manualshive.com logo in svg

Draytek Vigor2910 Series, User Manual

Looking for a user manual for the Draytek Vigor2910 Series? Look no further! At manualshive.com, you can download the comprehensive manual for free. Get all the information you need to optimize your experience with this remarkable product in just a few clicks.

Share
Download
background image

 

Vigor2910 Series User’s Guide

 

220

 

 

If a 

PPP-based service

 is selected, you should further specify the remote peer IP 

Address, Username, Password, and VJ Compression for this Dial-In connection.   
 

 

7.

 

At last, set the remote network IP/subnet in 

TCP/IP Network Settings

 so that Router 

A can direct the packets destined to the remote network to Router B via the VPN 
connection. 
 

 

Settings in Router B in the remote office: 

Summary of Contents for Vigor2910 Series

Page 1: ......

Page 2: ...Vigor2910 Series User s Guide ii ...

Page 3: ... stored in a retrieval system or translated into any language without written permission from the copyright holders The scope of delivery and other details are subject to change without prior notice Microsoft is a registered trademark of Microsoft Corp Windows Windows 95 98 Me NT 2000 XP Vista and Explorer are trademarks of Microsoft Corp Apple and Mac OS are registered trademarks of Apple Inc Oth...

Page 4: ...he router please follow local regulations on conservation of the environment Warranty We warrant to the original end user purchaser that the router will be free from any defects in workmanship or materials for a period of two 2 years from the date of purchase from the dealer Please keep your purchase receipt in a safe place as it serves as proof of date of purchase During the warranty period and u...

Page 5: ...idential installation This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instructions may cause harmful interference to radio communications However there is no guarantee that interference will not occur in a particular installation If this equipment does cause harmful interference to radio or television reception which can be ...

Page 6: ...Vigor2910 Series User s Guide vi ...

Page 7: ...ings 15 2 1 Changing Password 15 2 2 Quick Start Wizard 17 2 2 1 PPPoE 18 2 2 2 PPTP 20 2 2 3 Static IP 21 2 2 4 L2TP 22 2 2 5 DHCP 23 2 3 Online Status 24 2 4 Saving Configuration 26 3 AdvancedWebConfiguration 27 3 1 WAN 27 3 1 1 Basics of Internet Protocol IP Network 27 3 1 2 Network Connection by 3G USB Modem 28 3 1 3 General Setup 28 3 1 4 Internet Access 31 3 1 5 Load Balance Policy 40 3 2 LA...

Page 8: ...ions Limit 87 3 7 2 Bandwidth Limit 88 3 7 3 Quality of Service 89 3 8 Applications 96 3 8 1 Dynamic DNS 96 3 8 2 Schedule 98 3 8 3 RADIUS 100 3 8 4 UPnP 101 3 8 5 IGMP 103 3 8 6 Wake On LAN 103 3 9 VPN and Remote Access 105 3 9 1 VPN Client Wizard 105 3 9 2 VPN Server Wizard 111 3 9 3 Remote Access Control 115 3 9 4 PPP General Setup 116 3 9 5 IPSec General Setup 117 3 9 6 IPSec Peer Identity 118...

Page 9: ...al Settings 192 3 15 2 FTP User Management 193 3 15 3 USB Disk Status 194 3 16 System Maintenance 195 3 16 1 System Status 196 3 16 2 TR 069 Setting 197 3 16 3 Administrator Password 198 3 16 4 Configuration Backup 199 3 16 5 Syslog Mail Alert 201 3 16 6 Time and Date 203 3 16 7 Management 204 3 16 8 Reboot System 205 3 16 9 Firmware Upgrade 206 3 17 Diagnostics 207 3 17 1 Dial out Trigger 207 3 1...

Page 10: ...CA server on Windows CA Server 239 4 8 Request a CA Certificate and Set as Trusted on Windows CA Server 243 4 9 VPN Backup Application 245 4 10 ERD Mechanism for VPN Backup 249 5 Trouble Shooting 251 5 1 Checking If the Hardware Status Is OK or Not 251 5 2 Checking If the Network Connection Settings on Your Computer Is OK or Not 251 5 3 Pinging the Router from Your Computer 254 5 4 Checking If the...

Page 11: ...ral main buttons appeared on the web pages are defined as the following Save and apply current settings Cancel current settings and recover to the previous saved settings Discard current settings and allow users to input settings again Add new settings for specified item Edit the settings for the selected item Delete the selected item with the corresponding settings Note For the other buttons show...

Page 12: ...hrough its corresponding port Green A normal 100Mbps connection is through its corresponding port LAN P1 P2 P3 P4 Blinking Ethernet packets are transmitting C Co on nn ne ec ct to or r E Ex xp pl la an na at ti io on n Interface Description USB Connecter for a USB printer or 3G USB modem PWR Connecter for a power adapter with 12 15VDC ON OFF Power Switch LAN P4 P1 Connecters for local networked de...

Page 13: ...tting Orange A normal 10Mbps connection is through its corresponding port Green A normal 100Mbps connection is through its corresponding port LAN P1 P2 P3 P4 Blinking Ethernet packets are transmitting C Co on nn ne ec ct to or r E Ex xp pl la an na at ti io on n Interface Description USB Connecter for a USB printer or 3G USB modem PWR Connecter for a power adapter with 12 15VDC ON OFF Power Switch...

Page 14: ...rough its corresponding port Green A normal 100Mbps connection is through its corresponding port LAN P1 P2 P3 P4 Blinking Ethernet packets are transmitting C Co on nn ne ec ct to or r E Ex xp pl la an na at ti io on n Interface Description USB Connecter for a USB printer or 3G USB modem PWR Connecter for a power adapter with 12 15VDC ON OFF Power Switch LAN P4 P1 Connecters for local networked dev...

Page 15: ... connection is through its corresponding port LAN P1 P2 P3 P4 Blinking Ethernet packets are transmitting C Co on nn ne ec ct to or r E Ex xp pl la an na at ti io on n Interface Description USB Connecter for a USB printer or 3G USB modem PWR Connecter for a power adapter with 12 15VDC ON OFF Power Switch FXS2 FXS1 Connecters for telephone set and analog phone with VoIP communication LAN P4 P1 Conne...

Page 16: ... corresponding port Green A normal 100Mbps connection is through its corresponding port LAN P1 P2 P3 P4 Blinking Ethernet packets are transmitting C Co on nn ne ec ct to or r E Ex xp pl la an na at ti io on n Interface Description USB Connecter for a USB printer or 3G USB modem PWR Connecter for a power adapter with 12 15VDC ON OFF Power Switch FXS2 FXS1 Connecters for telephone set and the analog...

Page 17: ... corresponding port Green A normal 100Mbps connection is through its corresponding port LAN P1 P2 P3 P4 Blinking Ethernet packets are transmitting C Co on nn ne ec ct to or r E Ex xp pl la an na at ti io on n Interface Description USB Connecter for a USB printer or 3G USB modem PWR Connecter for a power adapter with 12 15VDC ON OFF Power Switch FXS2 FXS1 Connecters for telephone set and analog pho...

Page 18: ...er of the model without VoIP ports skip this step 5 Connect the ISDN NT1 1 box with ISDN cable This connection is available for Europe only 6 Connect the printer 3 5G modem e g Huawei E220 HSDPA USB Modem to the router with the USB cable and connect the power cord if requried If you do not have a printer 3 5G modem for using skip this step For detailed configuration of printer refer to section 1 4...

Page 19: ...onnected this router can print documents via the router The example provided here is made based on Windows XP 2000 For Windows 98 SE please visit www draytek com Before using it please follow the steps below to configure settings for connected computers or wireless clients 1 Connect the printer with the router through USB parallel port 2 Open Start Settings Printer and Faxes ...

Page 20: ... a New Computer A welcome dialog will appear Please click Next 4 Click Local printer attached to this computer and click Next 5 In this dialog choose Create a new port Type of port and use the drop down list to select Standard TCP IP Port Click Next ...

Page 21: ... following dialog type 192 168 1 1 router s LAN IP in the field of Printer Name or IP Address and type IP_192 168 1 1 as the port name Then click Next 7 Click Standard and choose Generic Network Card 8 Then in the following dialog click Finish ...

Page 22: ...n click Next 10 For the final stage you need to go back to Control Panel Printers and edit the property of the new printer you have added 11 Select LPR on Protocol type p1 number 1 as Queue Name Then click OK Next please refer to the red rectangle for choosing the correct protocol and UPR name The printer can be used for printing now Most of the printers with different manufacturers are compatible...

Page 23: ... know whether your printer is supported or not please visit www draytek com to find out the printer list Open Support FAQ find out the link of Printer Server and click it then click the What types of printers are compatible with Vigor router link Note 2 Vigor router supports printing request from computers via LAN ports but not WAN port ...

Page 24: ...Vigor2910 Series User s Guide 14 This page is left blank ...

Page 25: ...sw wo or rd d To change the password for this device you have to access into the web browse with default password first 1 Make sure your computer connects to the router correctly Notice You may either simply set up your computer to get IP dynamically from the router or set up the IP address of the computer to be the same subnet as the default IP address of Vigor router 192 168 1 1 For the detailed...

Page 26: ...4 Go to System Maintenance page and choose Administrator Password 5 Enter the login password the default is blank on the field of Old Password Type a new one in the field of New Password and retype it on the field of Retype New Password Then click OK to continue 6 Now the password has been changed Next time use the new password to access the Web Configurator for this router ...

Page 27: ...he configuration provide here can help you to deploy and use the router quickly The first screen of Quick Start Wizard is entering login password After typing the password please click Next On the next page as shown below please select the WAN interface that you use Choose Auto negotiation as the physical type for your router Then click Next for next step ...

Page 28: ...ss 2 2 2 2 1 1 P PP PP Po oE E PPPoE stands for Point to Point Protocol over Ethernet It relies on two widely accepted standards PPP and Ethernet It connects users through an Ethernet to the Internet with a common broadband medium such as a single DSL line wireless device or cable modem All the users over the Ethernet can share a common connection PPPoE is used for most of DSL modem users All loca...

Page 29: ...d by the ISP Password Assign a valid password provided by the ISP Confirm Password Retype the password for confirmation Click Next for viewing summary of such connection Click Finish A page of Quick Start Wizard Setup OK will appear Then the system status of this protocol will be shown ...

Page 30: ...lick PPTP as the protocol Type in all the information that your ISP provides for this protocol Click Next for viewing summary of such connection Click Finish A page of Quick Start Wizard Setup OK will appear Then the system status of this protocol will be shown ...

Page 31: ... IP as the protocol Type in all the information that your ISP provides for this protocol After finishing the settings in this page click Next to see the following page Click Finish A page of Quick Start Wizard Setup OK will appear Then the system status of this protocol will be shown ...

Page 32: ...e protocol Type in all the information that your ISP provides for this protocol After finishing the settings in this page click Next to see the following page Click Finish A page of Quick Start Wizard Setup OK will appear Then the system status of this protocol will be shown ...

Page 33: ...e protocol Type in all the information that your ISP provides for this protocol After finishing the settings in this page click Next to see the following page Click Finish A page of Quick Start Wizard Setup OK will appear Then the system status of this protocol will be shown ...

Page 34: ...ystem status WAN status ADSL Information and other status related to this router within one page If you select PPPoE as the protocol you will find out a button of Dial PPPoE or Dial PPPoE in the Online Status web page Online status for PPPoE Online status for PPTP for WAN2 Online status for Static IP for WAN1 ...

Page 35: ...n WAN1 WAN web page Mode Displays the type of WAN connection e g PPPoE Up Time Displays the total uptime of the interface IP Displays the IP address of the WAN interface GW IP Displays the IP address of the default gateway TX Packets Displays the total transmitted packets at the WAN interface TX Rate Displays the speed of transmitted octets at the WAN interface RX Packets Displays the total number...

Page 36: ... at ti io on n Each time you click OK on the web page for saving the configuration you can find messages showing the system interaction with you Ready indicates the system is ready for you to input settings Settings Saved means your settings are saved once you click Finish or OK button ...

Page 37: ...255 255 From 192 168 0 0 to 192 168 255 255 W Wh ha at t a ar re e P Pu ub bl li ic c I IP P A Ad dd dr re es ss s a an nd d P Pr ri iv va at te e I IP P A Ad dd dr re es ss s As the router plays a role to manage and further protect its LAN it interconnects groups of host PCs Each of them has a private IP address assigned by the built in DHCP server of the Vigor router The router itself will also ...

Page 38: ...in the router Besides 3G USB Modem in WAN2 also can be used as backup device Therefore when WAN1 is not available the router will use 3 5G for supporting automatically The supported 3G USB Modem will be listed on Draytek web site Please visit www draytek com for more detailed information Below shows the menu items for Internet Access 3 3 1 1 3 3 G Ge en ne er ra al l S Se et tu up p This section w...

Page 39: ...ugh Ethernet port yet the physical connection for WAN2 is done through an Ethernet port P1 or USB port You cannot change it To use 3G network connection through 3G USB Modem choose 3G USB Modem as the physical mode in WAN2 Next go to WAN Internet Access 3G USB Modem is available for WAN2 You can choose PPP as the access mode and click Details Page for further configuration Physical Type You can ch...

Page 40: ...nternet Access In addition there are three selections for you to choose for different purposes WAN2 Fail It means the connection for WAN1 will be activated when WAN2 is failed WAN2 Upload speed exceed XX kbps It means the connection for WAN1 will be activated when WAN2 Upload speed exceed certain value that you set in this box for 15 seconds WAN2 Download speed exceed XX kbps It means the connecti...

Page 41: ...e for accessing into the Internet when WAN 1 is inactive for some reason Display Name It shows the name of the WAN1 WAN2 that entered in general setup Physical Mode It shows the physical connection for WAN1 Ethernet WAN2 Ethernet or 3G USB Modem according to the real network connection Access Mode Use the drop down list to choose a proper access mode The details page of that mode will be popped up...

Page 42: ...ame Type in the username provided by ISP in this field Password Type in the password provided by ISP in this field Index 1 15 in Schedule Setup You can type in four sets of time schedule for your request All the schedules can be set previously in Application Schedule web page and you can use the number that you have set in that web page ISDN Dial Backup Setup This setting is available for the rout...

Page 43: ...P or CHAP for PPP Idle Timeout Set the timeout for breaking down the Internet after passing through the time without any action This setting is active only when the Active on demand option for Active Mode is selected in WAN General Setup page IP Address Assignment Method IPCP Usually ISP dynamically assigns IP address to you each time you connect to it and request In some case your ISP provides se...

Page 44: ...er will offer a fixed public IP while a DSL service provider will offer a public subnet If you have a public subnet you could assign an IP address or many IP address to the WAN interface To use Static or Dynamic IP as the accessing protocol of the internet please choose Internet Access from WAN menu Then select Static or Dynamic IP mode for WAN2 The following web page will be shown Static or Dynam...

Page 45: ... the system to PING it for keeping alive PING Interval Enter the interval for the system to execute the PING operation WAN Connection Detection Such function allows you to verify whether network connection is alive or not through ARP Detect or Ping Detect Mode Choose ARP Detect or Ping Detect for the system to execute for WAN detection Ping IP If you choose Ping Detect as detection mode you have t...

Page 46: ...ress Type the IP address Subnet Mask Type the subnet mask Gateway IP Address Type the gateway IP address Default MAC Address Click this radio button to use default MAC address for the router Specify a MAC Address Some Cable service providers specify a specific MAC address for access authentication In such cases you need to click the Specify a MAC Address and enter the MAC address in the MAC Addres...

Page 47: ...ode Specify Gateway IP Address Specify the gateway IP address for DHCP server ISP Access Setup Username Type in the username provided by ISP in this field Password Type in the password provided by ISP in this field Index 1 15 in Schedule Setup You can type in four sets of time schedule for your request All the schedules can be set previously in Application Schedule web page and you can use the num...

Page 48: ...e case your ISP provides service to always assign you the same IP address whenever you request In this case you can fill in this IP address in the Fixed IP field Please contact your ISP before you want to use this function Click Yes to use this function and type in a fixed IP address in the box Fixed IP Address Type a fixed IP address WAN IP Alias If you have multiple public IP addresses and would...

Page 49: ... PIN code of the SIM card that will be used to access Internet Modem Initial String Such value is used to initialize USB modem Please use the default value If you have any question please contact to your ISP APN Name APN means Access Point Name which is provided and required by some ISPs Type the name and click Apply Modem Dial String Such value is used to dial through USB mode Please use the defa...

Page 50: ...k the number of index to access into the load balance policy configuration web page Enable Check this box to enable this policy Protocol Use the drop down menu to change the protocol for the WAN interface WAN Use the drop down menu to change the WAN interface Src IP Start Displays the IP address for the start of the source IP Src IP End Displays the IP address for the end of the source IP Dest IP ...

Page 51: ...blank it means that all the source IPs inside the LAN will be passed through the WAN interface Dest IP Start Type the destination IP start for the specified WAN interface Dest IP End Type the destination IP end for the specified WAN interface If this field is blank it means that all the destination IPs will be passed through the WAN interface Dest Port Start Type the destination port start for the...

Page 52: ...T does is to translate the packets from public IP address to private IP address to forward the right packets to the right host and vice versa Besides Vigor router has a built in DHCP server that assigns private IP address to each local host See the following diagram for a briefly understanding In some special case you may have a public IP subnet from your ISP such as 220 135 240 0 24 This means th...

Page 53: ...St ta at ti ic c R Ro ou ut te e When you have several subnets in your LAN sometimes a more effective and quicker way for connection is the Static routes function rather than other method You may simply set rules to forward data from one specified subnet to another specified subnet without the presence of RIP W Wh ha at t a ar re e V Vi ir rt tu ua al l L LA AN Ns s a an nd d R Ra at te e C Co on ...

Page 54: ...ult 192 168 1 1 1st Subnet Mask Type in an address code that determines the size of the network Default 255 255 255 0 24 For IP Routing Usage Click Enable to invoke this function The default setting is Disable 2nd IPAddress Type in secondary IP address for connecting to a subnet Default 192 168 2 1 24 2nd Subnet Mask An address code that determines the size of the network Default 255 255 255 0 24 ...

Page 55: ... RIP information of the 2nd subnet with neighboring routers DHCP Server Configuration DHCP stands for Dynamic Host Configuration Protocol The router by factory default acts a DHCP server for your network so it automatically dispatch related IP settings to any local user configured as a DHCP client It is highly recommended that you leave the router enabled as a DHCP server if you do not have a DHCP...

Page 56: ...cally apply default DNS Server IP address 194 109 6 66 to this field Secondary IPAddress You can specify secondary DNS server IP address here because your ISP often provides you more than one DNS Server If your ISP does not provide it the router will automatically apply default secondary DNS Server IP address 194 98 0 1 to this field The default DNS Server IP address can be found via Online Status...

Page 57: ...o that user A and B locating in different subnet can talk to each other via the router Assuming the Internet access has been configured and the router works properly z use the Main Router to surf the Internet z create a private subnet 192 168 10 0 using an internal Router A 192 168 1 2 z create a public subnet 211 100 88 0 via an internal Router B 192 168 1 3 z have set Main Router 192 168 1 1 as ...

Page 58: ...and continuously exchange of IP routing information with different subnets 2 Click the LAN Static Route and click on the Index Number 1 Check the Enable box Please add a static route as shown below which regulates all packets destined to 192 168 10 0 will be forwarded to 192 168 1 2 Click OK 3 Return to Static Route Setup page Click on another Index Number to add another static route as show below...

Page 59: ...disable this function All the settings on this page will be invalid Strict Bind Click this radio button to block the connection of the IP MAC which is not listed in IP Bind List ARP Table This table is the LAN ARP table of this router The information for IP and MAC will be displayed in this field Each pair of IP and MAC address listed in ARP table can be selected and added to IP Bind List by click...

Page 60: ...b authentication is to offer a convenient accessing management When such function is enabled all the users in LAN side without passing the web authentication cannot access into network through the router Web Authentication Click Enable to activate such feature The default setting is Disable Bypass IP in IP MAC binding list All the clients with the IP listed in Bind IP to MAC can access into Intern...

Page 61: ...l be displayed on the redirect page when you access into the URL that you want Connection Status Display IP username login time etc of the users logging currently H Ho ow w t to o u us se e W We eb b A Au ut th he en nt ti ic ca at ti io on n Before passing the web authentication from the router any user will be directed into the following screen whenever he tries to access into Internet via http ...

Page 62: ... IP address thus you can have only one IP address on behalf of the entire internal hosts z Enhance security of the internal network by obscuring the IP address There are many attacks aiming victims based on the IP address Since the attacker cannot be aware of any private IP addresses the NAT function can protect the internal network On NAT page you will see the private IP address defined in RFC 19...

Page 63: ... to incoming traffic To use this function please go to NAT page and choose Port Redirection web page The Port Redirection Table provides 20 port mapping entries for the internal hosts Press any number under Index to access into next page for configuring port redirection ...

Page 64: ...this field Type a complete IP address in the first box as the starting point and the fourth digits in the second box as the end point Private Port Specify the private port number of the service offered by the internal host Note that the router has its own built in services servers such as Telnet HTTP and FTP etc Since the common port numbers of these services servers are all the same you may need ...

Page 65: ... Protocols 50 ESP and 51 AH do not travel on a fixed port Vigor router provides a facility DMZ Host that maps ALL unsolicited data on any protocol to a single host in the LAN Regular web surfing and other such Internet activities from other clients will continue to work without inappropriate interruption DMZ Host allows a defined internal user to be totally exposed to the Internet which usually he...

Page 66: ...f you choose Private IP as the selection for DMZ host please type in private IP or select any one by clicking the Choose PC button MAC Address of the True IP DMZ Host If you choose Active True IP as the selection for DMZ host please type in MAC address in these fields If you previously have set up WAN IP Alias on WAN1 interface while configuring PPPoE Static or Dynamic IP or PPTP by accessing into...

Page 67: ...and then a window will automatically pop up as depicted below The window consists of a list of private IP addresses of all hosts in your LAN network Select one private IP address in the list to be the DMZ host When you have selected one private IP from the above dialog the IP address will be shown on the following screen Click OK to save the setting ...

Page 68: ... to any security exploits Click Open Ports to open the following page Index Indicate the relative number for the particular entry that you want to offer service in a local host You should click the appropriate index number to edit or clear the corresponding entry Comment Specify the name for the defined network service WAN Interface Display the WAN interface for the entry Local IP Address Display ...

Page 69: ...ill automatically pop up Select the appropriate IP address of the local host in the list Protocol Specify the transport layer protocol It could be TCP UDP or none for selection Start Port Specify the starting port number of the service offered by the local host End Port Specify the ending port number of the service offered by the local host 3 3 3 3 4 4 A Ad dd dr re es ss s M Ma ap pp pi in ng g T...

Page 70: ... the private IP set for this address mapping e g 192 168 1 10 Mask Display the subnet mask selected for this address mapping Status Display the status for the entry enable or disable Click the index number link to open the configuration page Enable Check to enable this entry Protocol Specify the transport layer protocol It could be TCP UDP or ALL for selection WAN Interface Select WAN interface fo...

Page 71: ...te IP address 3 3 4 4 O Ob bj je ec ct ts s a an nd d G Gr ro ou up ps s For IPs in a range and service ports in a limited range usually will be applied in configuring router s settings therefore we can define them with objects and bind them with groups for using conveniently Later we can select that object group that can apply it For example all the IPs in the same department can be defined with ...

Page 72: ...ype Determine the address type for the IP address Select Single Address if this object contains one IP address only Select Range Address if this object contains several IPs within a range Select Subnet Address if this object contains one subnet for IP address Select Any Address if this object contains any IP address Start IP Address Type the start IP address for Single Address type End IP Address ...

Page 73: ... Index column for settings in detail Name Type a name for this profile Maximum 15 characters are allowed Interface Choose WAN LAN or Any to display all the available IP objects with the specified interface Available IP Objects All the available IP objects with the specified interface chosen above will be shown in this box Selected IP Objects Click button to add the selected IP objects in this box ...

Page 74: ... detail Name Type a name for this profile Protocol Specify the protocol s which this profile will apply to Source Destination Port Source Port and the Destination Port column are available for TCP UDP protocol It can be ignored for other protocols The filter rule will filter out any port number when the first and last value are the same it indicates one port when the first and last values are diff...

Page 75: ... are available for this service type the port number greater than this value is available the port number less than this value is available for this profile Below is an example of service type objects settings 3 3 4 4 4 4 S Se er rv vi ic ce e T Ty yp pe e G Gr ro ou up p This page allows you to bind several service types into one group Set to Factory Default Clear all profiles Click the number un...

Page 76: ... box Selected Service Type Objects Click button to add the selected IP objects in this box 3 3 4 4 5 5 I IM M O Ob bj je ec ct t You can define policy profiles for IM Instant Messenger application The object profile s configured here will be seen and adopted in CSM IM P2P Filter Profile page Set to Factory Default Clear all profiles Click the number under Index column for settings in detail ...

Page 77: ...file might not be allowed to access into the forbidden items 3 3 4 4 6 6 P P2 2P P O Ob bj je ec ct t You can define policy profiles for P2P Point to Point application The object profile s configured here will be seen and adopted in CSM IM P2P Filter Profile page Set to Factory Default Clear all profiles Click the number under Index column for settings in detail ...

Page 78: ...ems In the above figure BitTorrent protocol is disallowed if you apply such object profile as filtering rule setting in Firewall 3 3 4 4 7 7 M Mi is sc c O Ob bj je ec ct t You can define policy profiles for Misc application The object profile s configured here will be seen and adopted in CSM IM P2P Filter Profile page Set to Factory Default Clear all profiles Click the number under Index column f...

Page 79: ...t t F Fi il lt te er r To provide an appropriate cyberspace to users Vigor router equips with URL Content Filter not only to limit illegal traffic from to the inappropriate web sites but also prohibit other web feature where malicious code may conceal Once a user type in or click on an URL with objectionable keywords URL keyword blocking facility will decline the HTTP request to that web page thus...

Page 80: ...ories of website you wish to restrict each URL address requested e g www bbc co uk will be checked against our server database This database is updated as frequent as daily by a global team of Internet researchers The server will look up the URL and return a category to your router Your Vigor router will then decide whether to allow access to this site according to the categories you have selected...

Page 81: ...checks the URL strings or some of HTTP data hiding in the payload of TCP packets while legacy firewall inspects packets based on the fields of TCP IP headers only On the other hand Vigor router can prevent user from accidentally downloading malicious codes from web pages It s very common that malicious codes conceal in the executable objects such as ActiveX Java Applet compressed files and other e...

Page 82: ...supports multiple keywords The keyword could be a noun a partial noun or a complete URL string Multiple keywords within a frame are separated by space comma or semicolon In addition the maximal length of each frame is 32 character long After specifying keywords the Vigor router will decline the connection request to the website whose URL string matched to any user defined keyword It should be noti...

Page 83: ...ble file Check the box to reject any downloading behavior of the executable file from the Internet exe com scr pif bas bat inf reg Cookie Check the box to filter out the cookie transmission from inside to outside world to protect the local user s privacy Proxy Check the box to reject any proxy transmission To control efficiently the limited bandwidth usage it will be of great value to provide the ...

Page 84: ...ories of website you wish to restrict each URL address requested e g www bbc co uk will be checked against our server database powered by SurfControl The database covering over 70 languages and 200 countries over 1 billion Web pages divided into 40 easy to understand categories This database is updated as frequent as daily by a global team of Internet researchers The server will look up the URL an...

Page 85: ...rigger the router to build an unwanted outgoing connection The most basic security concept is to set user name and password while you install your router The administrator login will prevent unauthorized access to the router configuration from your router If you did not set password during installation you can go to System Maintenance to set up your password F Fi ir re ew wa al ll l F Fa ac ci il ...

Page 86: ...ernet connection Data Filter is applied to incoming and outgoing traffic It will check packets according to the filter rules If legal the packet will pass the router The following illustrations are flow charts explaining how router will treat incoming traffic and outgoing traffic respectively S St ta at te ef fu ul l P Pa ac ck ke et t I In ns sp pe ec ct ti io on n S SP PI I Stateful inspection i...

Page 87: ...low violating the pre defined parameter such as the number of thresholds is identified as an attack and the Vigor router will activate its defense mechanism to mitigate in a real time manner The below shows the attack types that DoS DDoS defense function can detect 1 SYN flood attack 2 UDP flood attack 3 ICMP flood attack 4 TCP Flag scan 5 Trace route 6 IP options 7 Unknown protocol 8 Land attack ...

Page 88: ...hecking the Log box It will be sent to Syslog server Please refer to section 3 14 4 Syslog Mail Alert for more detailed information IM P2P Filter Select an IM P2P profile for global IM P2P application blocking All the hosts in LAN must follow the standard configured in the selected profile selected here For detailed information refer to the section of CSM profile setup Some on line games for examp...

Page 89: ...Click a button numbered 1 7 to edit the filter rule Click the button will open Edit Filter Rule web page For the detailed information refer to the following page Active Enable or disable the filter rule Comment Enter filter set comments description Maximum length is 23 character long Move Up Down Use Up or Down link to move the order of the filter rules Next Filter Set Set the link to the next fil...

Page 90: ...5 schedules pre defined in Applications Schedule setup The default setting of this filed is blank and the function will always work Direction Set the direction of packet flow LAN WAN WAN LAN It is for Data Filter only For the Call Filter this setting is not available since Call Filter is only applied to outgoing traffic Source Destination IP Click Edit to access into the following dialog to choose...

Page 91: ...n this dialog In addition if you want to use the service type from defined groups or objects please choose Group and Objects as the Service Type Protocol Specify the protocol s which this filter rule will apply to Source Destination Port when the first and last value are the same it indicates one port when the first and last values are different it indicates a range for the port and available for ...

Page 92: ...Syslog box It will be sent to Syslog server Please refer to section 3 14 4 Syslog Mail Alert for more detailed information Branch to other Filter Set If the packet matches the filter rule the next filter rule will branch to the specified filter set Select next filter rule to branch from the drop down menu Be aware that the router will apply the specified filter rule for ever and will not return to...

Page 93: ...f two IP filters call filter or data filter You may preset 12 call filters and data filters in Filter Setup and even link them in a serial manner Each filter set is composed by 7 filter rules which can be further defined After that in General Setup you may specify one set for call filter and one set for data filter to execute first ...

Page 94: ...seconds respectively Enable UDP flood defense Check the box to activate the UDP flood defense function Once detecting the Threshold of the UDP packets from the Internet has exceeded the defined value the Vigor router will start to randomly discard the subsequent UDP packets for a period defined in Timeout The default setting for threshold and timeout are 150 packets per second and 10 seconds respe...

Page 95: ...box to activate the Block fraggle Attack function Any broadcast UDP packets received from the Internet is blocked Activating the DoS DDoS defense functionality might block some legal packets For example when you activate the fraggle attack defense all broadcast UDP packets coming from the Internet are blocked Therefore the RIP packets from the Internet might be dropped Block TCP flag scan Check th...

Page 96: ...col types greater than 100 are reserved and undefined at this time Therefore the router should have ability to detect and reject this kind of packets Warning Messages We provide Syslog function for user to retrieve message from Vigor router The user as a Syslog Server shall receive the report sending from Vigor router which is a Syslog Client All the warning messages related to DoS defense will be...

Page 97: ...ortant accesses impacted To solve the problem you can use limit session to limit the session procession for specified Hosts In the Bandwidth Management menu click Sessions Limit to open the web page To activate the function of limit session simply click Enable and set the default session limit Enable Click this button to activate the function of limit session Disable Click this button to close the...

Page 98: ...n Application Schedule web page and you can use the number that you have set in that web page 3 3 7 7 2 2 B Ba an nd dw wi id dt th h L Li im mi it t The downstream or upstream from FTP HTTP or some P2P applications will occupy large of bandwidth and affect the applications for other programs Please use Limit Bandwidth to make the bandwidth usage more efficient In the Bandwidth Management menu cli...

Page 99: ... your request All the schedules can be set previously in Application Schedule web page and you can use the number that you have set in that web page 3 3 7 7 3 3 Q Qu ua al li it ty y o of f S Se er rv vi ic ce e Deploying QoS Quality of Service management to guarantee that all applications receive the service levels required and sufficient bandwidth to meet performance expectations is indeed one i...

Page 100: ...domain owners to define the service level provided toward traffic from different domains Then each DS node in these domains will perform the priority treatment This is called per hop behavior PHB The definition of PHB includes Expedited Forwarding EF Assured Forwarding AF and Best Effort BE AF defines the four classes of delivery or forwarding classes and three levels of drop precedence in each cl...

Page 101: ...default for this setting is checked Please also define which traffic the QoS Control settings will apply to IN apply to incoming traffic only OUT apply to outgoing traffic only BOTH apply to both incoming and outgoing traffic Check this box and click OK then click Setup link again You will see the Online Statistics link appearing on this page WAN Inbound Bandwidth It allows you to set the connecti...

Page 102: ...nment For the download speed might be impacted by the uploading TCP ACK you can check this box to push ACK of upload more faster to speed the network traffic Limited_bandwidth Ratio The ratio typed here is reserved for limited bandwidth of UDP application On Line Statistics Display an online statistics for quality of service for your reference E Ed di it t t th he e C Cl la as ss s R Ru ul le e f ...

Page 103: ...lows you to edit source address information Address Type Determine the address type for the source address For Single Address you have to fill in Start IP address For Range Address you have to fill in Start IP address and End IP address For Subnet Address you have to fill in Start IP address and Subnet Mask DiffServ CodePoint All the packets of data will be divided with different levels and will b...

Page 104: ...ant for using by current QoS By the way you can set up to 20 rules for one Class If you want to edit an existed rule please select the radio button of that one and click Edit to open the rule edit page for modification E Ed di it t t th he e S Se er rv vi ic ce e T Ty yp pe e f fo or r C Cl la as ss s R Ru ul le e To add a new service type edit or delete an existed service type please click the Ed...

Page 105: ... Type Choose the type TCP UDP or TCP UDP for the new service Port Configuration Click Single or Range If you select Range you have to type in the starting port number and the end porting number on the boxes below Port Number Type in the starting port number and the end porting number here if you choose Range as the type By the way you can set up to 40 service types If you want to edit delete an ex...

Page 106: ...r behind the router Before you use the Dynamic DNS feature you have to apply for free DDNS service to the DDNS service providers The router provides up to three accounts from three different DDNS service providers Basically Vigor routers are compatible with the DDNS services supplied by most popular DDNS service providers such as www dyndns org www no ip com www dtdns com www changeip com www dyna...

Page 107: ...assword test Enable Dynamic DNS Account Check this box to enable the current account If you did check the box you will see a check mark appeared on the Active column of the previous web page in step 2 WAN Interface Select the WAN interface order to apply settings here Service Provider Select the service provider for the DDNS account Service Type Select a service type Dynamic Custom Static If you c...

Page 108: ... business hours The schedule is also applicable to other functions You have to set your time before set schedule In System Maintenance Time and Date menu press Inquire Time button to set the Vigor router s clock to current time of your PC The clock will reset once if you power down or reset the router There is another way to set up time You can inquiry an NTP server a time server on the Internet t...

Page 109: ...Dial On Demand Specify the connection to be up when it has traffic on the line Once there is no traffic over idle timeout the connection will be down and never up again during the schedule Idle Timeout Specify the duration or period for the schedule How often Specify how often the schedule will be applied Once The schedule will be applied just once Weekdays Specify which days in one week should pe...

Page 110: ...It is the most common method of authenticating and authorizing dial up and tunneled network users The built in RADIUS client feature enables the router to assist the remote dial in user or a wireless station and the RADIUS server in performing mutual authentication It enables centralized remote access authentication for network management Enable Check to enable RADIUS client feature Server IP Addr...

Page 111: ...Messenger to allow full use of the voice video and messaging features Enable UPNP Service Accordingly you can enable either the Connection Control Service or Connection Status Service After setting Enable UPNP Service setting an icon of IP Broadband Connection on Router on Windows XP Network Connections will appear The connection status and control status will be able to be activated The NAT Trave...

Page 112: ...ction on your network may incur some security threats You should consider carefully these risks before activating the UPnP function Some Microsoft operating systems have found out the UPnP weaknesses and hence you need to ensure that you have applied the latest service packs and patches Non privileged users can control some router functions including removing and adding port mappings The UPnP func...

Page 113: ...d PC through the router he she must type correct MAC address of the specified PC on this web page of Wake On LAN of this router In addition such PC must have installed a network card supporting WOL function By the way WOL function must be set as Enable on the BIOS setting Wake by Two types provide for you to wake up the binded IP If you choose Wake by MAC Address you have to type the correct MAC a...

Page 114: ...Vigor2910 Series User s Guide 104 Wake Up Click this button to wake up the selected IP See the following figure The result will be shown on the box ...

Page 115: ... to point private link Besides here provides ISDN LAN to LAN and remote dial in functions for i model only Below shows the menu items for VPN and Remote Access 3 3 9 9 1 1 V VP PN N C Cl li ie en nt t W Wi iz za ar rd d Such wizard is used to configure VPN settings for VPN client Such wizard will guide to set the LAN to LAN profile for VPN dial out connection from server to client step by step LAN...

Page 116: ...ls for users to set When you finish the mode and profile selection please click Next to open the following page In this page you have to select suitable VPN type for the VPN client profile There are six types provided here Different type will lead to different configuration page After making ...

Page 117: ...ext You will see different configurations based on the selection s you made z When you choose PPTP None Encryption or PPTP Encryption you will see the following graphic z When you choose IPSec you will see the following graphic z When you choose L2TP you will see the following graphic ...

Page 118: ...Vigor2910 Series User s Guide 108 z When you choose L2TP over IPSec Nice to Have you will see the following graphic z When you choose L2TP over IPSec Must you will see the following graphic ...

Page 119: ...necting the router will use WAN2 as the first channel for VPN connection If WAN2 fails the router will use another WAN interface instead WAN2 Only While connecting the router will use WAN2 as the only channel for VPN connection Always On Check to enable router always keep VPN connection Pre Shared Key IKE Authentication Method usually applies to those are remote dial in user or node LAN to LAN whi...

Page 120: ...e Network IP Please type one LAN IP address according to the real location of the remote host for building VPN connection Remote Network Mask Please type the network mask according to the real location of the remote host for building VPN connection After finishing the configuration please click Next The confirmation page will be shown as follows If there is no problem you can click one of the radi...

Page 121: ...de Selection Choose the direction for the VPN server Site to Site VPN Remote Dial in User To set a LAN to LAN profile automatically please choose Site to Site VPN Remote Dial in User You can manage remote access by maintaining a table of remote user profile so that users can be authenticated to dial in via VPN connection Please choose a LAN to LAN Profile This item is available when you choose Sit...

Page 122: ...ount profiles Next you have to select suitable dial in type for the VPN server profile There are six types provided here similar to VPN Client Wizard Different Dial in Type will lead to different configuration page After making the choices for the server profile please click Next You will see different configurations based on the selection you made z When you check PPTP IPSec L2TP three types or P...

Page 123: ...irmation Digital Signature X 509 In addition to pre shared key you can select one predefined setting in the X 509 Peer ID Profiles set from VPN and Remote Access IPSec Peer Identity for IPSec L2TP over IPSec authentication Peer IP VPN Client IP Type the WAN IP address or VPN client IP address for the remote client Peer ID Type the ID name for the remote client Remote Network IP Please type one LAN...

Page 124: ...you will see the following graphic After finishing the configuration please click Next The confirmation page will be shown as follows If there is no problem you can click one of the radio buttons listed on the page and click Finish to execute the next action ...

Page 125: ...ng detailed configuration 3 3 9 9 3 3 R Re em mo ot te e A Ac cc ce es ss s C Co on nt tr ro ol l Enable the necessary VPN service as you need If you intend to run a VPN server inside your LAN you should disable the VPN service of Vigor Router to allow VPN tunnel pass through as well as the appropriate NAT settings such as DMZ or open port And if you want to enable ISDN dial in function please che...

Page 126: ...optionally employed in the router for the remote dial in user If the remote dial in user does not support the MPPE encryption algorithm the router will transmit no MPPE encrypted packets Otherwise the MPPE encryption scheme will be used to encrypt the data Require MPPE 40 128bits Selecting this option will force the router to encrypt packets by using the MPPE encryption algorithm In addition the r...

Page 127: ...ghest priority match with its policies Eventually to set up a secure tunnel for IKE Phase 2 Phase 2 negotiation IPSec security methods including Authentication Header AH or Encapsulating Security Payload ESP for the following IKE exchange and mutual examination of the secure tunnel establishment There are two encapsulation methods used in IPSec Transport and Tunnel The Transport mode will add the ...

Page 128: ...select encryption algorithm from Data Encryption Standard DES Triple DES 3DES and AES 3 3 9 9 6 6 I IP PS Se ec c P Pe ee er r I Id de en nt ti it ty y To use digital certificate for peer authentication in either LAN to LAN connection or Remote User Dial In connection here you may edit a table of peer certificate for selection As shown below the router provides 32 entries of digital certificates f...

Page 129: ...fic field of digital signature to accept the peer with matching value The field can be IP Address Domain or E mail Address The box under the Type will appear according to the type you select and ask you to fill in corresponding setting Accept Subject Name Click to check the specific fields of digital signature to accept the peer with matching value The field includes Country C State ST Location L ...

Page 130: ...erver through the built in RADIUS client function The following figure shows the summary table Set to Factory Default Click to clear all indexes Index Click the number below Index to access into the setting page of Remote Dial in User User Display the username for the specific dial in user of the LAN to LAN profile The symbol represents that the profile is empty Status Display the access state of ...

Page 131: ...of remote dial in user below IPSec Tunnel Allow the remote dial in user to make an IPSec VPN connection through Internet L2TP Allow the remote dial in user to make a L2TP VPN connection through the Internet You can select to use L2TP alone or with IPSec Select from below None Do not apply the IPSec policy Accordingly the VPN connection employed the L2TP without IPSec policy can be viewed as one pu...

Page 132: ...ignature X 509 can be set when you select IPSec tunnel either with or without specify the IP address of the remote node Pre Shared Key Check the box of Pre Shared Key to invoke this function and type in the required characters 1 63 as the pre shared key Digital Signature X 509 Check the box of Digital Signature to invoke this function and select one predefined in the X 509 Peer ID Profiles set fro...

Page 133: ...ion direction dial in or dial out connection peer ID connection type ISDN connection VPN connection including PPTP IPSec Tunnel and L2TP by itself or over IPSec and corresponding security methods etc The router provides up to 32 profiles which also means supporting 32 VPN tunnels simultaneously The following figure shows the summary table Set to Factory Default Click to clear all indexes Name Indi...

Page 134: ...leave it untouched The following explanations will guide you to fill all the necessary fields When VPN TRUNK is activated several fields e g Dial in Settings Dial in selection in Call Direction and others might be locked and dimmed Please refer to VPN and Remote Access VPN Backup Management for more details For the web page is too long we divide the page into several sections for explanation ...

Page 135: ...l in connecting such function can block data transmission of Netbios Naming Packet inside the tunnel Multicast via VPN Some programs might send multicast packets via VPN connection Pass Click this button to let multicast packets pass through the router Block This is default setting Click this button to let multicast packets be blocked by the router 4 Call Direction Specify the allowed call directi...

Page 136: ...e Internet You can select to use L2TP alone or with IPSec Select from below None Do not apply the IPSec policy Accordingly the VPN connection employed the L2TP without IPSec policy can be viewed as one pure L2TP connection Nice to Have Apply the IPSec policy first if it is applicable during negotiation Otherwise the dial out VPN connection becomes one pure L2TP connection Must Specify the IPSec po...

Page 137: ...ntication Use AES encryption algorithm and not apply any authentication scheme AES with Authentication Use AES encryption algorithm and apply MD5 or SHA 1 authentication algorithm Advanced Specify mode proposal and key life of each IKE phase Gateway etc The window of advance setup is shown as below IKE phase 1 mode Select from Main mode and Aggressive mode The ultimate outcome is to exchange secur...

Page 138: ...sed to avoid the computation complexity in phase 2 The default value is inactive this function Local ID In Aggressive mode Local ID is on behalf of the IP address while identity authenticating with remote VPN server The length of the ID is limited to 47 characters Callback Function for i models only The callback function provides a callback service as a part of PPP suite only for the ISDN dial in ...

Page 139: ...ther set up Callback function below PPTP Allow the remote dial in user to make a PPTP VPN connection through the Internet You should set the User Name and Password of remote dial in user below IPSec Tunnel Allow the remote dial in user to trigger an IPSec VPN connection through Internet L2TP Allow the remote dial in user to make a L2TP VPN connection through the Internet You can select to use L2TP...

Page 140: ...IKE Authentication Method This group of fields is applicable for IPSec Tunnels and L2TP with IPSec Policy when you specify the IP address of the remote node The only exception is Digital Signature X 509 can be set when you select IPSec tunnel either with or without specify the IP address of the remote node Pre Shared Key Check the box of Pre Shared Key to invoke this function and type in the requi...

Page 141: ...if one side wants to use it the peer must enable it too My GRE IP Type the virtual IP for router itself for verified by peer Peer GRE IP Type the virtual IP of peer host for verified by router My WAN IP This field is only applicable when you select ISDN PPTP or L2TP with or without IPSec policy above The default value is 0 0 0 0 which means the Vigor router will get a PPP IP address from the remot...

Page 142: ...ction here Herein we provide four options TX RX Both TX Only RX Only and Disable RIP Version Select the RIP protocol version Specify Ver 2 for greatest compatibility From first subnet to remote network you have to do If the remote network only allows you to dial in with single IP please choose NAT otherwise choose Route Change default route to this VPN tunnel Only single WAN supports this Check th...

Page 143: ...b page is simple to understand and easy to configure Filly compliant with VPN Server LAN Sit Single Multi Network Mail Alert support please refer to System Maintenance SysLog Mail Alert for detailed configuration Syslog support please refer to System Maintenance SysLog Mail Alert for detailed configuration Specific ERD Environment Recovery Detection mechanism which can be operated by using Telnet ...

Page 144: ...rofile can group two VPN connections set in LAN to LAN The saved VPN profiles in LAN to LAN will be shown on Member1 and Member2 fields Member 1 Member2 Display the selection for LAN to LAN dial out profiles configured in VPN and Remote Access LAN to LAN for you to choose for grouping under certain VPN backup profile No Index number of LAN to LAN dial out profile Name Profile name of AN to LAN dia...

Page 145: ...s se et t a a V VP PN N B Ba ac ck ku up p p pr ro of fi il le e 1 Go to VPN and Remote Access LAN to LAN Set two or more LAN to LAN profiles first 2 Access into VPN and Remote Access VPN Backup Management 3 Set one group of VPN backup profile by choosing Enable radio button type a name for such profile choose one of the LAN to LAN profiles from Member1 drop down list choose one of the LAN to LAN ...

Page 146: ...ial out Tool and clicking Dial button General Mode This filed displays the profile configured in LAN to LAN with Index number and VPN Server IP address The VPN connection built by General Mode does not support VPN backup function Backup Mode This filed displays the profile name saved in VPN TRUNK Management with Index number and VPN Server IP address The VPN connection built by Backup Mode support...

Page 147: ...e 137 Refresh Seconds Choose the time for refresh the dial information among 5 10 and 30 Refresh Click this button to refresh the whole connection status Note The status of LAN to LAN for ISDN is shown on the page of Online Status ...

Page 148: ...9 Any entity wants to utilize digital certificates should first request a certificate issued by a CA server It should also retrieve certificates of other trusted CA servers so it can authenticate the peer with certificates issued by those trusted CA servers Here you can manage generate and manage the local digital certificates and set trusted CA certificates Remember to adjust the time of Vigor ro...

Page 149: ... Import Click this button to import a saved file as the certification information Refresh Click this button to refresh the information listed below View Click this button to view the detailed settings for certificate request After clicking Generate the generated information will be displayed on the window below ...

Page 150: ...lick IMPORT to open the following window Use Browse to find out the saved text file Then click Import The one you imported will be listed on the Trusted CA Certificate window Then click Import to use the pre saved file For viewing each trusted CA certificate click View to open the certificate detail information window If you want to delete a CA certificate choose the one and click Delete to remove...

Page 151: ... ku up p Local certificate and Trusted CA certificate for this router can be saved within one file Please click Backup on the following screen to save them If you want to set encryption password for these certificates please type characters in both fields of Encrypt password and Retype password ...

Page 152: ...eer to peer direct calling and also calling via a SIP proxy server a role similar to the gatekeeper in H 323 networks while the MGCP protocol uses client server architecture the calling scenario being very similar to the current PSTN network After a call is setup the voice streams transmit via RTP Real Time Transport Protocol Different codecs methods to compress and encode the voice can be embedde...

Page 153: ... the required inbound and outbound bandwidth that is prioritized exclusively for Voice traffic over Internet but you just get your data a little slower and it is tolerable for data traffic 3 3 1 11 1 1 1 D Di ia al lP Pl la an n This page allows you to set phone book and digit map for the VoIP function Click the Phone Book and Digit Map links on the page to access into next pages for dialplan sett...

Page 154: ...s entry Phone Number The speed dial number of this index This can be any number you choose using digits 0 9 and Display Name The Caller ID that you want to be displayed on your friend s screen This let your friend can easily know who s calling without memorizing lots of SIP URL Address SIP URL Enter your friend s SIP Address ...

Page 155: ...the SIP accounts for this profile to dial out If caller and callee do not use the same SIP server sometimes the VoIP phone call connection may not succeed By using the specified dial out account the successful connection can be assured Loop through For the model of Vigor 2910VGi the selection should be as the following Backup Phone Number When the VoIP phone is obstructs or the Internet breaks dow...

Page 156: ...se this mode the OP number will be added with the prefix number for calling out through the specific VoIP interface Strip When you choose this mode the OP number will be deleted by the prefix number for calling out through the specific VoIP interface Take the above picture Prefix Table Setup web page as an example the OP number of 886 will be deleted completely for the prefix number is set with 88...

Page 157: ...ant to enable the prefix number settings from the saved SIP accounts Please set up one SIP account first to make this interface selection available 3 3 1 11 1 2 2 S SI IP P A Ac cc co ou un nt ts s In this section you set up your own SIP settings When you apply for an account your SIP service provider will give you an Account Name or user name SIP Registrar Proxy and Domain name The last three mig...

Page 158: ...rnal IP Type in the gateway IP address SIP PING interval The default value is 150 sec It is useful for a Nortel server NAT Traversal Support Status Show the status for the corresponding SIP account R means such account is registered on SIP server successfully means the account is failed to register on SIP server Click any index number to access into the following page for configuring the SIP accou...

Page 159: ...ystem will select a proper way for your VoIP call SIP Port Set the port number for sending receiving SIP message for building a session The default value is 5060 Your peer must set the same value in his her Registrar Domain Realm Set the domain name or IP address of the SIP Registrar server Proxy Set domain name or IP address of SIP proxy server By the time you can type port number after the domai...

Page 160: ... Registrar again NAT Traversal Support If the router e g broadband router you use connects to internet by other device you have to set this function for your necessity None Disable this function Stun Choose this option if there is Stun server provided for your router Manual Choose this option if you want to specify an external IP address as the NAT transversal support Nortel If the soft switch tha...

Page 161: ... reference Codec The default Codec setting for each port will be shown in this field for your reference You can click the number below the Index field to change it for each phone port Tone Display the tone settings that configured in the advanced settings page of Phone Index Gain Display the volume gain settings for Mic Speaker that configured in the advanced settings page of Phone Index Default S...

Page 162: ...nd remote router not misleading due to IP lost for example sending data from the public IP of remote router to the private IP of local router you can check this box to solve this problem Dynamic RTP port start Specifies the start port for RTP stream The default value is 10050 Dynamic RTP port end Specifies the end port for RTP stream The default value is 15000 RTP TOS It decides the level of VoIP ...

Page 163: ...eck this box to enable this function Call Forwarding There are four options for you to choose Disable is to close call forwarding function Always means all the incoming calls will be forwarded into SIP URL without any reason Busy means the incoming calls will be forwarded into SIP URL only when the local system is busy No answer means if the incoming calls do not receive any response they will be ...

Page 164: ...e codec used for each call will be negotiated with the peer party before each session and so may not be your default choice The default codec is G 729A B it occupies little bandwidth while maintaining good voice quality If your upstream speed is only 64Kbps do not use G 711 codec It is better for you to have at least 256Kbps upstream if you would like to use G 711 Single Codec If the box is checke...

Page 165: ...dvanced setting is provided for fitting the telecommunication custom for the local area of the router installed Wrong tone settings might cause inconvenience for users To set the sound pattern of the phone set simply choose a proper region to let the system find out the preset tone settings and caller ID type automatically Or you can adjust tone settings manually if you choose User Defined TOn1 TO...

Page 166: ...tering number from 1 10 The larger of the number the louder the volume is MISC Dial Tone Power Level This setting is used to adjust the loudness of the dial tone The smaller the number is the louder the dial tone is It is recommended for you to use the default setting Ring Frequency This setting is used to drive the frequency of the ring tone It is recommended for you to use the default setting DT...

Page 167: ...owing page for configuring Phone settings Hotline Check the box to enable it Type in the SIP URL in the field for dialing automatically when you pick up the phone set Session Timer Check the box to enable the function In the limited time that you set in this field if there is no response the connecting call will be closed automatically ISDN Loop Through Ring Port Click the radio button to specify ...

Page 168: ... index of phone book profiles Refer to section 3 10 1 DialPlan Phone Book for detailed configuration CLIR hide caller ID Check this box to hide the caller ID on the display panel of the phone set Prefer Codec Select one of five codecs as the default for your VoIP calls The codec used for each call will be negotiated with the peer party before each session and so may not be your default choice The ...

Page 169: ...m Internet to be forwarded to receivers by ISDN line In addition you can press the Advanced button to configure tone settings volume gain MISC and DTMF mode Advanced setting is provided for fitting the telecommunication custom for the local area of the router installed Wrong tone settings might cause inconvenience for users To set the sound pattern of the phone set simply choose a proper region to...

Page 170: ...owed to dial ISDN to VoIP call The figure that you can type in this field is limited from three to eight with digits from zero to nine Check for VoIP to ISDN Calls Set a pin code for the router to authenticate which one is allowed to dial VoIP to ISDN call The figure that you can type in this field is limited from three to eight with digits from zero to nine DTMP DTMF mode There are four selection...

Page 171: ...isconnect it automatically The figure that you can type in this field is limited one to eleven with digits from zero to nine 3 3 1 11 1 4 4 S St ta at tu us s On VoIP call status you can find codec connection and other important call status for VoIP 1 2 ports Refresh Seconds Specify the interval of refresh time to obtain the latest VoIP calling information The information will update immediately w...

Page 172: ...voice codec employed by present channel PeerID The present in call or out call peer ID the format may be IP or Domain Connect Time The format is represented as seconds Tx Pkts Total number of transmitted voice packets during this connection session Rx Pkts Total number of received voice packets during this connection session Rx Losts Total number of lost packets during this connection session Rx J...

Page 173: ... from dialing the specific MSN number MSN Numbers for the Router MSN Numbers mean that the router is able to accept only number matched incoming calls In addition MSN services should be supported by local ISDN network provider The router provides three fields for MSN numbers Note that MSN services must be acquired from your local telecommunication operators By default MSN function is disabled If y...

Page 174: ... Use both ISDN B channels for Internet access Dialup BOD BOD stands for bandwidth on demand The router will use only one B channel in low traffic situations Once the single B channel bandwidth is fully used the other B channel will be activated automatically through the dialup For more detailed BOD parameter settings please refer to the Advanced Setup field Call Control and PPP MP Setup PPP Authen...

Page 175: ...he descriptions of the previous part 3 3 1 12 2 4 4 V Vi ir rt tu ua al l T TA A Virtual TA means the local hosts or PCs in the network that uses popular CAPI based software such as RVS COM or BVRP to access the router as a local ISDN TA for sending or receiving FAX messages over the ISDN line Basically it is a client server network model The built in Virtual TA server handles the establishment an...

Page 176: ...r of active clients is also 2 z Before you configure the Virtual TA you must set the correct country code in ISDN Setup Virtual TA Server Enable Select it to activate the server Disable Select it to deactivate the server All Virtual TA applications will be terminated Virtual TA User Profiles Username Enter the username of a specific client Password Enter the password of a specific client MSN 1 2 3...

Page 177: ...u ur re e a a V Vi ir rt tu ua al l T TA A C Cl li ie en nt t S Se er rv ve er r Since the Virtual TA application is a client server network model you must configure it on both ends to run properly your Virtual TA application By default the Virtual TA server is enabled and the Username Password fields are left blank Any Virtual TA client may login to the server Once a single Username Password fiel...

Page 178: ...an assign which client has the specified MSN number When an incoming call arrives the server will inform the appropriate client Now we set an example to describe the configuration of the MSN number Suppose that you could assign the MSN number 123 to the client alan Type the specified MSN number in the CAPI based software When the Virtual TA server sends an alert signal to the specified Virtual TA ...

Page 179: ... the dial retry counts per triggered packet A triggered packet is the packet whose destination is outside the local network The default setting is no dial retry If set to 5 for each triggered packet the router will dial 5 times until it is connected to the ISP or remote access router Dial Delay Interval It specifies the interval between dialup retries By default the interval is 0 second Remote Act...

Page 180: ...e the parameters here to decide on when you activate drop the additional B channel Note that cps characters per second measures the total link utilization These parameters specify the situation in which the second channel will be activated With the first connected channel if its utilization exceeds the High Water Mark and such a channel is being used over the High Water Time the additional channel...

Page 181: ...liant with the standard IEEE 802 11g protocol To boost its performance further the Vigor Router is also loaded with advanced wireless technology Super G TM to lift up data rate up to 108 Mbps Hence you can finally smoothly enjoy stream music and video Note The actual data throughput will vary according to the network conditions and environmental factors including volume of network traffic network ...

Page 182: ...WPA Personal a pre defined key is used for encryption during data transmission WPA applies Temporal Key Integrity Protocol TKIP for data encryption while WPA2 applies AES The WPA Enterprise combines not only encryption but also authentication Since WEP has been proved vulnerable you may consider using WPA for the most secure connection You should select the appropriate security mechanism according...

Page 183: ...other To elaborate an example for business use you may set up a wireless LAN for visitors only so they can connect to Internet without hassle of the confidential information leakage For a more flexible deployment you may add filters of MAC addresses to isolate users access from wired LAN Manage Wireless Stations Station List will display all the station in your wireless network and the status of t...

Page 184: ...th IEEE802 11b and IEEE802 11g protocols simultaneously SuperG The radio only supports SuperG 11g only The radio only supports IEEE802 11g 11b only The radio only supports IEEE802 11b Index 1 15 Set the wireless LAN to work at certain time interval only You may choose up to 4 schedules out of the 15 schedules pre defined in Applications Schedule setup The default setting of this filed is blank and...

Page 185: ...e information except SSID or just cannot see any thing about Vigor wireless router while site surveying Long Preamble This option is to define the length of the sync field in an 802 11 packet Most modern wireless network uses short preamble with 56 bit sync filed instead of long preamble with 128 bit sync field However some original 11b wireless network devices only support long preamble Check it ...

Page 186: ...ield of key setting below will be not available for input WEP or WPA PSK Accepts WEP and WPA clients with legal key accordingly Only Mixed WPA WPA2 is applicable if you select WPA PSK WEP 802 1x or WPA 802 1x Accept WEP or WPA clients with 802 1x authentication Only Mixed WPA WPA2 is applicable if you select WPA PSK Since the key will be auto negotiated during authentication the field of key setti...

Page 187: ...ey PSK Either 8 63 ASCII characters such as 012345678 or 64 Hexadecimal digits leading by 0x such as 0x321253abcde WEP 64 Bit For 64 bits WEP key either 5 ASCII characters such as 12345 or 10 hexadecimal digitals leading by 0x such as 0x4142434445 128 Bit For 128 bits WEP key either 13 ASCII characters such as ABCDEFGHIJKLM or 26 hexadecimal digits leading by 0x such as 0x4142434445464748494A4B4C4...

Page 188: ...he MAC Address access control feature Policy Select to enable any one of the following policy Choose Activate MAC address filter to type in the MAC addresses for other clients in the network manually Choose Isolate WLAN from LAN will separate all the WLAN stations from LAN based on the MAC Address list MAC Address Filter Display all MAC addresses that are edited before Four buttons Add Remove Clie...

Page 189: ...age range of a WLAN To meet the above requirement two WDS modes are implemented in Vigor router One is Bridge the other is Repeater Below shows the function of WDS bridge interface The application for the WDS Repeater mode is depicted as below The major difference between these two modes is that while in Repeater mode the packets received from one peer AP can be repeated to another peer AP through...

Page 190: ...nks However hosts connected to Bridge 1 CANNOT communicate with hosts connected to Bridge 3 through Bridge 2 Click WDS from Wireless LAN menu The following page will be shown Mode Choose the mode for WDS setting Disable mode will not invoke any WDS setting Bridge mode is designed to fulfill the first type of application Repeater mode is for the second one ...

Page 191: ...CII characters or 64 hexadecimal digits leading by 0x Bridge If you choose Bridge as the connecting mode please type in the peer MAC address in these fields Six peer MAC addresses are allowed to be entered in this page at one time Yet please disable the unused link to get better performance If you want to invoke the peer MAC address remember to check Enable box in the front of the MAC address afte...

Page 192: ...g the scanning process about 5 seconds no client is allowed to connect to Vigor This page is used to scan the existence of the APs on the wireless LAN Yet only the AP which is in the same channel of this router can be found Please click Scan to discover all the connected APs If you want the found AP applying the WDS settings please type in the AP s MAC address on the bottom of the page and click B...

Page 193: ... wireless clients now along with its status code There is a code summary below for explanation For convenient Access Control you can select a WLAN station and click Add to Access Control below Refresh Click this button to refresh the status of station list Add Click this button to add current selected MAC address into Access Control ...

Page 194: ...ay a message when a remote user connects to Internet through this router No matter what purpose of the wireless client is he she will be forced into the URL configured here while trying to access into the Internet or the desired web page through this router That is a company which wants to have an advertisement for its products to the users can specify the URL in this page to reach its goal Disabl...

Page 195: ...ay to manage hosts by grouping them based on the physical port 3 3 1 14 4 1 1 W Wi ir re ed d V VL LA AN N PCs connected to Ethernet ports of the router can be divided into different groups and formed VLAN PCs under the same groups can share each other information through the router and will not be peeked by other groups The VLAN Wired VALN allows you to configure VLAN settings through wired conne...

Page 196: ...i ir re el le es ss s V VL LA AN N PCs equipped with wireless network cards connected to the router through wireless interface can be divided into different groups and formed W_VLAN PCs under the same groups can share each other information through the router and will not be peeked by other groups PCs under the same groups can use same Login ID and password to access into Internet For example see ...

Page 197: ... additional attributes settings for W_VLAN Activated Date Use the drop down lists to set the activated date for the wireless VLAN The wireless VLAN function will be available when the time is arrival Expired Date Use the drop down lists to set the expired date for the wireless VALN This function will be invalid when the time is arrival Connect all WDS links with this VALN group Check this box to a...

Page 198: ...ts connecting to this router must do the following steps to access into Internet 1 Open a browser and type http www draytek vlan login htm or http vigor router s IP address login htm on the address line 2 The following screen will appear 3 Type in Login ID and Password that was configured in Wireless VLAN Setup page In this case we choose the configuration set in first group of W_VLAN City and 123...

Page 199: ...on status whenever you want 3 3 1 14 4 3 3 V VL LA AN N C Cr ro os ss s S Se et tu up p This function allows the router to integrate VLAN and W_VLAN for managing different computers notebooks See the following picture for an example With VLAN Cross Setup notebook A B and PCs on VLAN0 can share resources without difficulty ...

Page 200: ...ired VLAN To achieve the intention of the above illustration simply check the box under VLAN0 on the line of W_VLAN0 Enable Check this box to invoke VLAN Cross Setup function VLAN0 3 It represents the groups of virtual LAN connected by Ethernet interface W_VLAN0 15 It represents the groups of wireless VLAN communicated by wireless interface ...

Page 201: ...ease open VLAN menu and choose Wireless Rate Control The following page will be shown for you to adjust Enable Check this box to enable this function for Rate Control The rate control will limit the transmission rate for upload and download Upload Rate It decides the rate of data transmission for output The default setting is 300 The range must be between 100 kbps to 20 000kbps Adjust the values a...

Page 202: ...ion and default charset for FTP server At present the Vigor router can support USB diskette with versions of FAT16 and FAT32 only Therefore before connecting the USB diskette into the Vigor router please make sure the memory format for the USB diskette is FAT16 or FAT32 It is recommended for you to use FAT32 for viewing the filename completely FAT16 cannot support long filename Concurrent FTP Conn...

Page 203: ...s profile account Later the user can use the username specified in this page to login into FTP server Disable Click this button to disable such profile Username Type the username for FTP users for accessing into FTP server USB diskette Be aware that users cannot access into USB diskette in anonymity Later you can open FTP client software and type the username specified here for accessing into USB ...

Page 204: ...h profile for accessing into USB diskette must follow the rule specified here File Check the items Read Write and Delete for such profile Directory Check the items List Create and Remove for such profile Before you click OK you have to insert a USB diskette into the USB interface of the Vigor router Otherwise you cannot save the configuration 3 3 1 15 5 3 3 U US SB B D Di is sk k S St ta at tu us ...

Page 205: ...ds Once the USB diskette has been found the connection status will display Disk Connected and the web page will be shown as follows 3 3 1 16 6 S Sy ys st te em m M Ma ai in nt te en na an nc ce e For the system setup there are several items that you have to know the way of configuration Status TR 069 Administrator Password Configuration Backup Syslog Time setup Reboot System Firmware Upgrade Below...

Page 206: ... interface 1st Subnet Mask Display the subnet mask address of the LAN interface DHCP Server Display the current status of DHCP server of the LAN interface MAC Address Display the MAC address of the WAN Interface IP Address Display the IP address of the WAN interface Default Gateway Display the assigned IP address of the default gateway DNS Display the assigned IP address of the primary DNS MAC Add...

Page 207: ...t The default CPE username and password are vigor and password You will need it when you configure VigorACS server ACS Server Such data must be typed according to the ACS Auto Configuration Server you want to link Please refer to VigorACS user s manual for detailed information URL Type the URL for VigorACS server If the connected CPE needs to be authenticated please set URL as the following and ty...

Page 208: ...he router to send notification to CPE Or click Disable to close the mechanism of notification STUN Settings Disable The system will not send connection request binding message to STUN server The default setting is Disable Enable The system will send connection request binding message to STUN server Server IP Type the domain name or IP address of the STUN server Server Port Type the server port The...

Page 209: ... ra at ti io on n B Ba ac ck ku up p B Ba ac ck ku up p t th he e C Co on nf fi ig gu ur ra at ti io on n Follow the steps below to backup your configuration 1 Go to System Maintenance Configuration Backup The following windows will be popped up as shown below 2 Click Backup button to get into the following dialog Click Save button to open another dialog for saving configuration as a file 3 In Sav...

Page 210: ...le Note Backup for Certification must be done independently The Configuration Backup does not include information of Certificate R Re es st to or re e C Co on nf fi ig gu ur ra at ti io on n 1 Go to System Maintenance Configuration Backup The following windows will be popped up as shown below 2 Click Browse button to choose the correct configuration file for uploading to the router 3 Click Restore...

Page 211: ...corresponding message of firewall VPN User Access Call WAN Router DSL information to Syslog SMTP Server The IP address of the SMTP server Mail To Assign a mail address for sending mails out Return Path Assign a path for receiving the mail from outside Authentication Check this box to activate this function while using e mail application User Name Type the user name for authentication Password Type...

Page 212: ...02 3 From the Syslog screen select the router you want to monitor Be reminded that in Network Information select the network adapter used to connect to the router Otherwise you won t succeed in retrieving information from the router ...

Page 213: ...r time from the remote administrator PC host as router s system time Use Internet Time Client Select to inquire time information from Time Server on the Internet using assigned protocol Server IP Address Type the IP address of the time server Time Zone Select the time zone where the router is located Enable Daylight Saving Such function is useful for some area Automatically Update Interval Select ...

Page 214: ...rovided by the system to allow you managing the router from Internet Check the box es to specify Disable PING from the Internet Check the checkbox to reject all PING packets from the Internet For security issue this function is enabled by default Access List You could specify that the system administrator can only login from a specific host or network defined in the list A maximum of three IPs sub...

Page 215: ...default setting is public Notification Host IP Set the IP address of the host that will receive the trap community Trap Timeout The default setting is 10 seconds 3 3 1 16 6 8 8 R Re eb bo oo ot t S Sy ys st te em m The Web Configurator may be used to restart your router Click Reboot System from System Maintenance to open the following page If you want to reboot the router using the current configu...

Page 216: ...g an example Note that this example is running over Windows OS Operating System Download the newest firmware from DrayTek s web site or FTP site The DrayTek web site is www draytek com or local DrayTek s web site and FTP site is ftp draytek com Click System Maintenance Firmware Upgrade to launch the Firmware Upgrade Utility Click OK The following screen will appear Please execute the firmware upgr...

Page 217: ...iagnostics 3 3 1 17 7 1 1 D Di ia al l o ou ut t T Tr ri ig gg ge er r Click Diagnostics and click Dial out Trigger to open the web page The internet connection e g ISDN PPPoE PPPoA etc is triggered by a package sending from the source IP address Decoded Format It shows the source IP address local destination IP remote address the protocol and length of the package Refresh Click it to reload the p...

Page 218: ... reload the page 3 3 1 17 7 3 3 A AR RP P C Ca ac ch he e T Ta ab bl le e Click Diagnostics and click ARP Cache Table to view the content of the ARP Address Resolution Protocol cache held in the router The table shows a mapping between an Ethernet hardware address MAC Address and an IP address Refresh Click it to reload the page Clear Click it to clear the whole table ...

Page 219: ...s assigned by this router for specified PC MAC Address It displays the MAC address for the specified PC that DHCP assigned IP address for it Leased Time It displays the leased time of the specified PC HOST ID It displays the host ID name of the specified PC Refresh Click it to reload the page 3 3 1 17 7 5 5 N NA AT T S Se es ss si io on ns s T Ta ab bl le e Click Diagnostics and click NAT Sessions...

Page 220: ... s V VL LA AN N O On nl li in ne e S St ta at ti io on n T Ta ab bl le e Click Diagnostics and click Wireless VLAN Online Station Table to open the web page It will display the IP address MAC address and Login ID information for all the Wireless VLAN stations IP Address Display the IP address of the wireless station MAC Address Display the MAC address of the wireless station Login ID Display the l...

Page 221: ...his page displays the running procedure for the IP address monitored and refreshes the data in an interval of several seconds The IP address listed here is configured in Bandwidth Management You have to enable IP bandwidth limit and IP session limit before invoke Data Flow Monitor If not a notification dialog box will appear to remind you enabling it Click Diagnostics and click Data Flow Monitor t...

Page 222: ...sh Click this link to refresh this page manually Index Display the number of the data flow IP Address Display the IP address of the monitored device TX rate kbps Display the transmission speed of the monitored device RX rate kbps Display the receiving speed of the monitored device Sessions Display the session number that you specified in Limit Session web page Action Block can prevent specified PC...

Page 223: ...ed by the router in data transmission Speed means line speed specified in WAN General If you do not specify any rate at that page here will display Auto for instead 3 3 1 17 7 9 9 T Tr ra af ff fi ic c G Gr ra ap ph h Click Diagnostics and click Traffic Graph to pen the web page Choose WAN1 Bandwidth WAN2 Bandwidth Sessions daily or weekly for viewing different traffic graph Click Refresh to renew...

Page 224: ... axis has different meanings For WAN1 WAN2 Bandwidth chart the numbers displayed on vertical axis represent the numbers of the transmitted and received packets in the past For Sessions chart the numbers displayed on vertical axis represent the numbers of the NAT sessions during the past ...

Page 225: ...se the destination that you would like to ping IP Address Type in the IP address of the Host IP that you want to ping Run Click this button to start the ping work The result will be displayed on the screen Clear Click this link to remove the result on the window 3 3 1 17 7 1 11 1 T Tr ra ac ce e R Ro ou ut te e Click Diagnostics and click Trace Route to open the web page This page allows you to tr...

Page 226: ...e the WAN interface that you want to ping through or choose Unspecified to be determined by the router automatically Host IP Address It indicates the IP address of the host Run Click this button to start route tracing work Clear Click this link to remove the result on the window ...

Page 227: ...ch as the remote branch office and headquarter According to the network structure as shown in the below illustration you may follow the steps to create a LAN to LAN profile These two networks LANs should NOT have the same network address Settings in Router A in headquarter 1 Go to VPN and Remote Access and select Remote Access Control to enable the necessary VPN service and click OK 2 Then For usi...

Page 228: ...ttings as shown below You should enable both of VPN connections because any one of the parties may start the VPN connection 5 Set Dial Out Settings as shown below to dial to connect to Router B aggressively with the selected Dial Out method If an IPSec based service is selected you should further specify the remote peer IP Address IKE Authentication Method and IPSec Security Method for this Dial O...

Page 229: ...pression for this Dial Out connection 6 Set Dial In settings to as shown below to allow Router B dial in to build VPN connection If an IPSec based service is selected you may further specify the remote peer IP Address IKE Authentication Method and IPSec Security Method for this Dial In connection Otherwise it will apply the settings defined in IPSec General Setup above ...

Page 230: ...mote peer IP Address Username Password and VJ Compression for this Dial In connection 7 At last set the remote network IP subnet in TCP IP Network Settings so that Router A can direct the packets destined to the remote network to Router B via the VPN connection Settings in Router B in the remote office ...

Page 231: ...service such as IPSec or L2TP with IPSec Policy you have to set general settings in IPSec General Setup such as the pre shared key that both parties have known 3 Go to LAN to LAN Click on one index number to edit a profile 4 Set Common Settings as shown below You should enable both of VPN connections because any one of the parties may start the VPN connection 5 Set Dial Out Settings as shown below...

Page 232: ...ther specify the remote peer IP Address Username Password PPP Authentication and VJ Compression for this Dial Out connection 6 Set Dial In settings to as shown below to allow Router A dial in to build VPN connection If an IPSec based service is selected you may further specify the remote peer IP Address IKE Authentication Method and IPSec Security Method for this Dial In connection Otherwise it wi...

Page 233: ...urther specify the remote peer IP Address Username Password and VJ Compression for this Dial In connection 7 At last set the remote network IP subnet in TCP IP Network Settings so that Router B can direct the packets destined to the remote network to Router A via the VPN connection ...

Page 234: ...e as shown in the below illustration you may follow the steps to create a Remote User Profile and install Smart VPN Client on the remote host Settings in VPN Router in the enterprise office 1 Go to VPN and Remote Access and select Remote Access Control to enable the necessary VPN service and click OK 2 Then for using PPP based services such as PPTP L2TP you have to set general settings in PPP Gene...

Page 235: ...tion If an IPSec based service is selected you may further specify the remote peer IP Address IKE Authentication Method and IPSec Security Method for this Dial In connection Otherwise it will apply the settings defined in IPSec General Setup above If a PPP based service is selected you should further specify the remote peer IP Address Username Password and VJ Compression for this Dial In connectio...

Page 236: ... please use Network and Dial up connections or Smart VPN Client complimentary software to help you create PPTP L2TP and L2TP over IPSec tunnel You can find it in CD ROM in the package or go to www draytek com download center Install as instructed 2 After successful installation for the first time user you should click on the Step 0 Configure button Reboot the host ...

Page 237: ...authentication method If the Pre Shared Key is selected it should be consistent with the one set in VPN router If a PPP based service is selected you should further specify the remote VPN server IP address Username Password and encryption method The User Name and Password should be consistent with the one set up in the VPN router To use default gateway on remote network means that all the packets ...

Page 238: ...ti in ng g E Ex xa am mp pl le e Assume a teleworker sometimes works at home and takes care of children When working time he would use Vigor router at home to connect to the server in the headquarter office downtown via either HTTPS or VPN to check email and access internal database Meanwhile children may chat on VoIP or Skype in the restroom 1 Go to Bandwidth Management Quality of Service 2 Click...

Page 239: ...on of QoS It is suggested to set the bandwidth value for inbound outbound as 80 85 of physical network speed provided by ISP to maximize the QoS performance 4 Return to previous page Enter the Name of Index Class 1 by clicking Edit link Type the name E mail for Class 1 5 For this index the user will set reserved bandwidth e g 25 for E mail using protocol POP3 and SMTP ...

Page 240: ...erved bandwidth for HTTPS 7 Click Setup link for WAN1 8 Check Enable UDP Bandwidth Control on the bottom to prevent enormous UDP traffic of VoIP influent other application Click OK 9 If the worker has connected to the headquater using host to host VPN tunnel Please refer to Chapter 3 VPN for detail instruction he may set up an index for it Enter the ...

Page 241: ...he will set reserve bandwidth for 1 VPN tunnel 10 Click edit to open a new window 11 First check the ACT box Then click Edit of Local Address to set a worker s subnet address Click Edit of Remote Address to set headquarter s subnet address Leave other fields and click OK ...

Page 242: ...ivate IP address Subnet Mask is 192 168 1 1 255 255 255 0 The built in DHCP server is enabled so it assigns every local NATed host an IP address of 192 168 1 x starting from 192 168 1 10 You can just set the settings wrapped inside the red rectangles to fit the request of NAT usage To use another DHCP server in the network rather than the built in one of Vigor Router you have to change the setting...

Page 243: ...Vigor2910 Series User s Guide 233 You can just set the settings wrapped inside the red rectangles to fit the request of NAT usage ...

Page 244: ...org Proxy draytel org Act as outbound proxy unhecked Display Name John Account Number Name 1234 Authentication ID unchecked Password Expiry Time use default value CODEC RTP DTMF Use default value John calls David He picks up the phone and dials 1111 DialPlan Phone Number for David Settings for David DialPlan index 1 Phone Number 2222 Display Name John SIP URL 1234 draytel org SIP Accounts Settings...

Page 245: ...use default value CODEC RTP DTMF Use default value John calls David He picks up the phone and dials 1111 DialPlan Phone Number for David Or He picks up the phone and dials 4321 David s Account Name Settings for David DialPlan index 1 Phone Number 2222 Display Name John SIP URL 1234 draytel org SIP Accounts Settings Profile Name John Register via Auto SIP Port 5060 default Domain Realm draytel org ...

Page 246: ...main Realm blank Proxy blank Act as outbound proxy unchecked Display Name Arnor Account Name 1234 Authentication ID unchecked Password blank Expiry Time use default value CODEC RTP DTMF Use default value Arnor calls Paulin He picks up the phone and dials 1111 DialPlan Phone Number for Arnor Settings for Paulin DialPlan index 1 Phone Number 2222 Display Name Arnor SIP URL 1234 214 61 172 53 SIP Acc...

Page 247: ...r computer Remember the place of storing the execution file 1 Go to www draytek com 2 Access into Support Downloads Please find out Firmware menu and click it Search the model you have and click on it to download the newly update firmware for your router 3 Access into Support Downloads Please find out Utility menu and click it 4 Click on the link of Router Tools to download the file After download...

Page 248: ...Programs and choose Router Tools XXX Firmware Upgrade Utility 8 Type in your router IP usually 192 168 1 1 9 Click the button to the right side of Firmware file typing box Locate the files that you download from the company web sites You will find out two files with different extension names xxxx all keep the old custom settings and xxxx rst reset all the custom settings to default settings Choose...

Page 249: ...the firmware update is finished 4 4 7 7 R Re eq qu ue es st t a a c ce er rt ti if fi ic ca at te e f fr ro om m a a C CA A s se er rv ve er r o on n W Wi in nd do ow ws s C CA A S Se er rv ve er r 1 Go to Certificate Management and choose Local Certificate ...

Page 250: ...t Enter the information in the certificate request 3 Copy and save the X509 Local Certificate Requet as a text file and save it for later use 4 Connect to CA server via web browser Follow the instruction to submit the request Below we take a Windows 2000 CA server for example Select Request a Certificate ...

Page 251: ... file Select Router Offline request or IPSec Offline request below Then you have done the request and the server now issues you a certificate Select Base 64 encoded certificate and Download CA certificate Now you should get a certificate cer file and save it 5 Back to Vigor router go to Local Certificate Click IMPORT button and browse the file to import the certificate cer file into Vigor router W...

Page 252: ...Vigor2910 Series User s Guide 242 and you will find the below window showing BEGINE CERTIFICATE 6 You may review the detail information of the certificate by clicking View button ...

Page 253: ... ti if fi ic ca at te e a an nd d S Se et t a as s T Tr ru us st te ed d o on n W Wi in nd do ow ws s C CA A S Se er rv ve er r 1 Use web browser connecting to the CA server that you would like to retrieve its CA certificate Click Retrive the CA certificate or certificate recoring list ...

Page 254: ...ed CA Certificate Click IMPORT button and browse the file to import the certificate cer file into Vigor router When finished click refresh and you will find the below illustration 4 You may review the detail information of the certificate by clicking View button Note Before setting certificate configuration please go to System Maintenance Time and Date to reset current time of the router first ...

Page 255: ...he field of Profile Name 3 Click Edit Disable VPN Backup profile s 1 Click any one of the items from Backup profile list 2 Click Disable as current status 3 Click Edit 4 The selected profile will be disabled 5 To check if the profile has been disabled or not open LAN to LAN The name with red color means it has joined VPN Backup profile the name with black color means it does not join VPN Backup pr...

Page 256: ...gures Dial in call direction and Idle Timeout will be dimmish and cannot be used All the items in Allowed Dial in Type will be dimmish and cannot be used My WAN IP and Remote Gateway IP will be dimmish and cannot be used In addition after configuring VPN Backup profile s the Connection Management in VPN and Remote Access will be changed Before adding a new VPN Backup profile the webpage will be sh...

Page 257: ... Examples for VPN Backup Profile Here provides two situations that you can take advantages of VPN Backup profile mechanism Example 1 A VPN Backup profile with member 1 IPSec type and Member 2 L2TP over IPSec has been created for Router A for connecting with Router B In general Router A connects to Router B through Member 1 VPN tunnel with IPSec type ...

Page 258: ...rmation to headquarter in Europe The Vigor router can build another backup VPN tunnel to subsidiary in America through LAN to LAN and the VPN server in the subsidiary in American can build Routing RIP When the VPN tunnel is off line the subsidiary in Asia can send the data that should be transmit to headerquarter in Europe to the subsidiary in America then the subsidiary in America transmit the da...

Page 259: ...rrent ERD setting vpn Trunk backup ERD VpnBackup name of Trunk profile 2 None Mode Default Setting Such mode makes all of the dial out VPN Backup profiles being activated alternately Request Background Some of users think if VPN tunnel connected again it is Environment Recovery Detection For such users use None mode To set ERD None mode vpn Trunk backup ERD VpnBackup None 3 Resume Mode When VPN co...

Page 260: ... value for second to specify valid time for sending data out When set value for second with 0 VPN tunnel that does not join Member1 will try to connect with VPN server of Member1 for every six seconds Once the connection is successful current transmitting data mail video conference or other will be dropped immediately When set value for second with 1 4294967295 The administrator can try to connect...

Page 261: ...I If f t th he e H Ha ar rd dw wa ar re e S St ta at tu us s I Is s O OK K o or r N No ot t Follow the steps below to verify the hardware status 1 Check the power line and WLAN LAN cable connections Refer to 1 3 Hardware Installation for details 2 Turn on the router Make sure the ACT LED blink once per second and the correspondent LAN LED is bright 3 If not it means that there is something wrong w...

Page 262: ...o the examples for other operation systems please refer to the similar steps or find support notes in www draytek com 1 Go to Control Panel and then double click on Network Connections 2 Right click on Local Area Connection and click on Properties 3 Select Internet Protocol TCP IP and then click Properties ...

Page 263: ...matically and Obtain DNS server address automatically F Fo or r M Ma ac cO Os s 1 Double click on the current used MacOs on the desktop 2 Open the Application folder and get into Network 3 On the Network screen select Using DHCP from the drop down list of Configure IPv4 ...

Page 264: ...outer correctly F Fo or r W Wi in nd do ow ws s 1 Open the Command Prompt window from Start menu Run 2 Type command for Windows 95 98 ME or cmd for Windows NT 2000 XP Vista The DOS command dialog will appear 3 Type ping 192 168 1 1 and press Enter If the link is OK the line of Reply from 192 168 1 1 bytes 32 time 1ms TTL 255 will appear 4 If the line does not appear please check the IP address set...

Page 265: ...Vigor2910 Series User s Guide 255 ...

Page 266: ...ngs are set correctly F Fo or r P PP PP Po oE E U Us se er rs s 1 Check if the Enable option is selected 2 Check if Username and Password are entered with correct values that you got from your ISP F Fo or r S St ta at ti ic c D Dy yn na am mi ic c I IP P U Us se er rs s 1 Check if the Enable option is selected 2 Check if IP address Subnet Mask and Gateway are entered with correct values that you g...

Page 267: ...tion of USB Modem is successful If the USB LED does not light on please remove and reinsert the modem again If it still fails restart Vigor2910 U US SB B L LE ED D l li ig gh ht ts s o on n b bu ut t t th he e n ne et tw wo or rk k c co on nn ne ec ct ti io on n d do oe es s n no ot t w wo or rk k Check the PIN Code of SIM card is disabled or not Please use the utility of 3G USB Modem to disable P...

Page 268: ...to or ry y D De ef fa au ul lt t S Se et tt ti in ng g I If f N Ne ec ce es ss sa ar ry y Sometimes a wrong connection can be improved by returning to the default settings Try to reset the router by software or hardware Warning After pressing factory default setting you will loose all settings you did before Make sure you have recorded all useful settings before you pressing The password of factor...

Page 269: ... Then the router will restart with the default configuration After restore the factory default setting you can configure the settings for the router again to fit your personal request 5 5 7 7 C Co on nt ta ac ct ti in ng g Y Yo ou ur r D De ea al le er r If the router still cannot work correctly after trying many efforts please contact your dealer for further help right away For any questions plea...

Reviews:

No comments

Related manuals for Vigor2910 Series

2N OfficeRoute Quick Manual preview
OfficeRoute
Brand: 2N Pages: 11
2N stargate How To Set preview
stargate
Brand: 2N Pages: 5
2N Telekomunikace EasyGate IP Brief Manual preview
EasyGate IP
Brand: 2N Telekomunikace Pages: 24
8e6 Technologies Enterprise Filter Authentication R3000 Quick Start Manual preview
Enterprise Filter Authentication R3000
Brand: 8e6 Technologies Pages: 66
Keithley 7707 User Manual preview
7707
Brand: Keithley Pages: 59
Variscite VAR-EXT-CB105 Datasheet preview
VAR-EXT-CB105
Brand: Variscite Pages: 18
UfiSpace S9700-23D Hardware Installation Manual preview
S9700-23D
Brand: UfiSpace Pages: 32
B&B Electronics EIP308 Product Information preview
EIP308
Brand: B&B Electronics Pages: 2
Network Critical SmartNA-X User Manual preview
SmartNA-X
Brand: Network Critical Pages: 200
Quidway S3000-EI Series Operation Manual preview
S3000-EI Series
Brand: Quidway Pages: 16
iNetVu Tachyon CI1300 Quick Start Manual preview
Tachyon CI1300
Brand: iNetVu Pages: 20
Planet VC-820M Quick Installation Manual preview
VC-820M
Brand: Planet Pages: 2
Atlantis WebShare 141 WN Quick Start Manual preview
WebShare 141 WN
Brand: Atlantis Pages: 78
ADTRAN 1181413L2 Installation And Maintenance Manual preview
1181413L2
Brand: ADTRAN Pages: 100
Radionics D6600 NetCom System Manual preview
D6600 NetCom
Brand: Radionics Pages: 100
Planet Networking & Communication VRT-311 User Manual preview
VRT-311
Brand: Planet Networking & Communication Pages: 147
Datacom DM4610 Installation Manual preview
DM4610
Brand: Datacom Pages: 45
Cambium Networks ePMP Elevate Quick Start Manual preview
ePMP Elevate
Brand: Cambium Networks Pages: 7

Brands by name

Popular brands

Load more brands