Draytek Vigor 2200VG User Manual
  1. Manuals
  2. Brands
  3. Draytek Manuals
  4. Wireless Router
  5. Vigor 2200VG
  6. User manual

Draytek Vigor 2200VG User Manual

Residential broadband router
Hide thumbs Also See for Vigor 2200VG:
Table of Contents

Advertisement

Quick Links

Advertisement

Table of Contents
loading

Related Manuals for Draytek Vigor 2200VG

Summary of Contents for Draytek Vigor 2200VG

  • Page 2 Integration with your existing phone line (POTS) with automatic failover during power cuts QoS assured priority for VoIP Internet traffic 802.11g Compliant Wireless LAN access with security features ( Vigor2200VG only) Compatible with Windows & MacOS Preamble of DrayTek Vigor2200V series All Rights Reserved...

  • Page 3: Brief Overview

    The POTS life-line facility provides for automatic failover to your regular phone line in the event of power or Internet failure, as well as letting you use the same phone to access either your regular phone line or VoIP facility when required. Preamble of DrayTek Vigor2200V series Vigor2200V Vigor2200VG One FXS...

  • Page 4: Quick Start Wizard

    LED flashes to indicate E-mail is waiting on your mail server (POP3) 4-port 10/100M Base-TX Ethernet switch DHCP server for IP assignment (up to 253 users) Preamble of DrayTek Vigor2200V series Highlights DNS cache and proxy Virtual Private Network (VPN) Supports VPN pass-through...

  • Page 5: Hardware Connection

    Hardware Connection Preamble of DrayTek Vigor2200V series All Rights Reserved...
  • Page 6 Should you have any queries and suggestions, please do not hesitate to contact your local dealer or us via support@draytek.com or info@draytek.com! The version of this User’s Guide is version No.1.
  • Page 7 Vigor2200V/VG Series of Residential Broadband Routers Copyright Copyright 2004 by DrayTek Corporation All rights reserved. The information of this publication is protected by copyright. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language without written permission from the copyright holders.
  • Page 8 Vigor2200V/VG Series of Residential Broadband Routers DrayTek Limited Warranty We warrant to the original end user (purchaser) that the routers will be free from any defects in workmanship or materials for a period of three (3) years from the date of purchase from the dealer.
  • Page 9 Vigor2200V/VG Series of Residential Broadband Routers Be a Registered Owner Online web registration at www.draytek.com is preferred. Alternatively, fill in the registration card and mail it to the address found on the reverse side of the card. Registered owners will receive future product and update information.

  • Page 10: Safety Instructions

    Vigor2200V/VG Series of Residential Broadband Routers Safety Instructions Please read the installation guide thoroughly before you set up the router. The router is a complicated electronic device that may be repaired only be authorized and qualified personnel. Do not try to open or repair the router yourself.
  • Page 11 Address: No. 26, Fu Shing Road, HuKou County, HsinChu Industrial Park, Hsin-Chu, Taiwan 303 Product: Vigor2200V/VG Series Residential Broadband Routers DrayTek Corp. declares that Vigor2200V/VG series of routers are in compliance with the following essential requirements and other relevant provisions of R&TTE Directive 1999/5/EEC.
  • Page 12 Vigor2200V/VG Series of Residential Broadband Routers Commission (FCC) Interference Statement The Vigor2200V and Vigor2200VG have been tested and found to comply with the limits for a Class B digital device, pursuant to part 15 of the FCC Rules. Operation is subject to the following two conditions: (1) this device may not cause harmful interference, and (2) this device must accept any interference received, including...

  • Page 13: Customer Support

    Warranty information. Date that you received your router. Brief description of your problem. Steps that you may take to solve it and their associated SysLog messages. The information of customer support and sales representatives are support@draytek.com and sales@draytek.com, respectively. viii...

  • Page 14: Table Of Contents

    Vigor2200V/VG Series of Residential Broadband Routers CHAPTER 1. Quick Start Wizard 1.1. Introduction... 1.2.Configure You Router via Quick Start Wizard CHAPTER 2. Online Status 2.1. Introduction... 2.2. Settings 2.2.1. System status 2.2.2. LAN status... 2.2.3. WAN status CHAPTER 3. Internet Access Setup 3.1.
  • Page 15 Vigor2200V/VG Series of Residential Broadband Routers 5.2. Settings 5.2.1. Port Redirection Table 5.2.2. DMZ Host Setup... 5.2.3. Open Ports... 5.2.4. Well-known Port Number CHAPTER 6. Firewall Setup 6.1. Introduction... 6.2. Settings 6.2.1. General Setup 6.2.2. Filter Setup 6.2.3. DoS(Denial of Service 6.2.4.
  • Page 16 Vigor2200V/VG Series of Residential Broadband Routers 8.2.4. Remote User Profiles(Teleworkers) 8.2.5. LAN ot LAN Profiles CHAPTER 9. VoIP Setup 9.1. Introduction... 9.2. Settings 9.2.1. DialPlan 9.2.2. SIP Related Function 9.2.3. CODEC/RTP/DTMF... 9.2.4. Voice Call Status 9.2.5. QoS... CHAPTER 10. Wireless Setup 10.1.
  • Page 17 Vigor2200V/VG Series of Residential Broadband Routers CHAPTER 12. Diagnostic Setup 12.1. Introduction... 12.2. Settings 12.2.1. PPPoE/PPTP Diagnostics 12.2.2. ARP Cashe Table 12-1 12-1 12-1 12-2...

  • Page 18: Chapter 1. Quick Start Wizard

    1.1 Introduction The Quick Start Wizard is designed for you to easily set up your broadband Internet access. We already integrated Quick Start Wizard into the Web Configurator of Vigor2200V/VG series. You can directly access the Quick Start Wizard via Web Configurator. 1.2 Configure Your Router via Quick Start Wizard Step 1.
  • Page 19 Step 2. The Main Menu will pop out after completing previous step. Step 3. Now Quick Start Wizard is switched on. Enter login Next to continue. Step 4. Select the appropriate TIME ZONE for your location. Quick Start Wizard password. Then click...
  • Page 20 Step 5 Select the appropriate Internet connection type to your ISP. In terms of several Internet connection type, please follow procedures as below: PPPoE users Enter your user name and password provided by your ISP. Dial on Demand : The router will ONLY connect to your ISP on demand. By “on demand”, it means when any LAN user attempt to send data onto the Quick Start Wizard...
  • Page 21 Internet. When there is no data traffic, the router will close the connection to the ISP because there is no demand. Idle timeout: This is the time setting If there being no Internet traffic for a period, for example 10 minutes. Always On: The router will keep a permanent connection to the ISP automatically.
  • Page 22 Quick Start Wizard WAN IP address: this is the IP address assigned by your ISP for your router. You shall specify the IP address of the router here. e.g. 172.16.2.84 Subnet Mask: an address code that determines the size of the network; this is the subnet mask of the router, when seen by external users on the Internet (including your ISP).
  • Page 23 Step 6 Review the summary of settings. Vigor2200V/VG series apply efficient codecs designed to make the best use of available bandwidth. Vigor2200V/VG also equips with automatic QoS assurance. QoS Assurance assists to assign higher priority to voice traffic via Internet for better talking/hearing enjoyment.

  • Page 24: Chapter 2. Online Status

    2.1 Introduction The Online Status provides some useful information about the Vigor router, LAN and WAN interface. Also, you could use the status page to know the Internet access status. 2.2 Settings Click Online Status to open the Online Status page. Here in, we use an example to explain the Online Status.

  • Page 25: System Status

    2.2.1 System Status System Uptime: This represents the router’s running time. The format is HH:MM:SS, where HH, MM, and SS, indicate hours, minutes, and seconds, respectively. 2.2.2 LAN Status IP Address IP address of the LAN interface. TX Packets Total number of transmitted IP packets since the router was powered RX Packets Total number of received IP packets since the router was powered on.
  • Page 26 RX Packets Total number of received IP packets during this connection session. RX Rate Reception rate in characters per second (cps) for incoming data. Up Time Connection time. The format is HH:MM:SS, where HH, MM, and SS, indicate hours, minutes, and seconds, respectively. Drop/Dial Click the link to dial/or disconnect the PPPoE or PPTP connection.

  • Page 27: Chapter 3. Internet Access Setup

    3.1 Introduction The router connects the group of PCs in your home or office to the Internet. The data that travels between two networks is regulated by the router. The Network Address Translation (NAT) of the router translates a public IP address for the Internet to several private IP addresses of a local area network.

  • Page 28: Settings

    3.2 Settings For broadband access, you need to know what kind of Internet access is provided by your ISP. Click Internet Access to open the Internet access page. There are four widely-used broadband access services, PPPoE Client, PPTP Client, Static IP for DSL, and Dynamic IP (DHCP Client) for Cable. In most cases, you will get a DSL or Cable modem from the broadband access service provider.

  • Page 29: Using Pppoe With Dsl Modem

    the PPP session to the ISP. As long as the PPP session is connected, all the local users will be able to share this PPP session to access to the Internet. 3.2.1 Using PPPoE with a DSL modem Click Internet Access Setup > PPPoE to enter the setup page. PPPoE Setup PPPoE Link: Check Enable to enable the PPPoE client protocol on the WAN interface.

  • Page 30: Using A Static Ip With A Dsl/Cable Modem

    Username/Password: Enter the username and password supplied by your ISP Scheduler (1-15): Enter the index of schedule profile to control the Internet access by time plan. PPP/MP Setup PPP Authentication: Select PAP or CHAP for widest compatibility. Always On: Check to force the Internet access is always online, and you will see the Idle Timeout field will be blocked for input.
  • Page 31 Internet Access Setup the said fixed IP address to several private IP address. Click Internet Access Setup > Static or Dynamic IP to enter the setup page, which is depicted as follows: Access Control Broadband Access: Select Enable to turn on the broadband access capability.
  • Page 32 Internet Access Setup Specify an IP address IP address Subnet Mask Gateway IP Address DNS Server IP address Secondary DNS Server IP address The default DNS Server IP address can be found via Online Status: If your ISP offers you a static (fixed or permanent) IP address, you have to enable “Specify an IP address”.

  • Page 33: Using A Dynamic Ip (Dhcp Client)With A Dsl/Cable Modem

    Internet Access Setup 3.2.3 Using a Dynamic IP (DHCP Client) with a DSL/Cable Modem This application is mostly used by Cable ISPs. Click Internet Access Setup > Static or Dynamic IP to enter the setup page. Access Control Broadband Access: Select Enable to turn on the broadband access...

  • Page 34: Using Pptp With A Dsl Modem

    capability. Keep WAN Connection Enable PING to keep alive: Check to enable PING to keep alive function. Normally, this function is for Dynamic IP environment. If you need to enable the function, assign a public IP address in the PING to the IP and a timer in the PING Interval.
  • Page 35 Internet Access Setup PPTP Setup PPTP Link PPTP Server IP Address ISP Access Setup ISP Name: Enter the service name if provided by your ISP. Username/Password: Enter the username and password supplied by your ISP. Scheduler (1-15): Enter the index of schedule profile to control the Internet access by time plan.
  • Page 36 Internet Access Setup PPP Authentication Always On Idle Timeout IP Address Assignment Method (IPCP) WAN IP Network Settings Obtain an IP address automatically Specify an IP address Select PAP or CHAP for widest compatibility. Check to force the Internet access is always online, and you will see the Idle Timeout field will be blocked for input.

  • Page 37: Chapter 4. Lan Setup

    4.1 Introduction In this chapter, we will explain about the LAN Setup. 4.2 Settings Click LAN to open the LAN settings page. 4.2.1 LAN TCP/IP and DHCP LAN IP Network Configuration The IP address/subnet mask is for grouping users on your LAN. For example, you can let the computer of your kids be connected together with your own computer to share the broadband access and to share files.
  • Page 38 IP Address: Private IP address for connecting to a local private network (Default: 192.168.1.1). Subnet Mask: An address code that determines the size of the network; this is the subnet mask of the router, when seen by external users on the Internet (including your ISP). (Default: 255.255.255.0/ 24) DHCP Server Configuration DHCP stands for Dynamic Host Configuration Protocol.
  • Page 39 Enable Server Let the router automatically assign IP address to every PC on the LAN Disable Server You manually assign IP address from the router to every PC on the LAN Relay Agent Allows PCs on the LAN to request IP address from other DHCP server.
  • Page 40 automatically apply default DNS Server IP address: 194.109.6.66 to this field. Secondary IP You must specify secondary DNS server IP address here Address because your ISP often can let you have at least one DNS Server IP address. If you do not specify it, the router will automatically apply default secondary DNS Server IP address: 194.98.0.1 to this field.

  • Page 41: Chapter 5. Nat Setup

    5.1 Introduction NAT is a method of mapping one or more IP addresses and/or service ports into different specified services, where NAT stands for Network Address Translation. computers on a Local Area Network (LAN) to be translated to one public address, saving users’...
  • Page 42 On the page, you will see the private IP address defined in RFC-1918. Usually we use the 192.168.1.0/24 subnet for the router. Also, as stated before, the NAT facility can map one or more IP addresses and/or service ports into different specified services. In other words, the NAT function can be achieved by using port mapping method.

  • Page 43: Port Redirection Table

    NAT Setup methods. 5.2.1 Port Redirection Table The Port Redirection is for you to expose internal servers to the public domain. For example, you run a web server and some users want to access this web server. You also run an internal SMTP mail server for your home office and you shall allow your ISP to send whole E-mail to your SMTP mail server.
  • Page 44 As shown above, the Port Redirection Table provides10 port-mapping entries for internal hosts. Service Name Specify the name for the specific network service. Protocol Specify the transport layer protocol (TCP or UDP). Public Port Specify which port should be redirected to the internal host.

  • Page 45: Dmz Host Setup

    The port redirection can only be applied to external users only - i.e. the incoming traffic. The Internet users behind your LAN can not access your external public IP address and come back in; the internal users shall access the server on its local private IP address, or you can set up an alias in a Windows hosts file.

  • Page 46: Open Ports

    The inherent security properties of NAT are somewhat bypassed if you set up DMZ host. You can consider adding additional filter rules or a secondary firewall. Click DMZ Host Setup to open the setup page, as shown below. The DMZ Host setting allows a defined internal user to be exposed to the Internet in order to use some special purpose applications such as Netmeeting or Internet Games etc.
  • Page 47 the Open Ports facility provides 10 entries for internal hosts. Index Indicate the relative number for the particular entry that you want to offer service in a local host. You should click the appropriate index number to edit or clear the corresponding entry.

  • Page 48: Well-Known Port Number List

    Enable Open Ports Comment Local Computer Choose PC Protocol Start Port End Port 5.2.4 Well-known Port Number List This page provides some well-known port numbers for your reference. NAT Setup Check to enable the Open Port function for this entry. Specify the name for the defined network service.
  • Page 49 NAT Setup...

  • Page 50: Chapter 6. Firewall Setup

    Vigor2200V series Chapter 6 Firewall Setup 6.1 Introduction Security is top priority to be took into consideration as the users of broadband line demands more bandwidth for multimedia, interactive applications, or distance learning. The Firewall function helps protect your local network against attack from unauthorized outsiders. It also provides a way of restricting users on the local network from accessing the Internet.

  • Page 51: Settings

    Even your installation is not set with password, you can still enter system maintenance to set up your password. The users on the LAN are provided with secured protection by means of following firewall facilities: IP Filter Stateful Packet Inspection: tracks packets and denies unsolicited incoming data Selectable DoS/DDoS protection User-configurable packet filter...

  • Page 52: Filter Setup

    General Setup Some general settings of Call Filter and Data Filter are available from this link. Filter Setup Here are 12 filter sets for IP Filter configurations.. Dos Defense Click it to set up the DoS defense facility for detecting and mitigating the DoS attacks.
  • Page 53 Firewall Setup The following sections will explain the settings in conjunction with the General Setup and Filter Setup The Vigor router provides 12 filter sets with 7 filter rules for each set. As a result, there are a total of 84 filter rules for the Filter Setup.
  • Page 54 The DoS Defense functionality helps you to detect and mitigate the DoS attacks. Those attacks include the flooding-type attacks and the vulnerability attacks. The flooding-type attacks attempt to use up all your system's resource while the vulnerability attacks try to paralyze the system by offending the vulnerabilities of the protocol or operation system.

  • Page 55: General Setup

    URL content filter systems are seen as tools that would provide the cyberspace equivalent of the physical separations that are used to limit access to some particular materials. In rating a site as objectionable, and refusing to display it on the user's computer screen, URL content filtering facilities can be used to prevent children from seeing material that their parents find objectionable.
  • Page 56 Some on-line games (for example: Half Life) will use UDP packets with large length to transfer data. These large UDP packets need to be fragmented. As secure firewall, Vigor router will reject these kinds of packets to avoid to be attacked by outside hackers if you do not enable “Accept Incoming Fragmented UDP Packets”.

  • Page 57: Filter Setup

    For troubleshooting needs you can specify the filter log here. None The log function is inactive. Block All blocked packets will be logged. Pass All passed packets will be logged. No Match The log function will record all packets which are matched. The filter log will be displayed on the Telnet terminal when you type the “log -f”...
  • Page 58 Comments Enter filter set comments/description. Maximum length is 23 characters. Filter Rules Click a button numbered 1 ~ 7 to edit the filter rule. Active Enable or disable the filter rule. Next Filter Set Specifies the next filter set to be linked behind the current filter set. The filters cannot be looped.
  • Page 59 Check to enable the Filter Rule Enables the filter rule. Pass or Block Specifies the action to be taken when packets match the rule. Block Packets matching the rule will be dropped immediately. Immediately Pass Packets matching the rule will be passed immediately. Immediately Block If No A packet matching the rule, and that does not match further...
  • Page 60 to view the logs. Direction Sets the direction of packet flow. For the Call Filter, this setting is irrelevant. Keep State and Fragments (for Data Filter only) These should be accompanied by the below settings also. IN: Specify the rule for filtering incoming packets. OUT: Specify the rule for filtering outgoing packets.
  • Page 61 > : Specify the port number is larger than the Start Port (includes the Start Port). < : Specify the port number is less than the Start Port (includes the Start Port). Keep State: i.e. Stateful Packet Inspection. It tracks packets and denies unsolicited incoming data.

  • Page 62: Dos(Denial Of Service Defense)

    Filter set and is shown as below. Port 80 is the HTTP protocol port number for WWW services. 6.2.3 DoS (Denial of Service) Defense The following sections will explain in more detail about DoS Defense Setup by using the Web Configurator. It is a sub-functionality of IP Filter/Firewall.
  • Page 63 Enable Dos Defense Click the checkbox to activate the DoS Defense Functionality. Enable SYN flood defense Click the checkbox to activate the SYN flood defense function. If the amount of the TCP SYN packets from the Internet exceeds the user-defined threshold value, the Vigor router will be forced to discard randomly the sequent TCP SYN packets in the user-defined timeout period.
  • Page 64 user-defined timeout period. timeout are 300 packets per second and 10 seconds, respectively. Enable ICMP flood defense Click the checkbox to activate the ICMP flood defense function. Similar to the UDP flood defense function, the router will discard the ICMP echo requests coming from the Internet, once they exceed the user-defined threshold (by default, 300 packets per second) in a period of time (by default, 10 second for timeout).
  • Page 65 Block Land Click the associated checkbox and then enforce the Vigor router to defense the Land attacks. The LAN attack combines the SYN attack technology with IP spoofing. A Land attack occurs when an attacker sends spoofed SYN packets having the identical source and destination addresses, as well as the port number, with those of the victim.
  • Page 66 Click the checkbox to activate the Block TCP flag scan function. Any TCP packet with anomaly flag setting is dropped. activities include no flag scan, FIN without ACK scan, SYN FINscan, Xmas scan and full Xmas scan. Block Tear Drop Click the checkbox to activate the Block Tear Drop function.
  • Page 67 Syslog Setup by using Web Configurator. Thus, the administrator can look at the warning messages from DoS Defense functionality through the DrayTek Sylsog daemon. The format for this kind of the warning messages is similar to those in IP Filter/Firewall except for the preamble keyword “DoS”, followed by a name to indicate what kind of attacks is detected.

  • Page 68: Url Content Filter

    6.2.4 URL Content Filter The URL content filtering facility in Vigor routers inspects every URL string in the HTTP request initiated inside against the keyword list. If the entire or part of the URL string (for instance, matches any activated keyword, the Vigor router will block its associated HTTP request and a syslog message will be automatically sent to the syslog client.
  • Page 69 Firewall Setup Block Keyword List: The Vigor router provides 8 frames for users to define keywords and each frame supports multiple keywords. keyword could be a noun, a partial noun, or a complete URL string. Multiple keywords within a frame are separated by space, comma, or semicolon.
  • Page 70 If you want to filter any website whose URL string contains “sex”, “fuck”, “gun”, or “drug”, you should add these words into the frames. Thus, your Vigor router will automatically deny any web surfing that its associated URL string contains any one of the list’s keywords. Considering that the user tries to access www.backdoor.net/images/sex the connection because this website is prohibited.
  • Page 71 Firewall Setup the malicious codes from downloading from web pages. The malicious codes may embed in some executable objects, such as ActiveX, Java Applet, compressed files, and executable files, and, if they have been downloaded from websites, would bring a threat of the user’s system. For example, an ActiveX object can be downloaded and run from the web page.
  • Page 72 sessions. Many websites use them to create stateful sessions for tracking Internet users, which will violate the users’ privacy. Thus, the Vigor router provides the Cookies filtering facility that allows you to filter cookie transmission from inside to outside world. Furthermore, the Vigor router also allows you to filter out all proxy-related transmission in order to support stronger security.

  • Page 73: Time Schedule

    Time Schedule Specify what time should perform the URL content filtering facility. Always Block Click it so that the URL content filtering facility can be executed on the Vigor router anytime. Block from H1:M1 Specify the appropriate time duration from H1:M1 to H2:M2 To H2:M2 in one day, where H1 and H2 indicate the hours.
  • Page 74 Syslog Setup by using Web Configurator. Thus, the administrator can view the warning messages from the URL Content Filtering functionality through the DrayTek Sylsog daemon. The format for this kind of the warning messages is similar to those in the IP Filter/Firewall except for the preamble keyword “CF”, followed by a name...
  • Page 75 Firewall Setup 6-26...

  • Page 76: Chapter 7. Application Setup

    Vigor2200V series Chapter 7 Application Setup 7.1 Introduction This section includes Dynamic DNS, Call Schedule, RADIUS setup, UpnP settings. Before you set up the Dynamic DNS (Domain Name Server) function, you have to subscribe free domain names from the Dynamic DNS service providers.

  • Page 77: Settings

    schedule the router to dial to Internet at a pre-set time, but also to restrict Internet access to certain hours so that the router will only let users of LAN to access Internet at certain times (e.g. business hours). The UPnP (Universal Plug and Play) protocol is supported to bring to network connected devices the ease of installation and configuration which is already available for directly connected PC peripherals with the existing Windows 'Plug and Play' system.

  • Page 78: Dynamic Dns

    RADIUS Setup Settings of RADIUS server UPnP Settings of UPnP protocol available for directly connected PC peripherals with the existing Windows 'Plug and Play' system. 7.2.1 Dynamic DNS Enable the Function and Add a Dynamic DNS Account 1. Assume you have a registered domain name from the DDNS provider, say hostname.dyndns.org, and an account with username: test and password: test.
  • Page 79 Provider: dyndns.org , type the registered hostname: hostname and domain name suffix: dyndns.org in the Domain Name block. The following two blocks should be typed your account Login Name: test and Password: test. 4. Push OK button to activate the settings. The Wildcard and Backup MX features are not supported for all Dynamic DNS providers.

  • Page 80: Call Schedule

    2. Push View Log button. The logs of DDNS updates will be shown as follows. Where A : Login Name H : Domain Name without suffix. Return Code= good 61.230.170.145 If you have any DDNS update issues, the logs are useful to find where the problem is.
  • Page 81 Application Setup occur when the router is online to the Internet; they will not trigger calls themselves. You can have up to 15 entries of different schedules and you must then apply the required schedule(s) to the appropriate ISP by entering the schedule number into the ISP setup: Click Clear All button to remove all schedules in the router.
  • Page 82 Click Cancel button to give up the current editing-operation and then return back to the Main Setup menu. Add a Call Schedule 1. Click any index, say Index No. 1. The detailed settings of the call schedule with index 1 are shown as follows. 2.
  • Page 83 Enable Specify the connection to be dial-on-demand and the value of idle Dial-On-Demand timeout should be specified as following Idle Timeout field. Disable Specify the connection to be up when it has traffic on the line. Dial-On-Demand Once there is no traffic over idle timeout, the connection will be down and never up again during the schedule.
  • Page 84 1. Make sure the PPPoE connection and Time Setup is working properly. 2. Configure the PPPoE always-on from 9:00 to 18:00 for whole week. 3. Configure the Force Down from 18:00 to next day 9:00 for whole week. 4. Assign these two profiles to the PPPoE Internet access profile. Now, the PPPoE Internet connection will follow the schedule order to perform “Force On”...

  • Page 85: Upnp

    Accordingly, you can enable either the Connection Control Service or Connection Status Service. Click the IP Broadband Connection on DrayTek Router on Windows XP/Network Connections, as shown below. The connection status and control status will be able to be activated. The NAT Traversal of UPnP...
  • Page 86 Application Setup enables the multimedia features of your applications to operate. This has to manually set up port mappings or use other similar methods. The screenshots below show examples of this facility. The UPnP facility on the router enables UPnP aware applications such as MSN Messenger to discover what are behind a NAT router, learn the external IP address and configure port mappings on the router.
  • Page 87 Application Setup The reminder as regards concern about Firewall and UPnP Can't work with Firewall Software Enabling firewall applications on your PC may cause the UPnP function not working properly. This is because these applications will block the accessing ability of some network ports. Security Considerations Activating the UPnP function on your network may incur some security threats.

  • Page 88: Chapter 8. Vpn And Remote Access Setup

    Vigor2200V series Chapter 8 VPN and Remote Access Setup 8.1 Introduction A Virtual Private Network (VPN) is the extension of a private network that encompasses links across shared or public networks like the Internet. A VPN enables you to send data between two computers across a shared or public network in a manner that emulates the properties of a point-to-point private link.

  • Page 89: Settings

    to configure the VPN and remote access functions. 8.2 Settings Click VPN and Remote Access Setup to open the setup page. Remote Access Control PPP General Setup IKE/IPSec General Setup Remote User Profiles (Teleworkers) VPN and Remote Access Setup Allows you to enable each type of VPN service or disable it for VPN pass-through purpose.

  • Page 90: Remote Access Control

    VPN and Remote Access Setup LAN to LAN Profiles 8.2.1 Remote Access Control Assume you have a registered domain name from the DDNS provider, As depicted in the following picture, click the appropriate checkbox to enable the VPN service type that you want to provide. If you intend to run a VPN server inside your LAN, you should disable the appropriate protocol to allow pass-through, as well as the appropriate NAT settings.
  • Page 91 VPN and Remote Access Setup Dial-In PPP Authentication: PAP Only Select this option to force the router to authenticate dial-in users with the PAP protocol. PAP or CHAP Selecting this option means the router will attempt to authenticate dial-in users with the CHAP protocol first. If the dial-in user does not support this protocol, it will fall back to use the PAP protocol for authentication.

  • Page 92: Ike/Ipsec General Setup

    VPN and Remote Access Setup Maximum This option indicates that the router will use the MPPE encryption MPPE scheme with maximum bits (128 bits) to encrypt the data. Mutual Authentication (PAP): The Mutual Authentication function is mainly used to communicate with other routers or clients which need bidirectional authentication in order to provide stronger security.

  • Page 93: Remote User Profiles(Teleworkers)

    VPN and Remote Access Setup IKE Authentication Method : Currently Only support Pre-Shared Key authentication. Pre-Shared Key Specify a key for IKE authentication. Password Confirm the pre-shared key. IPSec Security Method : Medium(AH) Data will be authenticated, but not be encrypted. By default, this option is active.
  • Page 94 VPN and Remote Access Setup server through the built-in RADIUS client function. The following figure shows the Remote User Profile Setup for up to 32 access accounts. Set to Factory Click here to clear all dial-in user accounts. Default User Display the username for the specific dial-in user of the LAN-to-LAN profile.
  • Page 95 VPN and Remote Access Setup User Account and Authentication : Enable this Check this item to activate the individual dial-in user account. account Idle Timeout If the dial-in user is idle over the limitation of the timer, the router will drop this connection. By default, the Idle Timeout is set to 300 seconds.
  • Page 96 VPN and Remote Access Setup PPTP Allow the remote dial-in user to make a PPTP VPN connection through the Internet. IPSec Tunnel Allow the remote dial-in user to trigger a IPSec VPN connection through Internet. L2TP Allow the remote dial-in user to make a L2TP VPN connection through the Internet.
  • Page 97 VPN and Remote Access Setup specific node. IKE Pre-Shared Click it and a window will be automatically poped up for you, as depicted below. Please fill a Pre-shared Key and confirm it for this specific node. IPSec Security Specify the IPSec security method, either authentication or Method encryption algorithm, to determine the security level.

  • Page 98: Common Settings

    VPN and Remote Access Setup more detail. You can create up to 32 LAN-to-LAN profiles. Set to Factory Click here to clear all the LAN-t-LAN profiles. Default Index Click a number to open a detailed setting page for each profile. Name Indicate the name of the LAN-to-LAN profile.
  • Page 99 VPN and Remote Access Setup Profile Name Specify a name for the remote network. Enable this profile Check here to activate this profile Call Direction Specify the call direction for this profile. Both means it can be used for outgoing and incoming access. Dial-Out means it can only be used for outgoing access.
  • Page 100 VPN and Remote Access Setup In the normal condition, when the remote host wants to disconnect its VPN connection to Vigor Router, it should send several specific type of packets to inform the Router. Accordingly, the Vigor Router will drop the designated VPN connection and clear its parameters(e.g.
  • Page 101 VPN and Remote Access Setup Be sure to fill in the Server IP/Host Name for VPN as the destination address. Please see the settings instruction for each options. PPTP or L2TP with Specify Server IP/Host Name for VPN. Specify IPSec Policy (None) Username, Password, PPP Authentication, and VJ Compression.
  • Page 102 VPN and Remote Access Setup Specify the PPP authentication method for PPTP, and L2TP Authentication over IPSec. Normally set to PAP/CHAP for the widest compatibility. VJ Compression VJ Compression is used for TCP/IP protocol header compression. Normally set to Yes to improve bandwidth utilization.
  • Page 103 VPN and Remote Access Setup IKE phase 1 mode: Main mode and Aggressive mode. Most VPN servers support Main mode and Aggressive mode is a more recent implementation to speed up the negotiation process, but may incur less security. The default is Main mode for consideration of greatest compatibility.
  • Page 104 VPN and Remote Access Setup authentication with remote VPN server. Scheduler Specify Dial-In Settings This indicate what types the Router accepts. There are three main options, PPTP, IPSec Tunnel, and L2TP with IPSec Policy (sub-options: None, Nice to Have, and Must). By default, all three options are active. If you only choose some of three, please see the below settings instruction.
  • Page 105 VPN and Remote Access Setup Nice to Have: Apply the IPSec policy first. If it fails, the dial-in VPN connection will be the L2TP connection without employing the IPSec policy. Must: Specify the IPSec policy to be definitely applied on the L2TP connection.
  • Page 106 VPN and Remote Access Setup if you do not activate the “Specify Remote Node” and leave the field of “Peer VPN Server IP or Peer ID” to be empty, the settings of IKE Pre-Shared Key, and IPSec Security Method, will be disabled and, therefore, no IPSec-related VPN connection can be triggered successfully.
  • Page 107 VPN and Remote Access Setup Remote Network Specify the subnet mask of the remote network. Mask More To add a static route when this connection is up, if needed. RIP Direction The option specifies the direction of RIP (Routing Information Protocol) packets.
  • Page 108 VPN and Remote Access Setup 2. Create a LAN-to-LAN profile at Head Office. 8-21...
  • Page 109 VPN and Remote Access Setup 3. Create a LAN-to-LAN profile at Branch Office. 8-22...

  • Page 110: Chapter 9. Voip Setup

    Vigor2200V series Chapter 9 VoIP Setup 9.1 Introduction Voice over IP network (VoIP) enables you to use your broadband Internet connection to make toll quality voice calls over the Internet. There are many different call signaling protocols; methods by which VoIP devices can talk to each other.
  • Page 111 better the voice quality, however the CODEC used must be appropriate for your Internet bandwidth. The VoIP facilities of Vigor2200V/VG series can provide a cost-saving alternative to having an additional fixed-line. By using the ITSP (e.g. DrayTEL, www.draytel.org) you can also make calls to any regular phone line too, including mobiles, as well as receive calls from anyone - the call is carried to your phone via your internet connection so your regular phone line remains free for other people/calls.

  • Page 112: Settings

    traffic over Internet but you just get your data a little slower and it is tolerable for data traffic. 9.2 Settings Click VoIP Setup to open the setup page. DialPlan SIP Related Function CODEC/RTP/DTMF Voice Call Status 9.2.1 DialPlan The Vigor2200V/VG series have one FXS port ( the “Phone” port on the rear panel) to which you connect a conventional (analogue) phone, either corded or wireless (DECT).
  • Page 113 Enable Tick this to enable this entry Phone Number The number you want to dial from your handset to call this contact. This can be any number you choose, using digits 0-9 and* Display Name This field contains a name or a number which easily let you identify the person who you wan to call.
  • Page 114 Enter the SIP address of your contact (e.g. 393910@draytel.org) Loop Through The Vigor2200V/VG series have a “Line” port on the rear panel for connecting to a PSTN (regular analogue) line. The Loop Through option can be used to set an alternate telephone number for your contact on the PSTN, which the Vigor2200V/VG series will dial instead of the SIP account if you lose broadband access or power to the Vigor2200V/VG series.
  • Page 115 Backup Phone Number: The alternate PSTN number to dial if “PSTN” is set in Loop Through entry. Example 2 If Kelly gives you her SIP URL as sip:kelly@203.69.175.19 and PSTN number is 5972727 then you can enter the DialPlan as: Phone Number: Display Name: SIP URL:...

  • Page 116: Sip Related Function

    To manually dial the backup number via PSTN enter “#0” on your telephone handset, and then dial a PSTN phone number. If you are worried that the automatic loop through might over charge your PSTN phone number, we recommend you not to enter your PSTN phone number into the “Backup Phone Number”...
  • Page 117 SIP Port The port number used to send/receive SIP message for building a session. The default value is 5060 and this must match with the peer Registrar when making VoIP calls. Registrar Enter the domain name (or IP address) of your registered SIP Registrar server.

  • Page 118: Codec/Rtp/Dtmf

    Use Registrar With the Registrar domain entered above, check this box to let the Vigor2200V/VG use the SIP Registrar. Display Name This field contains a name or a number which easily let you identify the person who you wan to call. It can also be the name for SIP display. Account Name Enter your SIP username (the first part of your SIP address before the @ sign)
  • Page 119 Default Codec Select one of five CODECs as the default for your VoIP calls. The CODEC used for each call will be negotiate with the peer party before each session, and so many not be your default choice. The default CODEC is G.729A/B;...
  • Page 120 digital form it receives. This function is very useful when network traffic congestion occurs to maintain the accuracy of DTMF tones. DTMF Payload Type The default value is 101, but can be anything from 96 to 127. SIP Info Enable this option to let the SIP proxy send DTMF tones to the dialed peer.

  • Page 121: Calling Scenario

    Peer-to-Peer Calling example Arnor and Paulin each have a Vigor2500V router, here are their settings in order to call each other. Arnor’s IP address: 214.61.172.53 Paulin’s IP address: 203.69.175.24 A. Arnor’s settings A-1. DialPlan index 1 Phone Number: 1234 (any number you like) Name: paulin IP Address / Domain: 203.69.175.24 A-2.
  • Page 122 Calling via SIP Sever Below are the settings for John and David to call each other using their DrayTEL registered SIP accounts, as neither Vigor user have a fixed public IP address. John’s SIP url: john@draytel.org David’s SIP url: david@draytel.org A.

  • Page 123: Voice Call Status

    9.2.4 Voice Call Status On VoIP call status, you can find the registered registrar, codec, connection and other important call status. Because Vigor2200V/VG only has one VoIP port for regular analogue phone set, there is only one VoIP channel. Channel Volume To adjust the volume of your VoIP calls.
  • Page 124 ACTIVE Indicates that the VoIP connection is launched. CODEC The voice CODEC employed by present channel. PeerID The present in-call or out-call peer ID (the format may be IP or Domain). Connect Time The format is represented as seconds. Tx Pkts Total number of transmitted voice packets during this connection session.

  • Page 125: Qos

    VoIP Setup View Log To show the logs of VoIP calls as below. Also on System Status, you can find the registered registrar and Codec. for Inbound calls and Outbound calls. The said status easily let you check whether your registration of SIP server is successful or not. 9.2.5 QoS Enter upstream speed to let Vigor2200V/VG assure high priority for VoIP call.

  • Page 126: Chapter 10. Wireless Setup

    Vigor2200V series Chapter 10 Wireless Setup 10.1 Introduction Over recent years, the market for wireless communications has enjoyed tremendous growth. Wireless technology now reaches or is capable of reaching virtually every location on the face of the earth. Hundreds of millions of people exchange information every day using wireless communication products.

  • Page 127: Settings

    VPN and Remote Access Setup well as Internet and WAN access. 10.2 Settings Click Wireless Setup to open the setup page. 10.2.1 General Settings Enable Wireless LAN Check the box to enable wireless function. 10-2...
  • Page 128 Set the wireless LAN to work at some time interval only. SSID and Channel The default SSID is "default". We suggest you change it to a particular name. In this case, SSID was changed to “DrayTek”. SSID It is used to name the wireless LAN, and must have the same content in client PC/notebook wireless card(s).
  • Page 129 Default keys are shared between the Vigor wireless router and WEP station in a service set. Once a station has obtained the default keys for its service set, it may communicate using WEP.
  • Page 130 VPN and Remote Access Setup in WEP Key. WEP or Accepts WEP and WPA clients simultaneously and the encryption WPA/PSK key should be entered in WEP Key and PSK respectively. WPA/PSK Accepts only WPA clients and the encryption key should be entered in PSK.

  • Page 131: Access Control

    VPN and Remote Access Setup 10.2.3 Access Control For additional security of wireless access, the Access Control facility allows you to restrict the network access right by controlling the wireless LAN MAC address of client. Only the valid MAC address which has been configured can access the wireless LAN interface.

  • Page 132: Station List

    VPN and Remote Access Setup Remove Delete the selected MAC address in the list. Edit Edit the selected MAC address in the list. Cancel Give up the access control set up. Clean All Clean all entries in the MAC address list. Click it to save the access control list.

  • Page 133: Chapter 11. System Maintenance Setup

    Vigor2200V series Chapter 11 System Maintenance Setup 11.1 Introduction The System Status provides basic network settings of Vigor router It includes LAN and WAN interface information. Also, you could get the current running firmware version or firmware related information from this presentation.

  • Page 134: Settings

    11.2 Settings Click System Maintenance Setup to open the setup page. System Status Administrator Password Configuration Backup SysLog/Mail Alert Time Setup Management Setup Reboot System Firmware upgrade(TFTP) 11.2.1 System Status In System Status, you will see the result shown on the right frame. System Maintenance Setup Pre-settings of up to 60 SIP addresses of VoIP contacts.

  • Page 135: Configuration Backup

    System Maintenance Setup In order to let you know the settings result, we design the Status bar on Set-up Menu. You can find the “Ready” indicates that you can enter settings. “Settings Saved” means your settings are saved once you click “Finish”...
  • Page 136 System Maintenance Setup Click Backup button to get configurations. 3. Click OK button to save configuration as a file. The default filename is config.cfg. You could give it another name by yourself. 11-4...

  • Page 137: Management

    System Maintenance Setup 4. Click Save button, the configuration will download automatically to your computer as a file named config.cfg. The above example is using Windows platform for demonstrating examples. The Mac or Linux platform will appear different windows, but the backup function is still available. Restore the Configuration with a Configuration File 1.

  • Page 138: Access List

    System Maintenance Setup Management Setup The port number used to send/receive SIP message for building a session. The default value is 5060 and this must match with the peer Registrar when making VoIP calls. Enable remote firmware update Allow management from the Internet Disable PING from the Internet...

  • Page 139: Reboot System

    System Maintenance Setup Management Port Setup Default Ports User Defined Ports Enable SNMP Agent Get Community Set Community Manager Host IP Trap Community Notification Host IP Reboot System The Web Configurator may be used to restart your router. Click Reboot System in the main menu to open the following page.
  • Page 140 Note that this example is running over Windows OS (Operating System). 1. Download the newest firmware from DrayTek's web site or FTP site. The DrayTek web site is and FTP site is ftp.draytek.com 2.

  • Page 141: Pppoe/Pptp Diagnostics

    12.1 Introduction Diagnostic Tools provide a useful way to view or diagnose the status of you Vigor router. 12.2 Settings Click Diagnostics to open the setup page. 12.2.1 PPPoE/PPTP Diagnostics Chapter 12 Diagnostics Setup 12-1 Vigor2200V series...

  • Page 142: Arp Cache Table

    Refresh To obtain the latest information, click here to reload the page. Broadband Access Display the broadband access mode and status. If the Mode/Status broadband connection is active, it will show PPPoE, PPTP, Static IP, or DHCP Client depending on which access mode is enabled.
  • Page 143 Diagnostic Setup 12.2.3 DHCP Assigned IP Address The facility of View DHCP Assigned IP Addresses provides information on IP address assignments. This information is helpful in diagnosing network problems, such as IP address conflicts, etc. 12-3...

This manual is also suitable for:

Vigor 2200v

Table of Contents