Draytek Vigor2960 series User Manual
Dual-wan security firewall
Hide thumbs
Also See for Vigor2960 series:
- User manual (446 pages) ,
- Quick start quide (38 pages) ,
- User manual (424 pages)
Table of Contents
Advertisement
Quick Links
Advertisement
Table of Contents
Troubleshooting
Related Manuals for Draytek Vigor2960 series
Summary of Contents for Draytek Vigor2960 series
- Page 2 Vigor2960 Dual-WAN Security Firewall User’s Guide Version: 1.0 Firmware Version: V1.0.5_RC7 (For future update, contact DrayTek) Date: 30/07/2012 Vigor2960 Series User’s Guide...
-
Page 3: Copyright Information
Web registration is preferred. You can register your Vigor router via Owner http://www.draytek.com. Firmware & Tools Due to the continuous evolution of DrayTek technology, all routers will be regularly Updates upgraded. Please consult the DrayTek web site for more information on newest firmware, tools and documents. -
Page 4: Regulatory Information
No. 26, Fu Shing Road, HuKou Township, HsinChu Industrial Park, Hsin-Chu County, Taiwan Product: Vigor2960 DrayTek Corp. declares that Vigor2960 of routers are in compliance with the following essential requirements and other relevant provisions of EC, Directive 2004/108/EC. The product conforms to the requirements of Electro-Magnetic Compatibility (EMC) Directive 2004/108/EC by complying with the requirements set forth in EN55022/Class A and EN55024/Class A. -
Page 5: Table Of Contents
3.1 How to Build SSL VPN with RDP Service in the Browser via Logging in Router's HTTPS Server? ................................21 3.2 How to Configure OSPF?......................26 3.3 How to Configure LAN to LAN IPSec Tunnel between Vigor2960 and Other Router....32 Chapter 4: Advanced Configuration................35 4.1 WAN ............................35 4.1.1 General Setup........................36... - Page 6 4.11.2 Incoming Filter ........................229 4.11.3 Outgoing Class ........................232 4.11.4 Outgoing Filter ........................238 4.11.5 Sessions Limit........................241 4.11.6 Bandwidth Limit .........................243 4.12 System Maintenance......................246 4.12.1 TR-069 ..........................246 4.12.2 Administrator Password.....................247 4.12.3 Configuration Backup ......................248 4.12.4 Syslog / Mail Alert ......................250 Vigor2960 Series User’s Guide...
- Page 7 5.3 Pinging the Router from Your Computer .................. 276 5.4 Checking If the ISP Settings are OK or Not ................277 5.5 Backing to Factory Default Setting If Necessary..............278 5.6 Contacting Your Dealer ......................279 Vigor2960 Series User’s Guide...
-
Page 9: Chapter 1: Preface
The Vigor2960 Series integrates a rich suite of functions, including NAT, firewall, VPN, load balance, and bandwidth management capability. These products are very suitable for providing multi-integrated solutions to SME markets. A Virtual Private Network (VPN) is an extension of a private network that encompasses links across shared or public networks like an Intranet. - Page 10 The port is connected with 10/100Mbps. Left LED The port is connected. GigaLAN (Green) The port is disconnected. 1/2/3/4 Blinking The data is transmitting. Right LED The port is connected with 1000Mbps. (Green) The port is connected with 10/100Mbps. Vigor2960 Series User’s Guide...
- Page 11 Then the router will restart with the factory default configuration. GigaWAN 1/2 Connecters for remote networked devices. GigaLAN 1/2/3/4 Connecters for local networked devices. USB1/2 Connecter for Mobile HDD, 3G Modem or printer. Connecter for a power cord. ON/OFF - Power switch. Vigor2960 Series User’s Guide...
-
Page 12: Hardware Installation
Connect the cable Modem/DSL Modem/Media Converter to any WAN port of router with Ethernet cable (RJ-45). Connect the power cord to Vigor2960’s power port on the rear panel, and the other side into a wall outlet. Power on the device by pressing down the power switch on the rear panel. The PWR LED should be ON. -
Page 13: Wall-Mounted Installation
The Vigor2960 Series can be mounted on the wall by using standard brackets shown below. Choose a flat surface (on the wall) which is suitable for placing the router. Make the screw holes on the short side of the bracket aim at the screw holes on the router. Next, fasten both the bracket and the router with two screws;... - Page 14 This page is left blank. Vigor2960 Series User’s Guide...
-
Page 15: Chapter 2: Initial Configuration
Open a web browser on your PC and type http://192.168.1.1. A pop-up window will open to ask for username and password. Please type default values on the window for the first time accessing. The default value for user name is admin and the password is admin. Next, click Login. Vigor2960 Series User’s Guide... - Page 16 New Password and retype it on the field of Confirm Password. Then click Apply to continue. Now, the password has been changed. Next time, use the new password to access the Web Configurator for this router. Vigor2960 Series User’s Guide...
-
Page 17: Quick Start Wizard
Available parameters are listed as follows: Item Description Profile Use the drop down list to choose one of the WAN profiles for modifying. IPv4 Protocol Use the drop down list to choose the type for the IPv4 protocol for such profile. Vigor2960 Series User’s Guide... -
Page 18: Step 2 - Configuring The Selected Protocol
Gateway and Static DNS specified by your ISP, and then click Next. Available parameters are listed as follows: Item Description IP Address Type a public IP address for such WAN profile. Subnet Mask Choose the static mask from the drop down list. Vigor2960 Series User’s Guide... - Page 19 Previous Click it to return to previous setting page. Finish Click it to finish the configuration. Cancel Click it to discard the settings configured in this page. When you finished the above settings, please click Finish. Vigor2960 Series User’s Guide...
- Page 20 DHCP allows a user to obtain an IP address automatically from a DHCP server on the Internet. If you choose DHCP mode, the DHCP server of your ISP will assign a dynamic IP address for Vigor2960 automatically. It is not necessary for you to assign any setting. (Host Name is required for some ISPs).
- Page 21 Click it to return to previous setting page. Previous Click it to finish the configuration. Finish Cancel Click it to discard the settings configured in this page. When you finished the above settings, please click Finish. Vigor2960 Series User’s Guide...
- Page 22 In this case, you can fill in this IP address in the Fixed IP field. Please contact your ISP before you want to use this function. Static – specify the IP address. DHCP - obtain the IP address automatically. Vigor2960 Series User’s Guide...
- Page 23 – Click the icon to remove the selected entry. Previous Click it to return to previous setting page. Finish Click it to finish the configuration. Cancel Click it to discard the settings configured in this page. Vigor2960 Series User’s Guide...
- Page 24 When you finished the above settings, please click Finish. Later, you can surf the Internet at any time. When the following screen appears, it means you have finished the Quick Start Wizard configuration. Vigor2960 Series User’s Guide...
-
Page 25: Register Vigor Router
Please follow the steps below to register the router. Before using such function, please register your router online first. Log into the web configurator of Vigor2960 and click Product Registration. A Login page will be shown on the screen. Please type the account and password that you created previously. - Page 26 When the following page appears, please type in Nick Name (for the router) and choose the right registration date from the popup calendar (it appears when you click on the box of Registration Date). After adding the basic information for the router, please click Submit. Vigor2960 Series User’s Guide...
- Page 27 Now, your router information has been added to the database. Click OK to leave this web page and return to My Information web page. Take a look at the page of My Information, the new added Vigor2960 is listed under Your Device List.
- Page 28 This page is left blank. Vigor2960 Series User’s Guide...
-
Page 29: Chapter 3: Application And Tutorial
Microsoft Terminal Services. An easy way is provided to establish connection between the router and the RDP Server via any browser. Open the web configurator of Vigor2960. Enable the HTTPS service from System Maintenance >> Access Control by clicking Enable for HTTPS Allow and type 443 as the value of HTTPS Port. - Page 30 Open User Management >> User Profile to create a new profile named “7788”. Set the Password as 7788 and choose the profile of Win7 as SSL Application (RDP). Click Apply. Logout Vigor2960. Login Vigor2960 HTTPS Server with 7788 for both Username and Password. Vigor2960 Series User’s Guide...
- Page 31 A screen like the following figure will appear. Simply click the SSL Application link. In the following screen, click Connect for connecting to Win7, the RDP server. Vigor2960 Series User’s Guide...
- Page 32 After that, you can access into Windows 7 via a browser. Note the message below the window. In which, TLS means Transport Layer Security. Vigor2960 Series User’s Guide...
-
Page 33: Troubleshooting
If you have installed Java Runtime Environment edition 6 but still cannot establish the connection, please make sure you have disabled “Use TLS 1.0” in the Java Control Panel as figure shown below. Then, try to connect again. Vigor2960 Series User’s Guide... -
Page 34: How To Configure Ospf
Static Route. Refer to the OSPF topology diagram listed below. OSPF can place each router (e.g., Vigor3900A, Vigor3900B and Vigor2960 shown above) at the root of a tree and calculate the shortest path to each destination according to the cumulative cost to reach the destination. - Page 35 2. Next, continue to create a LAN (192.168.3.1/24) profile named lan2 with the settings shown below. 3. Open LAN >> Static Route Setup and click the Inter-LAN Route tab to enable this profile. Vigor2960 Series User’s Guide...
- Page 36 Profiles lan2 area setting as 11 and lan1 area as 11. (As shown in the topology diagram.) 1. Open LAN >> General Setup to create a LAN (192.168.2.1/24) profile named lan1 with the settings shown below. 2. Next, continue to create a LAN (192.168.3.2/24) profile named lan2 with the settings shown below. Vigor2960 Series User’s Guide...
-
Page 37: Open Lan >> Ospf Configuration To Enable This Profile. Click Add To Make The Lan
Profiles lan2 area setting as 11 and lan1 area as 11. (As shown in the topology diagram.) 1. Open LAN >> General Setup to create a LAN (192.168.4.1/24) profile named lan1 with the settings shown below. Vigor2960 Series User’s Guide... -
Page 38: Next, Continue To Create A Lan (192.168.3.2/24) Profile Named Lan2 With The Settings
3. Open LAN >> Static Route Setup and click the Inter-LAN Route tab to enable this profile. 4. Open LAN >> OSPF Configuration to enable this profile. Click Add to make the LAN Profiles lan2 area setting as 11 and lan1 area as 11. (As shown in the topology diagram.) Vigor2960 Series User’s Guide... - Page 39 5. After setting, check the routing information (marked with red line) which is created by OSPF. Vigor2960 Series User’s Guide...
-
Page 40: How To Configure Lan To Lan Ipsec Tunnel Between Vigor2960 And Other Router
Here provides an example about LAN to LAN IPSec tunnel established between Vigor2960 and Vigor2710. Access into the web configurator of Vigor2960 and open VPN and Remote Access >> LAN to LAN Profiles to add a new VPN configuration. Type the Pre-shared key and choose a WAN Profile. Specify Local IP/Subnet Mask with 192.168.29.0/24. - Page 41 Choose Dial-Out as Call Direction and check the box of Always on. For Dial-Out Settings, please choose IPSec Tunnel and type WAN IP address of Vigor2960 in the field of Server IP/Host Name for VPN (e.g., 1.169.162.1). Type the same IKE Pre-Shared Key configured in Vigor2960.
- Page 42 For the role of Vigor2710 is dialing-out, please skip Dial-In setting. Type the Remote Network IP and Remote Network Mask of Vigor2960 to complete configuration. Please check if the VPN connection is built successfully in both devices respectively. For Vigor2960, open VPN and Remote Access>>IPSec>>Status for viewing the result.
-
Page 43: Chapter 4: Advanced Configuration
When a router begins to connect to your ISP, a serial of discovery process will occur to ask for a connection. Then a session will be created. Your user ID and password is authenticated Vigor2960 Series User’s Guide... -
Page 44: General Setup
Edit button. The edit window will appear for you to modify the corresponding settings for the selected rule. Refresh Renew current web page. Profile Display the profile name. Enable This Profile Display the status of the profile. False means disabled; True Vigor2960 Series User’s Guide... - Page 45 Enable – Click it to enable the function of VLAN Tag. Data transmitted through the router will not be tagged with any number. Disable – Click it to disable the function of VLAN Tag. Data transmitted through the router will be tagged with specified number for identification. Vigor2960 Series User’s Guide...
- Page 46 Global configuration allows you to enable the profile, give a brief explanation for such profile, specify the VLAN ID, specify MAC address, choose IPv4 and IPv6 protocol, and specify the mode of the data transmission (NAT or Routing). Vigor2960 Series User’s Guide...
- Page 47 DNS Server IP adding a new IP address. Type the IP address on the tiny Address boxes one by one. Save – After finished the IP address configuration, click Save to save the setting onto the router. Vigor2960 Series User’s Guide...
- Page 48 If not, the connection of WAN interface will be regarded as breaking down. This function is available when Connection Detection Mode is set with PING or HTTP. Save – click this button to save the setting. Vigor2960 Series User’s Guide...
- Page 49 Add – To add a new IP address, click Add. Type the IP address and use the drop down list to specify the subnet mask. Next, click Save. The new one will be added and displayed on the field under the box. Vigor2960 Series User’s Guide...
- Page 50 Assign detecting times to ensure the connection of the WAN Connection interface. After passing the times you set in this field and no Detection Retry reply received by the router, the connection of WAN interface will be regarded as breaking down. Vigor2960 Series User’s Guide...
- Page 51 Fixed IP Address – Type an IP address here if you choose Enable for Fixed IP. Connection Select a detecting mode for this WAN interface. There are Detection Mode two ways PING and HTTP supported in Vigor router for you to choose to send the request out. Vigor2960 Series User’s Guide...
- Page 52 Save – After finished the IP address configuration, click Save to save the setting onto the router. – Click the icon to remove the selected entry. Click it to save the configuration and exit the dialog. Apply Vigor2960 Series User’s Guide...
- Page 53 Disable – Click it to disable the function of Always On. Connection Select a detecting mode for this WAN interface. There are Detection Mode two ways PING and HTTP supported in Vigor router for you to choose to send the request out. Vigor2960 Series User’s Guide...
- Page 54 Link-Local address is used for communicating with neighbouring nodes on the same link. It is defined by the address prefix fe80::/64. You don't need to setup Link-Local address manually for it is generated automatically according to your MAC Address. Vigor2960 Series User’s Guide...
- Page 55 Save – Click this button to save the setting. – Click the icon to remove the selected entry. Apply Click it to save the configuration and exit the dialog. Cancel Click it to exit the dialog without saving the configuration. Vigor2960 Series User’s Guide...
- Page 56 Click it to exit the dialog without saving the configuration. If you choose DHCP-IA_PD as IPv6 protocol type It is not necessary for you to configure any web page. After finished the settings configuration, click Apply to save and apply the settings. Vigor2960 Series User’s Guide...
-
Page 57: Default Route
Display the WAN profiles for user to choose as a default /Load Balance Pool route. Name In which, wan1 to wan2 are factory default settings. Apply Click it to save the configuration. Cancel Click it to exit the dialog without saving the configuration. Vigor2960 Series User’s Guide... -
Page 58: Load Balance
Vigor2960 supports a load balancing function. It can assign traffic with protocol type, IP address for specific host, a subnet of hosts, and port range to be allocated in WAN interface. User can assign traffic category and force it to go to dedicate network interface based on the following web page setup. - Page 59 Pool setting. Open WAN>>Load Balance and click the tab of Pool. Simply click the Add button to open the following dialog. Type a name for such profile (e.g., LB_1). Choose Load_Balance as the Mode selection. Vigor2960 Series User’s Guide...
- Page 60 Click Add. A new line for adding new entry will appear. Use the drop down list of Interface to choose one of the WAN profiles. Type the value (e.g., 20) for Weight. Click Apply. A new profile will be added on the page. Vigor2960 Series User’s Guide...
- Page 61 Open WAN>>Load Balance and click the tab of Pool. Simply click the Add button to open the following dialog. Type a name for such profile (e.g., FL_1). Choose Failover as the Mode selection. Vigor2960 Series User’s Guide...
- Page 62 Click the Failover Tab. In default, the system will apply Primary Profile. If Primary Profile cannot be used any more, the Backup Profile will be used instead. Use the drop down list to choose the one you need. Click Apply. A new profile will be added on the page. Vigor2960 Series User’s Guide...
- Page 63 Display the source Mask for such rule. Destination IP Address Display the destination IP address for such rule. Destination Mask Display the destination Mask for such rule. Destination Port Start Display the destination port starting value for such rule. Vigor2960 Series User’s Guide...
- Page 64 Check this box to enable such profile. Enable This Profile Protocol Choose a protocol (ALL, TCP, UDP, TCP/UDP, ICMP, FTP, TFTP, HTTP, SMTP, POP3) for such rule applied to load balance. All is the default setting. Vigor2960 Series User’s Guide...
- Page 65 WAN<<General Setup for detailed information. Click it to save the configuration. Apply Cancel Click it to return to the factory setting. Enter all the settings and click Apply. The new rule profile will be added on the screen. Vigor2960 Series User’s Guide...
-
Page 66: Lan
Note: One LAN profile shall be enabled at least to keep the normal operation. The default LAN profile named “lan1” shall not be deleted. Otherwise, the system might be damaged. If such file is deleted due to careless, please reset your router to restore the default setting. Vigor2960 Series User’s Guide... - Page 67 Display the brief explanation for the LAN profile. VLAN ID Display the VLAN ID configured for the LAN profile. IPv4 Protocol Type Display the IPv4 protocol type for the LAN profile. IPv6 Protocol Type Display the IPv6 protocol type for the LAN profile. Vigor2960 Series User’s Guide...
- Page 68 Type a number as the VLAN ID to make the data be identified while performing data transmission. Default MAC Enable – Click it to enable the default MAC address for Address such profile. Disable – Click it to type the MAC address manually for such profile. Vigor2960 Series User’s Guide...
- Page 69 DHCPv6 protocol to obtain IPv6 address from server. IPv6 Address If Static is chosen as IPv6 Protocol, please type the IPv6 address in this field. IPv6 Prefix Length Type the IPv6 prefix length for IPv6 – Static protocol. Vigor2960 Series User’s Guide...
- Page 70 Apply Click it to save and exit the dialog. Click it to exit the dialog without saving anything. Cancel When you finish the above settings, please click Apply to save the configuration and exit the dialog. Vigor2960 Series User’s Guide...
- Page 71 In the Vigor2960 router, there are some IP address settings for the LAN interface. The IP address/subnet mask is for private users or NAT users. The IP address of the default gateway on other local PCs should be set as the Vigor2960 server IP address. When the DSL connection between the DSL and the ISP has been established, each local PC can directly route to the Internet.
- Page 72 Display the IP address for DNS. In general, this box will be blank. It means Vigor2960 will Routers be regarded as the gateway for the user. Lease Time Display the lease time for the DHCP server. Specify Remote Dial-in Display the status of remote dial-in function. Disable means disabled;...
- Page 73 Set the private IP address for DNS server. If this field is blank, users on LAN will treat Vigor2960 as the DNS server. Add – Click it to add a new IP address for DNS server. Save – Click it to save the setting.
- Page 74 Enable This Profile Display the status of the profile. False means disabled; True means enabled. DHCP Server Location Display the LAN or WAN profile for the DHCP server. DHCP Server IP Display the IP address of DHCP server. Vigor2960 Series User’s Guide...
- Page 75 Click it to save and exit the dialog. Cancel Click it to exit the dialog without saving anything. When you finish the above settings, please click Apply to save the configuration and exit the dialog. The LAN profile has been edited. Vigor2960 Series User’s Guide...
- Page 76 Refresh Renew current web page. Profile Display the name of the LAN profile. Enable This Profile Display the status of the profile. False means disabled; True Vigor2960 Series User’s Guide...
- Page 77 A lifetime of 0 indicates that the router is not a default router and should not appear on the default router list. Apply Click it to save and exit the dialog. Cancel Click it to exit the dialog without saving anything. Vigor2960 Series User’s Guide...
- Page 78 To edit a profile, simply select the one you want to modify and click the Edit button. The edit window will appear for you to modify the corresponding settings for the selected rule. Refresh Renew current web page. Profile Display the name of the LAN profile. Vigor2960 Series User’s Guide...
- Page 79 Display the private IP address for DNS server. Open LAN>>General Setup and click the DHCPv6 tab. Choose one of the LAN profiles by clicking on it and click the Edit button to open the following dialog. Vigor2960 Series User’s Guide...
- Page 80 2000:0000:0000:0000:0000:0000:0000:10 or 2000::10. Set the private IP address for DNS server. If this field is blank, users on LAN will treat Vigor2960 as the DNS server. Add – Click it to add a new IP address for DNS server. Save – Click it to save the setting.
-
Page 81: Ip Routing
WAN. When the local device tries to transmit the data packets out, Vigor2960 will send it out through that certain WAN interface without passing through NAT. Meanwhile, remote device also can access the local device directly without any difficulty. - Page 82 Choose one of LAN profiles for the local device. LAN Profile Type the private IP address for such IP routing profile. Mask Use the drop down list to choose the subnet mask for such IP routing profile. Vigor2960 Series User’s Guide...
-
Page 83: Static Route
When there are several subnets in LAN, a more effective and quicker way for connection is static route rather than other methods. Simply set rules to forward data from one specified subnet to another specified subnet. Vigor2960 Series User’s Guide... - Page 84 Display the IP address for such static route profile. Subnet Mask Display the subnet mask for such static route profile. Gateway Display the gateway address for such static route profile. WAN/LAN Profile Display the subnet / LAN or WAN profile of the gateway. Vigor2960 Series User’s Guide...
- Page 85 Use the drop down list to choose the subnet mask for such static route profile. Type the gateway address for such static route profile. Gateway WAN/LAN Profile Choose one of the LAN/WAN profiles of the gateway for such static route. Vigor2960 Series User’s Guide...
- Page 86 Modify the selected static route setting. To edit static route setting, simply select the one you want to modify and click the Edit button. The edit window will appear for you to modify the corresponding settings for the Vigor2960 Series User’s Guide...
- Page 87 Display the subnet LAN or WAN profile of the gateway. Metric Display the distance to the target. Open LAN>>Static Route and click the IPv6 Static Route tab. Click the Add button. The following dialog will appear. Vigor2960 Series User’s Guide...
- Page 88 Type the distance to the target (usually counted in hops). Apply Click it to save and exit the dialog. Cancel Click it to exit the dialog without saving anything. Enter all the settings and click Apply. The new profile will be added on the screen. Vigor2960 Series User’s Guide...
- Page 89 To make the users in different LAN communicating with each other, please check the box to enable Inter-LAN route function. Vigor2960 Series User’s Guide...
-
Page 90: Switch
Modify the selected VLAN ID setting. Edit To edit VALN ID setting, simply select the one you want to modify and click the Edit button. The edit window will appear for you to modify the corresponding settings for the Vigor2960 Series User’s Guide... - Page 91 Type the number as the VLAN ID. Type a number used for identification on VLAN for your computer. Later, you have to type the same ID number for each PC which wants to be grouped within the same VLAN group. Vigor2960 Series User’s Guide...
- Page 92 LAN profile with the VLAN ID number is tagged or not. Apply Click it to save and exit the dialog. Cancel Click it to exit the dialog without saving anything. Enter all the settings and click Apply. The new profile will be added on the screen. Vigor2960 Series User’s Guide...
-
Page 93: Bind Ip To Mac
IP Address Display the IP address of one device. MAC Address Display the MAC address of the device. It allows you to add one pair of IP/MAC address and display on the table of IP Bind List. Vigor2960 Series User’s Guide... - Page 94 Strict_Bind – Only specified IP addresses will be assigned to the device with bind MAC address. Other devices which are not listed on the Bind Table shall still NOT get the IP address from DHCP server. Vigor2960 Series User’s Guide...
-
Page 95: Rip Configuration
In addition, it will choose a correct route based on the method of Distance Vector Routing and use the Bellman-Ford algorithm to calculate the routing table. Vigor2960 Series User’s Guide... - Page 96 C to B. In another direction, C will do the same thing. Available parameters are listed as follows: Item Description Enable This Profile Check the box to enable the Mirror function for the switch. Vigor2960 Series User’s Guide...
-
Page 97: Ospf Configuration
Click it to save the settings. Cancel Click it to discard the settings configured in this page. Open LAN>>OSPF Configuration. Check Enable This Profile. Click the space of Profile. A pop-up dialog will appear. Click Add. Vigor2960 Series User’s Guide... - Page 98 If you are not satisfied the settings, simply click to remove the entry, and then re-type the settings. Click Apply to save the settings and exit the dialog. A new profile is created and displayed on the screen. Vigor2960 Series User’s Guide...
-
Page 99: Nat
Series is NAT-enabled by default and gets one globally routable IP addresses from the ISP by Static, PPPoE, or DHCP mechanism. The Vigor2960 Series assigns private network IP addresses according to RFC-1918 protocol and translates the private network addresses to a globally routable IP address so that local hosts can communicate with the router and access the Internet. - Page 100 Display the starting number of the public port. Public Port End Display the ending number of the public port. Private Port Display the number of the private port. Open NAT>> Port Redirection. Simply click the Add button. Vigor2960 Series User’s Guide...
- Page 101 Enable This Profile Check the box to enable this profile. Specify the WAN interface for such profile. Public IP Use IP Alias Use the drop down menu to specify which type of IP Alias you want. Vigor2960 Series User’s Guide...
- Page 102 Apply Click it to save and exit the dialog. Cancel Click it to exit the dialog without saving anything. Enter all the settings and click Apply. A new profile has been added onto Port Redirection table. Vigor2960 Series User’s Guide...
-
Page 103: Dmz Host
Delete Remove the selected profile. To delete a profile, simply select the one you want to delete and click the Delete button. Refresh Renew current web page. Rename Allow to modify the selected profile name. Vigor2960 Series User’s Guide... - Page 104 Display the using status (enabled or disabled) for WAN IP Use IP Alias alias. IP Alias Display the selected WAN IP address. Open NAT>> DMZ Host. Simply click the Add button. The following dialog will appear. Vigor2960 Series User’s Guide...
- Page 105 Apply Click it to save and exit the dialog. Cancel Click it to exit the dialog without saving anything. Enter all the settings and click Apply. A new profile has been added onto DMZ Host table. Vigor2960 Series User’s Guide...
-
Page 106: Address Mapping
Allow to modify the selected profile name. Before using such function, there is one profile existed at least. Profile Display the name of the profile. Enable The Profile Display the status of the profile. False means disabled; True Vigor2960 Series User’s Guide... - Page 107 IP Alias Display the selected WAN IP address. Open NAT>> Address Mapping. Simply click the Add button. The following dialog will appear. Available parameters are listed as follows: Item Description Profile Type the name of the profile. Vigor2960 Series User’s Guide...
- Page 108 Apply Click it to save and exit the dialog. Cancel Click it to exit the dialog without saving anything. Enter all the settings and click Apply. A new profile has been added onto Address Mapping table. Vigor2960 Series User’s Guide...
-
Page 109: Sip Alg
Cancel The firewall controls the allowance and denial of packets through the router. Firewall Setup in the Vigor2960 Series mainly consists of packet filtering, Denial of Service (DoS) and URL (Universal Resource Locator) content filtering facilities. These firewall filters help to protect your local network against attack from outsiders. A firewall... -
Page 110: Filter Setup
IP Filter Group(s); the lower part displays the information of IP Filter Rule(s). You should create at least one IP filter rule and one group profile. The following will explain IP Filter functions with details. Vigor2960 Series User’s Guide... - Page 111 Add a new IP filter rule profile. Before you create an IP filter rule, you have to create an IP filter group first. Otherwise, you are not allowed to add any IP filter rule here. Edit Modify the selected profile. Vigor2960 Series User’s Guide...
- Page 112 Display the status (enable or disable) of the Syslog function. To build an IP group containing IP filter rules, please follow the steps: Open Firewall>>Filter Setup and click the IP Filter tab. Simply click the Add button. Vigor2960 Series User’s Guide...
- Page 113 Enter all the settings and click Apply. A new filter group has been added onto Address Mapping table. Choose the IP filter group first and then click the Add tab (the lower one in this page). Vigor2960 Series User’s Guide...
- Page 114 The following page for configuration will appear. Available parameters are listed as follows: Vigor2960 Series User’s Guide...
- Page 115 Pass_If_No_Further_Match - A packet matching the rule, and that does not match further rules, will be passed through. Syslog Click Enable to make the history of firewall actions appearing on the System Maintenance >> Syslog/Mail Alert >> Syslog File. Vigor2960 Series User’s Guide...
- Page 116 Note: You can create multiple IP filter groups. Each IP Filter Rules of Selected Group belongs to an IP Filter Rule Group. Click an IP Filter Rule Group to show its members in the lower display window. Vigor2960 Series User’s Guide...
- Page 117 If no time schedule is set, None will be shown in this field. Display the source IP object profile selected for such group. Source IP Exception IP Display the IP object profile which will not be filtered by the router for such group. Vigor2960 Series User’s Guide...
- Page 118 Display the P2P object profile selected for such application profile. Protocol Block Display the protocol object profile selected for such application profile. Open Firewall>>Filter Setup and click the Application Filter tab. Simply click the Add button. The following dialog will appear. Vigor2960 Series User’s Guide...
- Page 119 Apply Click it to save and exit the dialog. Cancel Click it to exit the dialog without saving anything. Enter all the settings and click Apply. A new Application filter profile has been added. Vigor2960 Series User’s Guide...
- Page 120 If no time schedule is set, None will be shown in this field. Source IP Display the source IP object profile selected for each rule. Display the keyword object profile selected for each rule Keyword Pass which is allowed to pass through the router. Vigor2960 Series User’s Guide...
- Page 121 Click it to save the configuration. Cancel Click it to discard the settings configured in this page. Open Firewall>>Filter Setup and click the URL Filter tab. Simply click the Add button. The following dialog will appear. Vigor2960 Series User’s Guide...
- Page 122 File Extension Choose one or more P2P object profiles from the drop down Block list which will not be allowed to pass through the router. You can click to create another new file extension object profile. Vigor2960 Series User’s Guide...
- Page 123 WCF object profile. Apply Click it to save and exit the dialog. Cancel Click it to exit the dialog without saving anything. Enter all the settings and click Apply. A new URL filter profile has been added. Vigor2960 Series User’s Guide...
-
Page 124: Dos Defense
ICMP Flood Threshold The default setting for threshold is 300 packets per second. ICMP Flood Timeout The default setting for timeout is 10 seconds. Block UDP Flood Click Enable to activate the UDP flood defense function. Vigor2960 Series User’s Guide... - Page 125 Click Enable to activate the Block ICMP fragment function. Any ICMP packets with fragmented bit sets are dropped. Block Unknown Click Enable to activate the Block Unknown Protocol Protocol function. The router will block any packets with unknown protocol types. Vigor2960 Series User’s Guide...
-
Page 126: Mac Block
Delete button. Refresh Renew current web page. Rename Allow to modify the selected profile name. Profile Display the name of the profile. Display the status of the profile. False means disabled; True Enable The Profile means enabled. Vigor2960 Series User’s Guide... - Page 127 Type the MAC address which will be blocked by the system MAC Address for such profile. Apply Click it to save and exit the dialog. Cancel Click it to exit the dialog without saving anything. Enter all the settings and click Apply. Vigor2960 Series User’s Guide...
-
Page 128: Objects Setting
A new MAC Block profile has been created. Vigor2960 allows users to set different filter profiles based on IP, service type, keyword, file extension, instant message application, P2P application, protocol application, web category and time setting. These objects setting profiles can be applied in Firewall. -
Page 129: Ip Object
Display the name of the profile. Interface Display the interface of the IP Object. Address Type Display the address type (single, range or subnet) for such profile. Start IP Address Display the IP address of the starting point for such profile. Vigor2960 Series User’s Guide... - Page 130 Type the name of such profile. Interface Determine the category (any, source or destination) of this IP object. If an IP object is set to Source, it will only appear in the field of Source IP on Firewall>>IP Filter Rule. Vigor2960 Series User’s Guide...
- Page 131 Subnet as Address Type. Apply Click it to save and exit the dialog. Cancel Click it to exit the dialog without saving anything. Enter all the settings and click Apply. A new IP object profile has been created. Vigor2960 Series User’s Guide...
-
Page 132: Ip Group
Display the name of the object group. Interface Display the interface of the object group. Description Display the description for such profile. Objects Display the object profiles grouped under such group. Open Objects Setting>>IP Group. Simply click the Add button. Vigor2960 Series User’s Guide... - Page 133 All the available IP objects that you have added on Objects Setting>>IP Object will be seen here. Click it to save the configuration. Apply Cancel Click it to exit the dialog without saving anything. Enter all the settings and click Apply. Vigor2960 Series User’s Guide...
-
Page 134: Service Type Object
To delete a rule, simply select the one you want to delete and click the Delete button. Refresh Renew current web page. Profile Number Limit Display the total number (96) of the object profiles to be created. Profile Display the name of the service type object profile. Vigor2960 Series User’s Guide... - Page 135 Specify one of the protocols for such profile. Protocol Source Port Start It is available for TCP/UDP protocol. It can be ignored for ICMP. Type a port number (0 – 65535) as the starting source port. Vigor2960 Series User’s Guide...
-
Page 136: Service Type Group
This page allows you to bind several service types into one group. To manage conveniently, several service type profiles can be grouped under a service type group. Different service type group can contain different service type profiles. Each item will be explained as follows: Vigor2960 Series User’s Guide... - Page 137 Display the description for such profile. Objects Display the service type object profiles grouped under such group. Open Objects Setting>> Service Type Group. Simply click the Add button. The following dialog will appear. Available parameters are listed as follows: Vigor2960 Series User’s Guide...
- Page 138 Objects Setting>>Service Type Object will be seen here. Apply Click it to save the configuration. Cancel Click it to exit the dialog without saving the configuration. Enter all the settings and click Apply. A new Service Type Group profile has been created. Vigor2960 Series User’s Guide...
-
Page 139: Keyword Object
Keyword can be set as a filter rule to be applied in Firewall. Vigor2960 allows users to set keyword profile with several keywords. Even, it allows users to group several keyword profiles within a keyword group. Each item will be explained as follows:... - Page 140 Add – Type the word in the box of Member and click this button to add the new word as keyword object. Save – Click it to save the setting. – click the icon to remove the selected entry. Apply Click it to save the configuration. Vigor2960 Series User’s Guide...
-
Page 141: Keyword Group
Delete Remove the selected profile. To delete a rule, simply select the one you want to delete and click the Delete button. Refresh Renew current web page. Vigor2960 Series User’s Guide... - Page 142 Use the drop down list to check the keyword object profiles under such group. All the available keyword objects that you have added on Objects Setting>>Keyword Object will be seen here. Apply Click it to save the configuration. Vigor2960 Series User’s Guide...
-
Page 143: File Extension Object
Edit button. The edit window will appear for you to modify the corresponding settings for the selected rule. Delete Remove the selected profile. To delete a rule, simply select the one you want to delete and click the Delete button. Vigor2960 Series User’s Guide... - Page 144 Display the selected file extension of activeX. Compression Display the selected file extension of compression. Execution Display the selected file extension of execution. Open Objects Setting>>File Extension Object. Simply click the Add button. The following dialog will appear. Vigor2960 Series User’s Guide...
- Page 145 Apply Click it to save the configuration. Click it to exit the dialog without saving the configuration. Cancel Enter all the settings and click Apply. A new File Extension Object profile has been created. Vigor2960 Series User’s Guide...
-
Page 146: Im Object
Profile Display the name of the IM object profile. Member Display the IM application specified in such profile. WebIM Display the status of IM object whether including the specified set of web IM or not. Vigor2960 Series User’s Guide... - Page 147 Type the name of the IM object group. The number of the characters allowed to be typed here is 10. Member Several IM applications offered for you to choose. Check the one(s) you want to add for such profile. Vigor2960 Series User’s Guide...
- Page 148 Apply Click it to save the configuration. Click it to exit the dialog without saving the configuration. Cancel Enter all the settings and click Apply. A new IM Object profile has been created. Vigor2960 Series User’s Guide...
-
Page 149: P2P Object
Vigor2960 can block P2P application for users, especially for the ones who always upload or download improper files to Internet. P2P object setting lists all of the point to point application for you to choose to block. Choose the one(s) you want to block and save as a P2P Object profile. Later, it can be applied to Firewall as a filter rule and reach the purpose of block. - Page 150 Several P2P applications offered for you to choose. Check the one(s) you want to add for such profile. Apply Click it to save the configuration. Cancel Click it to exit the dialog without saving the configuration. Enter all the settings and click Apply. Vigor2960 Series User’s Guide...
-
Page 151: Protocol Object
A new P2P Object profile has been created. Network services, e.g., DNS, FTP, HTTP, POP3, for LAN users can be blocked by Vigor2960. Common services will be listed in this function and can be selected to be blocked by the router. - Page 152 Simply click the Add button. The following dialog will appear. Available parameters are listed as follows: Item Description Profile Type the name of the protocol object profile. The number of the characters allowed to be typed here is 10. Vigor2960 Series User’s Guide...
-
Page 153: Web Category Object
Activate URL to satisfy your request. Note that service provider matching with Vigor router currently offers a period of time for trial version for users to experiment. If you want to purchase a formal edition, simply contact with your DrayTek dealer. Vigor2960 Series User’s Guide... - Page 154 Commtouch. If you want to use such service (trial or formal edition), you have to perform the procedure of activation first. For the service of formal edition, please contact with your dealer/distributor for detailed information. Each item will be explained as follows: Vigor2960 Series User’s Guide...
- Page 155 Other Display the items under certain category that you choose to block. Open Objects Setting>> Web Category Object and click the Web Category Object tab. Simply click the Add button. The following dialog will appear. Vigor2960 Series User’s Guide...
- Page 156 Simply check the one(s) that you don’t want the user to visit. Apply Click it to save the configuration. Click it to exit the dialog without saving the configuration. Cancel Enter all the settings and click Apply. Vigor2960 Series User’s Guide...
- Page 157 Move your mouse to the link of Activate URL and click it. The system will guide you to access into MyVigor website. After finishing the activation for the trial version of WCF, remember to purchase “Silver Card” for WCF service from your DrayTek dealer or distributor. Vigor2960 Series User’s Guide...
-
Page 158: Time Object
Display the starting date of the time object profile. Start Time Display the starting time of the time object profile. End Date Display the ending date of the time object profile. End Time Display the ending time of the time object profile. Vigor2960 Series User’s Guide... - Page 159 Specify the starting date of the time object profile. Start Time Specify the starting time of the time object profile. End Date Specify the ending date of the time object profile. End Time Specify the ending time of the time object profile. Vigor2960 Series User’s Guide...
-
Page 160: Time Group
Cancel Click it to exit the dialog without saving the configuration. Enter all the settings and click Apply. A new Time Object profile has been created. This page allows you to group several time object profiles. Vigor2960 Series User’s Guide... - Page 161 Display the name of the group. Description Display the brief explanation for such group. Display the time objects selected by such group. Objects Open Objects Setting>> Time Group. Simply click the Add button. The following dialog will appear. Vigor2960 Series User’s Guide...
-
Page 162: User Management
User Management can manage all the accounts (user profiles) to connect to Internet via different protocols. General Setup can determine the standard (rule-based or user-based) for the users controlled by User Management. The mode (standard) selected here will influence the contents of the filter rule(s) applied to every user. Vigor2960 Series User’s Guide... - Page 163 Authentication Type Under User_Based mode, please specify the authentication type. White IP List Under User_Based mode, use the drop down list to choose IP object and/or IP group profiles. Apply Click it to save the configuration. Vigor2960 Series User’s Guide...
- Page 164 Specify the interval of refresh time to obtain the latest status. The information will update immediately when the Refresh button is clicked. User Name Display the name information for the user who logs into the WUI of Vigor2960. Vigor2960 Series User’s Guide...
- Page 165 Display the ending time of the network connection. Rest Time Display the rest time for the wireless station to browse the Internet. Delete – It is available for the administrator to turn off a specific user’s connection immediately. Vigor2960 Series User’s Guide...
-
Page 166: User Profile
This function allows to configure all accounts (user profiles) in Vigor2960, including PPTP/L2TP, System user, and so on. Each item will be explained as follows: Item Description Add a new profile. Edit Modify the selected profile. To edit a profile, simply select the one you want to modify and click the Edit button. - Page 167 Display the IP address for such user profile which accesses Internet with PPTP/L2TP connection. Use mOTP Display if mOTP is activated (enable or disable) or not. Open User Management>>User Profile. Simply click the Add button. The following dialog will appear. Vigor2960 Series User’s Guide...
- Page 168 When the user passes the authentication, he/she can access Internet via this router. However the accessing operation will be restricted with the conditions configured in this user profile. Enable This Profile Check this box to enable such profile. Vigor2960 Series User’s Guide...
- Page 169 Operator – the user that accessing into the web configurator of Vigor2960 can see most of the settings. Admin – the user that accessing into the web configurator of Vigor2960 can see all of the settings. Such level owns the highest authority. PPTP/L2TP...
- Page 170 SSL Application profiles (RDP) for applying into this profile. Apply Click it to save the configuration. Cancel Click it to exit the dialog without saving the configuration. Enter all the settings and click Apply. A new User Profile has been created. Vigor2960 Series User’s Guide...
-
Page 171: Usergroup
Display the total number (200) of the object profiles to be created. Usergroup Display the name of the user group. Enable This Profile Display the status of the profile. False means disabled; True means enabled. Member Display the user profiles under such group. Vigor2960 Series User’s Guide... - Page 172 Use the drop down list to check the user profile(s) under such group. Apply Click it to save the configuration. Cancel Click it to exit the dialog without saving the configuration. Enter all the settings and click Apply. A new User Profile has been created. Vigor2960 Series User’s Guide...
-
Page 173: Radius
Both sides must be configured to use the same shared secret. Refresh Renew current web page. Apply Click it to save the configuration. Cancel Click it to discard the settings configured in this page. Vigor2960 Series User’s Guide... -
Page 174: Ldap/Active Directory
It means “Base Distinguished Name”. Type or edit the distinguished name used to look up entries on the LDAP server. Click it to save the configuration. Apply Cancel Click it to discard the settings configured in this page. Vigor2960 Series User’s Guide... -
Page 175: Application
Basically, Vigor routers are compatible with the DDNS services supplied by most popular DDNS service providers such as www.dyndns.org, www.no-ip.com, www.dtdns.com, www.changeip.com, www.dynamic- nameserver.com. You should visit their websites to register your own domain name for the router. Vigor2960 Series User’s Guide... - Page 176 The information will update immediately when the Refresh button is clicked. Profile Display the name of the DDNS. Display the connection status of the DDNS server. Status Domain Name Display the domain name for the DDNS server. Vigor2960 Series User’s Guide...
- Page 177 Display the routing policy used for such DDNS profile. Service Provider Display the name of service provider used by such profile. Service Type Display the type for such profile. Domain Name Display the domain name of such profile. Vigor2960 Series User’s Guide...
- Page 178 Selected_wan_first – Choose it to make such profile being applied by the selected WAN interface only first. Selected_wan_only – Choose it to make such profile being applied by the selected WAN interface only. Service Provider Select the service provider for the DDNS account. Vigor2960 Series User’s Guide...
- Page 179 Type the IP/Domain name of the mail server. Apply Click it to save the configuration. Click it to exit the dialog without saving the configuration. Cancel Enter all the settings and click Apply. The DDNS Profile has been modified. Vigor2960 Series User’s Guide...
-
Page 180: Gvrp
Join Time Define the time for the system to send GVRP packet to other device. The unit is second. Click it to save the configuration. Apply Cancel Click it to discard the settings configured in this page. Vigor2960 Series User’s Guide... -
Page 181: Igmp Proxy
Further, the user does not have to manually set up port mappings or a DMZ. UPnP is available on Windows XP and the router provide the associated support for MSN Messenger to allow full use of the voice, video and messaging features. Vigor2960 Series User’s Guide... - Page 182 The NAT Traversal of UPnP enables the multimedia features of your applications to operate. This has to manually set up port mappings or use other similar methods. The screenshots below show examples of this facility. Vigor2960 Series User’s Guide...
- Page 183 Some Microsoft operating systems have found out the UPnP weaknesses and hence you need to ensure that you have applied the latest service packs and patches. Non-privileged users can control some router functions, including removing and adding port mappings. Vigor2960 Series User’s Guide...
-
Page 184: Wake On Lan
Type any one of the MAC address of the binded PCs. Wake Up Click this button to wake up the selected IP. See the following figure. The result will be shown on the box. Delete Click this button to remove the result. Vigor2960 Series User’s Guide... -
Page 185: Vpn And Remote Access
Below shows the menu items for VPN and Remote Access. Such wizard is used to configure VPN settings for VPN client. Such wizard will guide to set the LAN-to-LAN profile for VPN dial out connection (from server to client) step by step. Vigor2960 Series User’s Guide... - Page 186 Create New VPN Profile – It allows you to create a new VPN LAN to LAN profile. Simply type the name in the field of Profile Name. The field of Profile Name is available only when you click this setting. Vigor2960 Series User’s Guide...
- Page 187 Specify the type. Click Create New VPN Profile and type the name of the profile. Then, click Next. If you choose PPTP as the Type, you will get the following screen: Available parameters are listed as follows: Item Description Profile Display the name of the VPN profile. Vigor2960 Series User’s Guide...
- Page 188 Auth Type. Security Protocol Choose ESP to specify the IPSec protocol for the Encapsulating Security Payload protocol. The data will be encrypted and authenticated. Choose AH to specify the IPSec protocol for the Authentication Header protocol. The Vigor2960 Series User’s Guide...
- Page 189 The virtual IP address of the router, specified for this tunnel. The virtual IP address of the remote client, specified for this Remote GRE IP tunnel. Fill in the required information on this page and click Finish. Later, a new profile has been created. Vigor2960 Series User’s Guide...
-
Page 190: Vpn Server Wizard
Such wizard is used to configure VPN settings for VPN server. Such wizard will guide to set the LAN-to-LAN profile for VPN dial in connection (from client to server) step by step. Open VPN and Remote Access >> VPN Server Wizard. The following dialog will appear. Vigor2960 Series User’s Guide... - Page 191 Display the name of such profile. Enable This Profile Check this box to enable such profile. Auth Type The authentication to be used by Pre-Shared Key or RSA Signature. Choose PSK or RSA for such profile. Vigor2960 Series User’s Guide...
- Page 192 Save the configuration and return to the home page of such function. Cancel Cancel the configuration and return to the home page of such function. However, if you choose PPTP as the Type, then you will get the following screen: Vigor2960 Series User’s Guide...
- Page 193 Specify one of the encryptions for such server. User Authentication Set user authentication to Local server or RADIUS server. Type LAN Profile Choose a LAN profile for PPTP Server if Local is selected as user authentication type. Vigor2960 Series User’s Guide...
- Page 194 Profile previously. Otherwise, there are no selections displayed here. Local IP / Subnet Type the IP address and subnet mask of local host. Mask Remote IP / Subnet Type the LAN IP address and LAN subnet mask for the Mask remote host. Vigor2960 Series User’s Guide...
- Page 195 Fill in the required information on this page and click Finish. Later, the new added VPN server profile will be displayed on the screen. Vigor2960 Series User’s Guide...
-
Page 196: Remote Access Control
Check the box(es) to enable the service. Service / L2TP VPN Service/DHCP over IPSec Service/L2TP over IPSec Service Apply Click it to save the configuration. Cancel Click it to discard the settings configured in this page. Vigor2960 Series User’s Guide... -
Page 197: Ppp General Setup
CHAP protocol. MPPE Encryption Specify one of the encryptions for such server. It is available only when MS-CHAP or MS-CHAP_v2 is selected. User Authentication Set user authentication to Local server or RADIUS server. Type Vigor2960 Series User’s Guide... - Page 198 PAP - It means the router will attempt to authenticate dial-in users with the PAP protocol. CHAP - It means the router will attempt to authenticate dial-in users with the CHAP protocol. User Authentication Set user authentication to Local server or RADIUS server. Type Vigor2960 Series User’s Guide...
-
Page 199: Ipsec General Setup
Type the port number for IPSec MSS. GRE over IPSec MSS Type the port number for GRE over IPSec MSS. Apply Click it to save the configuration. Cancel Click it to discard the settings configured in this page. Vigor2960 Series User’s Guide... -
Page 200: Vpn Profiles
PPTP Dial-in Display the LAN to LAN profile with PPTP Dial-in policy. Profile Display the name of LAN to LAN profile. Enable This Profile Display the status of the profile. False means disabled; True means enabled. Vigor2960 Series User’s Guide... - Page 201 (ESP), and through the use of cryptographic key management procedures and protocols. Open VPN and Remote Access >> VPN Profiles. Simply click the Add button. The following dialog will appear. Click the Basic tab to configure the settings. Vigor2960 Series User’s Guide...
- Page 202 LAN subnet mask for the remote host. More Remote Subnet – Add more remote subnet in this field if required. Click it to save the configuration. Apply Cancel Click it to exit the page without saving the configuration. Vigor2960 Series User’s Guide...
- Page 203 Enable – Click it to enable Aggressive Mode. Disable – Click it to disable Aggressive Mode. Local Peer ID Type the ID for Vigor2960 which can be configured by the remote end. It is available for Aggressive Mode enabled only.
- Page 204 If you click Disable, you have to type GRE In Key and GRE Out Key respectively. GRE In Key Type the hexadecimal number as GRE In Key. This value is used for the router to authenticate the source of the packet. The length is 4 bytes Vigor2960 Series User’s Guide...
- Page 205 (Dial-Out) Accepted Proposal For the dial-in VPN user, please specify the limitation of the (Dial-In) proposal. acceptall - When the VPN tunnel is established, all the proposals supported by this device will be accepted and Vigor2960 Series User’s Guide...
- Page 206 Enter all the settings and click Apply. A new IPSec LAN-to-LAN profile has been created. Below will guide you to create a PPTP dial-out profile for VPN connection: Open VPN and Remote Access >> VPN Profiles. Simply click the Add button. Vigor2960 Series User’s Guide...
- Page 207 Remote IP / Subnet Mask - Type the LAN IP address and LAN subnet mask for the remote host. Click it to save the configuration. Apply Cancel Click it to exit the page without saving the configuration. Enter all the settings and click Apply. Vigor2960 Series User’s Guide...
- Page 208 A new PPTP Dial-Out VPN profile has been created. Below will guide you to create a PPTP dial-in profile for VPN connection: Open VPN and Remote Access >> VPN Profiles. Simply click the Add button. The following dialog will appear. Vigor2960 Series User’s Guide...
- Page 209 Click it to create a new user profile or to modify an existing profile. For User Profile See the explanation later. PPTP User Name Choose a PPTP user profile for authentication in PPTP connection. Such profile shall be created in User Management>>User Vigor2960 Series User’s Guide...
- Page 210 Apply Click it to save the configuration. Cancel Click it to exit the page without saving the configuration. Enter all the settings and click Apply. A new PPTP Dial-In LAN-to-LAN profile has been created. Vigor2960 Series User’s Guide...
- Page 211 Management>>User Profile, or click Set PPTP Dial-In For User Profile in this page to configure a new one for choosing for authentication in PPTP connection. Below shows the window of Set PPTP Dial-In For User Profile. For the configuration and detailed information, simply refer to 4.6.2 User Profile. Vigor2960 Series User’s Guide...
-
Page 212: Vpn Trunk Management
VPN Tunnels disconnected. Users do not need to reconnect with setting TCP/UDP Service Port again. The VPN Load Balance function can keep the transmission for internal data on tunnel stably. Vigor2960 Series User’s Guide... - Page 213 Protocol Display the protocol configured by such profile. Source IP Address Display the source IP address specified for this profile. Source Mask Display the subnet mask address specified for the source IP of this entry. Vigor2960 Series User’s Guide...
- Page 214 Load Balance Pool Display the load balance pool selected for such rule. Open VPN and Remote Access >>VPN TRUNK Management and click the Load Balance Rule tab. Simply click the Add button. The following dialog will appear. Vigor2960 Series User’s Guide...
- Page 215 Then, such rule will be applied by the pool. Apply Click it to save the configuration. Cancel Click it to exit the page without saving the configuration. Enter all the settings and click Apply. A new profile has been created. Vigor2960 Series User’s Guide...
- Page 216 Display the name of the profile. Interface Display the name of the Load Balance profile grouped under such pool profile. Open VPN and Remote Access >>VPN TRUNK Management and click the Load Balance Pool tab. Simply click the Add button. Vigor2960 Series User’s Guide...
- Page 217 If there is no selection for Interface option, please go to VPN and Remote Access>>LAN to LAN to create a new IPSec LAN to LAN profile with enabled GRE setting. Then, return to this page to specify the Interface option. Vigor2960 Series User’s Guide...
-
Page 218: Connection Management
Enter all the settings and click Apply. A new profile has been created. Refer to Chapter 3, How to Configure VPN Load Balance between Vigor2960 and Other Router for getting more detailed information about Load Balance application. You can find the summary table of all VPN connections. You may disconnect any VPN connection by clicking Disconnect button. -
Page 219: Certificate Management
Local certificate is created by the end user and must be signed by a trusted CA center. Vigor2960 can serve as a trusted CA and is called with “Root CA”. Therefore, any user can ask for certificate signed by Vigor2960. -
Page 220: Local Certificate
This page allows users to generate certificate based on different work requests. Local certificate can be signed by itself or signed by a root CA (e.g., root CA on Vigor2960). Each item will be explained as follows: Item Description Upload Allow you to upload current configuration to the host as a CA certificate. - Page 221 Available parameters are listed as follows: Item Description Certificate Name Type the name of the local certificate. ID Type The ID type for such certificate. There are four types: Domain Name: Certificated by domain name. IP: Certificated by IP address. Vigor2960 Series User’s Guide...
- Page 222 Click it to create a new local certificate based on the Apply configuration here. Cancel Click it to exit the web page without saving the configuration. Enter all the settings and click Apply. A new generated Local Certificate has been created. Vigor2960 Series User’s Guide...
- Page 223 Open Certificate Management>> Local Certificate. Click the Browse.. button to import a CA file stored on the computer as the certification information. Click Open for the selected CA file. Click Upload. The system will start to upload the selected file. Vigor2960 Series User’s Guide...
-
Page 224: Trusted Ca Certificate
This page allows you to build a RootCA certificate for Vigor2960. RootCA can be deleted but not edited. If you want to modify the settings for a RootCA, please delete the one and create another one by clicking Build RootCA. -
Page 225: Ssl Vpn
Modify the selected profile. To edit a profile, simply select the one you want to modify and click the Edit button. The edit window will appear for you to modify the corresponding settings for the selected profile. Vigor2960 Series User’s Guide... - Page 226 If you type function variation as URL, you have to type corresponding IP address in this filed. Such field must match with URL setting. Apply Click it to save the configuration. Cancel Click it to exit the page without saving the configuration. Vigor2960 Series User’s Guide...
-
Page 227: Ssl Application
A new SSL Web Proxy profile has been created. It provides a secure and flexible solution for network resources, including VNC (Virtual Network Computer) /RDP (Remote Desktop Protocol) /SAMBA, to any remote user with access to Internet and a web browser. Vigor2960 Series User’s Guide... - Page 228 Display the name of the profile that you create. IP Address Display the IP address for this protocol. Port Display the port used for this protocol. Scaling Display the percentage for such application. Open SSL VPN>> SSL Application and click the VNC tab. Vigor2960 Series User’s Guide...
- Page 229 5900. Scaling Chose the percentage (100%, 80%, 60%) for such application. Apply Click it to save the configuration. Cancel Click it to exit the page without saving the configuration. Enter all the settings and click Apply. Vigor2960 Series User’s Guide...
- Page 230 Edit button. The edit window will appear for you to modify the corresponding settings for the selected profile. Delete Remove the selected profile. To delete a profile, simply select the one you want to delete and click the Delete button. Vigor2960 Series User’s Guide...
- Page 231 Specify the port used for this protocol. Chose the screen size for such application. Screen Size Apply Click it to save the configuration. Cancel Click it to exit the page without saving the configuration. Enter all the settings and click Apply. Vigor2960 Series User’s Guide...
-
Page 232: Online User Status
A new SSL Application profile has been created. If you have finished the configuration of SSL Web Proxy (server), users can find out corresponding settings when they access into Draytek SSL VPN portal interface. Each item will be explained as follows:... -
Page 233: Bandwidth Management
The QoS function handles incoming and outgoing classes independently. Users can configure incoming or outgoing separately without any impact on the other. Incoming Class Setup allows you to configure bandwidth percentage for data and voice signals transmission. Click the Bandwidth Management option and choose Incoming Class. Vigor2960 Series User’s Guide... - Page 234 Click Enable to enable such function. Rate Type the number as the total transmission rate for the incoming data. Apply Click it to save the configuration. Click it to discard the settings configured in this page. Cancel Vigor2960 Series User’s Guide...
- Page 235 Refresh Renew current web page. Display the name of the QoS Policer. QoS Policer Mode Display the status of QoS Policer. Rate Display the rate of QoS Policer. Vigor2960 Series User’s Guide...
- Page 236 Type the number of rate for such profile. Apply Click it to save the configuration and exit the page. Cancel Click it to exit the dialog without saving the configuration. Enter all the settings and click Apply. Vigor2960 Series User’s Guide...
-
Page 237: Incoming Filter
Display the name of the filter rule. Policer Display the name of filter Policer. Drop Display the status for the packet to be discarded or not. Reserved Display the status for the packet to be kept in the buffer or not. Vigor2960 Series User’s Guide... - Page 238 Open Bandwidth Management>> Incoming Filter. Choose one of the filter rules and click the Edit button. The following dialog will appear. Vigor2960 Series User’s Guide...
- Page 239 Type the starting port number (0 - 65535) in the range of the Start destination port. Destination Port Type the ending port number (0 - 65535) in the range of the destination port. Click it to save the configuration and exit the page. Apply Vigor2960 Series User’s Guide...
-
Page 240: Outgoing Class
Enter all the settings and click Apply. The incoming filter rule for QoS Policer has been modified. Outgoing Class Setup allows you to configure bandwidth percentage for data and voice signals transmission. Click the Bandwidth Management option and choose Incoming Class. Vigor2960 Series User’s Guide... - Page 241 Type the rate for outgoing data. The range can be set from 64000 to 10000000. Apply Click it to save the configuration and exit the page. Cancel Click it to discard the settings configured in this page. Vigor2960 Series User’s Guide...
- Page 242 Display the name of the outgoing class rate profile. Status Display the status (enable or disable) of such profile. Rate Display the limitation (from 64000 to 10000000) for the rate of queue. Description Display the description for such profile. Vigor2960 Series User’s Guide...
- Page 243 Such information is offered by the system automatically. It is not necessary to change it. Apply Click it to save the configuration and exit the page. Cancel Click it to exit the page without saving the configuration. Enter all the settings and click Apply. Vigor2960 Series User’s Guide...
- Page 244 To edit a profile, simply select the one you want to modify and click the Edit button. The edit window will appear for you to modify the corresponding settings for the selected policy. Refresh Renew current web page. QoS Queue Display the name of the QoS queue. Vigor2960 Series User’s Guide...
- Page 245 Click it to save the configuration and exit the page. Cancel Click it to exit the page without saving the configuration. Enter all the settings and click Apply. The outgoing queue 1-5 weight for QoS Policer has been modified. Vigor2960 Series User’s Guide...
-
Page 246: Outgoing Filter
Renew current web page. Rename Allow to modify the selected profile name. Profile Display the name of the profile for the filter. Display the status of the profile. False means disabled; True Enable This Profile means enabled. Vigor2960 Series User’s Guide... - Page 247 Check this box to enable such profile. Source IP Type the source IP address with subnet mask value to be applied for this filter. Destination IP Type the destination IP address with subnet mask value to be applied for this filter. Vigor2960 Series User’s Guide...
- Page 248 Click it to save the configuration and exit the page. Cancel Click it to exit the page without saving the configuration. Enter all the settings and click Apply. The outgoing filter for QoS Policer has been created. Vigor2960 Series User’s Guide...
-
Page 249: Sessions Limit
Source IP Display the IP address with subnet mask of the profile. Max Sessions Display the maximum sessions used by the profile. Connection Limit Display the message to inform the user when the permitted Vigor2960 Series User’s Guide... - Page 250 This field cannot be typed with “0”, otherwise the profile cannot be saved. Apply Click it to save the configuration and exit the dialog. Vigor2960 Series User’s Guide...
-
Page 251: Bandwidth Limit
Edit button. The edit window will appear for you to modify the corresponding settings for the selected profile. Delete Remove the selected profile. To delete a profile, simply select the one you want to delete Vigor2960 Series User’s Guide... - Page 252 Type a number as receiving rate or keep the default setting. RX Limit Apply Click it to save the configuration. Cancel Click it to discard the settings configured in this page. Open Bandwidth Management>>Bandwidth Limit. Simply click the Add button. The following dialog will appear. Vigor2960 Series User’s Guide...
- Page 253 Apply Click it to save the configuration and exit the dialog. Cancel Click it to exit the dialog without saving the configuration. Enter all the settings and click Apply. A bandwidth limit profile has been created. Vigor2960 Series User’s Guide...
-
Page 254: System Maintenance
Each item will be explained as follows: Item Description Enable This Profile Check this box to enable such profile. ACS Server Such data must be typed according to the ACS (Auto URL/Username Configuration Server) you want to link. Please refer to Auto Vigor2960 Series User’s Guide... -
Page 255: Administrator Password
Configuration Server user’s manual for detailed information. WAN Profile Choose one of the WAN profiles which will be recognized by VigorACS. Port Type the port number for Vigor2960 which will be recognized by VigorACS. CPE URL Display the URL of such CPE. Periodic Status The default setting is Enable. -
Page 256: Configuration Backup
Config File Name The default configuration file name (file format shall be .tgz) will be shown here. You can change the name if required. Backup Execute the file downloading job to the computer. Vigor2960 Series User’s Guide... - Page 257 Use the Browse.. button to locate the file for uploading to the router. Restore Click it to upload the selected file to the router. After finishing the restoration, the system will ask you to reboot the router. Vigor2960 Series User’s Guide...
-
Page 258: Syslog / Mail Alert
SysLog function is provided for users to monitor router. There is no bother to directly get into the Web Configurator of the router or borrow debug equipments. To configure settings for Syslog, open System Maintenance>>Syslog/Mail Alert and click the Syslog Access Setup tab. Available parameters are listed as follows: Vigor2960 Series User’s Guide... - Page 259 Others Log Click Enable to make other logs recorded in the Syslog. Apply Click this button to save the configuration and exit the web page. Click it to discard the settings configured in this page. Cancel Vigor2960 Series User’s Guide...
- Page 260 This page displays all the operation logs for the router. Available parameters are listed as follows: Item Description Vigor2960 Series User’s Guide...
- Page 261 Type the user name for authentication. User Password Type the password for authentication. Apply Click this button to save the configuration and exit the web page. Cancel Click it to discard the settings configured in this page. Vigor2960 Series User’s Guide...
-
Page 262: Time And Date
Click Enable to enable the daylight saving. Such feature is available for certain area. Apply Click this button to save the configuration and exit the web page. Cancel Click it to discard the settings configured in this page. Vigor2960 Series User’s Guide... -
Page 263: Access Control
IP address and management the web page of the router. If you enable such function, the system can be managed by these three IP addresses via WAN. Allowed IP1 - Allowed Type the first IP address for the system administrator to login. Vigor2960 Series User’s Guide... -
Page 264: Snmp Setup
Manager Host IP Type the IP address for the manager host. Apply Click this button to save the configuration and exit the web page. Cancel Click it to discard the settings configured in this page. Vigor2960 Series User’s Guide... -
Page 265: Reboot System
Reboot with Customized Click it to reboot the router using the current configuration Configurations (only the configuration settings listed and selected below). If you choose this option, Select Config File will be available for you to select. Vigor2960 Series User’s Guide... -
Page 266: Firmware Upgrade
The following web page will guide you to upgrade firmware by using such page. Download the newest firmware from DrayTek's web site or FTP site. The DrayTek web site is www.DrayTek.com (or local DrayTek's web site) and FTP site is ftp.DrayTek.com. -
Page 267: Diagnostics
In some cases, a user may need to know some information about the router, such as static or dynamic databases, or other routing information. The Vigor2960 supports five functions, Routing Table, ARP Cache Table, DHCP Assignment Table, NAT Sessions Table and Traffic Graph for the user to review such information. - Page 268 Metric Display the distance to the target (usually counted in hops). It may be needed by routing daemons. Iface Display the direction of such route represented with LAN/WAN profile (starting from LAN/WAN profile to LAN/WAN profile). Vigor2960 Series User’s Guide...
- Page 269 ! (reject route) Metric Display the distance to the target (usually counted in hops). It may be needed by routing daemons. Iface Display the direction of such route represented with LAN/WAN profile (starting from LAN/WAN profile to Vigor2960 Series User’s Guide...
-
Page 270: Arp Cache Table
Click Diagnostics and click ARP Cache Table to view the content of the ARP (Address Resolution Protocol) cache held in the router. The table shows a mapping between an Ethernet hardware address (MAC Address) and an IP address. Vigor2960 Series User’s Guide... - Page 271 Delete the selected profile. Each item will be explained as follows: Item Description Refresh Renew the web page. Display the IPv6 address of the neighbor. IP Address Profile Display the interface to which this neighbor is attached. Vigor2960 Series User’s Guide...
- Page 272 PROBE - The neighbor is no longer to be reachable, and unicast Neighbor Solicitation probes are being sent to verify reachability. Vigor2960 Series User’s Guide...
-
Page 273: Dhcp Table
Display the starting time that DHCP server is activated. End Date Display the end date that DHCP server is closed. End Time Display the end time that DHCP server is closed. Mac Address Display the MAC address of the static DHCP server. Vigor2960 Series User’s Guide... -
Page 274: Nat Session Table
Display the destination IP address and port of remote host. Display the WAN interface used. Protocol Display the protocol of such NAT session used. State Display the actual state of the TCP connection. Display how long the conntrack entry has to live. Vigor2960 Series User’s Guide... -
Page 275: Traffic Graph
Recent 4 Weeks – Display the information of CPU operation about recent 4 weeks. Memory Click the Memory tab. There are three selections provided for you to specify. Recent 24 Hours – Display the information of memory Vigor2960 Series User’s Guide... - Page 276 24 hours. Recent 7 Days – Display the information of WAN operation about recent 7 days. Recent 4 Weeks – Display the information of WAN operation about recent 4 weeks. Below show a graphic for CPU: Vigor2960 Series User’s Guide...
-
Page 277: Web Console
Click Diagnostics and click Web Console to pen the web page for typing commands used in console connection. A remote user can operate Vigor2960 from this web page without installing and opening other connection utility. This page allows you to trace the routes from router to the host. Simply type the IP address of the host in the box and click Run. -
Page 278: Data Flow Monitor
Recent 5 Minutes/ Display the records with 5 minutes/24 hours recently. Recent 24 Hours Auto Refresh Specify the interval of refresh time to obtain the latest status. The information will update immediately when the Refresh button is clicked. Vigor2960 Series User’s Guide... -
Page 279: External Devices
Display the IP address of the external product. Connection Time Display the connection time that the external product connecting to Vigor2960. Clear Click the icon to remove the record of the device when it is offline. Vigor2960 Series User’s Guide... -
Page 280: Product Registration
After checking the box of Enable External Devices, click Refresh. Later, the basic information of available devices will be displayed in this pag. Please refer to section 2.3 Register Vigor Router for more detailed information. Vigor2960 Series User’s Guide... -
Page 281: Chapter 5: Trouble Shooting
Turn on the router. Make sure the ACT LED blink once per second and the correspondent LAN LED is bright. If not, it means that there is something wrong with the hardware status. Simply back to “1.3 Hardware Installation” to execute the hardware installation again. And then, try again. Vigor2960 Series User’s Guide... - Page 282 Go to Control Panel and then double-click on Network Connections. Right-click on Local Area Connection and click on Properties. Select Internet Protocol (TCP/IP) and then click Properties. Vigor2960 Series User’s Guide...
- Page 283 Select Obtain an IP address automatically and Obtain DNS server address automatically. Double click on the current used Mac OS on the desktop. Open the Application folder and get into Network. On the Network screen, select Using DHCP from the drop down list of Configure IPv4. Vigor2960 Series User’s Guide...
-
Page 284: Pinging The Router From Your Computer
Open the Application folder and get into Utilities. Double click Terminal. The Terminal window will appear. Type ping 192.168.1.1 and press [Enter]. If the link is OK, the line of “64 bytes from 192.168.1.1: icmp_seq=0 ttl=255 time=xxxx ms” will appear. Vigor2960 Series User’s Guide... -
Page 285: Checking If The Isp Settings Are Ok Or Not
Open Online Status to check current network status. Be careful to check if the settings coming from your ISP have been typed correctly or not. Vigor2960 Series User’s Guide... -
Page 286: Backing To Factory Default Setting If Necessary
Go to System Maintenance>> Reboot System on the web page. The following screen will appear. Choose the selection you need and click Reboot After few seconds, the router will return all the settings to the factory settings. Vigor2960 Series User’s Guide... -
Page 287: Contacting Your Dealer
If the router settings are correct at all, and the router still does not connect to internet, please contact your ISP technical support representative to help you for configuration. Also, if the router still cannot work correctly, please contact your dealer for help. For any further questions, please send e-mail to support@draytek.com. Vigor2960 Series User’s Guide...