Draytek Vigor2955 User Manual
  1. Manuals
  2. Brands
  3. Draytek Manuals
  4. Network Router
  5. Vigor2955
  6. User manual
Draytek Vigor2955 User Manual

Draytek Vigor2955 User Manual

Dual wan ssl vpn appliance
Hide thumbs Also See for Vigor2955:
Table of Contents

Advertisement

Quick Links

Download this manual

Advertisement

Table of Contents
loading

Related Manuals for Draytek Vigor2955

Summary of Contents for Draytek Vigor2955

  • Page 2 Vigor2955 User’s Guide...
  • Page 3 Vigor 2955 Dual-WAN SSL VPN Appliance User’s Guide Version: 1.0 Date: 30/10/2009 Vigor2955 User’s Guide...

  • Page 4: Copyright Information

    Web registration is preferred. You can register your Vigor router via Owner http://www.draytek.com. Firmware & Tools Due to the continuous evolution of DrayTek technology, all routers will be Updates regularly upgraded. Please consult the DrayTek web site for more information on newest firmware, tools and documents.

  • Page 5: Regulatory Information

    No. 26, Fu Shing Road, HuKou Township, HsinChu Industrial Park, Hsin-Chu, Taiwan 303 Product: Vigor2955 Series Router DrayTek Corp. declares that Vigor2955 is in compliance with the following essential requirements and other relevant provisions of R&TTE Directive 1999/5/EEC. The product conforms to the requirements of Electro-Magnetic Compatibility (EMC) Directive 2004/108/EC by complying with the requirements set forth in EN55022/Class A and EN55024/Class A.
  • Page 6 Vigor2955 User’s Guide...

  • Page 7: Table Of Contents

    3.3.1 Port Redirection ......................45 3.3.2 DMZ Host........................47 3.3.3 Open Ports........................51 3.3.4 Address Mapping......................52 3.4 Firewall ..........................54 3.4.1 Basics for Firewall......................54 3.4.2 General Setup......................... 56 3.4.3 Filter Setup ........................57 3.4.4 DoS Defense ........................62 Vigor2955 User’s Guide...
  • Page 8 3.11.5 Online User Status...................... 151 3.12 System Maintenance......................152 3.12.1 System Status......................152 3.12.2 TR-069 Setting......................153 3.12.3 Administrator Password....................155 3.12.4 Configuration Backup ....................155 3.12.5 Syslog/Mail Alert ......................157 3.12.6 Time and Date ......................159 3.12.7 Management....................... 160 Vigor2955 User’s Guide viii...
  • Page 9 5.2 Checking If the Network Connection Settings on Your Computer Is OK or Not ....204 5.3 Pinging the Router from Your Computer ................206 5.4 Checking If the ISP Settings are OK or Not ................ 208 5.5 Backing to Factory Default Setting If Necessary ..............210 5.6 Contacting Your Dealer ......................211 Vigor2955 User’s Guide...
  • Page 10 Vigor2955 User’s Guide...

  • Page 11: Preface

    Add new settings for specified item. Edit the settings for the selected item. Delete the selected item with the corresponding settings. Note: For the other buttons shown on the web pages, please refer to Chapter 4 for detailed explanation. Vigor2955 User’s Guide...

  • Page 12: Led Indicators And Connectors

    Then the router will restart with the factory default configuration. WAN(1/2) Connecter for remote networked devices. LAN/Monitor Connecter for local networked devices. LAN (1-4) Connecter for local networked devices. Connecter for USB device (e.g., printer). Vigor2955 User’s Guide...

  • Page 13: Hardware Installation

    WAN port of router with Ethernet cable (RJ-45). The WAN1/WAN2 LED (Left or Right) will light up according to the network card feature (100 or 10) of the device that it connected. (For the detailed information of LED status, please refer to section 1.1.) Vigor2955 User’s Guide...

  • Page 14: Printer Installation

    You can install a printer onto the router for sharing printing. All the PCs connected this router can print documents via the router. The example provided here is made based on Windows XP/2000/Vista. For Windows 98/SE, please visit www.draytek.com. Before using it, please follow the steps below to configure settings for connected computers.
  • Page 15 Open File->Add a New Computer. A welcome dialog will appear. Please click Next. Click Local printer attached to this computer and click Next. In this dialog, choose Create a new port Type of port and use the drop down list to select Standard TCP/IP Port. Click Next. Vigor2955 User’s Guide...
  • Page 16 In the following dialog, type 192.168.1.1 (router’s LAN IP) in the field of Printer Name or IP Address and type IP_192.168.1.1 as the port name. Then, click Next. Click Standard and choose Generic Network Card. Then, in the following dialog, click Finish. Vigor2955 User’s Guide...
  • Page 17 11. Select "LPR" on Protocol, type p1 (number 1) as Queue Name. Then click OK. Next please refer to the red rectangle for choosing the correct protocol and UPR name. 12. The printer can be used for printing now. Most of the printers with different manufacturers are compatible with vigor router. Vigor2955 User’s Guide...
  • Page 18 If you do not know whether your printer is supported or not, please visit www.draytek.com to find out the printer list. Open Support >FAQ; find out the link of Printer Server and click it; then click the What types of printers are compatible with Vigor router? link.

  • Page 19: Configuring Basic Settings

    Open a web browser on your PC and type http://192.168.1.1. A pop-up window will open to ask for username and password. Please type “admin” as the username and leave blank for the password on the window. Next click OK for next screen. Vigor2955 User’s Guide...
  • Page 20 New Password and retype it on the field of Confirm Password. Then click OK to continue. Now, the password has been changed. Next time, use the new password to access the Web Configurator for this router. Vigor2955 User’s Guide...

  • Page 21: Quick Start Wizard

    On the next page as shown below, please select the appropriate Internet access type according to the information from your ISP. For example, you should select PPPoE mode if the ISP provides you PPPoE interface. Then click Next for next step. Vigor2955 User’s Guide...

  • Page 22: Pppoe

    If your ISP provides you the PPPoE connection, please select PPPoE for this router. The following page will be shown: User Name Assign a specific valid user name provided by the ISP. Password Assign a valid password provided by the ISP. Vigor2955 User’s Guide...
  • Page 23 Confirm Password Retype the password to confirm it. Click Next for viewing summary of such connection. Click Finish. A page of Quick Start Wizard Setup OK!!! will appear. Then, the system status of this protocol will be shown. Vigor2955 User’s Guide...

  • Page 24: Pptp

    Click PPTP as the protocol. Type in all the information that your ISP provides for this protocol. Click Next for viewing summary of such connection. Click Finish. A page of Quick Start Wizard Setup OK!!! will appear. Then, the system status of this protocol will be shown. Vigor2955 User’s Guide...

  • Page 25: L2Tp

    Click L2TP as the protocol. Type in all the information that your ISP provides for this protocol. After finishing the settings in this page, click Next to see the following page. Vigor2955 User’s Guide...

  • Page 26: Static Ip

    After finishing the settings in this page, click Next to see the following page. Click Finish. A page of Quick Start Wizard Setup OK!!! will appear. Then, the system status of this protocol will be shown. Vigor2955 User’s Guide...

  • Page 27: Dhcp

    After finishing the settings in this page, click Next to see the following page. Click Finish. A page of Quick Start Wizard Setup OK!!! will appear. Then, the system status of this protocol will be shown. Vigor2955 User’s Guide...

  • Page 28: Online Status

    If you select PPPoE/PPTP as the protocol, you will find out a link of Dial PPPoE or Drop PPPoE in the Online Status web page. Online status for PPPoE Online status for PPTP (for WAN2) Online status for Static IP (for WAN1) Vigor2955 User’s Guide...
  • Page 29 Note: The words in green mean that the WAN connection of that interface (WAN1/WAN2) is ready for accessing Internet; the words in red mean that the WAN connection of that interface (WAN1/WAN2) is not ready for accessing Internet. Vigor2955 User’s Guide...

  • Page 30: Saving Configuration

    Each time you click OK on the web page for saving the configuration, you can find messages showing the system interaction with you. Ready indicates the system is ready for you to input settings. Settings Saved means your settings are saved once you click Finish or OK button. Vigor2955 User’s Guide...

  • Page 31: Advanced Web Configuration

    Then a session will be created. Your user ID and password is authenticated via PAP or CHAP with RADIUS authentication system. And your IP address, DNS server, and other related information will usually be assigned by your ISP. Vigor2955 User’s Guide...

  • Page 32: General Setup

    Modem to the USB port of Vigor2955, it can support HSDPA/UMTS/EDGE/GPRS/GSM and the future 3G standard (HSUPA, etc). Vigor2955 with 3G USB Modem allows you to receive 3G signals at any place such as your car or certain location holding outdoor activity and share the bandwidth for using by more people.
  • Page 33 To use 3G network connection through 3G USB Modem, choose 3G USB Modem as the physical mode in WAN2. Next, go to WAN>> Internet Access. 3G USB Modem is available for WAN2. You can enable PPP as the access mode and complete further configuration. Vigor2955 User’s Guide...
  • Page 34 15 seconds. WAN1 Download speed exceed XX kbps– It means the connection for WAN2 will be activated when WAN1 Download speed exceed certain value that you set in this box for 15 seconds. Vigor2955 User’s Guide...

  • Page 35: Internet Access

    There are three access modes provided for PPPoE, Static or Dynamic IP and PPTP/L2TP. Details Page This button will open different web page according to the access mode that you choose in WAN1 or WAN2. Vigor2955 User’s Guide...
  • Page 36 PPP/MP Setup PPP Authentication – Select PAP only or PAP or CHAP for PPP. Idle Timeout – Set the timeout for breaking down the Internet after passing through the time without any action. This setting is Vigor2955 User’s Guide...
  • Page 37 Cable service provider will offer a fixed public IP, while a DSL service provider will offer a public subnet. If you have a public subnet, you could assign an IP address or many IP address to the WAN interface. Vigor2955 User’s Guide...
  • Page 38 Mean maximum transmission unit of one packet. The default value is 1442. RIP Protocol Routing Information Protocol is abbreviated as RIP(RFC1058) specifying how routers exchange routing tables information. Click Enable RIP for activating this function. Vigor2955 User’s Guide...
  • Page 39 Static IP mode. If necessary, type in secondary IP address for necessity in the future. To use PPTP/L2TP as the accessing protocol of the internet, please choose Internet Access from WAN menu. Then, select PPTP/L2TP mode for WAN2/WAN2. The following web page will be shown. Vigor2955 User’s Guide...
  • Page 40 Click Yes to use this function and type in a fixed IP address in the box. Fixed IP Address -Type a fixed IP address. WAN IP Alias - If you have multiple public IP addresses and would like to utilize them on the WAN interface, please use WAN Vigor2955 User’s Guide...
  • Page 41 Subnet Mask – Type the subnet mask. Such mode is active only 3G USB Modem was chosen as the physical mode in General Setup. To use PPTP as the accessing protocol of the Internet, select PPTP mode. The following web page will appear. Vigor2955 User’s Guide...

  • Page 42: Load-Balance Policy

    WAN2 interface. The user can assign traffic category and force it to go to dedicate network interface based on the following web page setup. Twenty policies of load-balance are supported by this router. Note: Load-Balance Policy is running only when both WAN1 and WAN2 are activated. Vigor2955 User’s Guide...
  • Page 43 Display the IP address for the end of the destination port. Move UP/Move Down Use Up or Down link to move the order of the policy. Click Index 1 to access into the following page for configuring load-balance policy. Vigor2955 User’s Guide...
  • Page 44 Type the destination port start for the destination IP. Dest Port End Type the destination port end for the destination IP. If this field is blank, it means that all the destination ports will be passed through the WAN interface. Vigor2955 User’s Guide...

  • Page 45: Lan

    IP address. As a part of the public subnet, the Vigor router will serve for IP routing to help hosts in the public subnet to communicate with other public hosts or servers outside. Therefore, the router should be set as the gateway for public hosts. Vigor2955 User’s Guide...
  • Page 46 RIP. You can group local hosts by physical ports and create up to 4 virtual LANs. To manage the communication between different groups, please set up rules in Virtual LAN (VLAN) function and the rate of each. Vigor2955 User’s Guide...

  • Page 47: General Setup

    Type in secondary IP address for connecting to a subnet. (Default: 192.168.2.1/ 24) Subnet Mask An address code that determines the size of the network. (Default: 255.255.255.0/ 24) DHCP Server You can configure the router to serve as a DHCP server for the 2nd subnet. Vigor2955 User’s Guide...
  • Page 48 DHCP server to assign IP addresses to. The default is 50 and the maximum is 253. Gateway IP Address - Enter a value of the gateway IP address for the DHCP server. The value is usually as same as the 1st IP address Vigor2955 User’s Guide...

  • Page 49: Static Route

    There are two common scenarios of LAN settings that stated in Chapter 4. For the configuration examples, please refer to that chapter to get more information for your necessity. Go to LAN to open setting page and choose Static Route. Vigor2955 User’s Guide...
  • Page 50 Before setting Static Route, user A cannot talk to user B for Router A can only forward recognized packets to its default gateway Main Router. Go to LAN page and click General Setup, select 1st Subnet as the RIP Protocol Control. Then click the OK button. Vigor2955 User’s Guide...
  • Page 51 Return to Static Route Setup page. Click on another Index Number to add another static route as show below, which regulates all packets destined to 211.100.88.0 will be forwarded to 192.168.1.3. Go to Diagnostics and choose Routing Table to verify current routing table. Vigor2955 User’s Guide...

  • Page 52: Vlan

    When this function is enabled, all the assigned IP and MAC address binding together cannot be changed. If you modified the binding IP or MAC address, it might cause you not access into the Internet. Click LAN and click Bind IP to MAC to open the setup page. Vigor2955 User’s Guide...
  • Page 53 It allows you to edit and modify the selected IP address and MAC address that you create before. Delete You can remove any item listed in IP Bind List. Simply click and select the one, and click Delete. The selected item will be removed from the IP Bind List. Vigor2955 User’s Guide...

  • Page 54: Nat

    192.168.1.0/24 subnet for the router. As stated before, the NAT facility can map one or more IP addresses and/or service ports into different specified services. In other words, the NAT function can be achieved by using port mapping methods. Below shows the menu items for NAT. Vigor2955 User’s Guide...

  • Page 55: Port Redirection

    To use this function, please go to NAT page and choose Port Redirection web page. The Port Redirection Table provides 20 port-mapping entries for the internal hosts. Press any number under Index to access into next page for configuring port redirection. Vigor2955 User’s Guide...
  • Page 56 80 to avoid conflict, such as 8080. This can be set in the System Maintenance >>Management Setup. You then will access the admin screen of by suffixing the IP address with 8080, e.g., http://192.168.1.1:8080 instead of port 80. Vigor2955 User’s Guide...

  • Page 57: Dmz Host

    Netmeeting or Internet Games etc. The inherent security properties of NAT are somewhat bypassed if you set up DMZ host. We suggest you to add additional filter rules or a secondary firewall. Click DMZ Host to open the following page: Vigor2955 User’s Guide...
  • Page 58 LAN network. Select one private IP address in the list to be the DMZ host. When you have selected one private IP from the above dialog, the IP address will be shown on the following screen. Click OK to Vigor2955 User’s Guide...
  • Page 59 LAN network. Select one private IP address in the list to be the DMZ host. When you have selected one private IP from the above dialog, the IP address will be shown on the following screen. Click OK to Vigor2955 User’s Guide...
  • Page 60 Note: If you previously have set up WAN Alias in Internet Access>>PPPoE/Static IP/PPTP, you will find them in Aux. WAN IP list for your selection. Vigor2955 User’s Guide...

  • Page 61: Open Ports

    Inactive or Active state. To add or edit port settings, click one index number on the page. The index entry setup page will pop up. In each index entry, you can specify 10 port ranges for diverse services. Vigor2955 User’s Guide...

  • Page 62: Address Mapping

    IP 192.168.1.10 can use 86.123.123.2 as source IP when it sends packet out to Internet. You can use address mapping function to achieve this demand. Simply type 192.168.1.10 as the Private IP; and type 86.123.123.2 as the WAN IP. Vigor2955 User’s Guide...
  • Page 63 Specify the WAN interface that will be used for this entry. WAN IP Select an IP address (the selections provided here are set in IP Alias List of Network >>WAN interface). Local host can use this IP to connect to Internet. Vigor2955 User’s Guide...

  • Page 64: Firewall

    It will check packets according to the filter rules. If legal, the packet will pass the router. The following illustrations are flow charts explaining how router will treat incoming traffic and outgoing traffic respectively. Vigor2955 User’s Guide...
  • Page 65 Vigor router will activate its defense mechanism to mitigate in a real-time manner. The below shows the attack types that DoS/DDoS defense function can detect: 1. SYN flood attack 9. SYN fragment Vigor2955 User’s Guide...

  • Page 66: General Setup

    Syslog For troubleshooting needs you can specify the filter log and/or CSM log here by checking the box. The log will be displayed on Draytek Syslog window. APP Enforcement Select one of the APP Enforcement Profile settings (created in CSM>>...

  • Page 67: Filter Setup

    Active Enable or disable the filter rule. Comment Enter filter set comments/description. Maximum length is 23–character long. Move Up/Down Use Up or Down link to move the order of the filter rules. Vigor2955 User’s Guide...
  • Page 68 Data Filter only. For the Call Filter, this setting is not available since Call Filter is only applied to outgoing traffic. Source/Destination IP Click Edit to access into the following dialog to choose the source/destination IP or IP ranges. Vigor2955 User’s Guide...
  • Page 69 To set the service type manually, please choose User defined as the Service Type and type them in this dialog. In addition, if you want to use the service type from defined groups or objects, please Vigor2955 User’s Guide...
  • Page 70 SysLog For troubleshooting needs you can specify the filter log and/or CSM log here. Check the corresponding box to enable the log function. Then, the filter log and/or CSM log will be shown on Draytek Syslog window. Vigor2955 User’s Guide...
  • Page 71 Each filter set is composed by 7 filter rules, which can be further defined. After that, in General Setup you may specify one set for call filter and one set for data filter to execute first. Vigor2955 User’s Guide...

  • Page 72: Dos Defense

    Port Scan attacks the Vigor router by sending lots of packets to detection many ports in an attempt to find ignorant services would respond. Check the box to activate the Port Scan detection. Whenever detecting this malicious exploration behavior by monitoring the Vigor2955 User’s Guide...
  • Page 73 ICMP packets with more fragment bit set are dropped. Check the box to enforce the Vigor router to defense the Land Block Land attacks. The Land attack combines the SYN attack technology with IP spoofing. A Land attack occurs when an attacker sends spoofed Vigor2955 User’s Guide...
  • Page 74 All the warning messages related to DoS defense will be sent to user and user can review it through Syslog daemon. Look for the keyword DoS in the message, followed by a name to indicate what kind of attacks is detected. Vigor2955 User’s Guide...

  • Page 75: Objects Settings

    IPs in the same department can be defined with an IP object (a range of IP address). You can set up to 192 sets of IP Objects with different conditions. Set to Factory Default Clear all profiles. Click the number under Index column for settings in detail. Vigor2955 User’s Guide...
  • Page 76 Type the subnet mask if the Subnet Address type is selected. Invert Select If it is checked, all the IP addresses except the ones listed above will be applied later while it is chosen. Below is an example of IP objects settings. Vigor2955 User’s Guide...

  • Page 77: Ip Group

    Available IP Objects All the available IP objects with the specified interface chosen above will be shown in this box. Selected IP Objects Click >> button to add the selected IP objects in this box. Vigor2955 User’s Guide...

  • Page 78: Service Type Object

    The filter rule will filter out any port number. (=) – when the first and last value are the same, it indicates one port; when the first and last values are different, it indicates a range for the port and available for this profile. Vigor2955 User’s Guide...

  • Page 79: Service Type Group

    Below is an example of service type objects settings. This page allows you to bind several service types into one group. Set to Factory Default Clear all profiles. Click the number under Index column for settings in detail. Vigor2955 User’s Guide...

  • Page 80: Im Object

    (es) and then click OK. Later, in the CSM>>IM/P2P Filter Profile page, you can use IM Object drop down list to choose the proper profile configured here as the standard for the host(s) to follow. Vigor2955 User’s Guide...
  • Page 81 Profile Name Type a name for this profile. Type a name for such profile and check all the items that not allowed to be used in the host. Finally, click OK to save this profile. Vigor2955 User’s Guide...

  • Page 82: P2P Object

    (es) and then click OK. Later, in the CSM>>APP Enforcement Profile page, you can use P2P Object drop down list to choose the proper profile configured here as the standard for the host(s) to follow. Profile Name Type a name for this profile. Vigor2955 User’s Guide...

  • Page 83: Protocol Object

    Profile Name Type a name for this profile. Type a name for such profile and check all the protocols that not allowed to be used in the host. Finally, click OK to save this profile. Vigor2955 User’s Guide...

  • Page 84: Misc Object

    Simple check the box (es) and then click OK. Later, in the CSM>>IM/P2P Filter Profile page, you can use Misc Object drop down list to choose the proper profile configured here as the standard for the host(s) to follow. Vigor2955 User’s Guide...

  • Page 85: Csm

    At office, URL Content Filter can also provide a job-related only environment hence to increase the employee work efficiency. How can URL Content Filter work better than traditional firewall in the field of filtering? Because it Vigor2955 User’s Guide...

  • Page 86: App Enforcement Profile

    Note: The priority of URL Content Filter is higher than Web Content Filter. You can define policy profiles for different policy of IM (Instant Messenger)/P2P (Peer to Peer) application. Such profile will be used in Firewall>>General Setup and Firewall>>Filter Setup pages. Vigor2955 User’s Guide...
  • Page 87 Type a name for the CSM profile. Each profile can contain three objects settings, IM Object, P2P Object and Misc Object. Such profile can be applied in the Firewall>>General Setup and Firewall>>Filter Setup pages as the standard for the host(s) to follow. Vigor2955 User’s Guide...

  • Page 88: Url Content Filter Profile

    Vigor router perform. Prevent web access Check the box to deny any web surfing activity using IP address, from IP address such as http://202.6.3.2. The reason for this is to prevent someone dodges the URL Access Control. Vigor2955 User’s Guide...
  • Page 89 URL Access Control. To enable an entry, click on the empty checkbox, named as ACT, in front of the appropriate entry. Time Schedule Specify what time should perform the URL content filtering facility. Vigor2955 User’s Guide...

  • Page 90: Web Content Filter Profile

    Web surfing because each of multiple load balanced database servers can handle millions of requests for categorization. Click CSM and click Web Content Filter Profile to open the profile setting page. For this section, please refer to Web Content Filter user’s guide. Vigor2955 User’s Guide...

  • Page 91: Bandwidth Management

    Defines the default session number used for each computer in LAN. Limitation List Display a list of specific limitations that you set on this web page. Start IP Defines the start IP address for limit session. End IP Defines the end IP address for limit session. Vigor2955 User’s Guide...

  • Page 92: Bandwidth Limit

    Click this button to activate the function of limit bandwidth. Subnet – Check this box to apply the Apply to 2 bandwidth limit to the second subnet specified in LAN>>General Setup. Disable Click this button to close the function of limit bandwidth. Vigor2955 User’s Guide...

  • Page 93: Quality Of Service

    One reason for QoS is that numerous TCP-based applications tend to continually increase their transmission rate and consume all available bandwidth, which is called TCP slow start. If other applications are not protected by QoS, it will detract much from their performance in Vigor2955 User’s Guide...
  • Page 94 SLA among different DS domain owners. It’s not easy to achieve deterministic and consistent high-priority QoS traffic throughout the whole network with merely Vigor router’s effort. In the Bandwidth Management menu, click Quality of Service to open the web page. Vigor2955 User’s Guide...
  • Page 95 The factory default for this setting is checked. Please also define which traffic the QoS Control settings will apply to. IN- apply to incoming traffic only. OUT-apply to outgoing traffic only. BOTH- apply to both incoming and outgoing traffic. Vigor2955 User’s Guide...
  • Page 96 Setup link from Quality of Service page again. The first three (Class 1 to Class 3) class rules can be adjusted for your necessity. To add, edit or delete the class rule, please click the Edit link of that one. Vigor2955 User’s Guide...
  • Page 97 Check this box to invoke these settings. Local Address Click the Edit button to set the local IP address (on LAN) for the rule. Remote Address Click the Edit button to set the remote IP address (on LAN/WAN) for the rule. Vigor2955 User’s Guide...
  • Page 98 Edit to open the rule edit page for modification. To add a new service type, edit or delete an existed service type, please click the Edit link under Service Type field. Vigor2955 User’s Guide...
  • Page 99 Range as the type. By the way, you can set up to 40 service types. If you want to edit/delete an existed service type, please select the radio button of that one and click Edit/Edit for modification. Vigor2955 User’s Guide...

  • Page 100: Applications

    Click the number below Index to access into the setting page of DDNS setup to set account(s). WAN Interface Display current WAN interface used for accessing Internet. Domain Name Display the domain name that you set on the setting page of DDNS setup. Vigor2955 User’s Guide...
  • Page 101 Delete a Dynamic DNS Account In the DDNS setup menu, click the Index number you want to delete and then push Clear All button to delete the account. Vigor2955 User’s Guide...

  • Page 102: Schedule

    Remote Access >> LAN-to-LAN settings. To add a schedule, please click any index, say Index No. 1. The detailed settings of the call schedule with index 1 are shown below. Enable Schedule Setup Check to enable the schedule. Vigor2955 User’s Guide...
  • Page 103 Assign these two profiles to the PPPoE Internet access profile. Now, the PPPoE Internet connection will follow the schedule order to perform Force On or Force Down action according to the time plan that has been pre-defined in the schedule profiles. Vigor2955 User’s Guide...

  • Page 104: Radius/Ldap

    The RADIUS server and client share a secret that is used to authenticate the messages sent between them. Both sides must be configured to use the same shared secret. Confirm Shared Secret Re-type the Shared Secret for confirmation. Vigor2955 User’s Guide...

  • Page 105: Upnp

    The NAT Traversal of UPnP enables the multimedia features of your applications to operate. This has to manually set up port mappings or use other similar methods. The screenshots below show examples of this facility. Vigor2955 User’s Guide...

  • Page 106: Wake On Lan

    PC on this web page of Wake on LAN of this router. In addition, such PC must have installed a network card supporting WOL function. By the way, WOL function must be set as “Enable” on the BIOS setting. Vigor2955 User’s Guide...
  • Page 107 MAC Address Type any one of the MAC address of the binded PCs. Wake Up Click this button to wake up the selected IP. See the following figure. The result will be shown on the box. Vigor2955 User’s Guide...

  • Page 108: Vpn And Remote Access

    Route Mode/NAT Mode – If the remote network only allows you to dial in with single IP, please choose this mode, otherwise please choose Route Mode. Please choose a There are 32 VPN profiles for users to set. Vigor2955 User’s Guide...
  • Page 109 Different type will lead to different configuration page. After making the choices for the client profile, please click Next. You will see different configurations based on the selection(s) you made. When you choose PPTP (None Encryption) or PPTP (Encryption), you will see the following graphic: Vigor2955 User’s Guide...
  • Page 110 When you choose IPSec, you will see the following graphic: When you choose L2TP, you will see the following graphic: Vigor2955 User’s Guide...
  • Page 111 When you choose L2TP over IPSec (Nice to Have), you will see the following graphic: When you choose L2TP over IPSec (Must), you will see the following graphic: Vigor2955 User’s Guide...
  • Page 112 Always On Check to enable router always keep VPN connection. Pre-Shared Key IKE Authentication Method usually applies to those are remote dial-in user or node (LAN to LAN) which uses dynamic IP address and IPSec-related VPN connections Vigor2955 User’s Guide...
  • Page 113 After finishing the configuration, please click Next. The confirmation page will be shown as follows. If there is no problem, you can click one of the radio buttons listed on the page and click Finish to execute the next action. Vigor2955 User’s Guide...

  • Page 114: Vpn Server Wizard

    Such wizard is used to configure VPN settings for VPN server. Such wizard will guide to set the LAN-to-LAN profile for VPN dial in connection (from client to server) step by step. Choose the direction for the VPN server. VPN Server Mode Vigor2955 User’s Guide...
  • Page 115 This item is available after you choose any one of dial-in user account profiles. Next, you have to select suitable dial-in type for the VPN server profile. There are six types provided here (similar to VPN Client Wizard). Different Dial-in Type will lead to different configuration Vigor2955 User’s Guide...
  • Page 116 L2TP with Policy (Nice to Have/Must), you will see the following graphic: When you check PPTP/L2TP (two types) or PPTP or L2TP with Policy (None), you will see the following graphic: When you check IPSec, you will see the following graphic: Vigor2955 User’s Guide...
  • Page 117 Certificate. Otherwise, the setting you choose here will not be effective. Peer IP/VPN Client IP Type the WAN IP address or VPN client IP address for the remote client. Peer ID Type the ID name for the remote client. Vigor2955 User’s Guide...

  • Page 118: Remote Access Control

    Enable the necessary VPN service as you need. If you intend to run a VPN server inside your LAN, you should disable the VPN service of Vigor Router to allow VPN tunnel pass through, as well as the appropriate NAT settings, such as DMZ or open port. Vigor2955 User’s Guide...

  • Page 119: Ppp General Setup

    Otherwise, the MPPE encryption scheme will be used to encrypt the data. Require MPPE (40/128bits) - Selecting this option will force the router to encrypt packets by using the MPPE encryption algorithm. In addition, the remote dial-in user will Vigor2955 User’s Guide...

  • Page 120: Ipsec General Setup

    On the receiving side, the peer will perform the same one-way hash on the packet and compare the value with the one in the AH it receives. Encapsulating Security Payload (ESP) is a security protocol that provides data confidentiality and protection with optional authentication and replay detection service. Vigor2955 User’s Guide...

  • Page 121: Ipsec Peer Identity

    To use digital certificate for peer authentication in either LAN-to-LAN connection or Remote User Dial-In connection, here you may edit a table of peer certificate for selection. As shown below, the router provides 200 entries of digital certificates for peer dial-in users. Vigor2955 User’s Guide...
  • Page 122 Fill each necessary field to authenticate the remote peer. The following explanation will guide you to fill all the necessary fields. Profile Name Type in a name in this file. Accept Any Peer ID Click to accept any peer regardless of its identity. Vigor2955 User’s Guide...
  • Page 123 Accept Subject Name Click to check the specific fields of digital signature to accept the peer with matching value. The field includes Country (C), State (ST), Location (L), Organization (O), Organization Unit (OU), Common Name (CN), and Email (E). Vigor2955 User’s Guide...

  • Page 124: Remote Dial-In User

    Click each index to edit one remote user profile. Each Dial-In Type requires you to fill the different corresponding fields on the right. If the fields gray out, it means you may leave it untouched. The following explanation will guide you to fill all the necessary fields. Vigor2955 User’s Guide...
  • Page 125 Nice to Have - Apply the IPSec policy first, if it is applicable during negotiation. Otherwise, the dial-in VPN connection becomes one pure L2TP connection. Must -Specify the IPSec policy to be definitely applied on the L2TP connection. Vigor2955 User’s Guide...
  • Page 126 To check if SSL Tunnel is activated or not, please open Draytek SSL VPN portal interface. From the web page, you will see the message to indicate the SSL Tunnel is activated. Specify Remote Node...
  • Page 127 SSL Web Proxy and choose the one(s) you need as SSL VPN. To check if SSL Web Proxy is activated or not, please open Draytek SSL VPN portal interface. From the web page, you will see the message to indicate that you have the privilege for the SSL Web Proxy.

  • Page 128: Lan To Lan

    PPTP, IPSec Tunnel, and L2TP by itself or over IPSec) and corresponding security methods, etc. The router provides up to 200 profiles, which also means supporting 200 VPN tunnels simultaneously. The following figure shows the summary table. Vigor2955 User’s Guide...
  • Page 129 4 subgroups. If the fields gray out, it means you may leave it untouched. The following explanations will guide you to fill all the necessary fields. For the web page is too long, we divide the page into several sections for explanation. Vigor2955 User’s Guide...
  • Page 130 WAN1 First - While connecting, the router will use WAN1 as the first channel for VPN connection. If WAN1 fails, the router will use another WAN interface instead. WAN1 Only - While connecting, the router will use WAN1 as the only channel for VPN connection. Vigor2955 User’s Guide...
  • Page 131 VPN connection and react accordingly. This is independent of DPD (dead peer detection). ISDN Build ISDN LAN-to-LAN connection to remote network. You should set up Link Type and identity like User Name and Password for the authentication of remote server. You can Vigor2955 User’s Guide...
  • Page 132 Please use the drop down list to choose one of the certificates configured in Certificate Management>>Local Certificate. IPSec Security Method This group of fields is a must for IPSec Tunnels and L2TP with IPSec Policy. Vigor2955 User’s Guide...
  • Page 133 VPN peers, and get its feedback to find a match. Two combinations are available for Aggressive mode and nine for Main mode. We suggest you select the combination that covers the most schemes. Vigor2955 User’s Guide...
  • Page 134 Provide ISDN Number to Remote-In the case that the remote peer requires the Vigor router to callback, the local ISDN number will be provided to the remote peer. Check Vigor2955 User’s Guide...
  • Page 135 IPSec Tunnel - Allow the remote dial-in user to trigger an IPSec VPN connection through Internet. L2TP - Allow the remote dial-in user to make a L2TP VPN connection through the Internet. You can select to use L2TP alone or with IPSec. Select from below: Vigor2955 User’s Guide...
  • Page 136 Callback Function (CPCB) The callback function provides a callback service only for the ISDN LAN-to-LAN connection (this feature is useful for i model only). The remote user will be charged the connection fee by the telecom. Enable Callback function-Enables the callback function. Vigor2955 User’s Guide...
  • Page 137 For IPSec, this is the destination clients IDs of phase 2 quick mode. More - Add a static route to direct all traffic destined to more Remote Network IP Addresses/ Remote Network Mask through the VPN connection. This is usually used when you Vigor2955 User’s Guide...

  • Page 138: Vpn Trunk Management

    Filly compliant with VPN Server LAN Sit Single/Multi Network Mail Alert support, please refer to System Maintenance >> SysLog / Mail Alert for detailed configuration Syslog support, please refer to System Maintenance >> SysLog / Mail Alert for detailed configuration Vigor2955 User’s Guide...
  • Page 139 VPN Tunnels disconnected. Users do not need to reconnect with setting TCP/UDP Service Port again. The VPN Load Balance function can keep the transmission for internal data on tunnel stably. Vigor2955 User’s Guide...
  • Page 140 Type (on Backup Profile field) - Display the connection type for that profile, such as IPSec, PPTP, L2TP, L2TP over IPSec (NICE), L2TP over IPSec(MUST) and so on. Member2 (on Backup Profile field) - Display the dial-out profile selected from the Member2 drop down list below. Vigor2955 User’s Guide...
  • Page 141 IPSec (MUST) and so on. Member2 - Display the dial-out profile selected from the Member2 drop down list below. Advanced – This button is only available when there is one or more profiles created in this page. Vigor2955 User’s Guide...
  • Page 142 VPN TRUNK – VPN Load Balance mechanism profile will be locked. The profiles in LAN-to-LAN will be displayed in blue. Edit Click this button to save the changes to the Status (Enable or Disable), profile name, member1 or member2. Vigor2955 User’s Guide...
  • Page 143 Member2. For such reason, LAN-to-LAN profiles of 1 and 2 will be expressed in red to indicate that they are fixed. If you delete the VPN TRUNK – VPN Backup/Load Balance mechanism profile, the selected LAN-to-LAN profiles will be released and Vigor2955 User’s Guide...
  • Page 144 Peer GRE IP. See the following graphic for an example. Later, on peer side (as VPN Client): please type 192.168.50.100 in the field of My GRE IP and type IP address of the server (192.168.50.200) in the field of Peer GRE Vigor2955 User’s Guide...
  • Page 145 VPN Load Balance – Below shows the algorithm for Load Balance. Binding Tunnel Policy Create – Click this radio button for assign a blank table for configuring Binding Tunnel. After insert – Click this radio button to adding a new Vigor2955 User’s Guide...
  • Page 146 Port also fits the number here, such binding tunnel table can be established. Other means when the source IP, destination IP, destination port and fragment conditions match with the settings specified here with different TCP Service Port/UDP Service Port/ICMP/IGMP, such binding tunnel table can be established. Vigor2955 User’s Guide...
  • Page 147 List the backup profile name. ERD Mode ERD means “Environment Recovers Detection”. Normal – choose this mode to make all dial-out VPN TRUNK backup profiles being activated alternatively. Recover Timer – choose this mode to detect VPN connection Vigor2955 User’s Guide...
  • Page 148 VPN Tunnel backup connection will be off. Resume – when VPN connection breaks down or disconnects, Member 1 will be the top priority for the system to do VPN connection. Detail Information This field will display detailed information for Environment Recovers Detection. Vigor2955 User’s Guide...

  • Page 149: Connection Management

    The VPN connection built by Backup Mode supports VPN backup function. Load Balance Mode This filed displays the profile name saved in VPN TRUNK Management (with Index number and VPN Server IP address). The VPN connection built by Load Balance Mode supports Vigor2955 User’s Guide...

  • Page 150: Certificate Management

    Below shows the menu items for Certificate Management. This page allows users to adopt single certificate or mutliple certificates for certification through generating or importing. Users can generate up to three local certificats or they can import the third-party certificate(s) to fit different requests. Vigor2955 User’s Guide...
  • Page 151 Then click GENERATE again. Note: Please be noted that “Common Name” can be configured with rotuer’s WAN IP or domain name. After clicking GENERATE, the generated information will be displayed on the window below: Vigor2955 User’s Guide...
  • Page 152 .pfx or .p12. And these certificates usually need passwords. Note: PKCS12 is a standard for storing private keys and certificates securely. It is used in (among other things) Netscape and Microsoft Internet Explorer with their import and export options. Vigor2955 User’s Guide...

  • Page 153: Trusted Ca Certificate

    Trusted CA certificate lists three sets of trusted CA certificate. To import a pre-saved trusted CA certificate, please click IMPORT to open the following window. Use Browse… to find out the saved text file. Then click Import. The one you Vigor2955 User’s Guide...
  • Page 154 For viewing each trusted CA certificate, click View to open the certificate detail information window. If you want to delete a CA certificate, choose the one and click Delete to remove all the certificate information. Vigor2955 User’s Guide...

  • Page 155: Certificate Backup

    It is not necessary for users to preinstall VPN client software for executing SSL VPN connection. There are less restrictions for the data encrypted through SSL VPN in comparing with traditional VPN. This page determines the general configuration for SSL VPN Server and SSL Tunnel. Vigor2955 User’s Guide...

  • Page 156: Ssl Web Proxy

    SSL Web Proxy will allow the remote users to access the internal web sites over SSL. Name Display the name of the profile that you create. Display the URL. Active Display current status (active or inactive) of such profile. Click number link under Index filed to set detailed configuration. Vigor2955 User’s Guide...

  • Page 157: Ssl Application

    SSL – if you choose such selection, web proxy over SSL will be applied for VPN. It provides a secure and flexible solution for network resources, including VNC (Virtual Network Computer) /RDP (Remote Desktop Protocol) /SAMBA, to any remote user with access to Internet and a web browser. Vigor2955 User’s Guide...
  • Page 158 Virtual Network Computing – Choose this item for accessing and controlling a remote PC through VNC protocol. IP Address Type the IP address for this protocol. Port Specify the port used for this protocol. The default setting is 5900. Vigor2955 User’s Guide...

  • Page 159: User Account

    For SSL VPN, identity authentication and power management are implemented through deploying user accounts. Therefore, the user account for SSL VPN must be set together with remote dial-in user web page. Such menu item will guide to access into VPN and Remote Access>>Remote Dial-in user. Vigor2955 User’s Guide...
  • Page 160 However, if you have set several SSL Web Proxy Profiles in SSL VPN>> SSL Web Proxy web page: The SSL Web Proxy profile names will be displayed (together with check box) as shown below. Vigor2955 User’s Guide...

  • Page 161: Online User Status

    If you have finished the configuration of SSL Web Proxy (server), users can find out corresponding settings when they access into Draytek SSL VPN portal interface. Next, users can open SSL VPN>> Online Status to view logging status of SSL VPN.

  • Page 162: System Maintenance

    System --- CPU Usage Display current usage of CPU. Total Memory Display the total memory of your hard disk. Memory Usage Display current usage of memory. LAN --- MAC Address Display the MAC address of the LAN Interface. Vigor2955 User’s Guide...

  • Page 163: Setting

    URL, username and password for the VigorACS server that such device will be connected. However URL, username and password under CPE client are fixed that users cannot change The default CPE username and password are "vigor" and "password". You will need it when you configure VigorACS server. Vigor2955 User’s Guide...
  • Page 164 STUN binding request must be sent by the CPE to maintain the binding. Maximum Keep Alive Period - It determines the maximum period that the STUN binding request must be sent by the CPE to maintain the binding. Vigor2955 User’s Guide...

  • Page 165: Administrator Password

    Go to System Maintenance >> Configuration Backup. The following windows will be popped-up, as shown below. Click Backup button to get into the following dialog. Click Save button to open another dialog for saving configuration as a file. Vigor2955 User’s Guide...
  • Page 166 The above example is using Windows platform for demonstrating examples. The Mac or Linux platform will appear different windows, but the backup function is still available. Note: Backup for Certification must be done independently. The Configuration Backup does not include information of Certificate. Vigor2955 User’s Guide...

  • Page 167: Syslog/Mail Alert

    Assign a port for the Syslog protocol. Enable syslog message Check the box listed on this web page to send the corresponding message of firewall, VPN, User Access, Call, WAN, Router/DSL information to Syslog. SMTP Server The IP address of the SMTP server. Vigor2955 User’s Guide...
  • Page 168 From the Syslog screen, select the router you want to monitor. Be reminded that in Network Information, select the network adapter used to connect to the router. Otherwise, you won’t succeed in retrieving information from the router. Vigor2955 User’s Guide...

  • Page 169: Time And Date

    Select the time zone where the router is located. Enable Daylight Saving Such feature is available only for certain area. Automatically Update Interval Select a time interval for updating from the NTP server. Click OK to save these settings. Vigor2955 User’s Guide...

  • Page 170: Management

    Check to use standard port numbers for the Telnet and HTTP servers. Enable SNMP Agent Check it to enable this function. Get Community Set the name for getting community by typing a proper character. The default setting is public. Vigor2955 User’s Guide...

  • Page 171: Reboot System

    Note: When the system pops up Reboot System web page after you configure web settings, please click OK to reboot your router for ensuring normal operation and preventing unexpected errors of the router in the future. Vigor2955 User’s Guide...

  • Page 172: Firmware Upgrade

    Note that this example is running over Windows OS (Operating System). Download the newest firmware from DrayTek's web site or FTP site. The DrayTek web site is www.draytek.com (or local DrayTek's web site) and FTP site is ftp.draytek.com.

  • Page 173: Diagnostics

    (e.g., PPPoE) is triggered by a package sending from the source IP address. Decoded Format It shows the source IP address (local), destination IP (remote) address, the protocol and length of the package. Refresh Click it to reload the page. Vigor2955 User’s Guide...

  • Page 174: Routing Table

    Resolution Protocol) cache held in the router. The table shows a mapping between an Ethernet hardware address (MAC Address) and an IP address. Refresh Click it to reload the page. Clear Click it to clear the whole table. Vigor2955 User’s Guide...

  • Page 175: Dhcp Table

    It displays the host ID name of the specified PC. Refresh Click it to reload the page. Click Diagnostics and click NAT Sessions Table to open the setup page. Private IP:Port It indicates the source IP address and port of local PC. Vigor2955 User’s Guide...

  • Page 176: Data Flow Monitor

    Flow Monitor. If not, a notification dialog box will appear to remind you enabling it. Click Diagnostics and click Data Flow Monitor to open the web page. Enable Data Flow Check this box to enable this function. Monitor Vigor2955 User’s Guide...
  • Page 177 WAN1/WAN. Peak means the highest peak value detected by the router in data transmission. Speed means line speed specified in WAN>>General. If you do not specify any rate at that page, here will display Auto for instead. Vigor2955 User’s Guide...

  • Page 178: Traffic Graph

    WAN1/WAN2 Bandwidth chart, the numbers displayed on vertical axis represent the numbers of the transmitted and received packets in the past. For Sessions chart, the numbers displayed on vertical axis represent the numbers of the NAT sessions during the past. Vigor2955 User’s Guide...

  • Page 179: Ping Diagnosis

    Type in the IP address of the Host/IP that you want to ping. Click this button to start the ping work. The result will be displayed on the screen. Clear Click this link to remove the result on the window. Vigor2955 User’s Guide...

  • Page 180: Trace Route

    Unspecified to be determined by the router automatically. Host/IP Address It indicates the IP address of the host. Click this button to start route tracing work. Clear Click this link to remove the result on the window. Vigor2955 User’s Guide...

  • Page 181: Support Area

    When you click the menu item under Support Area, you will be guided to visit www.draytek.com and open the corresponding pages directly. Click Support Area>>Application Note, the following web page will be displayed. Click Support Area>>FAQ, the following web page will be displayed.
  • Page 182 Click Support Area>>Product Registration, the following web page will be displayed. Vigor2955 User’s Guide...

  • Page 183: Application And Examples

    Go to VPN and Remote Access and select Remote Access Control to enable the necessary VPN service and click OK. Then, For using PPP based services, such as PPTP, L2TP, you have to set general settings in PPP General Setup. Vigor2955 User’s Guide...
  • Page 184 Set Dial-Out Settings as shown below to dial to connect to Router B aggressively with the selected Dial-Out method. If an IPSec-based service is selected, you should further specify the remote peer IP Address, IKE Authentication Method and IPSec Security Method for this Dial-Out Vigor2955 User’s Guide...
  • Page 185 Set Dial-In settings to as shown below to allow Router B dial-in to build VPN connection. If an IPSec-based service is selected, you may further specify the remote peer IP Address, IKE Authentication Method and IPSec Security Method for this Dial-In Vigor2955 User’s Guide...
  • Page 186 Address, Username, Password, and VJ Compression for this Dial-In connection. At last, set the remote network IP/subnet in TCP/IP Network Settings so that Router A can direct the packets destined to the remote network to Router B via the VPN connection. Vigor2955 User’s Guide...
  • Page 187 PPP General Setup. For using IPSec-based service, such as IPSec or L2TP with IPSec Policy, you have to set general settings in IPSec General Setup, such as the pre-shared key that both parties have known. Vigor2955 User’s Guide...
  • Page 188 If an IPSec-based service is selected, you should further specify the remote peer IP Address, IKE Authentication Method and IPSec Security Method for this Dial-Out connection. If a PPP-based service is selected, you should further specify the remote peer IP Address, Username, Password, PPP Authentication and VJ Compression for this Vigor2955 User’s Guide...
  • Page 189 Otherwise, it will apply the settings defined in IPSec General Setup above. If a PPP-based service is selected, you should further specify the remote peer IP Address, Username, Password, and VJ Compression for this Dial-In connection. Vigor2955 User’s Guide...
  • Page 190 At last, set the remote network IP/subnet in TCP/IP Network Settings so that Router B can direct the packets destined to the remote network to Router A via the VPN connection. Vigor2955 User’s Guide...

  • Page 191: Create A Remote Dial-In User Connection Between The Teleworker And Headquarter

    PPP General Setup. For using IPSec-based service, such as IPSec or L2TP with IPSec Policy, you have to set general settings in IKE/IPSec General Setup, such as the pre-shared key that both parties have known. Vigor2955 User’s Guide...
  • Page 192 Otherwise, it will apply the settings defined in IPSec General Setup above. If a PPP-based service is selected, you should further specify the remote peer IP Address, Username, Password, and VJ Compression for this Dial-In connection. Vigor2955 User’s Guide...
  • Page 193 For Win2000/XP, please use "Network and Dial-up connections" or “Smart VPN Client”, complimentary software to help you create PPTP, L2TP, and L2TP over IPSec tunnel. You can find it in CD-ROM in the package or go to www.draytek.com download center. Install as instructed.
  • Page 194 VPN router. To use default gateway on remote network means that all the packets of remote host will be directed to VPN server then forwarded to Internet. This will make the remote host seem to be working in the enterprise network. Vigor2955 User’s Guide...

  • Page 195: Qos Setting Example

    Make sure the QoS Control on the left corner is checked. And select BOTH in Direction. Enter the Name of Index Class 1 by clicking Edit link. In this index, the user will set reserve bandwidth for Email using protocol POP3 and SMTP. Vigor2955 User’s Guide...
  • Page 196 Class Name of Index 3. In this index, he will set reserve bandwidth for 1 VPN tunnel. Click edit to open a new window. First, check the ACT box. Then click SrcEdit to set a worker’s subnet address. Click DestEdit to set headquarter’s subnet address. Leave other fields and click OK. Vigor2955 User’s Guide...

  • Page 197: Lan - Created By Using Nat

    You can just set the settings wrapped inside the red rectangles to fit the request of NAT usage. To use another DHCP server in the network rather than the built-in one of Vigor Router, you have to change the settings as show below. Vigor2955 User’s Guide...
  • Page 198 You can just set the settings wrapped inside the red rectangles to fit the request of NAT usage. Vigor2955 User’s Guide...

  • Page 199: Upgrade Firmware For Your Router

    RTSxxx.exe will be asked to copy onto your computer. Remember the place of storing the execution file. 1. Go to www.draytek.com. 2. Access into Support >> Downloads. Please find out Firmware menu and click it. Search the model you have and click on it to download the newly update firmware for your router.
  • Page 200 You will find out two files with different extension names, xxxx.all (keep the old custom settings) and xxxx.rst (reset all the custom settings to default settings). Choose any one of them that you need. Vigor2955 User’s Guide...

  • Page 201: Request A Certificate From A Ca Server On Windows Ca Server

    10. Click Send. 11. Now the firmware update is finished. Vigor2955 User’s Guide...
  • Page 202 You can click GENERATE button to start to edit a certificate request. Enter the information in the certificate request. Copy and save the X509 Local Certificate Requet as a text file and save it for later use. Vigor2955 User’s Guide...
  • Page 203 Select Submit a certificate request a base64 encoded PKCS #10 file or a renewal request using a base64 encoded PKCS #7 file Import the X509 Local Certificate Requet text file. Select Router (Offline request) or IPSec (Offline request) below. Vigor2955 User’s Guide...
  • Page 204 (.cer file) into Vigor router. When finished, click refresh and you will find the below window showing “------BEGINE CERTIFICATE------..” You may review the detail information of the certificate by clicking View button. Vigor2955 User’s Guide...

  • Page 205: Request A Ca Certificate And Set As Trusted On Windows Ca Server

    Use web browser connecting to the CA server that you would like to retrieve its CA certificate. Click Retrive the CA certificate or certificate recoring list. Vigor2955 User’s Guide...
  • Page 206 You may review the detail information of the certificate by clicking View button. Note: Before setting certificate configuration, please go to System Maintenance >> Time and Date to reset current time of the router first. Vigor2955 User’s Guide...

  • Page 207: Erd Mechanism For Vpn Trunk

    Request Background: Some of users think if VPN tunnel connected again, it is Environment Recovery Detection. For such users, use Normal mode. To set ERD Normal mode > vpn Trunk backup ERD VpnBackup Normal (3) Resume Mode Vigor2955 User’s Guide...
  • Page 208 For example, if you type “3600” as the value for <second>, Recover will be done with 30 seconds (3531 ~ 3600) for the backup VPN tunnel. If you set “30” as the value for <second>, it will be regarded as “0”. Vigor2955 User’s Guide...

  • Page 209: Vpn Load Balance Application

    Router A (VPN Client) for connecting with Router B (VPN Server). (1) VPN Client site For LAN-to-LAN Dial out for member1 and member2, please finish: LAN-to-LAN IPSec Dial Out (Router Mode) configuration. Member1 LAN-to-LAN Dial out Profile GRE over IPSec configuration. Vigor2955 User’s Guide...
  • Page 210 LAN-to-LAN IPSec Dial In configuration Finish GRE over IPSec setting in LAN-to-LAN Dial In Profile for matching with VPN Client Member1 configuration Finish GRE over IPSec setting in LAN-to-LAN Dial In Profile for matching with VPN Client Member2 configuration Vigor2955 User’s Guide...
  • Page 211 (3) Dialing from VPN Client site Vigor2955 User’s Guide...
  • Page 212 This page is left blank. Vigor2955 User’s Guide...

  • Page 213: Trouble Shooting

    Turn on the router. Make sure the ACT LED blink once per second and the correspondent LAN LED is bright. If not, it means that there is something wrong with the hardware status. Simply back to “1.3 Hardware Installation” to execute the hardware installation again. And then, try again. Vigor2955 User’s Guide...
  • Page 214 Go to Control Panel and then double-click on Network Connections. Right-click on Local Area Connection and click on Properties. Select Internet Protocol (TCP/IP) and then click Properties. Vigor2955 User’s Guide...
  • Page 215 Select Obtain an IP address automatically and Obtain DNS server address automatically. Double click on the current used MacOs on the desktop. Open the Application folder and get into Network. On the Network screen, select Using DHCP from the drop down list of Configure IPv4. Vigor2955 User’s Guide...

  • Page 216: Pinging The Router From Your Computer

    Open the Application folder and get into Utilities. Double click Terminal. The Terminal window will appear. Type ping 192.168.1.1 and press [Enter]. If the link is OK, the line of “64 bytes from 192.168.1.1: icmp_seq=0 ttl=255 time=xxxx ms” will appear. Vigor2955 User’s Guide...
  • Page 217 Vigor2955 User’s Guide...

  • Page 218: Checking If The Isp Settings Are Ok Or Not

    Click WAN>> Internet Access and then check whether the ISP settings are set correctly. Click Details Page of WAN1/WAN2 to review the settings that you configured previously. Check if the Enable option is selected. Check if Username and Password are entered with correct values that you got from your ISP. Vigor2955 User’s Guide...
  • Page 219 Check if IP address, Subnet Mask and Gateway are entered with correct values that you got from your ISP. Check if the Enable option for PPTP Link is selected. Check if Server Address, Username, Password and WAN IP address are set correctly (must identify with the values from your ISP). Vigor2955 User’s Guide...

  • Page 220: Backing To Factory Default Setting If Necessary

    While the router is running (ACT LED blinking), press the Factory Reset button and hold for more than 5 seconds. When you see the ACT LED blinks rapidly, please release the button. Then, the router will restart with the default configuration. Vigor2955 User’s Guide...

  • Page 221: Contacting Your Dealer

    After restore the factory default setting, you can configure the settings for the router again to fit your personal request. If the router still cannot work correctly after trying many efforts, please contact your dealer for further help right away. For any questions, please feel free to send e-mail to support@draytek.com. Vigor2955 User’s Guide...

This manual is also suitable for:

Vigor2950 series

Table of Contents