You can insert move edit or delete select rule in this page For inserting a rule click Insert to open the following page SrcEdit allows you to edit source address informatio...

Page 124: ...sing with QoS control Service Type It determines the service type of the data for processing with QoS control It can also be edited Simply click Add Edd Delete button to access into the following page You can add a new service name for your necessity Also you can Edit Delete to change the one that you added before ...

Page 125: ...e and type in the range for the Port Number Enable UDP Bandwidth Control Check this and set the limited bandwidth ratio on the right field This is a protection of TCP application traffic since UDP application traffic such as streaming video will exhaust lots of bandwidth Limited_bandwidth Ratio The ratio typed here is used to limit the total bandwidth of UDP application ...

Page 126: ...Vigor2900 Series User s Guide 120 This page is left blank ...

Page 127: ...of the default gateway IP Address in WAN Displays the IP address of the WAN interface TX Packets in WAN Displays the total transmitted packets at the WAN interface RX Packets in WAN Displays the total number of received packets at the WAN interface TX Rate Displays the speed of transmitted packets at the WAN interface RX Rate Displays the speed of received packets at the WAN interface Up Time Disp...

Page 128: ...isplays the total system uptime of the VPN connection Drop Disconnects the VPN connection 4 4 3 3 C Co on nf fi ig gu ur ra at ti io on n B Ba ac ck ku up p R Re es st to or ra at ti io on n Sometimes you want to keep running configurations of your current router as a file or restore the configurations with the file The router provides a web based way to let you backup or restore the configuration...

Page 129: ...123 2 Click Backup button to get into the following dialog 3 Click Save button to open another dialog for saving configuration as a file In Save As dialog the default filename is config cfg You could give it another name by yourself ...

Page 130: ...e configuration will download automatically to your computer as a file named config cfg The above example is using Windows platform for demonstrating examples The Mac or Linux platform will appear different windows but the backup function is still available ...

Page 131: ...ation Backup Restoration on the System Management group The following window will be popped up 2 Click Browse button to choose the correct configuration file for uploading to the router 3 Click Restore button and wait for few seconds the following picture will tell you that the restoration procedure is successful ...

Page 132: ...o which all SysLog messages will be sent Destination Port Specify a UDP port number to which the SysLog server is listening The default value is 514 Enable Mail Alert Check the Enable box to activate the mail alert service SMTP Server IP Specify an IP address of the SMTP server which can send mails from your Vigor router to the recipients mailboxes directly Mail To Specify an e mail address of the...

Page 133: ...27 3 From the Syslog screen select the router you want to monitor Be reminded that in Network Information select the network adapter used to connect to the router Otherwise you won t succeed in retrieving information from the router ...

Page 134: ... messages Some examples of the SysLog messages with their individual formats are shown below An example of User Access log message An example of WAN log message to record the status of VPN IPSec tunnel An example of VPN IPSec log message to record the status of the VPN IPSec tunnel ...

Page 135: ...he browser time from the remote administrator PC host as router s system time Use Internet Time Select to inquire time information from Time Server on the Internet using assigned protocol Time Protocol Select a time protocol Server IP Address Type the IP address of the time sever Time Zone Select the time zone where the router is located Automatically Update Interval Select a time interval for upd...

Page 136: ...ed by default Access List You could specify that the system administrator can only login from a specific host or network defined in the list A maximum of three IPs subnet masks is allowed List IP Indicate an IP address allowed to login to the router Subnet Mask Represent a subnet mask allowed to login to the router Default Ports Check to use standard port numbers for the Telnet and HTTP servers Us...

Page 137: ...l ls s Diagnostic Tools provide a useful way to view or diagnose the status of your Vigor router Below shows the menu items for Diagnostics 4 4 7 7 1 1 I IS SD DN N P PP PP Po oE E P PP PT TP P D Di ia ag gn no os st ti ic cs s Click Diagnostics and click WAN Connection to open the web page For different model of the router this page might change slightly To obtain the latest information click her...

Page 138: ...Address The WAN IP address for the active connection Dial PPPoE or PPPoA Click it to force the router to establish a PPPoE or PPPoA connection Drop PPPoE or PPTP Click it to force the router to disconnect the current active PPPoE or PPTP connection 4 4 7 7 2 2 T Tr ri ig gg ge er re ed d D Di ia al l o ou ut t P Pa ac ck ke et t H He ea ad de er r Triggered Dial out Packet Header shows the last IP...

Page 139: ... routing rule you will see an interface identifier which is defined as follows IF0 Local LAN interface IF1 ISDN B1 channel IF2 ISDN B2 channel IF3 WAN interface 4 4 7 7 4 4 V Vi ie ew w A AR RP P C Ca ac ch he e T Ta ab bl le e Click View ARP Cache Table to view the content of the ARP Address Resolution Protocol cache held in the router The table shows a mapping between an Ethernet hardware addres...

Page 140: ... web page Click it to reload the page 4 4 7 7 6 6 V Vi ie ew w N NA AT T P Po or rt t R Re ed di ir re ec ct ti io on n R Ru un nn ni in ng g T Ta ab bl le e If you have configured Port Redirection under NAT Setup click it to verify that your settings are correct for redirecting specific port numbers to specified internal users 4 4 7 7 7 7 V Vi ie ew w N NA AT T A Ac ct ti iv ve e S Se es ss si io...

Page 141: ...rface number The definition is listed below 0 LAN interface 1 B1 interface 2 B2 interface 3 WAN interface 4 4 8 8 R Re eb bo oo ot t S Sy ys st te em m The Web Configurator may be used to restart your router Click Reboot System from System Management to open the following page If you want to reboot the router using the current configuration check Using current configuration and click OK To reset t...

Page 142: ...are by using an example Note that this example is running over Windows OS Operating System Download the newest firmware from DrayTek s web site or FTP site The DrayTek web site is www draytek com or local DrayTek s web site and FTP site is ftp draytek com Click Firmware Upgrade from System Management to launch the Firmware Upgrade Utility Click OK The following screen will appear Please execute th...

Page 143: ...to network securely such as the remote branch office and headquarter According to the network structure as shown in the below illustration you may follow the steps to create a LAN to LAN profile These two networks LANs should NOT have the same network address Settings in Router A in headquarter 1 Choose VPN and Remote Access Setup on the Advanced Setup group 2 Select Remote Access Control Setup Th...

Page 144: ...vice such as IPSec or L2TP with IPSec Policy you have to set general settings in IPSec General Setup such as the pre shared key that both parties have known Return to VPN and Remote Access Setup page and choose VPN IKE IPSec General Setup 5 Return to VPN and Remote Access Setup page and choose LAN to LAN Profile Setup Click on one index number to edit a profile ...

Page 145: ...ly with the selected Dial Out method If an IPSec based service is selected you should further specify the remote peer IP Address IKE Authentication Method and IPSec Security Method for this Dial Out connection If a PPP based service is selected you should further specify the remote peer IP Address Username Password PPP Authentication and VJ Compression for this Dial Out connection ...

Page 146: ... Security Method for this Dial In connection Otherwise it will apply the settings defined in IPSec General Setup above If a PPP based service is selected you should further specify the remote peer IP Address Username Password and VJ Compression for this Dial In connection 9 At last set the remote network IP subnet in TCP IP Network Settings so that Router A can direct the packets destined to the r...

Page 147: ... Enable the necessary VPN service and click OK 3 Then return to VPN and Remote Access Setup page and choose PPP General Setup 4 For using PPP based services such as PPTP L2TP you have to set general settings in PPP General Setup For using IPSec based service such as IPSec or L2TP with IPSec Policy you have to set general settings in IPSec General Setup such as the pre shared key that both parties ...

Page 148: ...ow You should enable both of VPN connections because any one of the parties may start the VPN connection 7 Set Dial Out Settings as shown below to dial to connect to Router B aggressively with the selected Dial Out method If an IPSec based service is selected you should further specify the remote peer IP Address IKE Authentication Method and IPSec Security Method for this Dial Out connection ...

Page 149: ...ompression for this Dial Out connection 8 Set Dial In settings as shown below to allow Router A dial in to build VPN connection If an IPSec based service is selected you may further specify the remote peer IP Address IKE Authentication Method and IPSec Security Method for this Dial In connection Otherwise it will apply the settings defined in IPSec General Setup above ...

Page 150: ...urther specify the remote peer IP Address Username Password and VJ Compression for this Dial In connection 9 At last set the remote network IP subnet in TCP IP Network Settings so that Router B can direct the packets destined to the remote network to Router A via the VPN connection ...

Page 151: ...o the network structure as shown in the below illustration you may follow the steps to create a Remote User Profile and install Smart VPN Client on the remote host Settings in VPN Router in the enterprise office 1 Choose VPN and Remote Access Setup on the Advanced Setup group 2 Select Remote Access Control Setup The following page will appear Enable the necessary VPN service and click OK 3 Then re...

Page 152: ...ties have known 5 Return to VPN and Remote Access Setup page and choose Remote User Profile Setup Teleworker Click on one index number to edit a profile 6 Set Dial In settings as shown below to allow the remote user dial in to build VPN connection If an IPSec based service is selected you may further specify the remote peer IP Address IKE Authentication Method and IPSec Security Method for this Di...

Page 153: ... the remote host 1 For Win98 ME you may use Dial up Networking to create the PPTP tunnel to Vigor router For Win2000 XP please use Network and Dial up connections or Smart VPN Client complimentary software to help you create PPTP L2TP and L2TP over IPSec tunnel You can find it in CD ROM in the package or go to www draytek com download center Install as instructed 2 After successful installation fo...

Page 154: ... Insert button to add a new entry If an IPSec based service is selected as shown below You may further specify the method you use to get IP the security method and authentication method If the Pre Shared Key is selected it should be consistent with the one set in VPN router ...

Page 155: ...ld be consistent with the one set up in the VPN router To use default gateway on remote network means that all the packets of remote host will be directed to VPN server then forwarded to Internet This will make the remote host seem to be working in the enterprise network 4 Click Connect button to build connection When the connection is successful you will find a green light on the right down corne...

Page 156: ... the left corner is checked And select BOTH in Direction 2 Enter the Class Name of Index 1 In this index she will set reserve bandwidth for Email using protocol POP3 and SMTP Click Basic button on the right 3 Select POP3 and SMTP on the left column and add to right column Click OK to exit 4 Enter the Class Name of Index 2 In this index she will set reserve bandwidth for HTTPS And click Basic butto...

Page 157: ... open a new window First check the ACT box Then click SrcEdit to set a worker s subnet address Click DestEdit to set headquarter s subnet address Leave other fields and click OK 5 5 4 4 L LA AN N C Cr re ea at te ed d b by y U Us si in ng g N NA AT T An example of default setting and the corresponding deployment are shown below The default Vigor router private IP address Subnet Mask is 192 168 1 1...

Page 158: ...152 You can just set the settings wrapped inside the red rectangles to fit the request of NAT usage To use another DHCP server in the network rather than the built in one of Vigor Router you have to change the settings as show below ...

Page 159: ...Vigor2900 Series User s Guide 153 You can just set the settings wrapped inside the red rectangles to fit the request of NAT usage ...

Page 160: ... 5060 default Domain Realm draytel org Proxy draytel org Display Name John Account Number Name 1234 Authentication ID blank Password Expiry Time use default value CODEC RTP DTMF Use default value John calls David He picks up the phone and dials 1111 DialPlan Phone Number for David Settings for David DialPlan index 1 Phone Number 2222 Display Name John SIP URL 1234 draytel org SIP Accounts Settings...

Page 161: ...use default value CODEC RTP DTMF Use default value John calls David He picks up the phone and dials 1111 DialPlan Phone Number for David Or He picks up the phone and dials 4321 David s Account Name Settings for David DialPlan index 1 Phone Number 2222 Display Name John SIP URL 1234 draytel org SIP Accounts Settings Profile Name John Register via Auto SIP Port 5060 default Domain Realm draytel org ...

Page 162: ...ster via None SIP Port 5060 default Domain Realm blank Proxy blank Display Name Arnor Account Name 1234 Authentication ID blank Password blank Expiry Time use default value CODEC RTP DTMF Use default value Arnor calls Paulin He picks up the phone and dials 1111 DialPlan Phone Number for Arnor Settings for Paulin DialPlan index 1 Phone Number 2222 Display Name Arnor SIP URL 1234 214 61 172 53 SIP A...

Page 163: ...y click Install Now under Syslog description to install the corresponding program 4 The file RTSxxx exe will be asked to copy onto your computer Remember the place of storing the execution file 5 Go to www draytek com to find out the newly update firmware for your router 6 Access into Support Center Downloads Find out the model name of the router and click the firmware link The Tools of Vigor rout...

Page 164: ...n Programs and choose Router Tools XXX Firmware Upgrade Utility 12 Type in your router IP usually 192 168 1 1 13 Click the button to the right side of Firmware file typing box Locate the files that you download from the company web sites You will find out two files with different extension names xxxx all keep the old custom settings and xxxx rst reset all the custom settings to default settings Ch...

Page 165: ...Vigor2900 Series User s Guide 159 14 Click Send 15 Now the firmware update is finished ...

Page 166: ...Vigor2900 Series User s Guide 160 This page is left blank ...

Page 167: ...I If f t th he e H Ha ar rd dw wa ar re e S St ta at tu us s I Is s O OK K o or r N No ot t Follow the steps below to verify the hardware status 1 Check the power line and WLAN LAN cable connections Refer to 2 1 Hardware Installation for details 2 Turn on the router Make sure the ACT LED blink once per second and the correspondent LAN LED is bright 3 If not it means that there is something wrong w...

Page 168: ...o the examples for other operation systems please refer to the similar steps or find support notes in www draytek com 1 Go to Control Panel and then double click on Network Connections 2 Right click on Local Area Connection and click on Properties 3 Select Internet Protocol TCP IP and then click Properties ...

Page 169: ...matically and Obtain DNS server address automatically F Fo or r M Ma ac cO Os s 1 Double click on the current used MacOs on the desktop 2 Open the Application folder and get into Network 3 On the Network screen select Using DHCP from the drop down list of Configure IPv4 ...

Page 170: ...e router correctly F Fo or r W Wi in nd do ow ws s 1 Open the Command Prompt window from Start menu Run 2 Type command for Windows 95 98 ME or cmd for Windows NT 2000 XP The DOS command dialog will appear 3 Type ping 192 168 1 1 and press Enter It the link is OK the line of Reply from 192 168 1 1 bytes 32 time 1ms TTL 25 will appear 4 If the line does not appear please check the IP address setting...

Page 171: ...Vigor2900 Series User s Guide 165 ...

Page 172: ...n ng g I If f N Ne ec ce es ss sa ar ry y Sometimes a wrong connection can be improved by returning to the default settings Try to reset the router by software or hardware Warning After pressing factory default setting you will loose all settings you did before Make sure you have recorded all useful settings before you pressing The password of factory default is null S So of ft tw wa ar re e R Re ...

Page 173: ... Then the router will restart with the default configuration After restore the factory default setting you can configure the settings for the router again to fit your personal request 6 6 6 6 C Co on nt ta ac ct ti in ng g Y Yo ou ur r D De ea al le er r If the router still cannot work correctly after trying many efforts please contact your dealer for further help right away For any questions plea...

Reviews:

No comments

Related manuals for Vigor2900 Series Security Router

Panasonic KX-UDS124 Important Information Manual preview
KX-UDS124
Brand: Panasonic Pages: 44
H3C s5800 series Quick Start Manual preview
s5800 series
Brand: H3C Pages: 33
H3C S5500-SI Series Operation Manual preview
S5500-SI Series
Brand: H3C Pages: 1217
3Com MSR 50 Series Configuration Manual preview
MSR 50 Series
Brand: 3Com Pages: 2443
H3C SR6600 Series Installation Manual preview
SR6600 Series
Brand: H3C Pages: 3
H3C SR6616 Installation, Quick Start preview
SR6616
Brand: H3C Pages: 4
US Robotics USR8700 User Manual preview
USR8700
Brand: US Robotics Pages: 156
Abocom HomePlug AV Ethernet Bridge PLE0200 Quick Install preview
HomePlug AV Ethernet Bridge PLE0200
Brand: Abocom Pages: 2
TP-Link ER8411 Installation Manual preview
ER8411
Brand: TP-Link Pages: 2
AIC SB401-MN User Manual preview
SB401-MN
Brand: AIC Pages: 88
PaloAlto Networks ION 1000 Hardware Reference Manual preview
ION 1000
Brand: PaloAlto Networks Pages: 28
Zhone ETHX-2214-DS3 Installation Instructions Manual preview
ETHX-2214-DS3
Brand: Zhone Pages: 28
Stahl HFisolator 9730/26-11 Operating Instructions preview
HFisolator 9730/26-11
Brand: Stahl Pages: 2
Teldat G1N Installation Manual preview
G1N
Brand: Teldat Pages: 23
Ubiquiti EdgeRouter X Quick Start Manual preview
EdgeRouter X
Brand: Ubiquiti Pages: 20
Toto Link ND300V2 Manual preview
ND300V2
Brand: Toto Link Pages: 57
H3C WT2024-U-PWR Compliance And Safety Manual preview
WT2024-U-PWR
Brand: H3C Pages: 51
NETGEAR DG834GUV5 User Manual preview
DG834GUV5
Brand: NETGEAR Pages: 120

Brands by name

Popular brands

Load more brands