Draytek Vigor2200 User Manual
  1. Manuals
  2. Brands
  3. Draytek Manuals
  4. Network Router
  5. Vigor2200 Series
  6. User manual
Draytek Vigor2200 User Manual

Draytek Vigor2200 User Manual

Hide thumbs Also See for Vigor2200:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Manual
0. Preface ....................................................................
0.1 About This Manual ........................................
0.2 Copyright Declarations ................................
0.3 Trademarks .....................................................
0.5 Safety Instructions .........................................
0.6 Warranty ............................................................
1. Getting Started .................................................. 1-1
1.1 Introduction ........................................................
1.2Unpacking Your Vigor2200USB .................. 1-2
1.4 Detailed Features ................................................... 1-8
2. Installation & Setup ......................................... 2-1
2.1 Before you Begin ..............................................
2.2 Hardware Installation .......................................
2.3 Setting up a Management PC ........................
2.4 Using the Smart Start Wizard ......................
2.5 Using the Web Configurator .......................

Table of Contents

0-1
0-2
0-2
0-2
0-3
0-3
1-2
2-2
2-4
2-13
2-19
2-24

Advertisement

Table of Contents
loading

Related Manuals for Draytek Vigor2200

Summary of Contents for Draytek Vigor2200

  • Page 1: Table Of Contents

    Table of Contents 0. Preface ..............0.1 About This Manual ........0.2 Copyright Declarations ........ 0.3 Trademarks ............. 0.4 How To Become A Registered Owner ..0-2 0.5 Safety Instructions ......... 0.6 Warranty ............0.7 European Community Declarations ..... 0-4 1.
  • Page 2 3. Basic Quick Setup......... 3-1 3.1 Administrator Password Setup ........ 3-2 3.2 LAN TCP/IP and DHCP Setup ......3-3 3.3 Internet Access Setup ........3-6 4. Advanced Setup ..........4-1 4.1 Dynamic DNS Setup ........4-2 4.2 Call Schedule Setup ..........4-5 4.3 NAT Setup .............
  • Page 3 6. Troubleshooting & FAQ ....... 6-1 6.1 Using the Telnet Terminal Commands ..6-2 6.2 Viewing Call Logs ..........6-4 6.3 Viewing PPP Logs ..........6-4 6.4 FAQs ............... 6-5 Virtual Private Network and Remote Access...VPN -1 VPN.1 Introduction to VPNs and Remote Access ..................VPN-4 VPN.2 VPN IKE/IPSec Setup......VPN-5 VPN.3 VPN Remote Dial-in Access ....VPN-7...

  • Page 4: Preface

    Preface 0.1 About This Manual 0.2 Copyright Declarations 0.3 Trademarks 0.4 How To Become A Registered Owner 0.5 Safety Instructions 0.6 Warranty 0.7 European Community Declarations...

  • Page 5: How To Become A Registered Owner

    Preface 0.1 About This Manual (V1.2) This manual is designed to assist users in using the Vigor2200USB. Information in this document has been care- fully checked for accuracy; however, no guarantee is given as to the correctness of the contents. The information contained in this document is subject to change without notice.

  • Page 6: Safety Instructions

    Preface 0.5 Safety Instructions Read the installation guide thoroughly before you set up the ¡E Vigor2200USB. The Vigor2200USB is a complicated electronic unit that may ¡E be repaired only be authorized and qualified personnel. Do not try to open or repair the router yourself. ¡E Do not place the router in a damp or humid place, e.g.

  • Page 7: European Community Declarations

    Preface pair or replace the defective products or components, with- out charge for either parts or labor, to whatever extent we deem necessary to restore the product to proper operating condition. Any replacement will consist of a new or re-manu- factured functionally equivalent product of equal value, and will be offered solely at our discretion.

  • Page 8: Getting Started

    Getting Started 1.1 Introduction 1.2 Unpacking Your Vigor2200USB 1.3 LED Indicators & Rear Panel Description 1.4 Detailed Features...
  • Page 9 Getting Started 1.1 Introduction The Vigor2200USB provides multiple users with efficient and reli- able access over a DSL line to the Internet and corporate LAN for using e-mail, sharing documents, Web surfing, file transfers, etc. The broadband access protocol for the USB port supports PPPoE, PPPoA.
  • Page 10 Getting Started...
  • Page 11 Getting Started 1.3 LED Indicators & Rear Panel Description LED Indicators There are eleven LEDs on the front panel; ACT, DSL, USB, LNK, USB, LNK, VPN, P1, P2, P3 and P4. ACT (Activity) Blinks when power is supplied to the router and the router is run- ning normally.
  • Page 12 Getting Started USB1 Group: ON when the DSL modem is ready. Blinking when there is data transferring between the Vigor2200USB and the DSL modem. ON when the PPP connection of the DSL modem is active. USB2 Group: ON when the DSL modem is ready. Blinking when there is data transferring between the Vigor2200USB and the DSL modem.
  • Page 13 Getting Started Rear Panel Description The router has a reset button, a power jack, four 10/100Base-T RJ-45 switch ports, an Uplink button, and 2 USB ports on the rear panel: Reset For firmware upgrades: Press and hold the button, then power ON. The ACT and DSL LEDs will blink simultaneously (see section 5.5).
  • Page 14 P1 port. The DSL USB modem (Alcatel Speed Touch USB, or DynaMite USB Modem) should be connected to one of these USB ports. For an interoperable USB DSL modem list, contact DrayTek or your dealer...

  • Page 15: Detailed Features

    Getting Started 1.4 Detailed Features The Vigor2200USB provides many built-in server and software fea- tures to provide a convenient comprehensive solution for your SOHO network. 1. Network Address Translation (NAT): NAT allows multiple SOHO users to concurrently connect to an Internet Service Pro- vider (ISP) using a single Internet access account.
  • Page 16 Getting Started 5. Telnet Terminal Server: The Telnet User Interface (TUI) is an efficient method of configuring and managing routers. It utilizes a traditional command-line user interface and is mainly for advanced configuration, management, and troubleshooting. 6. Dynamic Host Configuration Protocol (DHCP) Server: This server provides an easy-to-configure function for your local IP net- work.

  • Page 17: Installation & Setup

    Installation & Setup 2.1 Before you Begin 2.2 Hardware Installation 2.3 Setting Up a Management PC 2.4 Using the Smart Start Wizard 2.5 Using the Web Configurator...
  • Page 18 2.1 Before You Begin 1. Use only the power adapter supplied by us. Using an incorrectly rated power adapter will result in damage to the router. 2. In case of emergency, unplug the power adapter first. 3. Locate the device in a clean location. Do not block the ventila- tion slots on the rear panel.
  • Page 19 Factory Default Settings: Router ’s Default IP Network Settings: IP Address: 192.168.1.1 Subnet Mask: 255.255.255.0 DHCP Server: Enabled Start IP Address: 192.168.1.10 IP Pool Counts: 50 Web Configurator: Username: admin Password: <blank> Note: Blank means no password required. Telnet Console: Password: <blank>...
  • Page 20 2.2 Hardware Installation 2.2.1 Connecting the Power Adapter 1. Connect the power adapter to the power outlet on the wall and to the PWR power jack on the rear panel of the router. 2. The ACT LED should be blinking once every 2 seconds. 2.2.2 Connecting to the Ethernet A.
  • Page 21 (you can use Windows winipcfg.exe or ipconfig.exe to check). You can use windows ping.exe to check that your PC can see the router successfully (ping 192.168.1.1). 3. Insert the supplied DrayTek CD into your PC, and install the Router Tools.
  • Page 22 Step 1 - Upload ADSL modem firmware into router The USB modem is designed in such a way that its own firmware is loaded from the host device (PC or Vigor2200USB) every time it is initialised or restarted. You must upload the modem ’s firmware into the Vigor2200USB ’s memory so that it ’s available to the modem.
  • Page 23 After the correct modem is selected, click ”Go” and you should see some information relating to ATM settings, firmware version and the IP address of the router :...
  • Page 24 If the DSL USB modem is using GlabalSpan chipset (for example: ECI USB modem, Fujitsu USB modem ...), it will provide 3 mothods for generating DSL configuare which will be installed to router later. You can choose Default to get default setting if you have any.
  • Page 25 Then, press ”Install” and the firmware will be uploaded to the router : Step 2 - Configure your DSL setting details Where as your log-in name and password was previously stored on your PC (in Dial-up networking), these details now need to be stored in the Vigor2200USB so that it can automatically log into your ISP when required.
  • Page 26 Once past the password prompt, you will now see the router ’s main menu : 2-10...
  • Page 27 Click on Internet Access Setup on the top right-hand menu. Click PPPoE/PPPoA : 2-11...
  • Page 28 Enter the Name (optional) of ISP and your allocated username and password according to the information provided by your ISP. Then click ”OK”. Step 3 - Connect the USB ADSL Modem to your Vigor2200USB Connect your USB ADSL modem to either of the USB ports on the rear panel of the router.
  • Page 29 2.3 Setting Up a Management PC The router has a built-in HTTP (Web) server for configuration. Be- fore you use the router to access the Internet, you should set up a management PC to log into the router for further configuration. The management PC may be configured with a fixed or dynamically as- signed IP address.
  • Page 30 Your particular system will be different from the screen shown here. Check that you have an Ethernet network card installed. If not, refer to the card manufacturers documentation and install the card and drivers. If your card is installed, 1. Click the ”Add” button. The Select Network Component Type dialog box will open.
  • Page 31 2.3.2 Configuring the TCP/IP Protocol 1. On the Network dialog box Configuration card, select TCP/ IP and then click ”Properties”. The TCP/IP Properties dialog box will open. 2. On the IP Address tab, click ”Obtain an IP address au- tomatically”. As the DHCP (Dynamic Host Configuration Protocol) server built into the router is enabled by default, your computer will get an IP address, subnet mask, and other related IP network settings from the router.
  • Page 32 4. Click the ”Gateway” tab. 2-16...
  • Page 33 5. Make the New gateway and Installed gateways fields blank and click ”OK”. A dialog box will pop up asking you to restart the PC. Click ”Y es” 2.3.3 Checking TCP/IP settings 1. After completing the previous steps, click ”Start -> Run” and type ”winipcfg”.
  • Page 34 A a command mode window will open. Type ”ping 192.168.1.1”(default IP of the router) to check the network connectivity. If both hardware and software are correct, your computer will receive a response from the router as shown on the next page. If not, verify that the Ethernet cable is con- nected to the router properly and the Ethernet port LED on the front panel is lit.
  • Page 35 2.4 Using the Smart Start Wizard The Smart Start Wizard will guide you through using the Web Configurator or Telnet Terminal (command-line based management). Also, if your currently installed network is not located in the 192.168.1.x IP range, the wizard will find the router and change the router ’s default IP address and IP mask to match the current net- work.
  • Page 36 Using the Wizard 1. Click ”Start > Programs > Router Tools > Smart Start Wizard”. The following screen will open. 2. Click ”Search” to find the router on your network. 3. Click ”OK” to go to the login password screen. 2-20...
  • Page 37 4. If this is a first time setup of the router, do not enter a password. Click ”OK” to go to next screen. The screen shows read-only IP and IP mask settings for the PC you are using, and also the IP Address and IP Mask settings for the router.
  • Page 38 6. Wait for a few seconds. The Telnet and the Browser buttons will become active (see the next page). 7. If the IP address and IP Mask of your PC and of the router are not located on the same subnet, renew your PC ’s IP ad- dress, using winipcfg.exe on Windows95/98/Me,or ipconfig.exe on Windows NT/2000.
  • Page 39 8. Enter ”admin” as the User Name and leave the Password field blank. The Web Configurator will open. In the follow- ing examples we use the Netscape web browser (see the next page). 2-23...
  • Page 40 2.5 Using the Web Configurator 2.5.1 Connecting to the Web Configurator via a Web Browser 1. Launch the Web browser. Enter http://192.168.1.1 into the browser Address window and press the Enter key. 2. An authentication dialog box will open. 3. If this is a first time setup of the router, type ”admin” as the User Name and leave the Password field blank.
  • Page 41 2.5.2 Overview of the Web Configurator The Setup Main Menu (see above figure) consists of four groups: Basic Setup (Setup First), Quick Setup, Advanced Setup, and System Management. The following outlines each configuration menu. Basic Setup (Setup First): 1. Administrator Password Setup: Sets/changes the administrator password.
  • Page 42 Quick Setup: 1. Internet Access Setup: (required for Internet access) Usually the router functions as a border router for SOHO or home networking so you must enter settings here to enable access to the Internet. Advanced Setup: The following settings are for advanced configurations only. These items do not need to be configured for standard Internet access.
  • Page 43 2. Management Setup The item allows you to set or limit access rights to manage the router. Also, you may set HTTP or Telnet ports to specific port numbers of your choice. 3. Diagnostic Tools Diagnostic tools offers useful tools for diagnosing the router or your network, e.g.

  • Page 44: Basic Quick Setup

    Basic Quick Setup 3.1 Administrator Password Setup 3.2 LAN TCP/IP and DHCP Setup 3.3 Internet Access Setup...

  • Page 45: Administrator Password Setup

    Basic Setup & Internet Access The Web Configurator Setup Main Menu includes four groups: Basic Setup (Setup First), Quick Setup, Advanced Setup, and Sys- tem Management. This chapter explains the Basic Setup group and Internet Access Setup (which is in the Quick Setup group). 3.1 Administrator Password Setup For security reasons, we strongly recommend that you set an ad- ministrator password for the router.

  • Page 46: Lan Tcp/Ip And Dhcp Setup

    Basic Setup & Internet Access New Password: Enter an administrator password. Retype New Password: Type the password again for confirmation. Click ”OK”. 3.2 LAN TCP/IP and DHCP Setup The Vigor2200USB has one Ethernet LAN port for connecting to the local Ethernet network.. There are two sets of IP address settings for the LAN interface.
  • Page 47 Basic Setup & Internet Access LAN IP Network Configuration 1st IP Address: Private IP address for connecting to a local private network (Default: 192.168.1.1). 1st Subnet Mask: Netmask for the local private network (Default: 255.255.255.0/24). For IP Routing Usage: (Default: Disable). Enable: Enables the 2nd IP address settings.
  • Page 48 Basic Setup & Internet Access IP Pool Counts: Sets the number of IPs in the IP address pool. DNS Server IP Address: (Default: None). DNS stands for Domain Name System. Every Internet host must have a unique IP address, also they may have a human friendly, easy to remember name such as www.yahoo.com.

  • Page 49: Internet Access Setup

    Basic Setup & Internet Access 3.3 Internet Access Setup For most users, Internet access is the primary application. When you click Internet Access Setup from within the Quick Setup group, the following setup page will be shown. PPPoE/PPPoA: This is for most DSL modem users. All local users can share one PPPoE/PPPoA connection to access the Internet.
  • Page 50 Basic Setup & Internet Access 3.3.1 Getting USB Modem Settings Before you connect a broadband access device, e.g. a DSL mo- dem, to the router, you need to know what kind of Internet access is provided by your ISP. When you install DSL USB modem firmware via installation tool, it will collect the following messages and configure router automati- cally.
  • Page 51 Basic Setup & Internet Access 3.3.2 Using PPPoE/PPPoA with a DSL Modem DSL Modem Information Modem Type: display the usb dsl modem model name Driver Version: display the firmware version of usb dsl modem DSL Modem Settings VCI: virtual channel identifier assigned by ISP. VPI: virtual pipe identifier assigned by ISP.

  • Page 52: Advanced Setup

    Advanced Setup 4.1 Dynamic DNS Setup 4.2 Call Schedule Setup 4.3 NAT Setup 4.4 Static Route 4.5 IP Filter/Firewall Setup...
  • Page 53 Advanced Setup This chapter explains the options available in Advanced Setup: 4.1 Dynamic DNS Setup 1. Before You Set Up Dynamic DNS Function DDNS is short for Dynamic Domain Name System. This function could give a domain name to the router when it has been connect- ing to the Internet.
  • Page 54 Advanced Setup Before enabling the function, you should visit the web site www.dyndns.org to register an account and hostnames. Also, you will get more information in the web site. Now, the router just supports this DDNS service provider and 3 DDNS profiles. These profiles support the router can update its WAN IP address to three different domain names when it's online.
  • Page 55 Advanced Setup (3) Click index ”1” to set up a profile. - Check ”Enable Dynamic DNS account ” to activate this account . - Enter a name server for this account. This will depend on which name server you have registered on the www.dyndns.org web site.
  • Page 56 Advanced Setup (4) Enable DDNS Function. After configuring an account, the setup page will go back to upper level and ”Dynamic DNS Setup ” page will show again. The part of information regarding the account will show in the current page. Now check ”Enable Dynamic DNS Setup ”...
  • Page 57 Advanced Setup Click any index the detailed settings of call schedule will be shown as below. Enable Schedule Setup: Check it for enabling the schedule. Start Date (yyyy-mm-dd): Specify the start date of the schedule. Start Time (hh:mm): Specify the start time of the schedule. Duration Time (hh:mm): Specify the duration (or period) ot the schedule.

  • Page 58: Nat Setup

    Advanced Setup - Disable Dial-On-Demand: Specify the connection could be up when it has traffic on the line. Once no any traffic over idle timeout, the connecton will be down and never up again during the schedule. How Often: Specify how often the schedule will be applied. - Once: Specify the schedule just once.
  • Page 59 Advanced Setup 4.3.1 Exposing Internal Servers to the Public Domain The Port Redirection Table may be used to expose internal servers to the public domain or open a specific port number to internal hosts. Internet hosts can use the WAN IP address to access internal net- work services, such as FTP, WWW, etc.
  • Page 60 Advanced Setup As shown above, the Port Redirection Table provides10 port- mapping entries for internal hosts. Service Name: Specifies the name for the specific network service. Protocol: Specifies the transport layer protocol (TCP or UDP). Public Port: Specifies which port should be redirected to the internal host.
  • Page 61 Advanced Setup Active: Check here to activate the port-mapping entry. Click ”OK ”. 4.3.2 DMZ Host Setup Click ”DMZ Host Setup ”. For outbound data packets, the DMZ host will not do TCP/UDP ports translation.On the other hand, for the inbound, the DMZ host will be forwarded to by default, even if no virtual server has been specified.
  • Page 62 Advanced Setup 4.3.3 Open Ports Setup Sometimes some of application software or Internet games have to pass many ports or range of ports through the router transpar- ently. The Open Port Setup will help you to do that. Click "NAT Setup"...
  • Page 63 Advanced Setup Enable Open Ports: Check to enable this profile. Note: The following settings will be allow changing after check ing Enable Open Ports. Otherwise, these settings are no use. Comment: Type up to 12 characters for this profile. Local Computer: Specify the IP address for a specified user. Also you can press "Choose PC"...
  • Page 64 Advanced Setup For each profile, the router supports 10 port ranges could be configured. Protocol: Specify the protocol. Start Port: Specify the start port of a range. End Port: Specify the end port of a range. 4.3.4 Well-known Port Number List This page provides some well-known port numbers for your refer- ence.

  • Page 65: Static Route

    Advanced Setup 4.4 Static Route You may need to access the other machines which behind other routers in the same network. You can use static route function to indicate the routing path for this kind of accessing. 4-14...
  • Page 66 Advanced Setup For this example, when you in LAN1 and if you want to access the mail server behind 203.69.175.x, the IP packets will pass through internet to reach the mail server. If you use static route function, the IP packets can be forwarded to the mail server through the LAN-to-LAN router directly.

  • Page 67: Ip Filter/Firewall Setup

    Advanced Setup 4.5 IP Filter/Firewall Setup The IP Filter/Firewall function helps pretect your local network against attack from outside. It also provides a method of restricting users on the local network from accessing the Internet. Addition- ally, it can filter out specific packets to trigger the router to place an outgoing connection.
  • Page 68 Advanced Setup The following sections will explain more about IP Filter/Firewall Setup using the Web Configurator. The Filter has 12 filter sets with 7 filter rules for each set. There are a total of 84 filter rules for the IP Filter/Firewall Setup. By default, the Call Filter rules are de- fined in Filter Set 1 and the Data Filter rules are defined in Filter Set 4-17...
  • Page 69 Advanced Setup General Setup: Some general settings are available from this link. Filter Setup: Here there are 12 filter sets for IP Filter con- figurations. Set to Factory Default: Click here to restore the filter rules to default values. 4.5.2 General Setup On the General Setup page you can enable/disable the Call Filter or Data Filter and assign a Start Filter Set for each, configure the log settings, and set a MAC address for the logged packets to be du-...
  • Page 70 Advanced Setup Data Filter: Check ”Enable” to activate the Data Filter function. Assign a start filter set for the Data Filter. Log Flag: For troubleshooting needs you can specify the filter log here. None: The log function is inactive. Block: All blocked packets will be logged. Pass: All passed packets will be logged.
  • Page 71 Advanced Setup 4.5.3Editing the Filter Sets Comments: Enter filter set comments/description. Maxi- mum length is 22 characters. Filter Rule: Click a button numbered 1 ~ 7 to edit the filter rule. Active: Enable or disable the filter rule. Next Filter Set: Specifies the next filter set to be linked behind the current filter set.
  • Page 72 Advanced Setup 4-21...
  • Page 73 Advanced Setup 4.5.4 Editing the Filter Rules Click the Filter Rule index button to enter the Filter Rule setup page for each filter. The following explains each configurable item in de- tail. Comments: Enter filter set comments/description. Maxi- mum length is 14 characters. Check to enable the Filter Rule: Enables the filter rule.
  • Page 74 Advanced Setup Branch to Other Filter Set: If the packet matches the filter rule, the next filter rule will branch to the specified filter set. Duplicate to LAN: If you want to log the matched packets to another network device, check this box to enable it. The MAC Address is defined in General Setup >...
  • Page 75 Advanced Setup For the Data Filter: IN: Specifies the rule for filtering incoming packets. OUT: Specifies the rule for filtering outgoing packets. Protocol: Specifies the protocol(s) this filter rule will apply IP Address: Specifies a source and destination IP address for this filter rule to apply to.
  • Page 76 Advanced Setup Do not Care: Specifies no fragment options in the filter rule. Unfragmented: Applies the rule to unfragmented pack ets. Fragmented : Appliesthe rule to fragmented packets. Too Short : Applies the rule only to packets which are too short to contain a complete haeder.

  • Page 77: System Management

    System Management 5.1 Online Status 5.2 Time Setup 5.3 Management Setup 5.4 Diagnostic Tools 5.5 Reboot System 5.6 Firmware Upgrade...

  • Page 78: Online Status

    System Management This chapter will show you how to manage your router using the System Management tools shown below. 5.1 Online Status Click ”Online Status” to open the Online Status page. The Online Status page contains three subgroups: System Status, LAN Status, WAN Status.
  • Page 79 System Management System Status: System Uptime: Display the time the router was pow- ered on. LAN Status: IP Address: IP address of the LAN interface. TX Packets: Total number of transmitted IP packets sent since the router was powered on. RX Packets: Total number of received IP packets received since the router was powered on.

  • Page 80: Time Setup

    System Management 5.2 Time Setup The router has been implemented a time client which can get time information from the Internet or local time server. If you want to use any time-based function (ex. Call Scheduler), the time client should be worked properly in advance. Click ”Time Setup”...
  • Page 81 System Management Use Browser Time: Check to specify the time base from the web bowser which you are configuring. Note that if your computer time is not correct, the Vigor2200USB will get the wrong time. Use Internet Time Client: Click to specify the time base from the Internet time protocol (ex.

  • Page 82: Management Setup

    System Management 5.3 Management Setup By default, the Vigor2200USB may be configured and managed with any Telnet client or Web browser running on any operating system. There is no requirement for additional software or utilities. However, for some specific environments, you may want to change the server port numbers for the built-in Telnet or HTTP server, cre- ate access lists to protect the router, or reject system administrator login from the Internet.
  • Page 83 System Management Access List You may specify that the system administrator can only login from a specific host or network defined in the list. A maximum of three IPs/subnet masks may be entered. IP: Specifies an IP address allowed to login to the router. Subnet Mask: Specifies a subnet mask allowed to login to the router.

  • Page 84: Diagnostic Tools

    System Management Enable SNMP Agent : Check here to enable SNMP Agent Get Community : Specify the Get and Get-Next community name. Default value is public. Set Community : Specify the Set community name. Default value is private. Manger Host IP : Specify the manager. If this field is empty, every host can use SNMP manager to man age.
  • Page 85 System Management View Routing Table: Click ”View Routing Table ” to view the router’s routing table.
  • Page 86 System Management The table provides current IP routing information held in the router. To the left of each routing rule you will see a key. These keys are defined as: C --- Directly connected. S --- Static route. R --- RIP. * --- Default route.
  • Page 87 System Management View DHCP Assigned IP Addresses: View DHCP Assigned IP Addresses provides information on IP address assignments. This information is helpful in diagnosing net- work problems, such as IP address conflicts, etc. 5-11...
  • Page 88 System Management View NAT Port Redirection Running Table: If you have configured Port Redirection (under NAT Setup), click to verify that your settings are correct for redirecting specific port numbers to specified internal users. View NAT Active Sessions Table: As the router accesses the Internet through the built-in NAT engine, click ”View NAT Active Sessions Table ”...
  • Page 89 System Management Each line across the screen indicates an active session. The follow- ing information is displayed: Private IP: Port >> The IP address and port number of internal users (PCs). #Pseudo Port >> The public port number. Peer IP: Port >> The IP address and port number of peer users (PCs).

  • Page 90: Reboot System

    System Management 5.5 Reboot System The Web Configurator may be used to restart your router. Click ”Reboot System ” to open the following page. There are two reboot options: Using current configuration and Using factory default configuration. If you want to reboot the router using current running configurations, check Using current configuration and click ”OK”.
  • Page 91 System Management 1. Download the latest firmware from DrayTek’s web site or FTP site. DrayTek web site : www.draytek.com.tw (or local DrayTek’s web site) FTP site : ftp.draytek.com 2. Click ”Start > Programs > Router Tools > Router Firmware Upgrade Utility ” to launch the Firmware Upgrade Utility.

  • Page 92: Using The Telnet Terminal Commands

    Troubleshooting & FAQ 6.1 Using the Telnet Terminal Commands 6.2 Viewing Call Logs 6.3 Viewing PPP Logs 6.4 FAQs...
  • Page 93 Troubleshooting & FAQ The following section explains how to use Telnet terminal commands to diagnose your network problems via the built-in debug tool. Our examples use Windows’ Telnet client software. If you are a Mac user, you should install third-party Telnet client software on your computer.
  • Page 94 Troubleshooting & FAQ Command Help: If you are not familiar with these commands, type the command followed by a question mark ?. For example, the ip command is a first level command. Type “ip ?” to get next level commands as shown below.
  • Page 95 Troubleshooting & FAQ Quitting the Telnet Terminal: Type ”quit ” or ”exit ” to quit the Telnet terminal. 6.2 Viewing Call Logs The Call log provides a simple method for troubleshooting call setup or WAN connection problems. By default, the router records WAN connection messages.

  • Page 96: Faqs

    The PPP log is useful in solving communication problems for normal ISDN dialup, or PPPoE and PPTP dialup via a DSL modem. 6.4 FAQs The following frequently asked questions cover common questions. For more FAQs, visit DrayTek’s website (www.draytek.com) or contact your local technical support.
  • Page 97 1. Download Utility shows Cant Analyze USB modem: A: The version of your USB ADSL modem driver is not supported by the download utility. Please contact support@draytek.com.tw for this issue and further support 2. Download Utility shows Version not Supported: A : Make sure that the drivers for your USB ADSL modem are installed on your PC correctly.
  • Page 98 Troubleshooting & FAQ Router 1. What is the default administrator password to login to the router? A: By default, you don’t need a password to login to the router. For security, you should assign a password to pro tect your router against hacker attacks. 2.
  • Page 99 Troubleshooting & FAQ 6. Why is it that I can ping to outside hosts, but not access Internet websites? A: Check the DNS server settings on your PC. You should get the DNS servers settings from your ISP. If your PC is running a DHCP client, remove any DNS IP address set ting.

  • Page 100: Virtual Private Network And Remote Access

    Virtual Private Network Remote Access VPN.1 Introduction to VPNs and Remote Access VPN.2 VPN IKE/IPSec Setup VPN.3 VPN Remote Dial-in Access VPN.4 VPN LAN-to-LAN Access VPN.5 VPN Connection Management VPN.6 Example VPN-1...
  • Page 101 This chapter explains the capabilities of VPNs and remote access on the router. Use the following setup links on the Setup Main Menu to setup VPN and remote access functions. Quick Setup > VPN Remote Dial-In Access Setup Advanced Setup >...
  • Page 102 System Management > VPN Commection Management VPN-3...
  • Page 103 1. Introduction to VPNs and Remote Access A virtual private network (VPN) is the extension of a private network that encompasses links across shared or public networks like the Internet. A VPN enables you to send data between two computers across a shared or public internetwork in a manner that emulates the properties of a point-to-point private link.
  • Page 104 2. VPN IKE/IPSec Setup Dial-in Setup IKE Authentication Method: Currently only supports Pre-Shared Key authentication. Pre-Shared Key: Specifices a key for IKE authentication. Re-type Pre-Shared-Key: Confirms pre-shared-key. (Maximum 64 characters) IPSec Security Method: Selects allowed IPSec security method. VPN-5...
  • Page 105 Medium (AH): Data will be authentic, but not be encrypted. High (ESP): Data will be encrypted and authentic. Note: If you leave Pre-Shared Key to blank or both Medium and High IPSec Security Method to uncheck. The dial-in IPSec function will be disable. That means router will not respond any incoming IKE negeotiation packet.
  • Page 106 3. VPN Remote Dial-In Access There are 2 types of VPN connection for remote dial-in access. One is PPTP, and the other is L2TP. 3.1 Activating Remote Dial-In In the Quick Setup group of Setup Main Menu, click "VPN Remote Dial In Access Setup" to enter the setup page. Dial-In Access Control Dial-In Service: Check Enable to allow VPN dial-in service PPP Setup...
  • Page 107 Mutual Authentication (PAP): Enable this only if the connecting router requires mutual authentication. By default, the option is set to No. IP Address Assignment for Dial-In Users Start IP Address: Enter a start IP address to be assigned to the dial-in PPP connection. You should choose an IP address from the local private network.
  • Page 108 Set to Factory Default: Clicking here will clear all dial-in user accounts. Index: Click the index number to open an individual setup page for detailed setting of each account. Dial-In Username: The ??? means the access account is free. If an access account has been configured, the username will be shown.
  • Page 109 Username: Specifies a username for the specific dial-in user. Password: Specifies a password for the specific dial-in user. Idle Timeout: By default, set to 300 seconds. If the dial-in user is idle for over the limit set by the timer, the router will drop the connection.
  • Page 110 4. VPN LAN-to-LAN Access This section illustrates the following LAN-to-LAN applica- tion design. LAN-to-LAN through the Internet (VPN) 4.1 LAN-to-LAN through the Internet (VPN) The following sections are based on the network layout above to describe how to set up a LAN-to-LAN profile to connect two private networks through Internet.
  • Page 111 Before you begin to setup a LAN-to-LAN profile for each network, you need to gather the information shown in the follow table. 4.2 Creating a LAN-to-LAN Dialer Profile First, you must create a LAN-to-LAN profile for each network. Click LAN-to-LAN Dialer Profile on the Setup Main Menu to enter the setup page.
  • Page 112 The router provides 16 LAN-to-LAN profiles for connecting to up to 16 different remote networks. Set to Factory Default: Clicking here will clear all the LAN-to-LAN profiles. Index: Click a number in the Index to open a detailed set- tings page for each profile. Name: Indicates the name of the LAN-to-LAN profile.
  • Page 113 VPN-14...
  • Page 114 Each LAN-to-LAN profile includes 4 subgroups: Common Settings, Dial-Out Settings, Dial-In Settings, and TCP/IP Network Settings. The following will explain each subgroup in detail. Common Settings Profile Name: Specifies a name for the remote network. Enable this profile: Check here to activate this profile. Call Direction: Specifies the call direction for this profile.
  • Page 115 L2TP with IPSec Policy: Specifies IPSec policy for L2TP. None: Does not apply IPSec. Nice to Have: Applies IPSec first. If fails, tries without IPSec again. Must: Species L2TP over IPSec. If IPSec Tunnel or L2TP with IPSec Policy set to Nice to Have or Must, select security methods as described in followings.
  • Page 116 PPP Authentication: Specifies the PPP authentication method for PPTP and L2TP. Normally set to PAP/CHAP for the widest compatibility. VJ Compression: VJ Compression means TCP/IP protocol header compression. Normally set to Yes to improve band- width utilization. Dial-In Settings Username: Specifies a username to authenticate the dial-in router.
  • Page 117 Must: Species L2TP over IPSec. If IPSec Tunnel or L2TP with IPSec Policy set to Nice to Have or Must, select security methods as described in followings. Please refers to section 4.2 to set up IKE pre- shared key and IPSec security method. PPP Authentication: Refer to Dial-Out Settings.
  • Page 118 Remote Network Mask: (Must specify) Specify the netmask of the remote network. RIP Direction: The option specifies the direction of RIP (Routing Information Protocol) packets through the ISDN WAN connection. RIP Version: Selects the RIP protocol version. Specify Ver. 2 for greatest compatibility.
  • Page 119 5. VPN Connection Management You can use "VPN Connection Management " to make VPN connection and monitor the VPN connection status. VPN-20...
  • Page 120 6. Example A. Accept VPN Dial-Iin Step 1. > Quick Setup > VPN Remote Dial-In Access Setup Enable Dial-In Service If peer side needs mutual authentication, specify the username/password, otherwise, keep it blank. Step 2. > Advanced Setup > VPN IKE/IPSec Setup Set Pre-Shared key, this key is same as peer side used.
  • Page 121 For Client access- Step 3a. > Advanced Setup > VPN Remote Dial-In Users Setup Establish a remote dial-in user account VPN-22...
  • Page 122 For LAN-to-LAN access- Step 3b. > Advanced Setup > VPN LAN-to-LAN Dialer profile Setup Establish a LAN-to-LAN Dialer Profiles VPN-23...
  • Page 123 "Common Settings " • Enable this profile and give a profile name • Select "call Direction "’ to "Both "’ or "Dial-In " "Dial-In Settings " • Specify username / password •Select "Dial-In Type " "TCP/IP Network Settings " • You can leave "My WAN IP "’ & "Remote Gateway IP "...
  • Page 124 After connecing, you can monitor the VPN connection in formate via "> System Management > VPN connection Mangement ". Via Explore, you can access files of ‘remote’ LAN PC. VPN-25...
  • Page 125 B. Make VPN Connection Step 1. > Advanced Setup > VPN IKE/IPSec Setup Set Pre-Shared key, this key is same as peer side used. Step 2. > Advanced Setup > VPN LAN-to-LAN Dialer profile Setup Establish a LAN-to-LAN Dialer Profiles VPN-26...
  • Page 126 "Common Setting " • Enable this profile and give a profile name • Select "Call Direction " to "Both" or "Dial-Out " "Dial-Out Settings " • Specify username / password and server IP address • Select the protocol type : PPTP, IPSec or L2TP "TCP/IP Network Settings "...
  • Page 127 Note: If you have used any personal firewall on PC, for example,"Zone Alarm", you need to disable it while using VPN. After connecing, you can monitor the VPN connection in formate via "> System Management > VPN connection Mangement ". Via Explore, you can access files of "remote"...

This manual is also suitable for:

Vigor2200usb

Table of Contents