Draytek Vigor 2200V Скачать руководство пользователя страница 103 | Manualshive

Страница: 103 / 143

Draytek Vigor 2200V Скачать руководство пользователя страница 103

VPN and Remote Access Setup

8-16

IKE phase 1 mode:

Main mode and Aggressive mode. Most

VPN servers support Main mode and Aggressive mode is a
more recent implementation to speed up the negotiation
process, but may incur less security. The default is Main
mode for consideration of greatest compatibility.

IKE phase 1 proposal:

Then the router will query the

remote VPN server if it supports the designated algorithm.
There are two options of query for Aggressive mode and nine
options for Main mode. We suggest to select the latest one,
“DES_MD5_G1/DES_SHA1_G1/3DES_MD5_G1/3DES_MD
5_G2”, for Main mode.

IKE phase 1 key lifetime

: For the greater security, the router

should limit the key lifetime. The default key lifetime is 28800
seconds. We suggest you specify a value in between 900 and
86400 seconds.

IKE phase 2 key lifetime

: For the greater security, the router

should limit the key lifetime. The default key lifetime is 3600
seconds. We suggest you specify a value in between 600 and
86400 seconds.

Perfect Forward Secret

: If this function enabled, the function

the Phase 1 key will be reused to reduce the computation
complexity in phase 2. Otherwise, a new key will be generated
for phase 2 key. The default of this option is inactive.

Local ID

: This function is used in Aggressive mode. It

is on behalf of the IP address to perform identity

«
...
101
102
103
104
105
...
»

Содержание Vigor 2200V

Страница 1: ......

Страница 2: ... facilities provide deployment of linked branch offices and teleworkers Built in VoIP facilities enable to deploy cost effective IP telephone infrastructure Plug in a telephone to use your broadband line for regular phone calls Integration with your existing phone line POTS with automatic failover during power cuts QoS assured priority for VoIP Internet traffic 802 11g Compliant Wireless LAN acces...

Страница 3: ... environment The Vigor2200VG s VoIP facilities can provide a cost saving alternative to having an additional fixed line By using the DrayTEL PSTN gateway ITSP you can also make calls to any regular phone line too including mobiles as well as receive calls from anyone the call is carried to your phone via your internet connection so your regular phone line remains free for other people or calls The...

Страница 4: ...lashes to indicate E mail is waiting on your mail server POP3 LAN 4 port 10 100M Base TX Ethernet switch DHCP server for IP assignment up to 253 users DNS cache and proxy Virtual Private Network VPN Supports VPN pass through Up to 8 simultaneous VPN tunnels Dial in or dial out LAN to LAN or Teleworker to LAN Protocol support for PPTP IPSec L2TP L2TP over IPSec Encryption support for AES MPPE and h...

Страница 5: ...iv Preamble of DrayTek Vigor2200V series All Rights Reserved Hardware Connection ...

Страница 6: ...n contained in this document is subject to change without notice Should you have any inquiries please feel free to contact our support via E mail Fax or phone For the latest product information and features please visit our website at www draytek com We apply the sunshine smile face of VigorBoy to some chapters in order to remind you of your special attention Should you have any queries and sugges...

Страница 7: ...d transcribed stored in a retrieval system or translated into any language without written permission from the copyright holders Trademark Microsoft is a registered trademark of Microsoft Corp Windows and Windows 95 98 98SE Me NT XP 2000 are trademarks of Microsoft Corp Other trademarks and registered trademarks of products mentioned in this manual may be the properties of their respective owners ...

Страница 8: ...t charge for either parts or labor to whatever extent we deem necessary to restore the product to proper operating condition Any replacement will consist of a new or remanufactured functionally equivalent product of equal value and will be offered solely at our discretion This warranty will not apply if the product is modified misused tampered with damaged by an act of God or subjected to abnormal...

Страница 9: ...v Be a Registered Owner Online web registration at www draytek com is preferred Alternatively fill in the registration card and mail it to the address found on the reverse side of the card Registered owners will receive future product and update information ...

Страница 10: ... the router yourself Do not place the router in a damp or humid place e g a bathroom The router should be used in a sheltered area within a temperature range from 5 to 40 Celsius Do not expose the router to direct sunlight or other heat sources The housing and electronic components may be damaged by direct sunlight or heat sources Keep the package out of reach of children When you would like to di...

Страница 11: ...th the following essential requirements and other relevant provisions of R TTE Directive 1999 5 EEC The product conforms to the requirements of Electro Magnetic Compatibility EMC Directive 89 336 EEC by complying with the requirements set forth in EN55022 Class B and EN55024 Class B The product conforms to the requirements of Low Voltage LVD Directive 73 23 EEC by complying with the requirements s...

Страница 12: ...is equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instructions may cause harmful interference to radio communications However there is not guarantee that interference will not occur in a particular installation If this equipment does cause harmful interference to radio or television reception which can be determined by turning t...

Страница 13: ...ur customer support Product model and serial number Warranty information Date that you received your router Brief description of your problem Steps that you may take to solve it and their associated SysLog messages The information of customer support and sales representatives are support draytek com and sales draytek com respectively ...

Страница 14: ...ystem status 2 2 2 2 2 LAN status 2 2 2 2 3 WAN status 2 2 CHAPTER 3 Internet Access Setup 3 1 Introduction 3 1 3 2 Settings 3 2 3 2 1 Using PPPoE with DSL Modem 3 3 3 2 2 Using a Static IP with a DSL Cable Modem 3 4 3 2 3 Using a Dynamic IP DHCP Client with a DSL CAble Modem 3 7 3 2 4 Using PPTP with a DSL Modem 3 8 CHAPTER 4 LAN Setup 4 1 Introduction 4 1 4 2 Settings 4 1 4 2 1 LAN TCP IP and DH...

Страница 15: ... 1 6 2 Settings 6 2 6 2 1 General Setup 6 6 6 2 2 Filter Setup 6 8 6 2 3 DoS Denial of Service Defense 6 13 6 2 4 URL Content Filter 6 19 CHAPTER 7 Application Setup 7 1 Introduction 7 1 7 2 Settings 7 2 7 2 1 Dynamic DNS 7 3 7 2 2 Call Schedule 7 5 7 2 3 UPnP 7 10 CHAPTER 8 VPN and Remote Access Setup 8 1 Introduction 8 1 8 2 Settings 8 2 8 2 1 Remote Access Control 8 3 8 2 2 PPP General Setup 8 ...

Страница 16: ...P Related Function 9 2 9 2 3 CODEC RTP DTMF 9 2 9 2 4 Voice Call Status 9 2 9 2 5 QoS 9 2 CHAPTER 10 Wireless Setup 10 1 Introduction 10 1 10 2 Settings 10 2 10 2 1 General Settings 10 2 10 2 2 Seurity 10 3 10 2 3 Access Control 10 6 10 2 4 Station List 10 7 CHAPTER 11 System Maintenance Setup 11 1 Introduction 11 1 11 2 Settings 11 2 11 2 1 System Status 11 2 11 2 2 Configuration Backup 11 3 11 2...

Страница 17: ...Vigor2200V VG Series of Residential Broadband Routers xii CHAPTER 12 Diagnostic Setup 12 1 Introduction 12 1 12 2 Settings 12 1 12 2 1 PPPoE PPTP Diagnostics 12 1 12 2 2 ARP Cashe Table 12 2 ...

Страница 18: ...Start Wizard via Web Configurator 1 2 Configure Your Router via Quick Start Wizard Step 1 Open the web browser on a PC which is connected to the router and then link to the gateway IP address of the router the default setting is 192 168 1 1 Once your link http 192 168 1 1 is successful a pop up window will open to ask for username and password Leave the default null value and press OK to continue ...

Страница 19: ...1 2 Step 2 The Main Menu will pop out after completing previous step Step 3 Now Quick Start Wizard is switched on Enter login password Then click Next to continue Step 4 Select the appropriate TIME ZONE for your location ...

Страница 20: ... ISP In terms of several Internet connection type please follow procedures as below PPPoE users Enter your user name and password provided by your ISP Dial on Demand The router will ONLY connect to your ISP on demand By on demand it means when any LAN user attempt to send data onto the ...

Страница 21: ...name and password provided by your ISP Obtain an IP address automatically Set the WAN interface as a DHCP client that will ask for the IP network settings from the DHCP server or PPTP enabled DSL modem Specify an IP address If you are not sure whether there are any DHCP services on the WAN interface you can manually assign an IP address to the interface Note that the IP Address and Subnet Mask sho...

Страница 22: ... by your ISP e g 255 255 255 0 Gateway IP Address an IP address forwards Internet traffic from your local area network LAN e g 172 16 2 5 DNS Server IP address you must specify DNS server IP address here if your ISP has the said address If you do not specify it the router will automatically apply default DNS Server IP address 194 109 6 66 to this field DHCP Some Cable ISPs require user to provide ...

Страница 23: ...t for better talking hearing enjoyment To achieve that you will always have the required inbound and outbound bandwidth that is prioritized exclusively for Voice traffic over Internet Your data will arrive a little bit later in a tolerable manner On the bottom of Web Configurator window you can find messages showing the system interaction with you Ready indicates the system is ready for you to inp...

Страница 24: ... router LAN and WAN interface Also you could use the status page to know the Internet access status 2 2 Settings Click Online Status to open the Online Status page Here in we use an example to explain the Online Status In the example as shown in the following picture the router is working on Dynamic IP mode to access the Internet ...

Страница 25: ...pecify it the router will automatically apply default DNS Server IP address 194 109 6 66 to this field Secondary DNS You must specify secondary DNS server IP address here if your ISP has the said address If you do not specify it the router will automatically apply default secondary DNS Server IP address 194 98 0 1 to this field 2 2 3 WAN Status Mode Indicate which broadband access mode is active D...

Страница 26: ...ion session RX Rate Reception rate in characters per second cps for incoming data Up Time Connection time The format is HH MM SS where HH MM and SS indicate hours minutes and seconds respectively Drop Dial PPPoE or PPTP Click the link to dial or disconnect the PPPoE or PPTP connection ...

Страница 27: ...ters print server and PCs needs an IP address to identify its location on the network The PPPoE Dynamic Static IP and PPTP are three major ways of assigning IP addresses for the Internet to your router Setup screen and available features differ relying on what kind of connection type your ISP offers The router supports the Ethernet WAN interface for Internet access The following sections will expl...

Страница 28: ...ers can share one PPPoE connection to access the Internet Static IP It means a fixed or permanent IP address Choose Static IP if your ISP provides you with a permanent IP address Dynamic IP It means that Obtain an IP automatically In most circumstances the cable modem that you are connecting shall obtain a dynamic IP address from the ISP PPTP Some DSL based ISPs use PPTP Point to Point Tunneling P...

Страница 29: ...sing PPPoE with a DSL modem Click Internet Access Setup PPPoE to enter the setup page PPPoE Setup PPPoE Link Check Enable to enable the PPPoE client protocol on the WAN interface Please remember to remove PPPoE applications which are already installed on your PCs if you need to enable PPPoE and you are DSL users ISP Access Setup ISP Name Enter the service name if provided by your ISP ...

Страница 30: ...he default is 180 seconds If you set the time to 0 the PPP session will not terminate itself IP Address Assignment Method IPCP Fixed IP Check No Dynamic IP unless your ISP has provided you with a static IP address Fixed IP Address If your ISP has provided you with a static IP address enter it here Click OK 3 2 2 Using a Static IP with a DSL Cable Modem You can receive a fixed public IP address or ...

Страница 31: ...cess Select Enable to turn on the broadband access capability Keep WAN Connection Enable PING to keep alive If you specify Enable PING to keep alive function the router will periodically check your Internet connection The router will automatically re establish the connection if the connection is down Normally this function is used for Dynamic IP environment Here will ignore the settings WAN IP Net...

Страница 32: ...etwork LAN e g 172 16 2 5 DNS Server IP address You must specify a DNS server IP address here because your ISP will at least provide you with at least one DNS Server IP address If you do not specify it the router will automatically apply default DNS Server IP address 194 109 6 66 to this field The Domain Name System DNS functions how the Internet translates domain or website names into Internet ad...

Страница 33: ...Dynamic IP DHCP Client with a DSL Cable Modem This application is mostly used by Cable ISPs Click Internet Access Setup Static or Dynamic IP to enter the setup page Access Control Broadband Access Select Enable to turn on the broadband access ...

Страница 34: ...his name for access authentication Domain Name Depending on your Cable ISP this field may or may not be left blank Default MAC Address Specify a MAC Address These two options are mutually exclusive Some Cable ISPs use a specific MAC address for access authentication In such cases you need to check the Specify a MAC Address box and enter the MAC address in the MAC Address fields Click OK and restar...

Страница 35: ...ess Specify the IP address of the PPTP enabled DSL modem Refer to the user manual of the PPTP enabled DSL modem ISP Access Setup ISP Name Enter the service name if provided by your ISP Username Password Enter the username and password supplied by your ISP Scheduler 1 15 Enter the index of schedule profile to control the Internet access by time plan PPP MP Setup ...

Страница 36: ... Method IPCP Fixed IP Check No Dynamic IP unless your ISP has provided you with a static IP address Fixed IP Address If your ISP has provided you with a fixed IP address enter it here WAN IP Network Settings Obtain an IP address automatically Set the WAN interface as a DHCP client that will ask for the IP network settings from the DHCP server or PPTP enabled DSL modem Specify an IP address If you ...

Страница 37: ... LAN to open the LAN settings page 4 2 1 LAN TCP IP and DHCP LAN IP Network Configuration The IP address subnet mask is for grouping users on your LAN For example you can let the computer of your kids be connected together with your own computer to share the broadband access and to share files For NAT Usage Default Always Enable ...

Страница 38: ...P Default 255 255 255 0 24 DHCP Server Configuration DHCP stands for Dynamic Host Configuration Protocol The router by factory default acts a DHCP server for your network The router can hence automatically dispatch related IP settings to any local user configured as a DHCP client It is highly recommended that you leave the router enabled as a DHCP server if you do not have a DHCP server for your n...

Страница 39: ...e gateway IP address for the DHCP server Usually it should be the same as the said IP address when the router works as a default gateway Start IP Address Set the start IP address of the IP address pool DNS Server IP Address Default None DNS stands for Domain Name System Every Internet host must have an unique IP address also they may have a human friendly easy to remember name such as www yahoo co...

Страница 40: ...S Server IP address 194 98 0 1 to this field The default DNS Server IP address can be found via Online Status If both the Primary IP and Secondary IP Address fields are left empty the router will assign its own IP address to local users as a DNS proxy server and maintain a DNS cache If the IP address of a domain name is already in the DNS cache the router will resolve the domain name immediately O...

Страница 41: ... IP addresses of important machines from potential hackers on the Internet For convenience we called a router having the NAT facility as a NAT enabled router Usually you will use your Vigor router as a NAT enabled router The NAT enabled router gets one globally re routable IP address from the ISP and assigns private network IP addresses defined by RFC 1918 to local hosts The NAT enable router tran...

Страница 42: ...ge of ports DMZ host This opens up a single host completely All incoming packets will be forwarded to the host with the local IP address you designated The only exception is packets received in response to outgoing requests from other local computers or incoming packets that match rules in the other two methods It should be noticed that while you are using combinations of these three systems there...

Страница 43: ... to different services such as http smtp ftp etc External users i e people elsewhere on the Internet can then access your web server via your public IP address Even if your public IP address is a dynamic IP address you can apply the Dynamic DNS service to obtain an online WAN IP address such as hostnmae dyndns org where is able to be mapped to your current dynamic IP address Any external user can ...

Страница 44: ... Port Specify the private port number of the service offered by the internal host Active Check here to activate the port mapping entry Because the router has its own built in web server for the configuration if you want to access to the web configurator remotely and to a web server behind the router you need to change the router s http port to something other than the default port 80 You shall cha...

Страница 45: ...irewall type security initially deployed by the NAT facility 5 2 2 DMZ Host Setup The Port Redirection can direct UDP TCP traffic on particular ports to specified internal clients on the LAN However other IP protocols for example Protocols 50 ESP and 51 AH do not have port numbers so you can not decide which local client to forward the data to Vigor router has a facility called DMZ host which you ...

Страница 46: ...Netmeeting or Internet Games etc Each item in the setup page is described below Enable Check to enable the DMZ Host function Private IP Enter the private IP address of the DMZ host Choose PC Click this button and then a window will automatically pop up as depicted below The window consists of a list of private IP addresses of all hosts in your LAN network Select one private IP address in the list ...

Страница 47: ...network service Local IP Address Display the private IP address of the local host offering the service Status Display the state for the corresponding entry We use X or V to represent the Inactive or Active state As stated above after you click one index number say index No 1 in the above figure you will see the following setup page for the entry with index No 1 Further each entry local host can sp...

Страница 48: ...rivate IP addresses of local hosts will automatically pop up Select one appropriate IP address of the local host in the list Protocol Specify the transport layer protocol It could be TCP UDP or NONE for selection Start Port Specify the starting port number of the service offered by the local host End Port Specify the ending port number of the service offered by the local host 5 2 4 Well known Port...

Страница 49: ...NAT Setup 5 9 ...

Страница 50: ...ur local network against attack from unauthorized outsiders It also provides a way of restricting users on the local network from accessing the Internet Additionally it can filter out specific packets to trigger the router to place an outgoing connection Basic security is that you are recommended to set user name and password to your router when you install your router The administrator login will...

Страница 51: ...tection by means of following firewall facilities IP Filter Stateful Packet Inspection tracks packets and denies unsolicited incoming data Selectable DoS DDoS protection User configurable packet filter When you would like to activate SPI Stateful Packet Inspection please follow the path Firewall Edit Filter Rule Keep State 6 2 Settings Click Firewall Setup to open the setup page ...

Страница 52: ... allowed to pass through the router when the WAN connection has been established Conceptually when an outgoing packet is to be routed to the WAN the IP Filter will decide if the packet should be forwarded to the Call Filter or Data Filter If the WAN link is down the packet will enter the Call Filter If the packet is not allowed to trigger router dialing it will be dropped Otherwise it will initiat...

Страница 53: ...e General Setup and Filter Setup The Vigor router provides 12 filter sets with 7 filter rules for each set As a result there are a total of 84 filter rules for the Filter Setup By default the Call Filter rules are defined in Filter Set 1 and the Data Filter rules are defined in Filter Set 2 ...

Страница 54: ...Any packet that may paralyze the host in the security zone is blocked and a syslog message is sent to the client Also the DoS Defense Engine monitors the traffic behavior Any odd situation violating the administrator s configuration is reported and the corresponding defense function is performed in order to mitigate the attack The DoS DDoS defense function can detect and protect the following atta...

Страница 55: ...ntent filtering facilities are also used by businesses to prevent employees from accessing Internet resources that are either not work related or otherwise deemed inappropriate The name of the URL content filtering comes from checking the content of the URL strings Traditional firewall inspects packets based on the fields of TCP IP headers while the URL content filtering checks the URL strings or ...

Страница 56: ...Incoming Fragmented UDP Packets You can enable Accept Incoming fragmented UDP Packet function to accept these kinds of packets Then you can play these kinds of on line games If you take security concern as high priority you shall disable Accept Incoming Fragmented UDP Packets Call Filter Check Enable to activate the Call Filter function Assign a start filter set for the Call Filter Data Filter Che...

Страница 57: ...tched The filter log will be displayed on the Telnet terminal when you type the log f command MAC Address for Packet Duplication Logged packets may also be logged to another location via Ethernet If you want to duplicate logged packets from the router to another network device you must enter the other devices MAC Address HEX Format Type 0 to disable the feature The feature will be helpful under Et...

Страница 58: ...isable the filter rule Next Filter Set Specifies the next filter set to be linked behind the current filter set The filters cannot be looped Editing Filter Rules Click the Filter Rule index button to enter the Filter Rule setup page for each filter The following explains each configurable item in detail Comments Enter filter set comments description Maximum length is 14 characters ...

Страница 59: ...rules will be dropped Pass If No Further Match A packet matching the rule and that does not match further rules will be passed through Branch to other Filter Set If the packet matches the filter rule the next filter rule will branch to the specified filter set Duplicate to LAN If you want to log the matched packets to another network device check this box to enable it The MAC Address of the specif...

Страница 60: ...applied to that IP address It is equal to the logical NOT operator Subnet Mask Specify the Subnet Mask for the IP Address column for this filter rule to apply to Operator The operator column specifies the port number settings If the Start Port is empty the Start Port and the End Port column will be ignored The filter rule will filter out any port number If the End Port is empty the filter rule wil...

Страница 61: ...ecify a fragmented packets action Don t care Specify no fragment options in the filter rule Unfragmented Apply the rule to unfragmented packets Fragmented Apply the rule to fragmented packets Too Short Apply the rule only to packets which are too short to contain a complete header An Example of Restricting Unauthorized Internet Services This section will show a simple example to restrict someone f...

Страница 62: ... It is a sub functionality of IP Filter Firewall There are a total of 15 kinds of defense function for the DoS Defense Setup By default the DoS Defense functionality is disabled Further once the DoS Defense functionality is enabled the default values for the threshold and timeout values existing in some functions are set to 300 packets per second and 10 seconds respectively A brief description for...

Страница 63: ...andomly the sequent TCP SYN packets in the user defined timeout period The main goal is to protect the Vigor router against the TCP SYN packets that intend to use up the router s limited resource By default the threshold and timeout values are set to 300 packets per second and 10 seconds respectively Enable UDP defense Click the checkbox to activate the UDP flood defense function Once the UDP pack...

Страница 64: ...ort will respond To examine such exploration behavior please click the checkbox to activate the Port Scan detection function in your Vigor router The Vigor router will identify it and report a warning message if the port scanning rate in packets per second exceeds the user defined threshold value By default the Vigor router sets the threshold as 300 packets per second to detect such a scanning act...

Страница 65: ...ess Block Block trace router Click the checkbox to activate this function The Vigor router will not forward any trace route packets Block SYN fragment Click the checkbox to activate the Block SYN fragment function Any packets having SYN flag and more fragment bit set will be dropped Block Fraggle Attack Click the checkbox to activate the Block fraggle Attack function Any broadcast UDP packets rece...

Страница 66: ... to activate the Block Ping of Death function This attack involves the perpetrator sending overlapping packets to the target hosts so that those target hosts will hang once they re construct the packets Any packets realizing this attacking activity will be blocked by the Vigor routers Block ICMP Fragment Click the checkbox to activate the Block ICMP fragment function Any ICMP packets with more fra...

Страница 67: ...og client in the Syslog Setup by using Web Configurator Thus the administrator can look at the warning messages from DoS Defense functionality through the DrayTek Sylsog daemon The format for this kind of the warning messages is similar to those in IP Filter Firewall except for the preamble keyword DoS followed by a name to indicate what kind of attacks is detected ...

Страница 68: ...so any request that tries to retrieve the malicious code will be discarded by the Vigor router Similarly a syslog message will be sent to the syslog client The URL content filtering facility prevents users from accessing inappropriate websites whose URL strings are identified as prohibition you must clear your browser cache first so that the URL content filtering facility operates properly on a we...

Страница 69: ...ng Multiple keywords within a frame are separated by space comma or semicolon In addition the maximal length of each frame is 32 characters After specifying keywords the Vigor router will reject the access right of any website whose whole or partial URL string matched any user defined keyword It should be noticed that the more simplified the blocking keyword list the more efficiently the Vigor rou...

Страница 70: ...ection because this website is prohibited Further the URL content filtering facility also allows you to specify either a complete URL string e g www whitehouse com and www hotmail com or a partial URL string e g yahoo com in the blocking keyword list Prevent Web Access by IP Address One checkbox is available to activate this function that will deny any web surfing activity by directly using IP add...

Страница 71: ... be refused Compressed file One checkbox appears giving the choice to activate the Block Compressed file function to prevent someone from downloading any compressed file The following list shows the types of compressed files that can be blocked by the Vigor router zip rar arj ace cab sit To enable it click on the empty box image and subsequently the hook image will appear Executable file Similar t...

Страница 72: ...function to reject any proxy transmission To enable it click on the empty box image and subsequently the hook image will appear To control efficiently the limited bandwidth usage it will be of great value to provide the blocking mechanism that filters out the multimedia files downloading from web pages To enable it click on the empty box image and subsequently the hook image will appear Accordingl...

Страница 73: ...k Specify which days in one week should apply the URL content filtering facility The Vigor router supports two exclusive options for users i e everyday or some days in one week If you expect that the URL content filtering facility is active for whole week you should click the checkbox Everyday Otherwise you should point clearly out the days in one week For example if you want the URL content filte...

Страница 74: ...igure Also the warning message will be automatically sent to the syslog client after you enable the syslog function The administrator can setup the syslog client in the Syslog Setup by using Web Configurator Thus the administrator can view the warning messages from the URL Content Filtering functionality through the DrayTek Sylsog daemon The format for this kind of the warning messages is similar ...

Страница 75: ...Firewall Setup 6 26 ...

Страница 76: ... function allows the router to update its online WAN IP address which assigned by ISP to the specified Dynamic DNS server Once the router is online you will be able to use the registered domain name to access the router or internal virtual servers from the Internet Call Schedule facility is used to control the router s dialer or connection manager what time should be up or down according to the pr...

Страница 77: ...he router is NAT Traversal This enables applications inside the firewall to automatically open the ports that they need to pass through a router It is more reliable than requiring a router to work out by itself which ports need to be opened Further the user does not have to manually set up port mappings or a DMZ UPnP is available on Windows XP and the router provides the associated support for MSN...

Страница 78: ... Enable the Function and Add a Dynamic DNS Account 1 Assume you have a registered domain name from the DDNS provider say hostname dyndns org and an account with username test and password test 2 In the DDNS setup menu Check Enable Dynamic DNS Setup and Index number 1 to add an account for the router And now you will see the following web page 3 Check Enable Dynamic DNS Account and choose correct S...

Страница 79: ...s In the DDNS setup menu uncheck Enable Dynamic DNS Setup and push Clear All button to disable the function and clear all accounts from the router Delete a Dynamic DNS Account In the DDNS setup menu Click the Index number you want to delete and then push Clear All button to delete the account Validation and Troubleshooting Ping the Registered Domain Name 1 After router is online use PING utility t...

Страница 80: ... what the current WAN IP address is You will see the IP address in the circle which is the same as the Return Code in the DDNS logs This indicates that the update is successful 7 2 2 Call Schedule On the Time Setup menu if you press Inquire Time button the router s clock will be set to current time of your PC The clock will reset if you power down or reset the router so you may prefer to use an NT...

Страница 81: ...hey will not trigger calls themselves You can have up to 15 entries of different schedules and you must then apply the required schedule s to the appropriate ISP by entering the schedule number into the ISP setup Click Clear All button to remove all schedules in the router ...

Страница 82: ...descriptions for each setting are Enable Schedule Setup Check to enable the schedule Start Date yyyy mm dd Specify the starting date of the schedule Start Time hh mm Specify the starting time of the schedule Duration Time hh mm Specify the duration or period for the schedule Action Specify which action should be applied by Call Schedule during the time period of the schedule Force On Force the con...

Страница 83: ... duration or period for the schedule How often Specify how often the schedule will be applied Once The schedule will be applied just once Weekdays Specify which days in one week should perform the schedule 3 Specify appropriate time duration and action to the profile and then click OK button to apply 4 Specify the call schedule to specific Internet access profile or LAN to LAN profile An Example I...

Страница 84: ... 00 for whole week 3 Configure the Force Down from 18 00 to next day 9 00 for whole week 4 Assign these two profiles to the PPPoE Internet access profile Now the PPPoE Internet connection will follow the schedule order to perform Force On or Force Down action according to the time plan which has been pre defined in the schedule profiles ...

Страница 85: ...UPNP Service Accordingly you can enable either the Connection Control Service or Connection Status Service Click the IP Broadband Connection on DrayTek Router on Windows XP Network Connections as shown below The connection status and control status will be able to be activated The NAT Traversal of UPnP ...

Страница 86: ...hots below show examples of this facility The UPnP facility on the router enables UPnP aware applications such as MSN Messenger to discover what are behind a NAT router learn the external IP address and configure port mappings on the router Subsequently such a facility forwards packets from the external ports of the router to the internal ports used by the application ...

Страница 87: ...your network may incur some security threats You should consider carefully these risks before activating the UPnP function 1 Some Microsoft operating systems have found out the UPnP weaknesses and hence you need to ensure that you have applied the latest service packs and patches 2 Non privileged users can control some router functions including removing and adding port mappings 3 The UPnP functio...

Страница 88: ...de a NAT router or a single user computer to dial into a VPN router through the Internet to access the network resources of the remote network The LAN to LAN Access facility provides a solution to connect two independent LANs for mutual sharing of network resources For example the head office network can access the branch office network and vice versa The VPN technology employed in the Vigor route...

Страница 89: ...cluding remote dial in and LAN to LAN access PPP General Setup To configure your router s PPP authentication method as well as IP assignment range for remote dial in user This submenu only applies to PPP related VPN connections such as PPTP L2TP L2TP over IPSec and ISDN based remote access IKE IPSec General Setup To configure a common Pre shared key and security method for remote dial in user or n...

Страница 90: ...PN tunnels including remote dial in users 8 2 1 Remote Access Control Assume you have a registered domain name from the DDNS provider As depicted in the following picture click the appropriate checkbox to enable the VPN service type that you want to provide If you intend to run a VPN server inside your LAN you should disable the appropriate protocol to allow pass through as well as the appropriate...

Страница 91: ... MPPE This option represents that the MPPE encryption method will be optionally employed in the router for the remote dial in user If the remote dial in user does not support the MPPE encryption algorithm the router will transmit no MPPE encrypted packets Require MPPE 40 120bi ts Selecting this option will force the router to encrypt packets by using the MPPE encryption algorithm In addition the r...

Страница 92: ...pecify the Username and Password for communication purpose Username Specify the username for the purpose of the Mutual Authentication Password Specify the password for the purpose of the Mutual Authentication IP Address Assignment for Dial In Users Start IP Address Enter a start IP address for the dial in PPP connection You should choose an IP address from the local private network For example if ...

Страница 93: ...d but not be encrypted By default this option is active High ESP Data will be encrypted and authenticated Herein we support DES 3DES and AES encryption methods By default these methods are available to support 8 2 4 Remote User Profiles Teleworkers After completing the general setup you must create an access account for each remote dial in user The router provides 32 access accounts for dial in us...

Страница 94: ...all dial in user accounts User Display the username for the specific dial in user of the LAN to LAN profile The symbol represents that the profile is empty Status Display the access state of the specific dial in user The symbol V and X represent the specific dial in user to be active and inactive respectively Index Click the index number to open an individual setup page for a dial in user account ...

Страница 95: ... idle over the limitation of the timer the router will drop this connection By default the Idle Timeout is set to 300 seconds Allow Dial In Type Select the allowed dial in type Herein the Vigor routers provides three types PPTP IPSec Tunnel and L2TP with IPSec Policy For the L2TP with IPSec Policy you have other three choices None Nice to Have and Must to set up the dial in VPN type ...

Страница 96: ... policy first if it is available Otherwise the dial in VPN connection becomes one pure L2TP connection Must Specify the IPSec policy to be definitely applied on the L2TP connection PPTP or L2TP with IPSec Policy None Only Specify the Username and Password PPTP or L2TP with IPSec Policy Must or Nice to Have Specify the Username and Password Also set IKE Pre Shared Key IPSec Security Method Remote C...

Страница 97: ...or the Encapsulating Security Payload protocol The data will be encrypted Supported algorithms are DES 3DES and AES By default these three algorithms are available Local ID Specify a local ID to be used for Dial in setting in the LAN to LAN Profile setup This item is optional if you do not activate the Specify Remote Node and leave the field of Remote Client IP or Peer ID to be empty the settings ...

Страница 98: ...ofile Name Indicate the name of the LAN to LAN profile The symbol represents that the profile is empty Status Indicate the status of individual profiles The symbol V and X represent the profile to be active and inactive respectively Each LAN to LAN profile includes 4 subgroups Common Settings Dial Out Settings Dial In Settings and TCP IP Network Settings In the following we explain each subgroup i...

Страница 99: ... only incoming access Always on Click it to always activate this profile The field of Idle Timeout will be grayed to disallow any input Idle Timeout By default set as 300 seconds If the profiles connection is idle over the limitation of the timer the router will drop the connection Enable PING to keep alive Click this item to enable the transmission of PING packets to an IP address defined in the ...

Страница 100: ... its parameters e g key for encryption However once if the remote host abnormally disconnects a VPN connection the Router won t be aware of it and assume the connection is still alive To resolve this dilemma enable PING to keep alive let the Router probe the status of the VPN connection by continuously sending PING packets to the remote host Dial Out Settings Choose one out of three main options P...

Страница 101: ...N connection to be the PPTP connection IPSec Tunnel Specify the dial out VPN connection to be the IPSec Tunnel connection L2TP Specify the IPSec policy for the L2TP connection None Do not apply IPSec Accordingly the VPN connection employed the L2TP without IPSec Policy can be viewed as one pure L2TP connection Nice to Have Apply the IPSec policy first if it is available Otherwise the dial out VPN ...

Страница 102: ... data will be authenticated but not be encrypted High ESP Specify the IPSec protocol for the Encapsulating Security Payload protocol The data will be encrypted Supported algorithms are listed below DES without Authentication Use DES encryption algorithm and not apply any authentication scheme DES with Authentication Use DES encryption algorithm and apply MD5 or SHA 1 authentication algorithm 3DES ...

Страница 103: ..._G1 3DES_MD 5_G2 for Main mode IKE phase 1 key lifetime For the greater security the router should limit the key lifetime The default key lifetime is 28800 seconds We suggest you specify a value in between 900 and 86400 seconds IKE phase 2 key lifetime For the greater security the router should limit the key lifetime The default key lifetime is 3600 seconds We suggest you specify a value in betwee...

Страница 104: ...ions PPTP IPSec Tunnel and L2TP with IPSec Policy sub options None Nice to Have and Must By default all three options are active If you only choose some of three please see the below settings instruction PPTP Check to allow the PPTP dial in connection IPSec Tunnel Click it to allow the IPSec tunnel dial in connection L2TP Specify the IPSec policy for the L2TP connection None Do not apply the IPSec...

Страница 105: ...Authentication Specify the PPP authentication method for PPTP L2TP and L2TP over IPSec Normally set to PAP CHAP for the widest compatibility VJ Compression VJ Compression is used for TCP IP protocol header compression Normally set to Yes to improve bandwidth utilization IKE Pre Shared Key Click it and a window will be automatically popped up for you as depicted below Please fill a Pre shared Key f...

Страница 106: ...his field The router will then get a WAN IP address from the remote router during the IPCP negotiation phase If the WAN IP address is fixed by remote side specify the fixed IP address here Remote Gateway IP In most cases you may accept the default value of 0 0 0 0 in this field The router will then get a Remote Gateway IP address from the remote router during the IPCP negotiation phase If the Remo...

Страница 107: ...as The Vigor router supports two local IP networks the 1st subnet and 2nd subnet Thus you can set which subnet will be used as the local network for VPN connection and exchange RIP packets with the remote network Usually set to Private IP for routing between the 1st subnet and the remote network Example of LAN to LAN Connection The example describes how to set up a LAN to LAN profile to connect tw...

Страница 108: ...VPN and Remote Access Setup 8 21 2 Create a LAN to LAN profile at Head Office ...

Страница 109: ...VPN and Remote Access Setup 8 22 3 Create a LAN to LAN profile at Branch Office ...

Страница 110: ...yment for the ITSP Internet Telephony Service Provider and softphone and is widely supported SIP supports peer to peer direct calling and also calling via a SIP proxy server a role similar to the gatekeeper in H 323 networks The MGCP protocol uses a client server architecture the calling scenario being very similar to the current PSTN network After a call is setup the voice streams transmit via RT...

Страница 111: ...r VoIP router users by dialling their IP address directly on the phone handset or using a SIP registrar A SIP server on the Internet enables your router to log its current location IP Address and availability so that other users can call you on your SIP address e g 98141 draytel org Before you can set up the router for SIP you need to open an account with a SIP registrar e g IPTEL DrayTEL www dray...

Страница 112: ... RTP Voice Call Status Call Status including registered registrar codec connection and others QoS Enter upstream speed wanted to assure for VoIP call 9 2 1 DialPlan The Vigor2200V VG series have one FXS port the Phone port on the rear panel to which you connect a conventional analogue phone either corded or wireless DECT You can set the registered SIP address of your VoIP contacts into the DialPla...

Страница 113: ...you want to dial from your handset to call this contact This can be any number you choose using digits 0 9 and Display Name This field contains a name or a number which easily let you identify the person who you wan to call It can also be the name for SIP display SIP URL Address ...

Страница 114: ...ad of the SIP account if you lose broadband access or power to the Vigor2200V VG series Hence the PSTN line can act as a lifeline backup mechanism for VoIP calls The default is VoIP mode The lifeline mechanism is activated automatically if you specify PSTN as Loop Through and enter Backup Phone Number Example 1 If Dolly gives you her SIP URL as sip 63065 fwd pulver com then you can enter the numbe...

Страница 115: ...3 69 175 19 and PSTN number is 5972727 then you can enter the DialPlan as Phone Number 1234 any number you like Display Name Kelly SIP URL Kelly 203 69 175 19 Loop through PSTN Backup phone number 5972727 Example 3 If Kelly gives you her IP address 203 69 175 19 only and it is not in your DialPlan you still can press keypad on the phone to dial as 203 69 175 19 ...

Страница 116: ...ntry That way you can only run loop through by manually dialing a PSTN number 9 2 2 SIP Related Function Once you are registered with a SIP Server e g DrayTEL set your SIP username and password in the appropriate boxes detailed explanation below In the Registrar box enter the entire domain of the SIP server everything after the sign of your SIP address Click OK and your router will log onto the SI...

Страница 117: ...s the same as Registrar please press Duplicate Domain Realm You can enter domain name or IP address of SIP URL e g if SIP URL is sip 63065 fwd pulver com then this field contains fwd pulver com If this setting value is the same as Registrar please press Duplicate Stun Server This setting defines whether the Vigor2200V VG NAT traversal mechanism is enabled by checking checkbox or not If activated p...

Страница 118: ...name the first part of your SIP address before the sign Authorization User This field contains a name or a number It is also the name for SIP Authorization If this setting value is the same as Display Name please press Duplicate Password Your SIP URL address as provided when you registered with a SIP service Expire Time The time duration that your SIP registrar server keeps your registration recor...

Страница 119: ...er for you to have at least 256Kbps upstream if you would like to use G 711 Packet Size The amount of data contained in a single packet The default value is 20 ms which means the data packet will contain 20 ms voice information DTMF InBand With this selected the Vigor will send DTMF tones as audio directly in the Voice stream when you press a key on the keypad DTMF OutBand With OutBand selected th...

Страница 120: ...on occurs to maintain the accuracy of DTMF tones DTMF Payload Type The default value is 101 but can be anything from 96 to 127 SIP Info Enable this option to let the SIP proxy send DTMF tones to the dialed peer RTP Specifies the start and end port for RTP stream The default values are 10050 and 15000 ...

Страница 121: ...ave blank Port 1 Use Registrar leave blank Name arnor Password leave blank Expiry Time use default value A 3 CODEC RTP DTMF use default value B Paulin s settings B 1 DialPlan index 1 Phone Number 123 any number you like Name arnor IP Address Domain 214 61 172 53 B 2 SIP Related Function SIP Port 5060 default Registrar leave blank Port 1 Use Registrar leave blank Name paulin Password leave blank Ex...

Страница 122: ... draytel org Port 1 Use Registrar checked Name john Password enter John s registrar password Expiry Time use default value A 3 CODEC RTP DTMF use default value B David s settings B 1 DialPlan index 1 Phone Number 8989 any number you like Name john IP Address Domain draytel org B 2 SIP Related Function SIP Port 5090 Registrar draytel org Port 1 Use Registrar checked Name david Password enter David ...

Страница 123: ...obtain appropriate Volume Gain Refresh Seconds Specify the interval of refresh time to obtain the latest VoIP calling information The information will update immediately when the Refresh button is clicked Status To show the VoIP connection status IDLE Indicates that the VoIP function is idle HANG_UP Indicates that the connection is not established busy tone CONNECTING Indicates that the user is ca...

Страница 124: ...t is represented as seconds Tx Pkts Total number of transmitted voice packets during this connection session Rx Pkts Total number of received voice packets during this connection session Rx Loss Total number of lost packets during this connection session Rx Jitter The jitter of received voice packets In Calls The accumulating in call times Out Calls The accumulating out call times Volume Gain The ...

Страница 125: ...em Status you can find the registered registrar and Codec for Inbound calls and Outbound calls The said status easily let you check whether your registration of SIP server is successful or not 9 2 5 QoS Enter upstream speed to let Vigor2200V VG assure high priority for VoIP call ...

Страница 126: ...AN network To elaborate one example any authorized staff can bring a built in WLAN client PDA or notebook into a meeting room for conference without laying a clot of LAN cable One more example parents can write E mail at their studyoom and kids are also able to surf Internet at their bedrooms as the Vigor2200VG is set up in some corner of a home Parents do not need to drill any hole for installing...

Страница 127: ... and Remote Access Setup 10 2 well as Internet and WAN access 10 2 Settings Click Wireless Setup to open the setup page 10 2 1 General Settings Enable Wireless LAN Check the box to enable wireless function ...

Страница 128: ... case SSID was changed to DrayTek SSID It is used to name the wireless LAN and must have the same content in client PC notebook wireless card s SSID can be any text numbers or various special characters Channel A wireless channel for the router The default channel is 6 You can change it to more appropriate one if the selected channel is under serious interference Hide SSID Check it to prevent from...

Страница 129: ... using WEP WPA Wi Fi Protected Access uses the Temporal Key Integrity Protocol TKIP for encryption It greatly enhances the over the air data protection and access control on existing Wi Fi networks It addresses the weaknesses of WEP By clicking the Security Settings a new web page will appear so that you could configure the settings of WEP and WPA Mode Select an appropriate encryption to improve t...

Страница 130: ...3456789ABCD or 0x321253abcde WEP Encryption 64 Bit For 64bits WEP key either 5 ASCII characters or 10 hexadecimal digitals leading by 0x can be entered For example ABCDE or 0x4142434445 128 Bity For 128bits WEP key either 13 ASCII characters or 26 hexadecimal digits leading by 0x can be entered For example ABCDEFGHIJKLM or 0x4142434445464748494A4B4C4D 128 bits WEP is most secure but has more encry...

Страница 131: ...red can access the wireless LAN interface By clicking the Access Control a new web page will appear as depicted below so that you could edit the clients MAC addresses to control their access rights Enable Access Control To check the Enable Access Control to enable the MAC Address access control feature MAC Address Display all MAC addresses that are edited before Four buttons Add Remove Edit and Ca...

Страница 132: ...acility to scan the running WLAN clients being near the router If neighbors or other WLAN clients are active you can press Refresh to get available WLAN stations information including its status and MAC address You can select the wish WLAN station from Station List to add it to Access Control list by clicking highlight then press Add Or editing a station s MAC address manually is another option Af...

Страница 133: ... router provides an web based way to let you backup or restore the configuration very simple By default the router may be configured and managed through any Telnet client or Web browser running on any operating system There is no requirement for additional software or utilities However for some specific environments in Management you may change the server port numbers for the built in Telnet or HT...

Страница 134: ...tion Backup Settings of default Codec DTMF and RTP SysLog Mail Alert Call Status including registered registrar codec connection and others Time Setup Settings for time either inquiring from PC or from NTP server Management Setup Settings of Management Access Control SNMP and Port Reboot System Manually reboot the system Firmware upgrade TFTP Upgrade the firmware via TFTP 11 2 1 System Status In S...

Страница 135: ...t you can enter settings Settings Saved means your settings are saved once you click Finish or OK button If the settings are wrong or get problematic you can find fail message on Status bar 11 2 2 Configuration Backup Backup the Running Configuration 1 Go to System Maintenance Configuration Backup The following windows will be popped up as shown below ...

Страница 136: ...System Maintenance Setup 11 4 2 Click Backup button to get configurations 3 Click OK button to save configuration as a file The default filename is config cfg You could give it another name by yourself ...

Страница 137: ...s still available Restore the Configuration with a Configuration File 1 Go to System Maintenance Configuration Backup The following windows will be popped up as shown below 2 Click Browse button to choose the correct configuration file for uploading to the router 3 Click Restore button and wait for few seconds the following picture will tell you that the restoration procedure is successful 11 2 3 ...

Страница 138: ...ernet Enable the checkbox to allow system administrators to login from the Internet By default it is not allowed Disable PING from the Internet Check the checkbox to reject all PING packets from the Internet For security issue this function is enabled by default Access List You could specify that the system administrator can only login from a specific host or network defined in the list A maximum ...

Страница 139: ...and Manager Host IP Specify the IP address of the SNMP manager station Trap Community Specify a string to identify the management communities for the SNMP TRAP notifications Notification Host IP Specify the IP address of the station that wants to receive the TRAP notifications Reboot System The Web Configurator may be used to restart your router Click Reboot System in the main menu to open the fol...

Страница 140: ... s web site and FTP site is ftp draytek com 2 Click System Maintenance Router Firmware Upgrade Utility to launch the Firmware Upgrade Utility Click the Browse button to locate the new firmware file The program will look for any Vigor routers on your LAN and display them by IP address Select the IP address of the appropriate router to upgrade then press Upgrade Enter the router s password when aske...

Страница 141: ...1 Chapter 12 Diagnostics Setup 12 1 Introduction Diagnostic Tools provide a useful way to view or diagnose the status of you Vigor router 12 2 Settings Click Diagnostics to open the setup page 12 2 1 PPPoE PPTP Diagnostics ...

Страница 142: ... idle it will show WAN IP Address The WAN IP address for the active connection Dial PPPoE or PPTP Click it to force the router to establish a PPPoE or PPTP connection Dial PPPoE or PPTP Click it to force the router to establish a PPPoE or PPTP connection 12 2 2 ARP Cache Table Click View ARP Cache Table to view the content of the ARP Address Resolution Protocol cache held in the router The table s...

Страница 143: ... 3 12 2 3 DHCP Assigned IP Address The facility of View DHCP Assigned IP Addresses provides information on IP address assignments This information is helpful in diagnosing network problems such as IP address conflicts etc ...

Отзывы:

Нет отзывов

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды