Page 1 Vigor2950 Security VPN Router User’s Guide Version: 3.1 Date: 2008/02/15 Copyright 2008 All rights reserved. This publication contains information that is protected by copyright. No part may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language without written permission from the copyright holders.
Page 2: Copyright Information
Web registration is preferred. You can register your Vigor router via Owner http://www.draytek.com. Firmware & Tools Due to the continuous evolution of DrayTek technology, all routers will be Updates regularly upgraded. Please consult the DrayTek web site for more information on newest firmware, tools and documents.
Page 3: European Community Declarations
Product: Vigor2950 Series Router DrayTek Corp. declares that Vigor2950 Series of routers are in compliance with the following essential requirements and other relevant provisions of R&TTE Directive 1999/5/EEC. The product conforms to the requirements of Electro-Magnetic Compatibility (EMC) Directive 89/336/EEC by complying with the requirements set forth in EN55022/Class A and EN55024/Class A.
Page 4: Table Of Contents
Preface .......................1 1.1 Web Configuration Buttons Explanation ................. 1 1.2 LED Indicators and Connectors ....................1 1.2.1 For Vigor2950 ........................2 1.2.2 For Vigor2950G ........................ 3 1.2.3 For Vigor2950i ........................4 1.2.4 For Vigor2950Gi ....................... 5 1.3 Hardware Installation ......................6 Configuring Basic Settings ................7...
Page 5 3.11.6 AP Discovery ......................139 3.11.7 Station List ........................140 3.11.8 Station Rate Control ....................141 3.12 VLAN ..........................141 3.12.1 Wired VLAN ........................ 141 3.12.2 Wireless VLAN......................142 3.12.3 VLAN Cross Setup...................... 146 3.12.4 Wireless Rate Control....................147 Vigor2950 Series User’s Guide...
Page 6 5.2 Checking If the Network Connection Settings on Your Computer Is OK or Not ....201 5.3 Pinging the Router from Your Computer ................204 5.4 Checking If the ISP Settings are OK or Not ................ 206 5.5 Backing to Factory Default Setting If Necessary ..............208 Vigor2950 Series User’s Guide...
Page 7 5.6 Contacting Your Dealer ....................... 209 Vigor2950 Series User’s Guide...
Page 9: Preface
The Vigor2950 series router provides Dual-WAN interface (which is a configuration second WAN) for Internet access to make the Internet connection more reliable. The wireless LAN supports more secure features and the transmission speed is up to 108Mbps (SuperG Object-oriented firewall is flexible and allows your network be safe. In addition, through VoIP function, the communication fee for you and remote people can be reduced.
Page 10: For Vigor2950
WAN(1/2) Connecter for remote networked devices. LAN/Monitor Connecter for local networked devices. LAN (1-4) Connecter for local networked devices. Connecter for a power cord with 100-240VAC (inlet). Power Switch. “1” is ON; “0” is OFF. Vigor2950 Series User’s Guide...
Page 11: For Vigor2950G
WAN(1/2) Connecter for remote networked devices. LAN/Monitor Connecter for local networked devices. LAN (1-4) Connecter for local networked devices. Connecter for a power cord with 100-240VAC (inlet). Power Switch. “1” is ON; “0” is OFF. Vigor2950 Series User’s Guide...
Page 12: For Vigor2950I
WAN(1/2) Connecter for remote networked devices. LAN/Monitor Connecter for local networked devices. LAN (1- 4) Connecter for local networked devices. Connecter for a power cord with 100-240VAC (inlet). Power Switch. “1” is ON; “0” is OFF. Vigor2950 Series User’s Guide...
Page 13: For Vigor2950Gi
WAN(1/2) Connecter for remote networked devices. LAN/Monitor Connecter for local networked devices. LAN (1- 4) Connecter for local networked devices. Connecter for a power cord with 100-240VAC (inlet). Power Switch. “1” is ON; “0” is OFF. Vigor2950 Series User’s Guide...
Page 14: Hardware Installation
WAN port of router with Ethernet cable (RJ-45). The WAN1/WAN2 LED (Left or Right) will light up according to the network card feature (100 or 10) of the device that it connected. (For the detailed information of LED status, please refer to section 1.1.) Vigor2950 Series User’s Guide...
Page 15: Configuring Basic Settings
Please type default values (both username and password are Null) on the window for the first time accessing and click OK for next screen. Now, the Main Screen will pop up. Vigor2950 Series User’s Guide...
Page 16 New Password and retype it on the field of Retype New Password. Then click OK to continue. Now, the password has been changed. Next time, use the new password to access the Web Configurator for this router. Vigor2950 Series User’s Guide...
Page 17: Quick Start Wizard
On the next page as shown below, please select the appropriate Internet access type according to the information from your ISP. For example, you should select PPPoE mode if the ISP provides you PPPoE interface. Then click Next for next step. Vigor2950 Series User’s Guide...
Page 18: Pppoe
If your ISP provides you the PPPoE connection, please select PPPoE for this router. The following page will be shown: User Name Assign a specific valid user name provided by the ISP. Vigor2950 Series User’s Guide...
Page 19 Retype the password to confirm it. Click Next for viewing summary of such connection. Click Finish. A page of Quick Start Wizard Setup OK!!! will appear. Then, the system status of this protocol will be shown. Vigor2950 Series User’s Guide...
Page 20: Pptp
Click PPTP as the protocol. Type in all the information that your ISP provides for this protocol. Click Next for viewing summary of such connection. Click Finish. A page of Quick Start Wizard Setup OK!!! will appear. Then, the system status of this protocol will be shown. Vigor2950 Series User’s Guide...
Page 21: L2Tp
Click L2TP as the protocol. Type in all the information that your ISP provides for this protocol. After finishing the settings in this page, click Next to see the following page. Vigor2950 Series User’s Guide...
Page 22: Static Ip
After finishing the settings in this page, click Next to see the following page. Click Finish. A page of Quick Start Wizard Setup OK!!! will appear. Then, the system status of this protocol will be shown. Vigor2950 Series User’s Guide...
Page 23: Dhcp
After finishing the settings in this page, click Next to see the following page. Click Finish. A page of Quick Start Wizard Setup OK!!! will appear. Then, the system status of this protocol will be shown. Vigor2950 Series User’s Guide...
Page 24: Online Status
If you select PPPoE/PPTP as the protocol, you will find out a link of Dial PPPoE/PPPoA or Drop PPPoE/PPPoA in the Online Status web page. Online status for PPPoE Online status for PPTP (for WAN2) Online status for Static IP (for WAN1) Vigor2950 Series User’s Guide...
Page 25 Displays the total number of received packets at the ISDN interface. RX Rate Displays the speed of received octets at the ISDN interface. Up Time Displays the total uptime of the interface. Displays the charge information of the interface. Vigor2950 Series User’s Guide...
Page 26: Saving Configuration
Each time you click OK on the web page for saving the configuration, you can find messages showing the system interaction with you. Ready indicates the system is ready for you to input settings. Settings Saved means your settings are saved once you click Finish or OK button. Vigor2950 Series User’s Guide...
Page 27: Advanced Web Configuration
Then a session will be created. Your user ID and password is authenticated via PAP or CHAP with RADIUS authentication system. And your IP address, DNS server, and other related information will usually be assigned by your ISP. Vigor2950 Series User’s Guide...
Page 28: General Setup
Type the description for the WAN1/WAN2 interface. Physical Mode For WAN1, the physical connection is done through ADSL port; yet the physical connection for WAN2 is done through an Ethernet port (P1). You cannot change it. Vigor2950 Series User’s Guide...
Page 29 15 seconds. WAN1 Download speed exceed XX kbps– It means the connection for WAN2 will be activated when WAN1 Download speed exceed certain value that you set in this box for 15 seconds. Vigor2950 Series User’s Guide...
Page 30: Internet Access
There are three access modes provided for PPPoE, Static or Dynamic IP and PPTP/L2TP. Details Page This button will open different web page according to the access mode that you choose in WAN1 or WAN2. Vigor2950 Series User’s Guide...
Page 31 WAN detection. Ping IP – If you choose Ping Detect as detection mode, you have to type IP address in this field for pinging. TTL (Time to Live) – Displays value for your reference. TTL Vigor2950 Series User’s Guide...
Page 32 Cable service provider will offer a fixed public IP, while a DSL service provider will offer a public subnet. If you have a public subnet, you could assign an IP address or many IP address to the WAN interface. Vigor2950 Series User’s Guide...
Page 33 Mode – Choose ARP Detect or Ping Detect for the system to execute for WAN detection. Ping IP – If you choose Ping Detect as detection mode, you have to type IP address in this field for pinging. Vigor2950 Series User’s Guide...
Page 34 MAC Address field. DNS Server IP Type in the primary IP address for the router if you want to use Address Static IP mode. If necessary, type in secondary IP address for necessity in the future. Vigor2950 Series User’s Guide...
Page 35 PPP Setup PPP Authentication - Select PAP only or PAP or CHAP for PPP. Idle Timeout - Set the timeout for breaking down the Internet after passing through the time without any action. This setting is active Vigor2950 Series User’s Guide...
Page 36 Obtain an IP address automatically – Click this button to obtain Settings the IP address automatically. Specify an IP address – Click this radio button to specify some data. IP Address – Type the IP address. Subnet Mask – Type the subnet mask. Vigor2950 Series User’s Guide...
Page 37: Load-Balance Policy
Displays the IP address for the start of the destination port. Dest Port End Displays the IP address for the end of the destination port. Click Index 1 to access into the following page for configuring load-balance policy. Vigor2950 Series User’s Guide...
Page 38 Type the destination port start for the destination IP. Dest Port End Type the destination port end for the destination IP. If this field is blank, it means that all the destination ports will be passed through the WAN interface. Vigor2950 Series User’s Guide...
Page 39: Lan
IP address. As a part of the public subnet, the Vigor router will serve for IP routing to help hosts in the public subnet to communicate with other public hosts or servers outside. Therefore, the router should be set as the gateway for public hosts. Vigor2950 Series User’s Guide...
Page 40 You can group local hosts by physical ports and create up to 4 virtual LANs. To manage the communication between different groups, please set up rules in Virtual LAN (VLAN) function and the rate of each. Vigor2950 Series User’s Guide...
Page 41: General Setup
Type in secondary IP address for connecting to a subnet. (Default: 192.168.2.1/ 24) Subnet Mask An address code that determines the size of the network. (Default: 255.255.255.0/ 24) DHCP Server You can configure the router to serve as a DHCP server for the 2nd subnet. Vigor2950 Series User’s Guide...
Page 42 DHCP server to assign IP addresses to. The default is 50 and the maximum is 253. Gateway IP Address - Enter a value of the gateway IP address for the DHCP server. The value is usually as same as the 1st IP address Vigor2950 Series User’s Guide...
Page 43: Static Route
There are two common scenarios of LAN settings that stated in Chapter 4. For the configuration examples, please refer to that chapter to get more information for your necessity. Go to LAN to open setting page and choose Static Route. Vigor2950 Series User’s Guide...
Page 44 Before setting Static Route, user A cannot talk to user B for Router A can only forward recognized packets to its default gateway Main Router. Go to LAN page and click General Setup, select 1st Subnet as the RIP Protocol Control. Then click the OK button. Vigor2950 Series User’s Guide...
Page 45 Return to Static Route Setup page. Click on another Index Number to add another static route as show below, which regulates all packets destined to 211.100.88.0 will be forwarded to 192.168.1.3. Go to Diagnostics and choose Routing Table to verify current routing table. Vigor2950 Series User’s Guide...
Page 46: Bind Ip To Mac
It is used to refresh the ARP table. When there is one new PC added to the LAN, you can click this link to obtain the newly ARP table information. IP Bind List It displays a list for the IP bind to MAC information. Vigor2950 Series User’s Guide...
Page 47: Nat
192.168.1.0/24 subnet for the router. As stated before, the NAT facility can map one or more IP addresses and/or service ports into different specified services. In other words, the NAT function can be achieved by using port mapping methods. Below shows the menu items for NAT. Vigor2950 Series User’s Guide...
Page 48: Port Redirection
To use this function, please go to NAT page and choose Port Redirection web page. The Port Redirection Table provides 10 port-mapping entries for the internal hosts. Mode Two options are provided here for you to choose. To set a range for the specific service, select Range. Vigor2950 Series User’s Guide...
Page 49 80 to avoid conflict, such as 8080. This can be set in the System Maintenance >>Management Setup. You then will access the admin screen of by suffixing the IP address with 8080, e.g., http://192.168.1.1:8080 instead of port 80. Vigor2950 Series User’s Guide...
Page 50: Dmz Host
We suggest you to add additional filter rules or a secondary firewall. Click DMZ Host to open the following page: If you previously have set up WAN Alias in Internet Access>>PPPoE/Static IP/PPTP, you will find them in Aux. WAN IP list for your selection. Vigor2950 Series User’s Guide...
Page 51 DMZ host. When you have selected one private IP from the above dialog, the IP address will be shown on the following screen. Click OK to save the setting. Vigor2950 Series User’s Guide...
Page 52: Open Ports
Inactive or Active state. To add or edit port settings, click one index number on the page. The index entry setup page will pop up. In each index entry, you can specify 10 port ranges for diverse services. Vigor2950 Series User’s Guide...
Page 53 Specify the transport layer protocol. It could be TCP, UDP, or ----- (none) for selection. Start Port Specify the starting port number of the service offered by the local host. End Port Specify the ending port number of the service offered by the local host. Vigor2950 Series User’s Guide...
Page 54: Firewall
The users on the LAN are provided with secured protection by the following firewall facilities: User-configurable IP filter (Call Filter/ Data Filter). Stateful Packet Inspection (SPI): tracks packets and denies unsolicited incoming data Selectable Denial of Service (DoS) /Distributed DoS (DDoS) attacks protection URL Content Filter Vigor2950 Series User’s Guide...
Page 55 The stateful firewall of Vigor router not just examine the header information also monitor the state of the connection. Vigor2950 Series User’s Guide...
Page 56 For example, an ActiveX control object is usually used for providing interactive web feature. If malicious code hides inside, it may occupy user’s system. Vigor2950 Series User’s Guide...
Page 57: General Setup
So here you assign the Start Filter Set only. Also you can configure the Log Flag settings, Apply IP filter to VPN incoming packets, and Accept incoming fragmented UDP packets. Click Firewall and click General Setup to open the general setup page. Vigor2950 Series User’s Guide...
Page 58: Filter Setup
Select Pass or Block for the packets that do not match with the filter rules. For troubleshooting needs you can specify the filter log and/or CSM log here by checking the box. The log will be displayed on Draytek Syslog window. Content Security Select a CSM profile for global IM/P2P application blocking.
Page 59 Data Filter only. For the Call Filter, this setting is not available since Call Filter is only applied to outgoing traffic. Source/Destination IP Click Edit to access into the following dialog to choose the source/destination IP or IP ranges. Vigor2950 Series User’s Guide...
Page 60 To set the service type manually, please choose User defined as the Service Type and type them in this dialog. In addition, if you want to use the service type from defined groups or objects, please Vigor2950 Series User’s Guide...
Page 61 For troubleshooting needs you can specify the filter log and/or CSM log here. Check the corresponding box to enable the log function. Then, the filter log and/or CSM log will be shown on Draytek Syslog window. Vigor2950 Series User’s Guide...
Page 62 Each filter set is composed by 7 filter rules, which can be further defined. After that, in General Setup you may specify one set for call filter and one set for data filter to execute first. Vigor2950 Series User’s Guide...
Page 63: Dos Defense
Port Scan attacks the Vigor router by sending lots of packets to detection many ports in an attempt to find ignorant services would respond. Check the box to activate the Port Scan detection. Whenever detecting this malicious exploration behavior by monitoring the Vigor2950 Series User’s Guide...
Page 64 ICMP packets with more fragment bit set are dropped. Block Land Check the box to enforce the Vigor router to defense the Land attacks. The Land attack combines the SYN attack technology with IP spoofing. A Land attack occurs when an attacker sends spoofed Vigor2950 Series User’s Guide...
Page 65 All the warning messages related to DoS defense will be sent to user and user can review it through Syslog daemon. Look for the keyword DoS in the message, followed by a name to indicate what kind of attacks is detected. Vigor2950 Series User’s Guide...
Page 66: Url Content Filter
URL string. Multiple keywords within a frame are separated by space, comma, or semicolon. In addition, the maximal length of each frame is 32-character long. After specifying keywords, the Vigor router will Vigor2950 Series User’s Guide...
Page 67 URL Access Control. To enable an entry, click on the empty checkbox, named as ACT, in front of the appropriate entry. Time Schedule Specify what time should perform the URL content filtering facility. Vigor2950 Series User’s Guide...
Page 68: Web Content Filter
Later, we can select that object/group that can apply it. For example, all the IPs in the same department can be defined with an IP object (a range of IP address). Vigor2950 Series User’s Guide...
Page 69: Ip Object
IP addresses specified with LAN interface will be opened for you to choose in Edit Filter Rule page. Address Type Determine the address type for the IP address. Select Single Address if this object contains one IP address Vigor2950 Series User’s Guide...
Page 70: Ip Group
Below is an example of IP objects settings. This page allows you to bind several IP objects into one IP group. Set to Factory Default Clear all profiles. Click the number under Index column for settings in detail. Vigor2950 Series User’s Guide...
Page 71 Available IP Objects All the available IP objects with the specified interface chosen above will be shown in this box. Selected IP Objects Click >> button to add the selected IP objects in this box. Vigor2950 Series User’s Guide...
Page 72: Service Type Object
The filter rule will filter out any port number. (=) – when the first and last value are the same, it indicates one port; when the first and last values are different, it indicates a range for the port and available for this profile. Vigor2950 Series User’s Guide...
Page 73: Service Type Group
Below is an example of service type objects settings. This page allows you to bind several service types into one group. Set to Factory Default Clear all profiles. Click the number under Index column for settings in detail. Vigor2950 Series User’s Guide...
Page 74: Csm Profile
Security Management (CSM) functionality. You can define policy profiles for different policy of IM (Instant Messenger)/P2P (Peer to Peer) application. CSM profile can be used in Filter Setup page. Set to Factory Default Clear all profiles. Vigor2950 Series User’s Guide...
Page 75: Bandwidth Management
To solve the problem, you can use limit session to limit the session procession for specified Hosts. In the Bandwidth Management menu, click Sessions Limit to open the web page. Vigor2950 Series User’s Guide...
Page 76 You can type in four sets of time schedule for your request. Setup All the schedules can be set previously in Application – Schedule web page and you can use the number that you have set in that web page. Vigor2950 Series User’s Guide...
Page 77: Bandwidth Limit
Add the specific speed limitation onto the list above. Edit Allows you to edit the settings for the selected limitation. Vigor2950 Series User’s Guide...
Page 78: Quality Of Service
The core routers in the backbone will do the same checking before executing treatments in order to ensure service-level consistency throughout the whole QoS-enabled network. Vigor2950 Series User’s Guide...
Page 79 There are four queues allowed for QoS control. The first three (Class 1 to Class 3) class rules can be adjusted for your necessity. Yet, the last one is reserved for the packets which are not suitable for the user-defined class rules. Vigor2950 Series User’s Guide...
Page 80 This is a protection of TCP application traffic since UDP application traffic such as streaming video will exhaust lots of bandwidth. Limited_bandwidth Ratio The ratio typed here is reserved for limited bandwidth of UDP application. Vigor2950 Series User’s Guide...
Page 81 Edit link of that one. After you click the Edit link, you will see the following page. Now you can define the name for that Class. In this case, “Test” is used as the name of Class Index #1. Vigor2950 Series User’s Guide...
Page 82 By the way, you can set up to 20 rules for one Class. If you want to edit an existed rule, please select the radio button of that one and click Edit to open the rule edit page for modification. Vigor2950 Series User’s Guide...
Page 83 To add a new service type, edit or delete an existed service type, please click the Edit link under Service Type field. After you click the Edit link, you will see the following page. For adding a new service type, click Add to open the following page. Vigor2950 Series User’s Guide...
Page 84 Range as the type. By the way, you can set up to 40 service types. If you want to edit/delete an existed service type, please select the radio button of that one and click Edit/Edit for modification. Vigor2950 Series User’s Guide...
Page 85: Applications
Enable Dynamic DNS Setup Check this box to enable DDNS function. Index Click the number below Index to access into the setting page of DDNS setup to set account(s). WAN Interface Display current WAN interface used for accessing Internet. Vigor2950 Series User’s Guide...
Page 86 You could get more detailed information from their websites. Disable the Function and Clear all Dynamic DNS Accounts In the DDNS setup menu, uncheck Enable Dynamic DNS Setup, and push Clear All button to disable the function and clear all accounts from the router. Vigor2950 Series User’s Guide...
Page 87: Schedule
You can set up to 15 schedules. Then you can apply them to your Internet Access or VPN and Remote Access >> LAN-to-LAN settings. To add a schedule, please click any index, say Index No. 1. The detailed settings of the call schedule with index 1 are shown below. Vigor2950 Series User’s Guide...
Page 88 (Force Down). Office Hour: (Force On) Mon - Sun 9:00 am 6:00 pm Make sure the PPPoE connection and Time Setup is working properly. Configure the PPPoE always on from 9:00 to 18:00 for whole week. Vigor2950 Series User’s Guide...
Page 89: Radius
The RADIUS server and client share a secret that is used to authenticate the messages sent between them. Both sides must be configured to use the same shared secret. Confirm Shared Secret Re-type the Shared Secret for confirmation. Vigor2950 Series User’s Guide...
Page 90: Upnp
NAT router. The application will also learn the external IP address and configure port mappings on the router. Subsequently, such a facility forwards packets from the external ports of the router to the internal ports used by the application. Vigor2950 Series User’s Guide...
Page 91: Wake On Lan
PC on this web page of Wake on LAN of this router. In addition, such PC must have installed a network card supporting WOL function. By the way, WOL function must be set as “Enable” on the BIOS setting. Vigor2950 Series User’s Guide...
Page 92 MAC Address Type any one of the MAC address of the binded PCs. Wake Up Click this button to wake up the selected IP. See the following figure. The result will be shown on the box. Vigor2950 Series User’s Guide...
Page 93: Vpn And Remote Access
NAT settings, such as DMZ or open port. The Vigor router will not accept the ISDN dial-in connection if the box of Enable ISDN Dial-in is not checked. This submenu only applies to PPP-related VPN connections, such as PPTP, L2TP, L2TP over IPSec. Vigor2950 Series User’s Guide...
Page 94 For example, if the local private network is 192.168.1.0/255.255.255.0, you could choose 192.168.1.200 as the Start IP Address. But, you have to notice that the first two IP addresses of 192.168.1.200 and 192.168.1.201 are reserved for ISDN remote dial-in user. Vigor2950 Series User’s Guide...
Page 95: Ipsec General Setup
Pre-Shared Key- Specify a key for IKE authentication Confirm Pre-Shared Key-Confirm the pre-shared key. IPSec Security Method Medium - Authentication Header (AH) means data will be authenticated, but not be encrypted. By default, this option is active. Vigor2950 Series User’s Guide...
Page 96: Ipsec Peer Identity
Click each index to edit one peer digital certificate. There are three security levels of digital signature authentication: Fill each necessary field to authenticate the remote peer. The following explanation will guide you to fill all the necessary fields. Vigor2950 Series User’s Guide...
Page 97 Click to check the specific fields of digital signature to accept the peer with matching value. The field includes Country (C), State (ST), Location (L), Organization (O), Organization Unit (OU), Common Name (CN), and Email (E). Vigor2950 Series User’s Guide...
Page 98: Remote Dial-In User
Click each index to edit one remote user profile. Each Dial-In Type requires you to fill the different corresponding fields on the right. If the fields gray out, it means you may leave it untouched. The following explanation will guide you to fill all the necessary fields. Vigor2950 Series User’s Guide...
Page 99 L2TP without IPSec policy can be viewed as one pure L2TP connection. Nice to Have - Apply the IPSec policy first, if it is applicable during negotiation. Otherwise, the dial-in VPN connection becomes one pure L2TP connection. Vigor2950 Series User’s Guide...
Page 100 To check if SSL Tunnel is activated or not, please open Draytek SSL VPN portal interface. From the web page, you will see the message to indicate the SSL Tunnel is activated. Specify Remote Node...
Page 101 To check if SSL Web Proxy is activated or not, please open Draytek SSL VPN portal interface. From the web page, you will see the message to indicate that you have the privilege for the SSL Web Proxy. Set SSL Web Proxy – If you haven’t set any SSL VPN web proxy profiles, you will a link here.
Page 102: Lan To Lan
PPTP, IPSec Tunnel, and L2TP by itself or over IPSec) and corresponding security methods, etc. The router provides up to 200 profiles, which also means supporting 200 VPN tunnels simultaneously. The following figure shows the summary table. Vigor2950 Series User’s Guide...
Page 103 4 subgroups. If the fields gray out, it means you may leave it untouched. The following explanations will guide you to fill all the necessary fields. For the web page is too long, we divide the page into several sections for explanation. Vigor2950 Series User’s Guide...
Page 104 VPN Tunnel while connecting. Block – When there is conflict occurred between the hosts on both sides of VPN Tunnel in connecting, such function can block data transmission of Netbios Naming Packet inside the tunnel. Vigor2950 Series User’s Guide...
Page 105 L2TP connection. Must: Specify the IPSec policy to be definitely applied on the L2TP connection. User Name This field is applicable when you select ISDN, PPTP or L2TP with or without IPSec policy above. Vigor2950 Series User’s Guide...
Page 106 AES with Authentication-Use AES encryption algorithm and apply MD5 or SHA-1 authentication algorithm. Advanced Specify mode, proposal and key life of each IKE phase, Gateway etc. The window of advance setup is shown as below: Vigor2950 Series User’s Guide...
Page 107 IKE phase 2 proposal-To propose the local available algorithms to the VPN peers, and get its feedback to find a match. Three combinations are available for both modes. We suggest you select the combination that covers the most Vigor2950 Series User’s Guide...
Page 108 Vigor router to callback, the local ISDN number will be provided to the remote peer. Check here to allow the Vigor router to send the ISDN number to the remote router. This feature is useful for i model only. Vigor2950 Series User’s Guide...
Page 109 None - Do not apply the IPSec policy. Accordingly, the VPN connection employed the L2TP without IPSec policy can be viewed as one pure L2TP connection. Nice to Have- Apply the IPSec policy first, if it is applicable during negotiation. Otherwise, the dial-in VPN connection Vigor2950 Series User’s Guide...
Page 110 ONLY call back to the specified Callback Number. Callback Budget (Unit: minutes) - By default, the callback function has limitation of callback period. Once the callback budget is exhausted, the function will be disabled Vigor2950 Series User’s Guide...
Page 111 More - Add a static route to direct all traffic destined to more Remote Network IP Addresses/ Remote Network Mask through the VPN connection. This is usually used when you find there are several subnets behind the remote VPN router. Vigor2950 Series User’s Guide...
Page 112: Vpn Trunk Management
Filly compliant with VPN Server LAN Sit Single/Multi Network Mail Alert support, please refer to System Maintenance >> SysLog / Mail Alert for detailed configuration Syslog support, please refer to System Maintenance >> SysLog / Mail Alert for detailed configuration Vigor2950 Series User’s Guide...
Page 113 VPN Tunnels disconnected. Users do not need to reconnect with setting TCP/UDP Service Port again. The VPN Load Balance function can keep the transmission for internal data on tunnel stably. Vigor2950 Series User’s Guide...
Page 114 Member2 (on Backup Profile field) - Display the dial-out profile selected from the Member2 drop down list below. Advanced – This button is only available when there is one profile (or more) created in this page. Vigor2950 Series User’s Guide...
Page 115 IPSec(MUST) and so on. Member2 - Display the dial-out profile selected from the Member2 drop down list below. Advanced – This button is only available when there is one or more profiles created in this page. Vigor2950 Series User’s Guide...
Page 116 VPN TRUNK – VPN Load Balance mechanism profile will be locked. The profiles in LAN-to-LAN will be displayed in blue. Edit Click this button to save the changes to the Status (Enable or Disable), profile name, member1 or member2. Vigor2950 Series User’s Guide...
Page 117 Member2. For such reason, LAN-to-LAN profiles of 1 and 2 will be expressed in red to indicate that they are fixed. If you delete the VPN TRUNK – VPN Backup/Load Balance mechanism profile, the selected LAN-to-LAN profiles will be released and Vigor2950 Series User’s Guide...
Page 118 Peer GRE IP. See the following graphic for an example. Later, on peer side (as VPN Client): please type 192.168.50.100 in the field of My GRE IP and type IP address of the server (192.168.50.200) in the field of Peer GRE Vigor2950 Series User’s Guide...
Page 119 Below shows the algorithm for Load Balance. Binding Tunnel Policy Create – Click this radio button for assign a blank table for configuring Binding Tunnel. After insert – Click this radio button to adding a new Vigor2950 Series User’s Guide...
Page 120 Port also fits the number here, such binding tunnel table can be established. Other means when the source IP, destination IP, destination port and fragment conditions match with the settings specified here with different TCP Service Port/UDP Service Port/ICMP/IGMP, such binding tunnel table can be established. Vigor2950 Series User’s Guide...
Page 121 List the backup profile name. ERD Mode ERD means “Environment Recovers Detection”. Normal – choose this mode to make all dial-out VPN TRUNK backup profiles being activated alternatively. Recover Timer – choose this mode to detect VPN connection Vigor2950 Series User’s Guide...
Page 122 Resume – when VPN connection breaks down or disconnects, Member 1 will be the top priority for the system to do VPN connection. Detail Information This field will display detailed information for Environment Recovers Detection. Vigor2950 Series User’s Guide...
Page 123: Connection Management
The VPN connection built by Backup Mode supports VPN backup function. Load Balance Mode This filed displays the profile name saved in VPN TRUNK Management (with Index number and VPN Server IP address). The VPN connection built by Load Balance Mode supports Vigor2950 Series User’s Guide...
Page 124 Click this button to execute dial out function under General Mode, Backup Mode or Load Balance Mode. Refresh Seconds Choose the time for refresh the dial information among 5, 10, and 30. Refresh Click this button to refresh the whole connection status. Vigor2950 Series User’s Guide...
Page 125: Certificate Management
Remember to adjust the time of Vigor router before using the certificate so that you can get the correct valid period of certificate. Below shows the menu items for Certificate Management. Generate Click this button to open Generate Certificate Request window. Vigor2950 Series User’s Guide...
Page 126 Refresh Click this button to refresh the information listed below. View Click this button to view the detailed settings for certificate request. After clicking Generate, the generated information will be displayed on the window below: Vigor2950 Series User’s Guide...
Page 127: Trusted Ca Certificate
For viewing each trusted CA certificate, click View to open the certificate detail information window. If you want to delete a CA certificate, choose the one and click Delete to remove all the certificate information. Vigor2950 Series User’s Guide...
Page 128: Certificate Backup
Also, you can use Restore to retrieve these two settings to the router whenever you want. ISDN means integrated services digital network that is an international communications standard for sending voice, video, and data over digital telephone lines or normal telephone wires. Below shows the menu items for ISDN. Vigor2950 Series User’s Guide...
Page 129: General Settings
50, 17 and 67 on the fields of 1,2 and 3 one by one without typing 12345. Blocked MSN Numbers for Enter the specified MSN number into the fields to prevent the router from dialing the specific MSN number the router Vigor2950 Series User’s Guide...
Page 130: Dial To A Single Isp/Dial To Dual Isps
Idle Timeout - Idle timeout means the router will be disconnect after being idle for a preset amount of time. The default is 180 seconds. If you set the time to 0, the ISDN connection to the ISP will always remain on. Vigor2950 Series User’s Guide...
Page 131 Idle Timeout - Idle timeout means the router will be disconnect after being idle for a preset amount of time. The default is 180 seconds. If you set the time to 0, the ISDN connection to the ISP will always remain on. Vigor2950 Series User’s Guide...
Page 132 To have an ISDN connection, please click this link. Now, the system will guide you to click Dial ISDN. Wait for a moment after clicking the dial link. Then, a successful ISDN connection will be shown as the following. Vigor2950 Series User’s Guide...
Page 133: Virtual Ta
Virtual TA(Remote CAPI) Setup tab in the Quick Setup field to configure the Virtual TA features. Before describing the configuration of Virtual TA in the Vigor routers, please heed the following limitations. The Virtual TA client only supports Microsoft Windows 98/SE/2000/XP platforms. Vigor2950 Series User’s Guide...
Page 134 CAPI-based software to use the client to access the router. If the icon text is RED, it means the client has lost the connection to the server. This time, please check the physical Ethernet connection. Vigor2950 Series User’s Guide...
Page 135 If you have applied to an MSN number service, the Virtual TA server can assign which client has the specified MSN number. When an incoming call arrives, the server will inform the appropriate client. Now we set an example to describe the configuration of the MSN number. Vigor2950 Series User’s Guide...
Page 136: Call Control
(the number is set in the Remote Activation field) to the router as signaling it for activation. The phone call will be soon disconnected once the router is on line. Vigor2950 Series User’s Guide...
Page 137 Low Water Mark and these two channels are being used over the High Water Time, the additional channel will be dropped. As a result, the total link speed will be 64kbps (one B channel). Vigor2950 Series User’s Guide...
Page 138: Wireless Lan
Complete Security Standard Selection: To ensure the security and privacy of your wireless communication, we provide several prevailing standards on market. Vigor2950 Series User’s Guide...
Page 139 /or privacy on your wireless network. The Vigor wireless router is very flexible and can support multiple secure connections with both WEP and WPA at the same time. Example 1 Example 2 Example 3 Vigor2950 Series User’s Guide...
Page 140: General Setup
Mixed (11b+11g+SuperG) - The radio can support IEEE802.11b, IEEE802.11g and SuperG protocols simultaneously. Mixed (11b+11g) - The radio can support both IEEE802.11b and IEEE802.11g protocols simultaneously. SuperG - The radio only supports SuperG. 11g only - The radio only supports IEEE802.11g. Vigor2950 Series User’s Guide...
Page 141 56 bit sync filed instead of long preamble with 128 bit sync field. However, some original 11b wireless network devices only support long preamble. Check it to use Long Preamble if needed to communicate with this kind of devices. Vigor2950 Series User’s Guide...
Page 142: Security
PSK. Remember to select WPA type to define either Mixed or WPA2 only in the field below. WPA/802.1x Only - Accept WPA clients with 802.1x authentication. Remember to select WPA type to define Vigor2950 Series User’s Guide...
Page 143 Four keys can be entered here, but only one key can be selected at a time. The keys can be entered in ASCII or Hexadecimal. Check the key you wish to use. Vigor2950 Series User’s Guide...
Page 144: Access Control
Delete the selected MAC address in the list. Edit Edit the selected MAC address in the list. Cancel Give up the access control set up. Click it to save the access control list. Clear All Clean all entries in the MAC address list. Vigor2950 Series User’s Guide...
Page 145: Wds
AP can be repeated to another peer AP through WDS links. Yet in Bridge mode, packets received from a WDS link will only be forwarded to local wired or wireless hosts. In other words, only Repeater mode can do WDS-to-WDS packet forwarding. Vigor2950 Series User’s Guide...
Page 146 Click WDS from Wireless LAN menu. The following page will be shown. Mode Choose the mode for WDS setting. Disable mode will not invoke any WDS setting. Bridge mode is designed to fulfill the first type of application. Repeater mode is for the second one. Vigor2950 Series User’s Guide...
Page 147: Ap Discovery
This page is used to scan the existence of the APs on the wireless LAN. Yet, only the AP which is in the same channel of this router can be found. Please click Scan to discover all the connected APs. Vigor2950 Series User’s Guide...
Page 148: Station List
There is a code summary below for explanation. For convenient Access Control, you can select a WLAN station and click Add to Access Control below. Refresh Click this button to refresh the status of station list. Click this button to add current selected MAC address into Access Control. Vigor2950 Series User’s Guide...
Page 149: Station Rate Control
The VLAN >> Wired VALN allows you to configure VLAN settings through wired connection to achieve the above intention. Simply check P1 and P2 boxes on the line of VLAN0; and check P3 and P4 boxes on the line of VLAN1. Vigor2950 Series User’s Guide...
Page 150: Wireless Vlan
PCs under the same groups can use same Login ID and password to access into Internet. For example, see the following graphic. Both A and B use the same login ID (City) and password (1234). Therefore, they are grouped in the same W_VLAN. Vigor2950 Series User’s Guide...
Page 151 Check this box to invoke wireless VLAN function. Login ID Type Login ID for different groups of W_VLAN with 1 to 11 characters. Password Type password for different groups of W_VLAN with 1 to 11 characters. Vigor2950 Series User’s Guide...
Page 152 After finishing the configuration of wireless VLAN, the wireless clients connecting to this router must do the following steps to access into Internet. 1. Open a browser and type http://www.draytek.vlan/login.htm or http://(vigor router’s IP address)/login.htm on the address line. 2. The following screen will appear.
Page 153 4. When the accessing is successful, the following screen will appear. Note: The floating window with connection time will be shown on the screen till you logout. 5. You can go to Diagnostics>>Wireless VLAN Online Station for viewing the connection status whenever you want. Vigor2950 Series User’s Guide...
Page 154: Vlan Cross Setup
The VLAN >> VALN Cross Setup allows you to set a communication bridge between computers in Wireless VLAN and wired VLAN. To achieve the intention of the above illustration, simply check the box under VLAN0 on the line of W_VLAN0. Vigor2950 Series User’s Guide...
Page 155: Wireless Rate Control
20,000kbps. Adjust the values according to your necessity. Download Rate It decides the rate of data transmission for input. The default setting is 300. The range must be between 100 kbps to 20,000kbps. Adjust the values according to your necessity. Vigor2950 Series User’s Guide...
Page 156: Ssl Vpn
Display the name of the profile that you create. Display the URL. Active Display current status (active or inactive) of such profile. Click number link under Index filed to set detailed configuration. Name Type name of the profile. Vigor2950 Series User’s Guide...
Page 157: User Account
You can find out the link of Set SSL Web Proxy on the profile setting page. If you haven’t set any SSL Web Proxy Profile in SSL VPN>> SSL Web Proxy web page, there is no check box but a link appeared below. Vigor2950 Series User’s Guide...
Page 158: Online User Status
The SSL Web Proxy profile names will be displayed (together with check box) as shown below. If you have finished the configuration of SSL Web Proxy (server), users can find out corresponding settings when they access into Draytek SSL VPN portal interface. Vigor2950 Series User’s Guide...
Page 159: System Maintenance
For the system setup, there are several items that you have to know the way of configuration: Status, Administrator Password, Configuration Backup, Syslog, Time setup, Reboot System, Firmware Upgrade. Below shows the menu items for System Maintenance. Vigor2950 Series User’s Guide...
Page 160: System Status
Vigor router with TR-069 is available for matching with VigorACS server. Such page provides VigorACS and CPE settings under TR-069 protocol. All the settings configured here is for CPE to be controlled and managed with VigorACS server. Users need to type Vigor2950 Series User’s Guide...
Page 161 Password: password CPE Client It is not necessary for you to type them. Such information Auto Configuration Server. is useful for Enable/Disable – Sometimes, port conflict might be occurred. To solve such problem, you might want to Vigor2950 Series User’s Guide...
Page 162: Administrator Password
Follow the steps below to backup your configuration. Go to System Maintenance >> Configuration Backup. The following windows will be popped-up, as shown below. Click Backup button to get into the following dialog. Click Save button to open Vigor2950 Series User’s Guide...
Page 163 The above example is using Windows platform for demonstrating examples. The Mac or Linux platform will appear different windows, but the backup function is still available. Note: Backup for Certification must be done independently. The Configuration Backup does not include information of Certificate. Vigor2950 Series User’s Guide...
Page 164: Syslog/Mail Alert
Enable syslog message Check the box listed on this web page to send the corresponding message of firewall, VPN, User Access, Call, WAN, Router/DSL information to Syslog. SMTP Server The IP address of the SMTP server. Vigor2950 Series User’s Guide...
Page 165 From the Syslog screen, select the router you want to monitor. Be reminded that in Network Information, select the network adapter used to connect to the router. Otherwise, you won’t succeed in retrieving information from the router. Vigor2950 Series User’s Guide...
Page 166: Time And Date
Type the IP address of the time server. Time Zone Select the time zone where the router is located. Automatically Update Interval Select a time interval for updating from the NTP server. Click OK to save these settings. Vigor2950 Series User’s Guide...
Page 167: Management
Check to use standard port numbers for the Telnet and HTTP servers. Enable SNMP Agent Check it to enable this function. Get Community Set the name for getting community by typing a proper character. The default setting is public. Vigor2950 Series User’s Guide...
Page 168: Reboot System
Note: When the system pops up Reboot System web page after you configure web settings, please click OK to reboot your router for ensuring normal operation and preventing unexpected errors of the router in the future. Vigor2950 Series User’s Guide...
Page 169: Firmware Upgrade
Note that this example is running over Windows OS (Operating System). Download the newest firmware from DrayTek's web site or FTP site. The DrayTek web site is www.draytek.com (or local DrayTek's web site) and FTP site is ftp.draytek.com.
Page 170: Diagnostics
(e.g., ISDN, PPPoE, PPPoA, etc) is triggered by a package sending from the source IP address. Decoded Format It shows the source IP address (local), destination IP (remote) address, the protocol and length of the package. Refresh Click it to reload the page. Vigor2950 Series User’s Guide...
Page 171: Routing Table
Resolution Protocol) cache held in the router. The table shows a mapping between an Ethernet hardware address (MAC Address) and an IP address. Refresh Click it to reload the page. Clear Click it to clear the whole table. Vigor2950 Series User’s Guide...
Page 172: Dhcp Table
It displays the host ID name of the specified PC. Refresh Click it to reload the page. Click Diagnostics and click NAT Sessions Table to open the setup page. Private IP:Port It indicates the source IP address and port of local PC. Vigor2950 Series User’s Guide...
Page 173: Wireless Vlan Online Station Table
IP address, MAC address and Login ID information for all the Wireless VLAN stations. IP Address Display the IP address of the wireless station. MAC Address Display the MAC address of the wireless station. Login ID Display the login ID that the wireless station belongs to. Vigor2950 Series User’s Guide...
Page 174: Data Flow Monitor
Display the number of the data flow. IP Address Display the IP address of the monitored device. TX rate (kbps) Display the transmission speed of the monitored device. RX rate (kbps) Display the receiving speed of the monitored device. Vigor2950 Series User’s Guide...
Page 175: Traffic Graph
WAN1/WAN2 Bandwidth chart, the numbers displayed on vertical axis represent the numbers of the transmitted and received packets in the past. For Sessions chart, the numbers displayed on vertical axis represent the numbers of the NAT sessions during the past. Vigor2950 Series User’s Guide...
Page 176: Ping Diagnosis
Type in the IP address of the Host/IP that you want to ping. Click this button to start the ping work. The result will be displayed on the screen. Clear Click this link to remove the result on the window. Vigor2950 Series User’s Guide...
Page 177: Trace Route
Unspecified to be determined by the router automatically. Host/IP Address It indicates the IP address of the host. Click this button to start route tracing work. Clear Click this link to remove the result on the window. Vigor2950 Series User’s Guide...
Page 178 Vigor2950 Series User’s Guide...
Page 179: Application And Examples
Go to VPN and Remote Access and select Remote Access Control to enable the necessary VPN service and click OK. Then, For using PPP based services, such as PPTP, L2TP, you have to set general settings in PPP General Setup. Vigor2950 Series User’s Guide...
Page 180 Set Dial-Out Settings as shown below to dial to connect to Router B aggressively with the selected Dial-Out method. If an IPSec-based service is selected, you should further specify the remote peer IP Address, IKE Authentication Method and IPSec Security Method for this Dial-Out connection. Vigor2950 Series User’s Guide...
Page 181 If an IPSec-based service is selected, you may further specify the remote peer IP Address, IKE Authentication Method and IPSec Security Method for this Dial-In connection. Otherwise, it will apply the settings defined in IPSec General Setup above. Vigor2950 Series User’s Guide...
Page 182 A can direct the packets destined to the remote network to Router B via the VPN connection. Settings in Router B in the remote office: Go to VPN and Remote Access and select Remote Access Control to enable the necessary VPN service and click OK. Vigor2950 Series User’s Guide...
Page 183 Set Dial-Out Settings as shown below to dial to connect to Router B aggressively with the selected Dial-Out method. If an IPSec-based service is selected, you should further specify the remote peer IP Address, IKE Authentication Method and IPSec Security Method for this Dial-Out connection. Vigor2950 Series User’s Guide...
Page 184 If an IPSec-based service is selected, you may further specify the remote peer IP Address, IKE Authentication Method and IPSec Security Method for this Dial-In connection. Otherwise, it will apply the settings defined in IPSec General Setup above. Vigor2950 Series User’s Guide...
Page 185 Address, Username, Password, and VJ Compression for this Dial-In connection. At last, set the remote network IP/subnet in TCP/IP Network Settings so that Router B can direct the packets destined to the remote network to Router A via the VPN connection. Vigor2950 Series User’s Guide...
Page 186: Create A Remote Dial-In User Connection Between The Teleworker And Headquarter
PPP General Setup. For using IPSec-based service, such as IPSec or L2TP with IPSec Policy, you have to set general settings in IKE/IPSec General Setup, such as the pre-shared key that both parties have known. Vigor2950 Series User’s Guide...
Page 187 Otherwise, it will apply the settings defined in IPSec General Setup above. If a PPP-based service is selected, you should further specify the remote peer IP Address, Username, Password, and VJ Compression for this Dial-In connection. Vigor2950 Series User’s Guide...
Page 188 For Win2000/XP, please use "Network and Dial-up connections" or “Smart VPN Client”, complimentary software to help you create PPTP, L2TP, and L2TP over IPSec tunnel. You can find it in CD-ROM in the package or go to www.draytek.com download center. Install as instructed.
Page 189 VPN router. To use default gateway on remote network means that all the packets of remote host will be directed to VPN server then forwarded to Internet. This will make the remote host seem to be working in the enterprise network. Vigor2950 Series User’s Guide...
Page 190: Qos Setting Example
Make sure the QoS Control on the left corner is checked. And select BOTH in Direction. Enter the Name of Index Class 1 by clicking Edit link. In this index, the user will set reserve bandwidth for Email using protocol POP3 and SMTP. Vigor2950 Series User’s Guide...
Page 191 Class Name of Index 3. In this index, he will set reserve bandwidth for 1 VPN tunnel. Click edit to open a new window. First, check the ACT box. Then click SrcEdit to set a worker’s subnet address. Click DestEdit to set headquarter’s subnet address. Leave other fields and click OK. Vigor2950 Series User’s Guide...
Page 192: Lan - Created By Using Nat
You can just set the settings wrapped inside the red rectangles to fit the request of NAT usage. To use another DHCP server in the network rather than the built-in one of Vigor Router, you have to change the settings as show below. Vigor2950 Series User’s Guide...
Page 193 You can just set the settings wrapped inside the red rectangles to fit the request of NAT usage. Vigor2950 Series User’s Guide...
Page 194: Upgrade Firmware For Your Router
4. The file RTSxxx.exe will be asked to copy onto your computer. Remember the place of storing the execution file. 5. Go to www.draytek.com to find out the newly update firmware for your router. 6. Access into Support Center >> Downloads. Find out the model name of the router and click the firmware link.
Page 195 You will find out two files with different extension names, xxxx.all (keep the old custom settings) and xxxx.rst (reset all the custom settings to default settings). Choose any one of them that you need. Vigor2950 Series User’s Guide...
Page 196 14. Click Send. 15. Now the firmware update is finished. Vigor2950 Series User’s Guide...
Page 197: Request A Certificate From A Ca Server On Windows Ca Server
Go to Certificate Management and choose Local Certificate. Vigor2950 Series User’s Guide...
Page 198 Copy and save the X509 Local Certificate Requet as a text file and save it for later use. Connect to CA server via web browser. Follow the instruction to submit the request. Below we take a Windows 2000 CA server for example. Select Request a Certificate. Vigor2950 Series User’s Guide...
Page 199 64 encoded certificate and Download CA certificate. Now you should get a certificate (.cer file) and save it. Back to Vigor router, go to Local Certificate. Click IMPORT button and browse the file to import the certificate (.cer file) into Vigor router. When finished, click refresh Vigor2950 Series User’s Guide...
Page 200 “------BEGINE CERTIFICATE------..” You may review the detail information of the certificate by clicking View button. Vigor2950 Series User’s Guide...
Page 201: Request A Ca Certificate And Set As Trusted On Windows Ca Server
Use web browser connecting to the CA server that you would like to retrieve its CA certificate. Click Retrive the CA certificate or certificate recoring list. Vigor2950 Series User’s Guide...
Page 202 You may review the detail information of the certificate by clicking View button. Note: Before setting certificate configuration, please go to System Maintenance >> Time and Date to reset current time of the router first. Vigor2950 Series User’s Guide...
Page 203: Erd Mechanism For Vpn Trunk
Request Background: Some of users think if VPN tunnel connected again, it is Environment Recovery Detection. For such users, use Normal mode. To set ERD Normal mode > vpn Trunk backup ERD VpnBackup Normal (3) Resume Mode Vigor2950 Series User’s Guide...
Page 204 For example, if you type “3600” as the value for <second>, Recover will be done with 30 seconds (3531 ~ 3600) for the backup VPN tunnel. If you set “30” as the value for <second>, it will be regarded as “0”. Vigor2950 Series User’s Guide...
Page 205: Vpn Load Balance Application
Router A (VPN Client) for connecting with Router B (VPN Server). (1) VPN Client site For LAN-to-LAN Dial out for member1 and member2, please finish: LAN-to-LAN IPSec Dial Out (Router Mode) configuration. Member1 LAN-to-LAN Dial out Profile GRE over IPSec configuration. Vigor2950 Series User’s Guide...
Page 206 LAN-to-LAN IPSec Dial In configuration Finish GRE over IPSec setting in LAN-to-LAN Dial In Profile for matching with VPN Client Member1 configuration Finish GRE over IPSec setting in LAN-to-LAN Dial In Profile for matching with VPN Client Member2 configuration Vigor2950 Series User’s Guide...
Page 207 (3) Dialing from VPN Client site Vigor2950 Series User’s Guide...
Page 208 Vigor2950 Series User’s Guide...
Page 209: Trouble Shooting
Sometimes the link failure occurs due to the wrong network connection settings. After trying the above section, if the link is stilled failed, please do the steps listed below to make sure the network connection settings is OK. Vigor2950 Series User’s Guide...
Page 210 Go to Control Panel and then double-click on Network Connections. Right-click on Local Area Connection and click on Properties. Select Internet Protocol (TCP/IP) and then click Properties. Vigor2950 Series User’s Guide...
Page 211 Select Obtain an IP address automatically and Obtain DNS server address automatically. Double click on the current used MacOs on the desktop. Open the Application folder and get into Network. On the Network screen, select Using DHCP from the drop down list of Configure IPv4. Vigor2950 Series User’s Guide...
Page 212: Pinging The Router From Your Computer
Open the Application folder and get into Utilities. Double click Terminal. The Terminal window will appear. Type ping 192.168.1.1 and press [Enter]. It the link is OK, the line of “64 bytes from 192.168.1.1: icmp_seq=0 ttl=255 time=xxxx ms” will appear. Vigor2950 Series User’s Guide...
Page 213 Vigor2950 Series User’s Guide...
Page 214: Checking If The Isp Settings Are Ok Or Not
Check if Username and Password are entered with correct values that you got from your ISP. Check if the Enable option is selected. Check if IP address, Subnet Mask and Gateway are entered with correct values that you got from your ISP. Vigor2950 Series User’s Guide...
Page 215 Check if the Enable option for PPTP Link is selected. Check if PPTP Server, Username, Password and WAN IP address are set correctly (must identify with the values from your ISP). Vigor2950 Series User’s Guide...
Page 216: Backing To Factory Default Setting If Necessary
5 seconds. When you see the ACT LED blinks rapidly, please release the button. Then, the router will restart with the default configuration. After restore the factory default setting, you can configure the settings for the router again to fit your personal request. Vigor2950 Series User’s Guide...
Page 217 If the router still cannot work correctly after trying many efforts, please contact your dealer for further help right away. For any questions, please feel free to send e-mail to support@draytek.com. Vigor2950 Series User’s Guide...

Draytek VIGOR2950 User Manual

Preface

Configuring Basic Settings

Advanced Web Configuration

Application and Examples

Trouble Shooting

Quick Links

Related Manuals for Draytek VIGOR2950

Summary of Contents for Draytek VIGOR2950

Table of Contents