Draytek Vigor2925
Contents
1. Ethernet Static or Dynamic IP Details Page IPv6 None Ethernet PPPoE IPv6 Static or Dynamic IP PvE ies PPTP LITP Physical Mode Access Mode Ethernet static or Dynamic IP v Details Page IPv6 USB IPv6 3G 4G USB Modem PPP mode Available settings are explained as follows Item Index Display Name Physical Mode Access Mode Dray Tek Description Display the WAN interface It shows the name of the WAN1 WAN2 WANS3 that entered in general setup It shows the physical connection for WAN1 WAN2 Ethernet WAN3 USB according to the real network connection Use the drop down list to choose a proper access mode Then click Details Page for accessing the settings page to configure the settings 131 Vigor2925 Series User s Guide Details Page This button will open different web page based on IPv4 according to the access mode that you choose in WAN interface Note that Details Page will be changed slightly based on ADSL VDSL physical mode specified on WAN gt gt General Setup IP v6 This button will open different web page based on Physical Mode to setup IPv6 Internet Access Mode for WAN interface If IPv6 service is active on this WAN interface the color of TPv6 will become green Details Page for PPPoE in WAN1 WAN2 To use PPPoE as the accessing protocol of the internet please click the PPPoE tab The following web page will be shown WAN gt gt Internet Access WAN 2 PPPo2. PPA range is 255 WAN Acceleration session SESSION SPC_iplihpre_port Dest_ip Dest_port Nat_ip Nat_port LAN Acceleration session hession amp Src_ip Sre_port Dest_ip Dest_port Nat_ip Nat_port PERRE R ERE RE RR R E Er R RR E RE EEA E E R EE E eee A 192 168 i iB 2938 119 236 154 122 55960 1924 168 3 18252524 Spe_mac 00 242 2515 8F 285259 Dest _mac BH 56 7Ff 37ic8 i 4c i 192 168 i 18 2952 193 B88 6 13 33633 192 168 3 18252538 Srce mac ABI22 515 8F 285259 Dest_mac BH 56 7Ff 237 ic8 4c Dr ay Te k 197 Vigor2925 Series User s Guide 4 6 Firewall 4 6 1 Basics for Firewall While the broadband users demand more bandwidth for multimedia interactive applications or distance learning security has been always the most concerned The firewall of the Vigor router helps to protect your local network against attack from unauthorized outsiders It also restricts users in the local network from accessing the Internet Furthermore it can filter out specific packets that trigger the router to build an unwanted outgoing connection Firewall Facilities The users on the LAN are provided with secured protection by the following firewall facilities User configurable IP filter Call Filter Data Filter Stateful Packet Inspection SPI tracks packets and denies unsolicited incoming data Selectable Denial of Service DoS Distributed DoS DDo
3. To edit each profile l Online means such LAN to LAN profile is in use Offline means such LAN to LAN profile isn t in use even if the profile has been enabled Click each index to edit each profile and you will get the following page Each LAN to LAN profile includes 4 subgroups If the fields gray out it means you may leave it untouched The following explanations will guide you to fill all the necessary fields For the web page is too long we divide the page into several sections for explanation VPN and Remote Access gt gt LAN to LAN Profile Index 1 1 Common Settings Profile Name Enable this profile VPN Dial Out Through WAN First Netbios Naming Packet Pass Block Multicast via VPN O Pass Block for some IGMP IP Camera DHCP Relay etc 2 Dial Out Settings Type of Server am calling PPTP IPsec Tunnel L2TP with IPsec Policy Server IP Host Name for VPN such as draytek com or 123 45 67 89 fF Call Direction Both Dial out Dial in O Always on second s LJ Enable PING to keep alive Idle Timeout PING to the IP TT PAP CHAP on off Username Password PPP Authentication VJ Compression IKE Authentication Method Pre Shared Key Digital Signature X 509 Peer ID Local ID Alternative Subject Name First Subject Name First Local Certificate IPsec Security Method Medium AH High ESP Advanced
4. 2 Connect one end of an Ethernet cable RJ 45 to one of the LAN ports of the router and the other end of the cable RJ 45 into the Ethernet port on your computer 3 Connect one end of the power adapter to the router s power port on the rear panel and the other side into a wall outlet 4 Power on the device by pressing down the power switch on the rear panel The system starts to initiate After completing the system test the ACT LED will light up and start blinking n 39 For the hardware connection we take model as an example F x E A Power Switch Cable DSL Modem P wer Adapter or Media Converter 5 Pewee Tol ee 725n eit al wa ae e S inthe Results Wireless ose LAN CHORES ACT WANI fie nidia WEB WAM WLF i JE WAM Wh E pe Faciory 5 l Resmi WLAN YPN DMZ z Sap WANS L n ff ey a ai e a nl ea LAN Dr ay Tek 7 Vigor2925 Series User s Guide 1 4 Printer Installation You can install a printer onto the router for sharing printing All the PCs connected this router can print documents via the router The example provided here is made based on Windows XP 2000 For Windows 98 SE Vista please visit www DrayTek com Before using it please follow the steps below to configure settings for connected computers or wireless clients 1 Connect the printer with the router through USB parallel port 2 Open Start gt Settings gt Printer and Faxes x 4 Docu
5. Streaming Omms ORTSP OTvAnts O PPStream O FeiDian Ouusee ONSPlayer Olpcast Cl SopCast OuDLivex OTvuPlayer O MySee O Flashvidec O SilwerLight O Slingbox Oovoo Remote Control Ovne ORadmin O SpyAnywhere ClshowMyPc O LogMeIn OTeamviewer OGogrok O RemoteControlPro O CrossLoop OwindovsRDP Cl pcAnywhere OTimbuktu O WindovwsLiveSyne O Sharedwiew Web HD CI HTTF Upload O HiNet SafeBox OMS SkyDrive C GDoc Uploader O ADrive C MyOtherDrive O Mozy O EoxNet O officeLive Dray Te k 251 Vigor2925 Series User s Guide 4 9 2 URL Content Filter Profile To provide an appropriate cyberspace to users Vigor router equips with URL Content Filter not only to limit illegal traffic from to the inappropriate web sites but also prohibit other web feature where malicious code may conceal Once a user type in or click on an URL with objectionable keywords URL keyword blocking facility will decline the HTTP request to that web page thus can limit user s access to the website You may imagine URL Content Filter as a well trained convenience store clerk who won t sell adult magazines to teenagers At office URL Content Filter can also provide a job related only environment hence to increase the employee work efficiency How can URL Content Filter work better than traditional firewall in the field of filtering Because it checks the URL strings or some of HTTP data hiding in the payload of TCP packets while legacy firewall inspects packets base
6. User Mode is OFF now Vigor2925 Series User s Guide 36 Dr ay Te k J LAN Connected 1 LANI LANZ LAMS LAM 4 LANS Host ID IP Address MAC CARRIE OC7CB251 192 168 1 10 F0 CB 4E DA 48 79 Coreportod 7 jco 1 Host connected physically to the router via LAN port s will be displayed with green circles in the field of Connected All of the hosts including wireless clients displayed with Host ID IP Address and MAC address indicates that the traffic would be transmitted through LAN port s and then the WAN port The purpose is to perform the traffic monitor of the host s 2 6 4 GUI Map ere amp GUI Map All the functions the router supports are listed with table clearly in this page Users can click the function link to access into the setting page of the function for detailed configuration Click the icon on the top of the main screen to display all the functions GUI Map Dashboard VPN and Remote Wizard Access iuick Start Wizard VPA Client wizard service Activation YEN Server Vizard Wizard Remote Access Control Wireless Wizard 2 4 PPP General Setup GHz IPsec General Setup Wireless Wizard 5 IPsec Peer Identity GHz OpenvPh General Setup Online Status Remote Dial in User Physical Connection LAN to LAM Virtual WAR YEN TRUNK WAN Management General Setup Connection Management Internet Access Certificate huiti LAM Management WAR Budget Local Certificate LAN Trusted CA Certificate General Setup Cerificate
7. Vigor2925 Series User s Guide 212 Dr ay Te k 4 6 4 DoS Defense As a sub functionality of IP Filter Firewall there are 15 types of detect defense function in the DoS Defense setup The DoS Defense functionality is disabled for default Dray Tek Click Firewall and click DoS Defense to open the setup page Firewall gt gt DoS defense Setup DoS defense Setup C Enable SYN flood defense C Enable UDP flood defense C Enable ICMP flood defense L Enable Port Scan detection L Block IP options C Block Land CI Block Smurf L Block trace route C Block SYN fragment L Block Fraggle Attack Threshold so packets sec Timeout ho sec Threshold 150 packets sec Timeout ho sec Threshold so packets sec Timeout ho sec Threshold 150 packets sec L Block TCP flag scan C Block Tear Drop C Block Ping of Death C Block ICMP fragment C Block Unassigned Numbers Available settings are explained as follows Item Enable Dos Defense Select All Enable SYN flood defense Enable UDP flood defense Description Check the box to activate the DoS Defense Functionality Click this button to select all the items listed below Check the box to activate the SYN flood defense function Once detecting the Threshold of the TCP SYN packets from the Internet has exceeded the defined value the Vigor router will start to randomly discard the subsequent TCP SYN packets for a period defined in Timeout
8. With Crome browser you may get the following warning Click Proceed anyway SSL Error amp C Be bttps 192 168 1 1 coi bin user_login cai fid 101 amp src_ip 192 168 1 11 amp target_url www dra vy S A The site s security certificate is not trusted You attempted to reach 192 168 1 1 but the server presented a certificate issued by an entity that is not trusted by your computer s operating system This may mean that the server has generated its own security credentials which Google Chrome cannot rely on for identity information or an attacker may be trying to intercept your communications You should not proceed especially if you have never seen this warning before for this site Help me understand After that the web authentication window will appear Input the user name and the password for your account defined in User Management and click Login erna sip Favorites qi B Suggested Sites E Web Slice Gallery Username Password Internet Protected Mode On ___ ___ ___ Vigor2925 Series User s Guide 110 Dr ay Tek If the authentication is successful the client will be redirected to the original web site that he tried to access In this example it is http www draytek com Furthermore you will get a popped up window as the following Then you can access the Internet i AILEY Hello userl login from 192 168 1 11 00 29 46 E D Internet Pr
9. delivery is an enhancement over the power save mechanisms It allows devices to take more time in sleeping state and consume less power to improve the performance by minimizing transmission latency Wireless LAN gt WMM Configuration WMM Configuration WMM Capable APSD Capable WMM Parameters of Access Point Aifsn AC_BE AC_BK AC_VI AC VO WMM Parameters of Station Aifsn AC BE AC_BK AC VI AC VO Set to Factory Default Enable Disable Enable Disable CWMin CWMax Txop ACM AckPolicy o a m o oa E oo o m m CWMin CWMax Txop ACM 0 0 UU Ree mN im D Po Available settings are explained as follows Item WMM Capable APSD Capable Aifsn CWMin CWMax Dray Tek Description To apply WMM parameters for wireless data transmission please click the Enable radio button The default setting is Disable It controls how long the client waits for each data transmission Please specify the value ranging from 1 to 15 Such parameter will influence the time delay for WMM accessing categories For the service of voice or video image please set small value for AC_VI and AC_VO categories For the service of e mail or web browsing please set large value for AC_BE and AC_BK categories CWMin means contention Window Min and CWMax means contention Window Max Please specify the value ranging from 1 to 15 Be aware that CWMax value must be greater than CWMin or equals to CWMin value Both
10. 7 o D A P2261 WANI 192 168 149 Choose PC End Port Protocol Start Port End Port war mar mar Clear Available settings are explained as follows Item Enable Open Ports Comment WAN Interface WAN IP Local Computer Protocol Start Port End Port Vigor2925 Series User s Guide Description Check to enable this entry Make a name for the defined network application service Specify the WAN interface that will be used for this entry Specify the WAN IP address that will be used for this entry This setting is available when WAN IP Alias is configured Enter the private IP address of the local host or click Choose PC to select one Choose PC Click this button and subsequently a window having a list of private IP addresses of local hosts will automatically pop up Select the appropriate IP address of the local host in the list Specify the transport layer protocol It could be TCP UDP Or none for selection Specify the starting port number of the service offered by the local host Specify the ending port number of the service offered by the local host 12 DrayTek After finishing all the settings here please click OK to save the configuration NAT gt Open Ports Open Ports Setup Setto Factory Default Index Comment WAN Interface Local IP Address Status P2701 WANI 192 168 1 49 W P Pee Pp SF FF o Ea 4 4 4 Port Triggering Port Triggering is a variation of op
11. Default Charset English ka Samba Service Settings Network Neighborhood Disable Access Mode OLAN Only LAN And WAN NetBios Name Service Host Name Vigor2o60 Note 1 If Charset is set to English only English long file name is supported 2 Multi session ftp download will be banned by Router FTP server If your ftp client have multi connection mechanism such as FileZilla you may limit client connections setting to 1 to get better performance 3 A workgroup name must not be the same as the host name The workgroup name and the host name can have as many as 15 characters and a host name can have as many as 23 characters but both cannot contain any of the following lt 2 7 Dr ay Tek 61 Vigor2925 Series User s Guide 3 Setup a user account for the FTP service by using USB Application gt gt USB User Management Click Enable to enable FTP Samba User account Here we add a new account userl and assign authorities Read Write and List to it USB Application gt gt USB User Management Profile Index 1 FTP Samba User Username Password Access Rule File Read Write CO Delete Directory JList C creata Remove Note The folder name can only contain the following characters A Z a z 0 9 j and space 4 Click OK to save the configuration 5 Make sure the FTP service is running properly Please open a browser and type ftp 192 168 1 1 Use the account
12. Dray Tek Gre over IPSec Settings TCP IP Network Settings High Encapsulating Security Payload ESP means payload data will be encrypted and authenticated You may select encryption algorithm from Data Encryption Standard DES Triple DES 3DES and AES Enable IPSec Dial Out function GRE over IPSec Check this box to verify data and transmit data in encryption with GRE over IPSec packet after configuring IPSec Dial Out setting Both ends must match for each other by setting same virtual IP address for communication Logical Traffic Such technique comes from RFC2890 Define logical traffic for data transmission between both sides of VPN tunnel by using the characteristic of GRE Even hacker can decipher IPSec encryption he she still cannot ask LAN site to do data transmission with any information Such function can ensure the data transmitted on VPN tunnel is really sent out from both sides This is an optional function However if one side wants to use it the peer must enable it too My GRE IP Type the virtual IP for router itself for verified by peer Peer GRE IP Type the virtual IP of peer host for verified by router My WAN IP This field is only applicable when you select PPTP or L2TP with or without IPSec policy above The default value is 0 0 0 0 which means the Vigor router will get a PPP IP address from the remote router during the IPCP negotiation phase If the PPP IP address is fixed by remote side
13. PMK Cache Period Set the expired time of WPA2 PMK Pairwise master key cache PMK Cache manages the list from the BSSIDs in the associated SSID with which it has pre authenticated Such feature is available for WPA2 802 1 mode Pre Authentication Enables a station to authenticate to multiple APs for roaming securer and faster With the pre authentication procedure defined in IEEE 802 111 specification the pre four way handshake can reduce handoff delay perceivable by a mobile node It makes roaming faster and more secure Only valid in WPA2 Enable Enable IEEE 802 1 X Pre Authentication WEP Key Four keys can be entered here but only one key can be selected at a time The format of WEP Key is restricted to 5 ASCII characters or 10 hexadecimal values in 64 bit encryption level or restricted to 13 ASCII characters or 26 hexadecimal values in 128 bit encryption level The allowed content is the ASCII characters from 33 to 126 except and Such feature is available for WEP mode 802 1X WEP Enable Enable the WEP Encryption Mode Black List White List Select to enable black list or white list filter policy List Display all MAC addresses that are edited before Client s MAC Address Manually enter the MAC address of wireless client Add Add a new MAC address into the list Delete Delete the selected MAC address in the list Edit Edit the selected MAC address in the list Cancel
14. PSPS HISHed N Aae Sometimes you may forget the Distinguished Name since it s too long Then you may click the I button to list all the account information on the AD LDAP Server to assist you finish the setup After finished the above settings click OK to save and exit this page A new profile has been created 4 11 6 UPnP The UPnP Universal Plug and Play protocol is supported to bring to network connected devices the ease of installation and configuration which is already available for directly connected PC peripherals with the existing Windows Plug and Play system For NAT routers the major feature of UPnP on the router is NAT Traversal This enables applications inside the firewall to automatically open the ports that they need to pass through a router It is more reliable than requiring a router to work out by itself which ports need to be opened Further the user does not have to manually set up port mappings or a DMZ UPnP is available on Windows XP and the router provide the associated support for MSN Messenger to allow full use of the voice video and messaging features Applications gt gt UPnP T Enable UPnP Service Default WAN Cl Enable Connection control Service L Enable Connection Status Service Note If you intend running UPnP service inside your LAN you should check the appropriate service above to allow control as well as the appropriate UPnP settings Available settings are explained as fo
15. SSID 3 SSID 4 Mixed VWEATWPAQVPSK TKIP for WPA AES for WPAZ Type 63 ASCII character or 64 Hexadecimal digits leading by Ox for example cfgsOlaz2 or Ox65Sabed Encryption Mode WEP key 1 Rew i Rey 3 key g Note i Please configure the RADIUS Server if 802 1 Is used For 64 bit WEP key configurations please insert 5 ASCII characters or 10 Hexadecimal digits leading by Ox Examples are 46312 or Ox4142333132 For 128 bit WEP key configurations please insert 13 ASCII characters or 26 Hexadecimal digits leading by Ox JK Cancel Available settings are explained as follows Item Mode Vigor2925 Series User s Guide Description There are several modes provided for you to choose Disable Disable WEF WEPA02 1x Only WWPAJOU Tx Only WPAAOO 1x Only MixedVWVPA H VPA 1x only WIPAIP SK WP AAIP SK PAH VPAL PSE Note You should also set RADIUS Server simultaneously if 802 1x mode is selected Disable Turn off the encryption mechanism WEP lt Accepts only WEP clients and the encryption key should be entered in WEP Key WEP 802 1x Only Accepts only WEP clients and the encryption key is obtained dynamically from RADIUS server with 802 1 X protocol WPA 802 1x Only Accepts only WPA clients and the encryption key is obtained dynamically from RADIUS us DrayTek server with 802 1X protocol WPA2 802 1x Only Accepts only WPA2
16. 514 Cl Enable Enable syslog message User Access Log WAN Log Router DSL information AlertLog Setup Cl Enable AlertLog Port 514 O Authentication User Name Password Enable E Mail Alert DoS Attack IM P2P VPN LOG Send a test e mail 25 Note 1 Mail Syslog cannot be activated unless USB Disk is ticked for Syslog Save to 2 Mail Syslog feature sends a Syslog file when its size reaches 1M Bytes I DryTek Syelog 45 3 Dray Tek SEE EVEN kin rA Kamia ipoh bi i SS Preval jen 0 leer didesse Connection WAN PPE 2 Stare dog Lod writer leg CSM Lay Delersa Lug Systen time arii Lua SUT Lay 2013 00 20 LS3 46 VISAS 1 Sara PIS A 1 SS Router Taree fig SU a Ag 2 0 Se sg 2003 3003 Paley A MS Sie Aig JA SSS Syslog Utility SALAD Tid tential cops t72 best a ni LAN Infertahian oO Ti Pathe AX Parhta Cehers Show Defame Aled TOPU Hit Vapor pour Wager hou Vipap er Kip ke Vie neuer Message TX pat RA Pate gieh wan De Gateway 2 C Pec bce Titock Wrage ated TOU W025 o a LOP T enag there Doe aoc raga attack UO e 25 2 S TOP reensay Terase pieke tta 192 166 1 a 5 ar TTI ERT aeaio aar OF kens T ikae a A A A AS 288 E Ar TOP Hena Teras ienr ak 0 E a 88 PER EAT LO Hens Tene S76 Sytem Timar Tinn nuy from the comer shih pes the oying apie Braer Tipe Ti
17. Cl Show Comment Available settings are explained as follows Item Description Enable Click this radio button to invoke this function However IP MAC which is not listed in IP Bind List also can connect to Internet Disable Click this radio button to disable this function All the settings on this page will be invalid Strict Bind Click this radio button to block the connection of the IP MAC which 1s not listed in IP Bind List ARP Table This table is the LAN ARP table of this router The information for IP and MAC will be displayed in this field Each pair of IP and MAC address listed in ARP table can be selected and added to IP Bind List by clicking Add below Select All Click this link to select all the items in the ARP table Sort Reorder the table based on the IP address Vigor2925 Series User s Guide 176 Dr ay Tek Refresh Refresh the ARP table listed below to obtain the newest ARP table information Add or Update IP Address Type the IP address that will be used for the specified MAC address Mac Address Type the MAC address that is used to bind with the assigned IP address Comment Type a brief description for the entry Show Comment Check this box to display the comment on IP Bind List box IP Bind List It displays a list for the IP bind to MAC information Add It allows you to add the one you choose from the ARP table or the IP MAC address typed in Add and Edit to the table of IP Bind List Update It
18. Classification Identifying low latency or crucial applications and marking them for high priority service level enforcement throughout the network Scheduling Based on classification of service level to assign packets to queues and associated service types The basic QoS implementation in Vigor routers is to classify and schedule packets based on the service type information in the IP header For instance to ensure the connection with the headquarter a teleworker may enforce an index of QoS Control to reserve bandwidth for HTTPS connection while using lots of application at the same time One more larger scale implementation of QoS network is to apply DSCP Differentiated Service Code Point and IP Precedence disciplines at Layer 3 Compared with legacy IP Precedence that uses Type of Service ToS field in the IP header to define 8 service classes DSCP is a successor creating 64 classes possible with backward IP Precedence compatibility In a QoS enabled network or Differentiated Service DiffServ or DS framework a DS domain owner should sign a Service License Agreement SLA with other DS domain owners to define the service level provided toward traffic from different domains Then each DS node in these domains will perform the priority treatment This is called per hop behavior PHB The definition of PHB includes Expedited Forwarding EF Assured Forwarding AF and Best Effort BE AF defines the four classes of delivery or forwa
19. Dray Tek Both filter rules have been created Click OK Firewall gt gt Fitter Setup gt gt Edit Filter Set Filter Set 2 Comments Default Data Filter Fitter Rule Comments Move Up Move Down MetBios gt ONS Down block all Down open_ip Down Down Down Down L4J Le Next Filter Set 9 Now all the settings are configured well Only the computers with the IP addresses within 192 168 1 10 192 168 1 20 can access to Internet Dr ay Tek 95 Vigor2925 Series User s Guide 3 11 How to Block Facebook Service Accessed by the Users via Web Content Filter URL Content Filter There are two ways to block the facebook service Web Content Filter and URL Content Filter Web Content Filter Benefits Easily and quickly implement the category website that you want to block Note License is required URL Content Filter Benefits Free flexible for customize webpage Note Manual setting e g one keyword for one website I Via Web Content Filter 1 Make sure the Web Content Filter powered by Commtouch license is valid CSM gt Web Content Filter Profile Web Filter License Activate Status Commtouch Start Date 2012 12 31 Expire Date 2013 01 08 Setup Query Server auto selected Find more setup Test Server auto selected Find more Web Content Filter Profile Table Setto Factory Default Profile Name Profile Name i Default 5 2 6 J 4 8 Administration Message Max 255
20. Sending Interval To avoid quota being exhausted soon type time interval for sending the SMS 3 After finishing all the settings here please click OK to save the configuration Object Settings gt SMS Mail Service Object SM5 Provider Mail Server Set to Factory Default Index Profile Name SMS Provider 1 Line _ down kotsms com tw TW Zz kotsms com tw TW a kotsms com tw TW Ps kateme com tar TUR Dray Te k 241 Vigor2925 Series User s Guide Customized SMS Service Vigor router offers several SMS service provider to offer the SMS service However if your service provider cannot be found from the service provider list simply use Index 9 and Index 10 to make customized SMS service The profile name for Index 9 and Index 10 are fixed Object Settings gt SMS Mail Service Object SMS Provider Mail Server Set to Factory Default Index Profile Name SMS Provider q kotsms com tw TW 2 kotsms com tw TW 3 kotsms com tw TW 4 kotsms com tw TW 5 kotsms com tw TW 6 kotsms com tw TW T kotsms com tw TW 8 kotsms com tw TW 9 Custom 1 10 Custom 2 You can click the number e g 9 under Index column for configuration in details Object Settings gt gt SMS Mail Service Object Profile Index 9 Profile Name Custom Service Provider Please contact with your SMS provide to get the exact URL String eg bulksms vsms net 5567 eapi submission send_sms 2 2 0 username 2 stxtUser s
21. User Access Log WAN Log Router DSL information AlertLog Setup Enable AlertLog Port 514 Authentication Enable E Mail Alert DoS Attack IM P2P VPN LOG Note 1 Mail Syslog cannot be activated unless USB Disk is ticked for Syslog Save to 2 Mail Syslog feature sends a Syslog file when its size reaches 1M Bytes 3 We only support secured SMTP c onnection on port 465 Available settings are explained as follows Item SysLog Access Setup Vigor2925 Series User s Guide Description Enable Check Enable to activate function of syslog Syslog Save to Check Syslog Server to save the log to Syslog server USB Disk Check USB Disk to save the log to the attached USB storage disk Router Name Display the name for such router configured in System Maintenance gt gt Management If there is no name here simply lick the link to access into System Maintenance gt gt Management to set the router name Server IP Address The IP address of the Syslog server Destination Port Assign a port for the Syslog protocol Mail Syslog Check the box to recode the mail event on Syslog Enable syslog message Check the box listed on this web page to send the corresponding message of firewall VPN User Access WAN Router DSL information to Syslog z DrayTek AlertLog Setup Check Enable to activate function of alert log AlertLog Port Type the port number for alert log The default setting is 514 Mai
22. Username Password Confirm Password Tunnel Broker Description Type the name obtained from the broker It is suggested for you to apply another username and password for http gogonet gogo6 com page freenet6 account The maximum length of the name you can set is 63 characters Type the password assigned with the user name The maximum length of the name you can set is 19 characters Type the password again to make the confirmation Type the address for the tunnel broker IP FQDN or an optional port number After finished the above settings click OK to save the settings Details Page for IPv6 AICCU in WAN1 WAN2 WANS3 WAN gt Internet Access WAN 1 PPPoE Internet Access Mode Connection Type AICCU Configuration O Always On Username Password Confirm Password Tunnel Broker Subnet Prefix Static or Dynamic IP PPTP IPvb AICCU v PO PO Pd Note If Always On is not enabled AICCU connection would only retry three times Available settings are explained as follows Dray Tek Item Always On Username Password Description Check this box to keep the network connection always Type the name obtained from the broker Please apply new account at http www sixxs net It is suggested for you to apply another username and password The maximum length of the name you can set is 19 characters Type the password assigned with the user name The maximum length of the password
23. VPN The VPN tunnel is active Qos The QoS function is active WCF On The Web Content Filter is active It is enabled from Firewall gt gt General Setup DMZ On The DMZ function is enabled Off The DMZ function is disabled The data is transmitting LED on Connector Left The port is connected WANI LED The port is disconnected vee The data is transmitting Right The port is connected with 1000Mbps LED Off The port is connected with 10 100Mbps Left The port is connected LANI LED Off The port is disconnected LANS Blinking The data is transmitting Right On The port is connected with 1OOOMbps LED Off The port is connected with 10 100Mbps Dr ay Tek 3 Vigor2925 Series User s Guide Peewee Tol Vigor2925 _aeae ee Fy A Et Dual WAN Security Router AST WANT QoS U BI WAN2 WCF UIB2 VPN OMZ WAN1 WAN2 Lane i 2 3 4 5 Interface i Description Factory Reset Restore the default settings Usage Turn on the router ACT LED is blinking Press the hole and keep for more than 5 seconds When you see the ACT LED begins to blink rapidly than usual release the button Then the router will restart with the factory default configuration USB1 USB2 Connecter for a USB device for 3G USB Modem or printer WANI WAN2 Connecter for local network devices or modem for accessing Internet LAN1I LAN5 Connecters for local network devices PWR Connecter for a power adapter ON OFF Power Switch Vigor2925 Series User s Guide
24. 137 TX Packets 186 Vigor2925 Series User s Guide 40 RX Bytes 19176 Gateway IP RX Bytes 33093 Dray Tek Detailed explanation for IPv4 is shown below Item Description LAN Status Primary DNS Displays the primary DNS server address for WAN interface Secondary DNS Displays the secondary DNS server address for WAN interface IP Address Displays the IP address of the LAN interface TX Packets Displays the total transmitted packets at the LAN interface RX Packets Displays the total received packets at the LAN interface WANI WAN2 WAN3 Enable Yes in red means such interface is available but Status not enabled Yes in green means such interface is enabled Line Displays the physical connection VDSL ADSL Ethernet or USB of this interface Name Display the name of the router Mode Displays the type of WAN connection e g PPPoE Up Time Displays the total uptime of the interface IP Displays the IP address of the WAN interface GW IP Displays the IP address of the default gateway TX Packets Displays the total transmitted packets at the WAN interface TX Rate Displays the speed of transmitted octets at the WAN interface RX Packets Displays the total number of received packets at the WAN interface RX Rate Displays the speed of received octets at the WAN interface Detailed explanation for IPv6 is shown below Item Description LAN Status IP Address Disp
25. Configure the Port number Cipher methods and Authentication as the settings defined above Then click OK Dr ay Tek 59 Vigor2925 Series User s Guide Checking the VPN Connection Status Now both ends router and remote PC are configured well 1 Access into the web user interface of Vigor router 2 Open VPN and Remote Access gt gt Connection Management to check the VPN connection status From the following figure we can know that the remote user can access the Vigor router s LAN successfully by using the username password jos jos VPN and Remote Access gt gt Connection Management Refresh Seconds 10 Refresh Dial out Tool Backup Mode a Load Balance Mode VPN Connection Status Current Page 1 Page No 6o Rx Rx Rate Pkts Bps 20 52 0 00 31 Drop Tx Pkts Tx Rate VPN Bps Type Remote IP Virtual Network UpTime 4 jos j Local User Database 188 188 188 188 via WAMI Openven AES SHAT Auth 192 168 1 11 92 14 52 irate eee wh a BEE y3 Pinging i 2 168 i i with 32 bytes of data From from from from from from Reply fron Vigor2925 Series User s Guide from y from 192 172 192 192 192 192 168 168 168 168 168 168 i E E ei pe p je p p p j jt E E E E E E E E E ei fk pe p fe pe jeie fk fa bytes 32 bytes 32 hbytes 32 bytes 32 z bytes 32 gt bytes 32 bytes 32 hbytes 32 byte
26. Enable Disable Mirror port p2 p3 O p4 Ops Mirrored port LI pi E p2 C P3 F p4 Lips Available settings are explained as follows Item Description Port Mirror Check Enable to activate this function Or check Disable to close this function Mirror Port Select a port to view traffic sent from mirrored ports Mirrored port Select which ports are necessary to be mirrored After finishing all the settings here please click OK to save the configuration Vigor2925 Series User s Guide 178 Dr ay Tek 4 2 7 Web Portal Setup This page allows you to configure a profile with specified URL for accessing into or display a message when a wireless LAN user connects to Internet through this router No matter what the purpose of the wireless LAN client is he she will be forced into the URL configured here while trying to access into the Internet or the desired web page through this router That is a company which wants to have an advertisement for its products to users can specify the URL in this page to reach its goal LAN gt Web Portal Setup Web Portal Table Profile Status 1E Disable 2 Disable a Disable 4 Disable Interface None None None None Each item is explained as follows Item Profile Status Interface Preview Description Display the number link which allows you to configure the profile Display the content Disable URL Redirect or Message of the profile Display the appl
27. Get Your Public IP Address from ISP In ADSL deployment the PPP Point to Point style authentication and authorization is required for bridging customer premises equipment CPE Point to Point Protocol over Ethernet PPPoE connects a network of hosts via an access device to a remote access concentrator or aggregation concentrator This implementation provides users with significant ease of use Meanwhile it provides access control billing and type of service according to user requirement When a router begins to connect to your ISP a serial of discovery process will occur to ask for a connection Then a session will be created Your user ID and password is authenticated via PAP or CHAP with RADIUS authentication system And your IP address DNS server and other related information will usually be assigned by your ISP Network Connection by 3G USB Modem For 3G mobile communication through Access Point is popular more and more Vigor2925 adds the function of 3G network connection for such purpose By connecting 3G USB Modem to the USB port of Vigor2925 it can support HSDPA UMTS EDGE GPRS GSM and the future 3G standard HSUPA etc Vigor2925n with 3G USB Modem allows you to receive 3G signals at any place such as your car or certain location holding outdoor activity and share the bandwidth for using by more people Users can use four LAN ports on the router to access Internet Also they can access Internet via 802 1 1n wireless function of V
28. Management Reboot System Firmware Upgrade and Activation Below shows the menu items for System Maintenance System Maintenance 4 17 1 System Status The System Status provides basic network settings of Vigor router It includes LAN and WAN interface information Also you could get the current running firmware version or firmware related information from this presentation System Status Model Name Vigor2925n Firmware Version 3 7 3 Build Date Time Oct 9 2013 16 02 43 MAC Address IP Address Subnet Mask DHCP Server LAMI O0 10 44 B3 85 E8 192 168 1 1 255 255 255 0 No LAN O0 10 44 B3 65 E8 192 165 2 1 255 255 255 0 Yes LANA 00 10 4A B3 85 E8 192 168 3 1 255 255 255 0 Yes LAM O0 10 44 B3 85 E8 192 168 4 1 255 255 255 0 Yes LAK S OU 10 44 B3 65 E8 192 168 5 1 255 255 255 0 Yes OMZ PORT O0 10 44 B3 85 E8 192 168 6 1 255 255 255 0 Yes IP Routed Subnet O0 10 44 B3 65 E8 192 168 0 1 255 255 255 0 Yes Wireless LAN MAC Address Frequency Domain Firmware Version NO 1D 44 B3 85 E6 Europe 295 011 Link Status MAC Address Connection IP Address Default Gateway Disconnected OS Pelee tse EE Disconnected 00 10 44 B3 85 EA Disconnected Dn ako eh le Sita ee Address Scope Internet Access Mode LAN FESO 210 44FF FEBS 3568 64 Link User Mode is OFF now Dray Tek 383 Vigor2925 Series User s Guide Available settings are explained as follows Item Description Model Name Display the model name of the rout
29. No action will be taken towards fragmented packets Unfragmented Apply the rule to unfragmented packets Fragmented Apply the rule to fragmented packets Too Short Apply the rule only to packets that are too short to contain a complete header Specifies the action to be taken when packets match the rule Block Immediately Packets matching the rule will be dropped immediately Pass Immediately Packets matching the rule will be 208 Dray Tek Dray Tek Branch to other Filter Set Sessions Control MAC Bind IP Quality of Service Load Balance policy User Management APP Enforcement passed immediately Block If No Further Match A packet matching the rule and that does not match further rules will be dropped Pass If No Further Match A packet matching the rule and that does not match further rules will be passed through If the packet matches the filter rule the next filter rule will branch to the specified filter set Select next filter rule to branch from the drop down menu Be aware that the router will apply the specified filter rule for ever and will not return to previous filter rule any more The number typed here is the total sessions of the packets that do not match the filter rule configured in this page The default setting is 60000 Strict Make the MAC address and IP address settings configured in IP Object for Source IP and Destination IP be bound for applying such filter rule
30. Pv6 Static IPv6 Address configuration IPv6 Address Prefix Length Os ra Current IPv6 Address Table Index IPv6 Address Prefix Length Scope Static IPv6 Gateway configuration IPv Gateway Address EO Available settings are explained as follows Item Description Static IPv6 Address IPv6 Address Type the IPv6 Static IP Address configuration Prefix Length Type the fixed value for prefix length Add Click it to add a new entry Delete Click it to remove an existed entry Current IPv6 Address Display current interface IPv6 address Table Static IPv6 Gateway IPv6 Gateway Address Type your IPv6 gateway address Configuration here After finished the above settings click OK to save the settings Vigor2925 Series User s Guide 146 Dr ay Tek Details Page for IPv6 6in4 Static Tunnel in WAN1 WAN2 This type allows you to setup 6in4 Static Tunnel for WAN interface Such mode allows the router to access Pv6 network through IPv4 network However 6in4 offers a prefix outside of 2002 0 16 So you can use a fixed endpoint rather than any cast endpoint The mode has more reliability WAN gt gt Internet Access wa WAN 1 PPPoE Static or Dynamic IP PPTP L2TP IPvb Internet Access Mode Connection Type bind Static Tunnel 6in4d Static Tunnel Remote Endpoint IPv4 Address Po Tunnel TTL 255 default 255 Available settings are explained as follows Item Description Remote Endpoint IP v
31. Then click Next to continue Quick Start Wizard PPTP Client Mode WAN 2 Enter the user name password WAN IP configuration and PPTP server IP provided by your ISP User Name Password Confirm Password WAN IP Configuration SAT Taec Obtain an IP address automatically Specify an IP address IP Address Subnet Mask Gateway Primary DNS Second DNS PPTP Server 192 165 3 100 255 255 255 0 192 168 3 1 Available settings are explained as follows Item User Name Password Confirm Password WAN IP Configuration PPTP Server L2TP Server Back Next Cancel Vigor2925 Series User s Guide Description Assign a specific valid user name provided by the ISP Note The maximum length of the user name you can set is 63 characters Assign a valid password provided by the ISP Note The maximum length of the password you can set is 62 characters Retype the password Obtain an IP address automatically the router will get an IP address automatically from DHCP server Specify an IP address you have to type relational settings manually IP Address Type the IP address Subnet Mask Type the subnet mask Gateway Type the IP address of the gateway Primary DNS Type in the primary IP address for the router Second DNS Type in secondary IP address for necessity in the future Type the IP address of the server Click it to return to previous setting page Click it
32. This page allows you to bind several service types into one group Objects Setting gt Service Type Group Serice Type Group Table Set to Factory Default Group Name Group Name 18 19 ee ee ee ee fa h la la l le S le B is ie m ie ie e is e IS l2 S l le S amp l S e S gt Available settings are explained as follows Item Description Set to Factory Default Clear all profiles Index Display the profile number that you can configure Name Display the name of the group profile To set a new profile please do the steps listed below 1 Click the number e g 1 under Group column for configuration in details 2 The configuration page will be shown as follows Objects Setting gt Service Type Group Setup Profile Index 1 Available Service Type Objects Selected Service Type Objects Available settings are explained as follows Vigor2925 Series User s Guide 234 Dr ay Tek Item Description Name Type a name for this profile Available Service All the available service objects that you have added on Type Objects Objects Setting gt gt Service Type Object will be shown in this box Selected Service Type Click gt gt button to add the selected IP objects in this box Objects 3 After finishing all the settings please click OK to save the configuration 4 8 7 Keyword Object You can set 200 keyword object profiles for choosing as black white list in CSM gt gt URL Web Content Filte
33. WAN 6 Status Enable Line Name Mode Up Time Application Yes Ethernet 00 00 00 Management IP GW IP TX Packets TX Rate Bps RX Packets RX Rate Bps aan iia 0 0 0 0 WAN 7 Status Enable Line Name Mode Up Time Application Yes Ethernet e 00 00 00 Management IP GW IP TX Packets TX Rate Bps RX Packets RX Rate Bps nen mea 0 0 0 0 2 8 Saving Configuration Each time you click OK on the web page for saving the configuration you can find messages showing the system interaction with you j TON sta Ready indicates the system is ready for you to input settings Settings Saved means your settings are saved once you click Finish or OK button Vigor2925 Series User s Guide 42 Dray Tek 2 9 Registering Vigor Router You have finished the configuration of Quick Start Wizard and you can surf the Internet at any time Now it is the time to register your Vigor router to MyVigor website for getting more service Please follow the steps below to finish the router registration 1 Please login the web configuration interface of Vigor router by typing admin admin as User Name Password DrayTek ME E Username Password Group 2 Click Support Area gt gt Production Registration from the home page Area Product Regist 3 A Login page will be shown on the screen Please type the account and password that you created previously And click Login Please take a moment to register Membership Registration entitles yo
34. address Select Mac Address if this object contains Mac address Range Address Any Address single Address Range Address subnet Address Mac Address Mac Address Type the MAC address of the network card which will be controlled Start IP Address Type the start IP address for Single Address type End IP Address Type the end IP address if the Range Address type is selected Prefix Len Type the number e g 64 for the prefix length of IPv6 address Invert Selection If it is checked all the IPv6 addresses except the ones listed above will be applied later while it is chosen Vigor2925 Series User s Guide 230 Dr ay Tek 3 After finishing all the settings please click OK to save the configuration 4 8 4 IPv6 Group This page allows you to bind several IPv6 objects into one IPv6 group Objects Setting gt gt IPv6 Group IPv6 Group Table Setto Factory Default Index Name Index Name ir 18 kh hk _h ke hk k k 2 3 _ i e la l 2 l8 ie e m iS ie e i e IS S le le le S amp le le e S S e e e Available settings are explained as follows Item Description Set to Factory Default Clear all profiles Index Display the profile number that you can configure Name Display the name of the group profile To set a new profile please do the steps listed below 1 Click the number e g 1 under Index column for configuration in details 2 The configuration page will be shown as follows O
35. j Fo s 4 i a i q io L e F e Your reliable networking solutions partner User s Guide V1 3 Vigor2925 Series User s Guide ii Dr ay Te k Vigor2925 Series Dual WAN Security Router User s Guide Version 1 3 Firmware Version V3 7 3 For future update please visit DrayTek web site Date 29 10 2013 Dray Te k ili Vigor2925 Series User s Guide Copyright Information Copyright Declarations Trademarks Copyright 2013 All rights reserved This publication contains information that is protected by copyright No part may be reproduced transmitted transcribed stored in a retrieval system or translated into any language without written permission from the copyright holders The following trademarks are used in this document Microsoft is a registered trademark of Microsoft Corp Windows Windows 95 98 Me NT 2000 XP Vista and Explorer are trademarks of Microsoft Corp Apple and Mac OS are registered trademarks of Apple Inc Other products may be trademarks or registered trademarks of their respective manufacturers Safety Instructions and Approval Safety Instructions Warranty Be a Registered Owner Firmware amp Tools Updates Vigor2925 Series User s Guide Read the installation guide thoroughly before you set up the router The router is a complicated electronic unit that may be repaired only be authorized and qualified personnel Do not try to open or r
36. length of the password you can set is 62 characters Specify an IP address Click this radio button to specify some data if you want to use Static IP mode IP Address Type the IP address Vigor2925 Series User s Guide 136 Dr ay Tek Subnet Mask Type the subnet mask Gateway IP Address Type the gateway IP address Default MAC Address Click this radio button to use default MAC address for the router Specify a MAC Address Some Cable service providers specify a specific MAC address for access authentication In such cases you need to click the Specify a MAC Address and enter the MAC address in the MAC Address field DNS Server IP Address Type in the primary IP address for the router if you want to use Static IP mode If necessary type in secondary IP address for necessity in the future After finishing all the settings here please click OK to activate them Details Page for PPTP L2TP in WAN1 WAN2 To use PPTP L2TP as the accessing protocol of the internet please click the PPTP L2TP tab The following web page will be shown WAN gt gt Internet Access WAN 1 PPPoE Static or Dynamic IP PPTP L2TP IPves QEnable PPTP Enable LATP Disable PPP Setup Server 4ddress fs PPP Authentication PAP or CHAP w Specify Gateway IP Address Idle Timeout seconds IP Address Assignment Method IPCP WAN IP Alias ISP Access Setup Fixed IP Yes No Dynamic IF Username aes e aa i Password Want Network Set
37. please click OK to save and exit this page Vigor2925 Series User s Guide 162 Dr ay Te k Details Page for LAN2 LAN5 and DMZ LAN gt gt General Setup DMZ Ethernet TCP IP and DHCP Setup Network Configuration Enable Disable DHCP Server Configuration Enable Server Disable Server For NAT Usage O For Routing Usage Enable Relay Agent IP Address 192 168 6 1 Start IP Address 1927 168 6 10 Subnet Mask 255 255 255 0 IP Pool Counts Gateway IP Address 192 168 6 1 Lease Time ots DNS Server IP Address Primary IP 4ddress 0 0 0 0 Secondary IP Address 0 0 0 0 Available settings are explained as follows Dray Tek Item Network Configuration DHCP Server Configuration Description Enable Disable Click Enable to enable such configuration click Disable to disable such configuration For NAT Usage Click this radio button to invoke NAT function For Routing Usage Click this radio button to invoke this function IP Address Type in private IP address for connecting to a local private network Default 192 168 1 1 Subnet Mask Type in an address code that determines the size of the network Default 255 255 255 0 24 DHCP stands for Dynamic Host Configuration Protocol The router by factory default acts a DHCP server for your network so it automatically dispatch related IP settings to any local user configured as a DHCP client It is highly recommended that you leave the router enabl
38. please feel free to send e mail to support Dray Tek com Vigor2925 Series User s Guide 432 Dr ay Te k
39. section Syslog Mail Alert for more detailed information Click Edit to open the following window However it is strongly recommended to use the default settings here http 192 168_1_1 docfipfedrady htm Windows Internet Explorer 192 168 1 1 Firewall gt gt Edit Filter Set gt gt Edit Filter Rule Filter Set 1 Rule 1 Advance Setting Codepage ANSI 1252 Latin Window size 65535 Session timeout 1440 Minute DrayTek Banner Strict Security Checking C APP Enforcement Codepage This function is used to compare the characters among different languages Choose correct codepage can help the system obtaining correct ASCII after decoding data from URL and enhance the correctness of URL Content Filter The default value for this setting is ANSI 1252 Latin 20 Dray Tek I If you do not choose any codepage no decoding job of URL will be processed Please use the drop down list to choose a codepage If you do not have any idea of choosing suitable codepage please open Syslog From Codepage Information of Setup dialog you will see the recommended codepage listed on the dialog box Dray Tek P Syslog Utility SSS E E EE SSS Toul Zetun Tell Remon deio Codepage informates Recovery Hetecak lnfannabon Hel State Windows Veron 30 2600 RECOMMENDED CODE AGE GA AHSDOEH Tred kcal hiis Dags Dia G Pe OD a en Ded a T SS SY by ea ea a Oe Oe Window siz
40. specify the fixed IP address here Do not change the default value if you do not select PPTP or L2TP Remote Gateway IP This field is only applicable when you select PPTP or L2TP with or without IPSec policy above The default value is 0 0 0 0 which means the Vigor router will get a remote Gateway PPP IP address from the remote router during the IPCP negotiation phase If the PPP IP address is fixed by remote side specify the fixed IP address here Do not change the default value if you do not select PPTP or L2TP Remote Network IP Remote Network Mask Add a Static route to direct all traffic destined to this Remote Network IP Address Remote Network Mask through the VPN connection For IPSec this 1s the destination clients IDs of phase 2 quick mode Local Network IP Local Network Mask Display the local network IP and mask for TCP IP configuration You can modify the settings if required More Add a static route to direct all traffic destined to more Remote Network IP Addresses Remote Network Mask through the VPN connection This is usually used when you find there are several subnets behind the remote VPN router 325 Vigor2925 Series User s Guide gt LAN to LAN Profile Windows Internet Explorer el 192 168 1 1 Profile Index 1 Remote Network Network IP Netmask 255 255 255 255 32 v RIP Direction The option specifies the direction of RIP Routing Information Protocol packets Yo
41. teM Data is encrypted HMERMEER Data isn t encrypted 3 5 How to Optimize the Bandwidth through QoS Technology Have you ever gotten any problems in uploading downloading files Voice video or email data only with the narrow districted bandwidth you may share from the common Internet connection line The advanced bandwidth management technology QoS Quality of Service helps you to well allocate the bandwidth upon your demand of Voice Video or Data transferring Let s see how to get the optimum bandwidth per your request by using DrayTek Vigor router as below Scenario The Internet connection you got from ISP line is 2MB 512Kb There are VoIP telephony network IPTV set top box and data server at your home Assume you want to allocate 30 of the bandwidth you got to VoIP demand 50 for IPTV 15 for mail data 5 for others Let s see how easily it is to do the setting as below 1 Open Bandwidth Management gt gt Quality of Service E a sions Limit andwidth Limit 2 You will get the following page Click the Edit link for Class 1 Bandwidth Management gt gt Quality of Service General Setup Setto Factory Default a Class Class Class E Online Index Status Bandwidth Direction Others Bandwidth ge 2 Statistics Control WAN Disable 101060 00Kbps 98180 00Kbps 259 25 255 259 Inactive Status Setup WAN Disable 100000Kbps 100000Kbps 25 25 25 25 Inactive Status Setup WANS Disable 100000Kbps
42. window Type in all the information that the window requests Then Dray Te k 337 Vigor2925 Series User s Guide Import Refresh View Delete GENERATE click Generate again Click this button to import a saved file as the certification information Click this button to refresh the information listed below Click this button to view the detailed settings for certificate request Click this button to delete selected name with certification information Click this button to open Generate Certificate Signing Request window Type in all the information that the window request such as certifcate name used for identifying different certificate subject alternative name type and relational settings for subject name Then click GENERATE again Certificate Management gt Local Certificate Generate Certificate Signing Request Certificate Name Subject Alternative Name Type IP Subject Name Country C State ST Location L Organization 0 Organization Unit OU Common Name CN Email E Key Type Key Size Po IP Address vw Note Please be noted that Common Name must be configured with rotuer s WAN IP or domain name After clicking GENERATE the generated information will be displayed on the window below Vigor2925 Series User s Guide 338 Dray Tek Certificate Management gt Local Certificate X909 Local Certificate Configuration Name Subject Status Modify ser
43. with the categories listed on the box below If the web pages do not match with the specified feature set here it will be processed with reverse action Log None There is no log file will be recorded for this profile Pass Only the log about Pass will be recorded in Syslog Block Only the log about Block will be recorded in Syslog All All the actions Pass and Block will be recorded in Syslog After finishing all the settings please click OK to save the configuration Dr ay Te k 259 Vigor2925 Series User s Guide 4 9 4 DNS Filter The DNS Filter monitors DNS queries on UDP port 53 and will pass the DNS query information to the WCF to help with categorizing HTTPS URL s Note For DNS filter must use the WCF service profile to filter the packets therefore WCF license must be activated first Otherwise DNS filter does not have any effect on packets CSM gt DNS Filter DNS Filter DNS Filter LJ Enable Syslog Cache Time hour Available settings are explained as follows Item Description DNS Filter Check Enable to enable such feature Syslog The filtering result can be recorded according to the setting selected for Syslog None There is no log file will be recorded for this profile Pass Only the log about Pass will be recorded in Syslog Block Only the log about Block will be recorded in Syslog All All the actions Pass and Block will be recorded in Syslog Service Set the
44. 202 211 100 10 or 203 98 200 10 which IP or mapping is decided by the internal load balancing algorithm With address mapping feature you can manually configure any host mapping to any WAN interface to fit the request In the above example you can configure NAT Host 1 to always map to 202 211 100 10 WAN1 Host 2 to always map to 202 211 100 11 WANT alias Host 3 always map to 203 98 200 10 WAN2 and Group 1 to always map to 202 211 100 10 WANI NAT Address Mapping function lets you specify the outgoing IP address es for one internal IP address or a block of internal IP addresses We will take an example to introduce how to make use of this feature 1 Log into the web user interface of Vigor2925 2 Open WAN gt gt Internet Access For WAN1 choose MPoA Static or Dynamic IP as the Access Mode WAN gt Internet Access Internet Access Access Mode Nore w Index Display Name Physical Mode WANI Ethernet IE Pvg Details Page IP56 Mone WAN Ethernet ibis PPPoE WANS USB Static or Dynamic IF PPTPIL2TP Note Only one WAN can support IP Vigor2925 Series User s Guide 102 Dr ay Te k 3 Click the Details Page of WAN 1 to open the following page From the above figure set main WAN IP address as 202 2 1 100 10 WAN gt Internet Access WAN 1 PPPoE Static or Dynamic IP Enable Disable Keep WAN Connection C Enable PING to keep alive PING Int
45. 225 4o AAP ODEO ee E E eee ee ee eee 225 AS 2 IP TOO ee E E E E 228 A6 3 PYS ODJOCI nee nen ne a e E E ENE eee eee 229 aM evo 616 A eee a mene A E E E E A S E E 231 4 8 5 Service Type Object ccccecccsseesceccceeeceeeeseeeceeeeeeeeeeeeeeeeeesseeeseeeeeesseeaeaeeeeeeeessssaaseeeeess 232 4 8 6 Service Type Group ccccccccsssssseccceececseeseeeceeeeeseeeseeeeeeesesaeasseeeeeeesssaageeeeeseessuaaeeeeeeees 234 4 8 7 Keyword Object ceeecccccccecceeeeeeeeeeeeeeaeesseeeeeeeessaeeeeseeeeeeesseaeseseeeeeeeseeaeeeeeeeessaaaaeeeeeess 235 4 8 8 Keyword GLOUD cccccecccccecceeeeeseeeeeeeeeeaeeseeeeeeeceeeaeeseeeeeeessueessseeeeeeesseaaaeeeeessseaageeeeeess 237 4 8 9 File Extension ObjeCt cccccceccceccceecceeeeeseeeeeesaeeseeeeeeeeeesaeesseeeeeeeseeaaeeeeeesessaaaseseeeees 238 4 8 10 SMS Mail Service ObjeCt cccccccccssseseecceeeceeseesseeeeeeceeeeeeeeeeeeessaeaseeceeeeessaaegeeeeeeees 240 ASTI INOUPCATON ODE Charne EEEE E EE EAEE 245 71 ieee Gre cde 9 lt eee ee ee en E E E ee E E 247 4 9 1 APP Enforcement Profile ircccccncecsans aecienenttedesnnassncbeddecseasnaddsanctdondsaantadbdensnahsisectaeauedceaadas 248 4 9 2 URL Content Filter Prt cici cizcntonraiscamertaiisnandsatsacneanieaniaoeaisnentnasbaeneoiignattnntuesdannwnadueanns 252 4 9 3 Web Content Filter Profile ccccccccsseeccceeeeeeeesseeeeeeeeeeeeeseeceeessaeeaeeeeeeeeessaeaseeseeeees 256 49A DNS RIGT penes EE E E EE eas 260 4 9 5 APPE
46. 25 Setup Query Server auto selected Find more Setup Test Server auto selected Find more Web Content Filter Profile Table Setto Factory Default Name Profile Name Default 4 6 i 2 Click Index 1 link to open the following page Disable all of the categories first Then enable Search Engine Portals and Social Networking Action Groups Categories Child Protection LJ alcohol amp Tobacco LI criminal Activity Gambling select All LJ Hate amp Intolerance illegal Drug C Nudity C Clear All J LJ Porn amp Sexually violence O Weapons Cl School Cheating Cl Sex Education Ll Tasteless Cl Child Abuse Images Leisure Solect All LJ entertainment Games Cl Sports Cl Travel Leisure amp Recreation LlFashion amp Beauty Clear All Business Select All Business L job Search LI Web based Mail Clear All Chating Select All Cl chat LJinstant Messaging Clear All Computer Internet Anonymizers Forums amp Newsgroups Computers Select All l LJ Phishing amp Fraud Clear All Sparn Sites LJ Hacking Vigor2925 Series User s Guide 118 Dr ay Tek 3 Click OK to save the configuration 4 A message box will appear It s a message which reminds that the priority of URL Content Filter is higher than Web Content Filter Just press OK button to continue Notice The priority of URL Content Filter ts higher than Web Content Filter 5 Open CSM gt gt DNS Filter Enable the DNS f
47. 277 O 24 777 d 22 777 F 23 777 al 24 777 F 25 779 C 26 77 C 27 277 a 28 77 F 29 777 F 30 777 F 3 777 d 32 777 F Next gt gt Available settings are explained as follows Item Set to Factory Default View Index User Active Dray Tek Description Click to clear all indexes All Click it to display the all of the user accounts Online Click it to display the online user accounts Offline Click it to display the offline user accounts Click the number below Index to access into the setting page of Remote Dial in User Display the username for the specific dial in user of the LAN to LAN profile The symbol represents that the profile is empty Check the box to activate such profile 313 Vigor2925 Series User s Guide Status Display the access state of the specific dial in user The symbol V and X represent the specific dial in user to be active and inactive respectively Click each index to edit one remote user profile Each Dial In Type requires you to fill the different corresponding fields on the right If the fields gray out it means you may leave it untouched The following explanation will guide you to fill all the necessary fields VPN and Remote Access gt gt Remote Dial in User Index No 1 User account and Authentication C Enable this account Idle Timeout 300 Allowed Dial In Type PPTP IPsec Tunnel L2TP with IPsec Policy SSL Tunnel
48. 65 1 35 203 65 1 35 Any Any Move Move Down Dest IP Src IP Start Src IP End Start Any Any Down UP Down UP Down UP Down UP Down UP Down UP Down UP Down UP Down UP Down Next gt gt Now the packets sent to the remote PC IP address 203 65 1 35 will be forcefully to pass through WANI 107 Vigor2925 Series User s Guide 3 14 How to Authenticate Clients via User Management Before using the function of User Management please make sure User Based has been selected as the Mode in the User Management gt gt General Setup page User Management gt General Setup General Setup Rule Based Llser Hased Web Authentication HTTPS Hotice User Management will refer to active rules in Data Filter as whitelists and blacklists In User based firewall mode Users match the above lists will not be required for authentication The firewall rules policy will still walid Otherwise authentication required for users not matched the above lists The firewall rules designated in the user profile s policy will still valid Landing Page Max 255 characters Preview Setto Factory Default thody states l gt lt script langquage jJavascript gt window Llocation http wm draytek com scripte body With User Management authentication function before a valid username and password have been correctly supplied a particular client will not be allowed to access Internet through the router There are three
49. Backup Static Route Wireless LAN 4 GHz VLAN General Setup Bind IF to MAC Security LAN Port Mirror Access Control Web Portal Setup WPS Load Balance Route WOS Dr ay Tek 37 Vigor2925 Series User s Guide 2 6 5 Web Console ee amp It is not necessary to use the telnet command via DOS prompt The changes made by using web console have the same effects as modified through web user interface The functions settings modified under Web Console also can be reviewed on the web user interface Click the Web Console icon on the top of the main screen to open the following screen http f192_168 1 1 docfconsole him Windows Intermet Explorer E hitp 0192 108 1 1 doctconsole him Type for command help gt 2 Valid commands are bpa csm ip ip object port quit show upnp usb wptl wol gt I Vigor2925 Series User s Guide ddns ipf portmaptime Srv wigbrg user 38 dos log ppa switch vlan nand internet msubnet qos testmail wan Dray Tek 2 6 6 Config Backup ate There is one way to store current used settings quickly by clicking the Config Backup icon It allows you to backup current settings as a file Such configuration file can be restored by using System Maintenance gt gt Configuration Backup Simply click the icon on the top of the main screen and a pop up dialog will appear Th FS Dia F085 90121084 ofe 6 9 KE HTE TE BEI TRE Au Click Save to store the settin
50. Backup Type will appear Please specify which WAN will be treated as the Backup WAN Active Mode Backup Load Balance M Owan 1 IWAN 20 WAN 3 Backup Type Only if acting as backup for When any of selected WAN disconnect multiple WAN O when all of selected WAN disconnect When any of selected WAN disconnect Such backup WAN will be activated when any master WAN interface disconnects When all of selected WAN disconnect Such backup WAN will be activated only when all master WAN interfaces disconnect 130 DrayTek Load Balance Check this box to enable auto load balance function for such WAN interface When the data traffic is large the WAN interface with the function enabled will balance the data transmission automatically among all of the WAN interfaces in connection status After finished the above settings click OK to save the settings 4 1 3 Internet Access For the router supports multi WAN function the users can set different WAN settings for WANI WAN2 WAN3 for Internet Access Due to different Physical Mode for WAN interface the Access Mode for these connections also varies Refer to the following figures WAN gt Internet Access Internet Access Index Display Name WANI WANZ WANS Access Mode Physical Mode Note Only one WAN can support IPv WAN gt Internet Access Internet Access Index Display Name WANT WAN WANS Note Only one WAN can support IPv
51. Configuration Protocol The router by factory default acts a DHCP server for your network so it automatically dispatch related IP settings to any local user configured as a DHCP client It is highly recommended that you leave the router enabled as a DHCP server if you do not have a DHCP server for your network If you want to use another DHCP server in the network other than the Vigor Router s you can let Relay Agent help you to redirect the DHCP request to the specified location Enable Server Let the router assign IP address to every host in the LAN Disable Server Let you manually assign IP address to every host in the LAN Enable Relay Agent Specify which subnet that DHCP server is located the relay agent should redirect the DHCP 159 Vigor2925 Series User s Guide request to DHCP Server IP Address It is available when Enable Relay Agent is checked Set the IP address of the DHCP server you are going to use so the Relay Agent can help to forward the DHCP request to the DHCP server Start IP Address Enter a value of the IP address pool for the DHCP server to start with when issuing IP addresses If the Ist IP address of your router is 192 168 1 1 the starting IP address must be 192 168 1 2 or greater but smaller than 192 168 1 254 IP Pool Counts Enter the maximum number of PCs that you want the DHCP server to assign IP addresses to The default is 50 and the maximum is 253 Gateway IP Address Enter
52. Give up the access control set up i Dray Tek Bandwidth Limit Status Click Enable to enable the function of bandwidth limit Upload Type the value as the uploading rate of data transmission Auto Adjustment Click Enable to make the router manage the bandwidth limit automatically Download Type the value as the downloading rate of data transmission Back Return to the previous setting page Cancel Cancel the setting configured on this page Finish Complete the configuration of this page 4 Continue to type the required information on this page When you finished the configuration click Finish A new WLAN profile has been created as follows External Device gt Access Point Devices Status WLAN Profile Set to Factory Default Cancel Dr ay Tek 425 Vigor2925 Series User s Guide e Trouble Shooting This section will guide you to solve abnormal situations if you cannot access into the Internet after installing the router and finishing the web configuration Please follow sections below to check your basic installation status stage by stage Checking if the hardware status is OK or not Checking if the network connection settings on your computer are OK or not Pinging the router from your computer Checking if the ISP settings are OK or not Backing to factory default setting if necessary If all above stages are done and the router still cannot run normally it is the time for you to cont
53. Item Description Filter Sessions Control Quality of Service Policy Route User Management APP Enforcement Vigor2925 Series User s Guide Select Pass or Block for the packets that do not match with the filter rules Filter The number typed here is the total sessions of the packets that do not match the filter rule configured in this page The default setting is 60000 Choose one of the QoS rules to be applied as firewall rule For detailed information of setting QoS please refer to the related section later Choose the WAN interface for applying Policy Route Auto Select Auto S el ect Such item is available only when Rule Based is selected in User Management gt gt General Setup The general firewall rule will be applied to the user user group all users specified here User Object Create New User User Group Create Mew Group ALL Note When there is no user profile or group profile existed Create New User or Create New Group item will appear for you to click to create a new one Select an APP Enforcement profile for global IM P2P application blocking If there is no profile for you to select please choose Create New from the drop down list in this page to create a new profile All the hosts in LAN must follow the standard configured in the APP Enforcement profile selected here For detailed information refer to the section of APP Enforcement profile setup For troubleshooting
54. Item Description Index Click the index number link to open the detailed configuration page for the selected entry Dr ay Tek 419 Vigor2925 Series User s Guide Clear Click it to remove all the settings modified in this page Refresh Click it to refresh current page Index Click the number index to open the settings page of the Device Name device Display the name of the device IP Address Display the IP address of the device SSID Display the SSID configure by the device Encryption Display the encryption method used by the device Ch Channel Display the channel used by the device WL Client Display the number of the host wireless client connecting to such AP device Version Display firmware version used by the device Password Click the button to review edit the username and password of the device F 192 1681 ifdoc apdeviceanth him Google Chr 192 168 1 Moclapdeviceenth hi Usemame admin Password WLAN Profile This page can be used to configure five different WLAN profiles which can be applied to the connected AP devices The WLAN profile can be used for connected Vigor Access Point only External Device gt Access Point Devices Status WLAN Profile Set to Factory Default Default DrayTek LAN A WPA WPA2 PSK Enable None None Sea o Cancel Available settings are explained as follows Item Description Vigor2925 Series User s Guide 420 Dr ay Tek Set to Factory Default Cle
55. Management Do another VPN Server Wizard Setup View more detailed configuration Vigor2925 Series User s Guide Description Click this radio button to access VPN and Remote Access gt gt Connection Management for viewing VPN Connection status Click this radio button to set another profile of VPN Server through VPN Server Wizard Click this radio button to access VPN and Remote Access gt gt LAN to LAN for viewing detailed configuration 300 Dray Tek 4 12 2 VPN Server Wizard Such wizard is used to configure VPN settings for VPN server Such wizard will guide to set the LAN to LAN profile for VPN dial in connection from client to server step by step 1 Open VPN and Remote Access gt gt VPN Server Wizard The following page will appear VPN and Remote Access gt gt VPN Server Wizard Choose VPN Establishment Environment VPN Server Mode Selection Please choose a LAN to LAN Profile Please choose a Dial in User Accounts Allowed Dial in Type Remote Dial in User Teleworker v CI PPTP IPsec C L2TP with IPsec Policy Available settings are explained as follows Item VPN Server Mode Selection Please choose a LAN to LAN Profile Dray Tek Description Choose the direction for the VPN server Site to Site VPN To set a LAN to LAN profile automatically please choose Site to Site VPN Remote Dial in User You can manage remote access by maintaining a table of remote user profile so
56. OpenVPN Tunnel L Specify Remote Node Remote Client IP or Peer D O Netbios Naming Packet Multicast via VPN Pass Block Pass Block 77 Username Password second s l s L Enable Mobile One Time Passwords mOTP IKE Authentication Method Pre Shared Key Cl Digital Signature x 509 IPsec Security Method Medium AH High ESP DES 3DES AES ee Local ID optional for some IGMP IP Camera DHCP Relay etc Subnet L Assign Static IP Address booo ___ Available settings are explained as follows Item User account and Authentication Allowed Dial In Type Vigor2925 Series User s Guide Description Enable this account Check the box to enable this function Idle Timeout If the dial in user is idle over the limitation of the timer the router will drop this connection By default the Idle Timeout is set to 300 seconds PPTP Allow the remote dial in user to make a PPTP VPN connection through the Internet You should set the User Name and Password of remote dial in user below IPSec Tunnel Allow the remote dial in user to make an IPSec VPN connection through Internet L2TP with IPSec Policy Allow the remote dial in user to make a L2TP VPN connection through the Internet You can select to use L2TP alone or with IPSec Select from 314 Dray Tek Dray Tek Subnet below None Do not apply the IPSec policy Accordingly the VPN connection
57. Payload ESP means payload data will be encrypted and authenticated You may select encryption algorithm from Data Encryption Standard DES Triple DES 3DES and AES After finishing all the settings here please click OK to save the configuration Dray Te k 309 Vigor2925 Series User s Guide 4 12 6 IPSec Peer Identity To use digital certificate for peer authentication in either LAN to LAN connection or Remote User Dial In connection here you may edit a table of peer certificate for selection As shown below the router provides 64 entries of digital certificates for peer dial in users VPN and Remote Access gt IPsec Peer Identity 4909 Peer ID Accounts Setto Factory Default Index Name Status Index Name Status 1 777 x if TFT x 2 x 18 x 3 x 19 x 4 777 X 20 777 4 ke FTF xX Z1 77 x 6 x 22 777 x T x 23 x a x 24 A 9 7997 FA 25 777 FA 10 777 x 26 x 11 x 27 x 12 Tar ki 20 of x 13 T77 x 29 TFF x 14 T77 k 30 T77 x 15 x 31 x 16 2 x 32 x lt lt 1 32 33 64 gt gt Next Available settings are explained as follows Item Description Set to Factory Default Click it to clear all indexes Index Click the number below Index to access into the setting page of IPSec Peer Identity Name Display the profile name of that index Click each index to edit one peer digital certificate There are three security levels of digi
58. Rename Properties i 3 Select Internet Protocol TCP IP and then click Properties ethO Properties General Authentication Advanced Connect using Ea ASUS Tek Broadcom 440 10 100 r ae i This connection uses the following tems cd el Client for Microsoft Networks wl B File and Printer Sharing for Microsott Networks dE QoS Packet Scheduler mg Internet Protocol TCPAP lrstall areta Properties Description Transmission Control Protocollntermnet Protocol The default Wide area network protocol that provides communicator across diverse interconnected networks Show icon in notiication area when connected Notify me when this connection has limited or no connectivity Dr ay Tek 427 Vigor2925 Series User s Guide Vigor2925 Series User s Guide 4 Select Obtain an IP address automatically and Obtain DNS server address automatically Internet Protocol TCP IP Properties General _Altemate Configuration es You can get IP settings assigned automatically if your network supports this capability Othenwse you need to ask your network administrator for the appropriate IP settings Obtain an IP address automatically O Use the following IP address IPJ f For Mac OS 1 Double click on the current used Mac OS on the desktop 2 Open the Application folder and get into Network 3 On the Network scr
59. Settings 56 Mode Mixed liatling 121 Vigor2925 Series User s Guide Note Apply to All APs can automatically apply the settings on Default profile to all of the access points registered to Vigor2925 later Hence it is not necessary for you to manually apply wireless profiles for APs respectively Such feature will be convenient for people who want to quickly deploy multiple Vigor APs in a large exhibition to reach the goal of plug and play and zero configuration 4 The following page allows you to modify related settings for 2 4G SSID of managed AP Make the changes you want for 2 4G SSID Click Next for next page External Device gt gt Access Point Devices 5101 SSID2 SSIDS SSID4 Enable Disable DrayTek LAN A Lan A C Hide SSID o untag Security Settings WP ATPAAIPGK w Set up RADIUS Server if 802 1 is enabled WPA WPA Algorithms OTKIPF AES TKIP AES Pass Phrase Encryption Key Renewal Interval Seconds PMK Cache Period Miniutes Pre 4uthentication Enable Disable WEP Setup WEP Key if WEP is enabled a02 1 WEP Enable Disable Access Control Client s MAC Address E AE A J Bandwidth Limit Vigor2925 Series User s Guide 122 Dr ay Te k 5 The following page is offered for you to modify related settings for 5G SSID of managed AP Continue to make any changes you want After finished all of the changes simply click Finish External Device gt gt Access Point Device
60. Streaming Downloads Phishing amp Fraud Clear AIl L Search Engine Portals L Spam Sites L Malware L Botnets LJ Hacking LJillegal Software LJInformation Security J Peer to Peer Other Ll Adv amp Pop Ups F Arts L Transportation Select All L compromised L Dating amp Personals LJ Education 3 Enable this profile in Firewall gt gt General Setup gt gt Default Rule Firewall gt gt General Setup General Setup General Setup Default Rule Actions for default rule Application Action Profile Syslog Sessions Control 65 60000 Quality of Service None Load Balance policy Auto Select User Management Mone APF Enforcement Mone URL Content Filter Mone Web Content Filter 1 Default Advance Setting 1 Default i lt m e N Dr ay Te k 97 Vigor2925 Series User s Guide 4 Next time when someone accesses facebook via this router the web page would be blocked and the following message would be displayed instead The requested Web page from 192 166 2 114 to weaw facebook com that is categorized with Social Networking has been blocked by Web Content Filter Please contact your system administrator for further information Fowered by DrayTek ll Via URL Content Filter A Block the web page containing the word of Facebook 1 Open Object Settings gt gt Keyword Object Click an index number to open the setting page 2 Inthe field of Contents please type faceb
61. Support LIS Me sisccacedeconuas sactessanseccantedeuceces sahesteesuvensenedyceaeshddoasteenmeunvausineetcesanenesestnes 261 4 10 Bandwidth Management snicsscenciesveransenseedeasavensdersdnevaiseunseduacedvancenawesnenanansedsdantensideureewiacents 262 AOT fens On 9 a ae ee eee 262 ry 0 ag 3 cte eling Ea eee enn E ne re E E eee ee eee 264 AROE AEE A ew 16 e ene ee ne E E ee ee ene ee 265 AMA FONG AOI S eeren nen dauanawesiniutines inanentnannunds R O 274 4 11 1 Dynamic DNS 200 ccecccccccceeeeeeeeeaeeeeeeeeeaeeeeeeeeseeesceeessaaseceeessaeseeessaaaeeeesssaaeeeeeessegeeeees 274 ATZEAN DN eeen E E E E 277 4T OC WN ON e ee E dada ecirsunce bee dieconcleseccarteoetncapecazess 279 A Me a YS eer E E EE E E EERS 282 411 5 Active Directory LDAP ta crater ticmarnaacsinnct nna etiieddanetnedsueniahcsnectoutatenebnetanivaaasdnecaxtsnsetinidaden 282 Me Mig UPAR es Sees ae eee ye cee octets E ee ane talg deme ealed fee esme seal dade deieeetatandnests 285 MMi UN e cect ened Meera alginic EE tec cetaeaiad deed etme seaieseeaeioneceetoenets 287 ATS Wake on LAN sate eter ees E E E 288 4 11 9 SMS Mail Alert SOR ICC sicccic ciinnnessuraniaaassaosants cian tneeueennansdauiosiedaneuedasiueeueanidenesiseanduinaddsions 289 AT O TO FANON eee E E E R E E E 291 4 12 VPN and Remote ACCESS cccccseeceeceeeeeeeeeeeeeeeeeeeeseeeeeesseeeeseeeeessaseeessneeessagsesenseneeeeas 294 AA PIN GIS N ea 294 4 122 VPN Sevel Wizard sson aa E E 301 4 123 Remote ACCESS Contro
62. TSPC service Note While using such mode you have to make sure the Pv4 network connection is normal In the following figure the TSPC information is obtained from http gogo6 com after applied for the service WAN gt gt Internet Access WAN 2 PPPoE Static or Dynamic IP PPTP L2TP IPvG Internet Access Mode TSPC Configuration Password Confirm Password Tunnel Broker Click OK and open Online Status If the connection is successful the physical connection will be shows as follows Online Status System Uptime 0 2 3 Physical Connection LAN Status IP Address 2001 5c0 1502 D002 ee E TX Packets RX Packets TX Bytes RX Bytes mis 121 15596 10249 WAN IPvG Status Enable i Up Time 0 01 40 Gateway IP 2001 5C0 1400 8 10897125 Global reS E i z Pir TX Packets RX Packets RX Bytes 127 5q 15866 Vigor2925 Series User s Guide 50 Dr ay Tek Dray Tek AICCU Tunnel application Choose AICCU and type the information for AICCU of IPv6 Note While using such mode you have to make sure the IPv4 network connection is normal In the following figure the AICCU information is obtained from https www sixxs net main after applied for the service WAN gt Internet Access WAN 2 PPPoE Static or Dynamic IP PPTPIL2TP Internet Access Mode Connection Type Alccu ka AICCU Configuration O Always On Username Password Confirm Password Tunnel Broker Su
63. Time Quota bo mir Default Data Quota bo e Vigor2925 Series User s Guide 114 Dr ay Te k 4 If the Time Quota is set with 0 minute you will get the following message which means this account has no time quota teconntiuger Faseyvord eer se time is up or it has not enough time quota If the Time Quota is enabled and time is not 0 minute User Management gt gt User Profile Profi le Index 3 Enable He oui Wiser Name Password Confirm Password Idle Timeout mings O Unlimited Mas User Login O Unlimited Policy Default The selection of items could be created as rules and which not set to active External Server Authentication Log Pop Browser Tracking Window Authentication Landing Page Indes 1 151in Schedule Setup Reset quota to default when scheduling time expired C Enable Default Time Quota lo min Default Data Quota o MB ok Refresh ciar _ _Cancel_ You will get the following message The expired time is shown after you login uger P a P Saor d EEEE bot kot User login successful expired time ig 12 23 10 21 33 After you run out the available time you can t use this account any more until the administrator manually adds additional time for you Dr ay Te k 115 Vigor2925 Series User s Guide Authentication via Vi
64. Time button to set the Vigor router s clock to current time of your PC The clock will reset once if you power down or reset the router There is another way to set up time You can inquiry an NTP server a time server on the Internet to synchronize the router s clock This method can only be applied when the WAN connection has been built up Applications gt gt Schedule Schedule Setto Factory Default Index Status Index Status 1 x 9 x 2 X 10 x 3 x 11 x 4 x 12 x 5 x 13 x 6 x 14 x E x 15 x a x Status v Active x Inactive Each item is explained as follows Item Description Set to Factory Default Clear all profiles and recover to factory settings Index Click the number below Index to access into the setting page of schedule Status Display if this schedule setting is active or inactive You can set up to 15 schedules Then you can apply them to your Internet Access or VPN and Remote Access gt gt LAN to LAN settings To add a schedule 1 Click any index say Index No 1 2 The detailed settings of the call schedule with index 1 are shown below Applications gt gt Schedule Index No 1 Start Date yyyy mm dd Start Time hh mm Duration Time hh mm Action Idle Timeout lo minute s max 255 0 for default How Often Once Weekdays LC Sun Mon Tue Wed Thu Fri O Sat Available settings are explained as follows Vigor2925 Series User s Guide 280 Dr ay Te
65. Vigor2925 Series User s Guide 204 Dr ay Te k 4 6 3 Filter Setup Click Firewall and click Filter Setup to open the setup page Firewall gt gt Filter Setup Filter Setup Setto Factory Default Set Comments Set Comments Default Call Filter i 2 Default Data Filter Oo 3 J 4 10 J 11 6 12 To edit or add a filter click on the set number to edit the individual set The following page will be shown Each filter set contains up to 7 rules Click on the rule number button to edit each rule Check Active to enable the rule Firewall gt gt Filter Setup gt Edit Filter Set Filter Set 1 Comments Default Call Filter Filter Rule Active Comments Move Up Move Down Block NetBios Down O UP Down O UP Down O UP Down O UP Down O UP Down E E Next Filter Set Available settings are explained as follows Item Description Filter Rule Click a button numbered 1 7 to edit the filter rule Click the button will open Edit Filter Rule web page For the detailed information refer to the following page Active Enable or disable the filter rule Comment Enter filter set comments description Maximum length is 23 character long Move Up Down Use Up or Down link to move the order of the filter rules Next Filter Set Set the link to the next filter set to be executed after the current filter run Do not make a loop with many filter sets To edit Filter Rule click the Filter Rule index button to enter the F
66. Vigor2925 can access into the USB storage device by typing ftp 192 168 1 1 on any browser They can add or remove files directories depending on the Access Rule for FTP account settings in USB Application gt gt USB User Management Dray Tek 63 Vigor2925 Series User s Guide 3 4 How to Build a LAN to LAN VPN Between Remote Office and Headquarter via IPSec Tunnel Main Mode IPSec Tunnel n 3 l T ka ae a see Ry at See Fiat Internet Head Office Branch Office WAN 218 242 133 91 WAN 218 242 130 119 L72 17 1 0 24 192 168 1 0 24 Configuration on Vigor Router for Head Office 1 Log into the web user interface of Vigor router 2 Open VPN and Remote Access gt gt LAN to LAN to create a LAN to LAN profile VPN and Remote Access gt gt LAN to LAN LAN to LAN Profiles Setto Factory Default View All OOnline Offline Trunk fC Search Index Name Active Status Index Name Active Status E 1 2a d ane 17 C n 2 7 d Hes 18 C Sei 3 eee LI a 19 C 4 777 ad 20 C _ 5 F 21 F z 6 d eeg 22 C pi l 777 L 23 O ee 3 Click any index number to open the configuration page Type a name which is easy for identification for such profile in this case type VPN Server and check the box of Enable This Profile For Vigor router will be set as a server the call direction shall be set as Dial in and set 0 as Idle Timeout VPN and Remote Ac
67. WAN port is enabled After finished the above settings click OK to save the settings WAN1 WAN2 with Ethernet WANI WAN2 is fixed with physical mode of Ethernet WAN gt General Setup WAN 1 Enable Physical Mode Ethernet Physical Type Auto negotiation w Line Speed Kbps DownLink lo UpLink lo VLAN Tag insertion Disable Please configure Internet Access setting first Tag value lo O 4095 Priority lo O 7 Active Mode Load Balance C WAN 1 wan 2 F WAN 3 re he E E E When any of selected WAN disconnect multiple WAN When all of selected WAN disconnect Note 1 The line speed setting of WAN interface is avaialbe only when According to Line Speed is selected as the Load Balance Mode Cancel Available settings are explained as follows Item Description Enable Choose Yes to invoke the settings for this WAN interface Choose No to disable the settings for this WAN interface Display Name Type the description for such WAN interface Physical Mode Display the physical mode of such WAN interface Physical Type You can change the physical type for WAN2 or choose Auto negotiation for determined by the system Vigor2925 Series User s Guide 128 Dr ay Tek Dray Tek Line Speed VLAN Tag insertion Active Mode Backup Type Auto negotiation Auto neg otiation 10M half duplex TOM full duplex TOOM half duplex TOOM full duplex Ci 1000 full duplex If your choose Acc
68. a value of the gateway IP address for the DHCP server The value is usually as same as the Ist IP address of the router which means the router 1s the default gateway Lease Time Enter the time to determine how long the IP address assigned by DHCP server can be used DNS Server IP Address DNS stands for Domain Name System Every Internet host must have a unique IP address also they may have a human friendly easy to remember name such as www yahoo com The DNS server converts the user friendly name into its equivalent IP address Primary IP Address You must specify a DNS server IP address here because your ISP should provide you with usually more than one DNS Server If your ISP does not provide it the router will automatically apply default DNS Server IP address 194 109 6 66 to this field Secondary IP Address You can specify secondary DNS server IP address here because your ISP often provides you more than one DNS Server If your ISP does not provide it the router will automatically apply default secondary DNS Server IP address 194 98 0 1 to this field The default DNS Server IP address can be found via Online Status Online Status Physical Connection System Uptime 22 22 45 IPv4 IPv6 LAN Status Primary DNS 8 8 8 8 Secondary DNS 8 8 4 4 IP Address TX Packets RX Packets 192 168 1 1 0 41533 If both the Primary IP and Secondary IP Address fields are left empty the router will assign its own IP address to local users
69. akan a mail server for receiving the 89 Vigor2925 Series User s Guide 5 Now you have created an account successfully Click START Create an account Please enter personal profile Completion EFAsreement A confirmation email has been sent to mary_ted tech com Please click on the activation link in the email Personal Information to activate your account E rreferences AR 6 Check to see the confirmation email with the title of New Account Confirmation Letter from myvigor draytek com wkk This is an automated message trom myvigor draytek con Thank you Mary for creating an account Please click on the activation link below to actrvate your account Link Activate my Account 7 Click the Activate my Account link to enable the account that you created The following screen will be shown to verify the register process is finished Please click Login Register Search for this site Register Confirm The Confirm message of New Owner Mary maybe timeout Please try agam or contact to draytek_com Vigor2925 Series User s Guide 90 Dray Te k Dray Tek 8 When you see the following page please type in the account and password that you just created in the fields of UserName and Password Then type the code in the box of Auth Code according to the value displayed on the right side of it Please take a moment to register Membership Registration entitles you to upgrade firmware for your
70. allows you to edit and modify the selected IP address and MAC address that you create before Delete You can remove any item listed in IP Bind List Simply click and select the one and click Delete The selected item will be removed from the IP Bind List Note Before you select Strict Bind you have to bind one set of IP MAC address for one PC If not no one of the PCs can access into Internet And the web user interface of the router might not be accessed When you finish the configuration click OK to save the settings Dr ay Te k 177 Vigor2925 Series User s Guide 4 2 6 LAN Port Mirror LAN port mirror can be applied for the users in LAN Generally speaking this function copies traffic from one or more specific ports to a target port This mechanism helps manager track the network errors or abnormal packets transmission without interrupting the flow of data access the network By the way user can apply this function to monitor all traffics which user needs to check There are some advantages supported in this feature First it is more economical without other detecting equipments to be set up Second it may be able to view traffic on one or more ports within a VLAN at the same time Third it can transfer all data traffics to be mirrored to one analyzer connect to the mirroring port Last it is more convenient and easy to configure in user s interface LAN gt LAN Port Mirror LAN Port Mirror Port Mirror
71. amp password txtPwd 8 amp msisdn txtDest amp message txtMsg username DO f Password f Quota Sending Interval seconds Available settings are explained as follows Item Description Profile Name Display the name of this profile It cannot be modified Service Provider Type the website of the service provider Type the URL string in the box under the filed of Service Provider You have to contact your SMS provider to obtain the exact URL string Vigor2925 Series User s Guide 242 Dr ay Te k Username Type a user name that the sender can use to register to selected SMS provider The maximum length of the name you can set is 31 characters Password Type a password that the sender can use to register to selected SMS provider The maximum length of the password you can set is 31 characters Quota Type the total number of the messages that the router will send out Sending Interval Type the shortest time interval for the system to send SMS After finishing all the settings here please click OK to save the configuration Mail Service Object This page allows you to set ten profiles which will be applied in Application gt gt SMS Mail Alert Service Object Settings gt SMS Mail Service Object SMS Provider Mail Server Set to Factory Default Index Profile Name 1 2 3 4 5 6 F a 9 10 Each item is explained as follows Item Description Set to Factory Defau
72. as WAN Interface Quick Start Wizard WAN Interface WAN Interface WANS Physical Mode USB 2 Then click Next for getting the following page Quick Start Wizard Connect to Internet WAN 3 Internet Access 36 46 USB Modem PPP mode 3G 4G USB Modem PPP mode 3G 4G USB Modem PPP mode Modem Initial String AT amp FEOVIAT amp 0280150 0 Default AT amp FEOV1X1 amp 02 amp C150 0 Available settings are explained as follows Item Description Internet Access Choose a protocol for accessing the Internet 3G 4G USB Modem SIM Pin code Type PIN code of the SIM card that will be PPP mode used to access Internet The maximum length of the pin code you can set is 15 characters Modem Initial String Such value is used to initialize USB modem Please use the default value If you have any question please contact to your ISP The maximum length of the string you can set is 47 characters Dr ay Tek 25 Vigor2925 Series User s Guide APN Name APN means Access Point Name which is provided and required by some ISPs Type the name and click Apply 3 Then click Next for viewing summary of such connection Quick Start Wizard Please confirm your settings WAN Interface WANS Physical Mode USB Internet Access PPP Click Back to modify changes if necessary Otherwise click Finish to save the current settings and restart the Vigor router etek tee CF a 4 Click Finish A page of Qui
73. assign each of VLANs to each of the different IP subnets that the router may also be operating to provide even more isolation The said functionality is tag based multi subnet Port Based VLAN Relative to tag based VLAN which groups clients with an identifier port based VLAN uses physical ports P1 P5 to separate the clients into different VLAN group Virtual LAN function provides you a very convenient way to manage hosts by grouping them based on the physical port The multi subnet can let a small businesses have much better isolation for multi occupancy applications Go to LAN page and select VLAN The following page will appear Click Enable to invoke VLAN function Vigor2925 Series User s Guide 172 Dr ay Tek LAN gt gt VLAN Configuration VLAN Configuration V Enable Wireless LAN r T mi P4 P5 SSID1 SSID2 SSID3 SSID4 Subnet Enable dA d ee dl d k Els k k x 4 8 S Is DONDAN lt ol ol Co FoR lo lol lol go x 14 S S 14 14 AT IS Ooo Ooo Ooo Ooo Ood Ooo OoOd beh m bh mN ami mN m ENI m pm mN pm mN 4 Permit untagged device in Pl to access router 1 Tag based YLAN only applied for LAN Parts 2 The checked Wireless LAN SSID will not has VLAN tagging function but regarded as joining VLAN group 3 The set YLAN ID YID must be unigue and not duplicate Note Settings in this page only applied to LAN port but not WAN port Available se
74. bind several IP objects into one IP group Objects Setting gt gt IP Group IP Group Table Set to Factory Default Index Name Index Name 2 18 3 13 5 21 6 22 8 24 14 30 Available settings are explained as follows Item Description Set to Factory Default Clear all profiles Index Display the profile number that you can configure Name Display the name of the group profile To set a new profile please do the steps listed below 1 Click the number e g 1 under Index column for configuration in details 2 The configuration page will be shown as follows Objects Setting gt gt IP Group Profile Index 1 Name Administration Interface Any Available IP Objects Selected IP Objects 1 RD Deparment 2 Financial Dept 3 HR Deparment Vigor2925 Series User s Guide 228 Dr ay Tek Available settings are explained as follows Item Description Name Type a name for this profile Maximum 15 characters are allowed Interface Choose WAN LAN or Any to display all the available IP objects with the specified interface Available IP Objects All the available IP objects with the specified interface chosen above will be shown in this box Selected IP Objects Click gt gt button to add the selected IP objects in this box 3 After finishing all the settings here please click OK to save the configuration 4 8 3 IPv6 Object You can set up to 64 sets of IPv6 Objects with different conditions Obj
75. completed Dr ay Tek 87 Vigor2925 Series User s Guide 10 When you see the following page please type in the account and password that you just created in the fields of UserName and Password Please take a moment to register Membership Registration entitles you to upgrade firmware for your purchased product and receive news about upcoming products and services Password Auth Code 14he1C lf you cannot read the word click here Forgotten password Don t have a MyVigor Account Create an account now Ifyou are having difficulty logging in contact our customer senice Customer Serice 886 3 597 2727 or 11 Now click Login Your account has been activated You can access into My Vigor server to activate the service e g WCF that you want 3 9 2 Create an Account via MyVigor Web Site 1 Access into http myvigor draytek com Find the line of Not registered yet Then click the link Click here to access into next page Dray Tek ff Home 4 FS eal TEE a About Us A n a MyVigor website replaces the VigorPro site as DrayTek s portal site for roduct the latest products and services in network security including Anti UserName My Information Virus Anti Spam Web Content Filter etc The products and functions Password e VigorPro that are supported in this site include m ri VigorPro Unified Security Firewall series Qb k q y d e Activation of Commtouch GiobalVi
76. down when its traffic exceeds the budget limit B 4 notification e mail will be sent to the user that the WAN s traffic has exceeded the budget limit Please configure the Mail Alert Settings so that the notification mail may be sent to the correct recipient Please make sure the Time and Date settings of the router is configured so that this application uses the correct date information in its calculations Click WANI WAN2 WAN3 link to open the following web page WAN gt WAN Budget WAN 1 Enable Mo Budget Limit ot Budget Refreshing Monthly on 1 lth day and 1 wlth hour Periodically aftera days ando hours Do not refresh Budget ction Shutdown WAN interface Send Mail Alert to Administrator Note Please note that the WAN interface s counters used in this application willbe reset every time the configurations have been modified Available settings are explained as follows Item Description Enable Yes Choose it to enable such function Budget Limit Please insert the maximum network traffic limit here in megabytes Budget Refreshing This setting is used to restart the network connection traffic calculations Monthly The connection charges will be reset monthly Periodically The connection charges will be reset periodically Do not refresh The connection charges will not be reset Vigor2925 Series User s Guide 154 Dr ay Tek Budget Action The system can choose one of the
77. employed the L2TP without IPSec policy can be viewed as one pure L2TP connection Nice to Have Apply the IPSec policy first if it is applicable during negotiation Otherwise the dial in VPN connection becomes one pure L2TP connection Must Specify the IPSec policy to be definitely applied on the L2TP connection SSL Tunnel Allow the remote dial in user to make an SSL VPN connection through Internet OpenVPN Tunnel Allow the remote dial in user to make an OpenVPN connection through Internet Specify Remote Node You can specify the IP address of the remote dial in user or peer ID used in IKE aggressive mode Uncheck the checkbox means the connection type you select above will apply the authentication methods and security methods in the general settings Netbios Naming Packet Pass Click it to have an inquiry for data transmission between the hosts located on both sides of VPN Tunnel while connecting Block When there is conflict occurred between the hosts on both sides of VPN Tunnel in connecting such function can block data transmission of Netbios Naming Packet inside the tunnel Multicast via VPN Some programs might send multicast packets via VPN connection Pass Click this button to let multicast packets pass through the router Block This is default setting Click this button to let multicast packets be blocked by the router User Name This field is applicable
78. faerping 192 168 1 1 Pinging 192 168 1 1 with 32 bytes of data Reply from 192 168 1 1 bytes 32 time lt ims TTL 255 Reply from 192 168 1 1 bytes 32 time lt ims Reply from 192 168 1 1 bytes 32 time lt ims Reply from 192 168 1 1 bytes 32 time lt ims TTL 255 Ping statistics for 192 168 1 1 Packets Sent 4 Received 4 Lost A tz loss Approximate round trip times in milli seconds Minimum Hms Maximum ms Average Ams D Documents and Settings fae gt _ Type ping 192 168 1 1 and press Enter If the link is OK the line of Reply from 192 168 1 1 bytes 32 time lt Ims TTL 2595 will appear If the line does not appear please check the IP address setting of your computer For Mac OS Terminal 1 2 3 4 Dray Tek Double click on the current used Mac OS on the desktop Open the Application folder and get into Utilities Double click Terminal The Terminal window will appear Type ping 192 168 1 1 and press Enter If the link is OK the line of 64 bytes from 192 168 1 1 icmp_seq 0 ttl 255 time xxxx ms will appear 429 Vigor2925 Series User s Guide AHA Terminal bash 8Ouz4 Last login Sat Jan 3 B2i24s18 on typi Welcome to Barwin Vigorif draytekt ping 192 165 1 1 PING 192 468 1 1 192 168 1 1 56 data bytes 64 bytes from 192 165 1 1 iemposeqeh ttl 255 tine s8 755 MS 64 bytes from 192 160 1 1 icmp seg 1 ttl 255 timesB 697 me 64 bytes from 192 168 1 1 icmp_seg 4 ttl 255 time 0
79. feature LAN gt General Setup LAN 1 Ethernet TCP IP and DHCP Setup LAN 71 IPv6 Setup RADVD Configuration Enable Disable Advertisement Lifetime i800 Seconds Range 600 9000 DHCP vo Server Conmfiquration Enable Server O Disable Server Start IPv Address OO 1111 2909 3333 1111 End IPv Address 001111 2939 33 33 9999 DNS Server IPv6 Address Primary DNS Server 17001 4860 4860 5688 Secondary DNS Server 001 4S60 4860 0844 Static IPv Address configuration IF Address i Pretis Length i Yo 7 Add Delete Current IPv Address Table Index IPy6 Addresa Prefix Length Scope 1 FESO 21D BAFF FEAG 2565764 Link 2 Inthe field of RADVD Configuration the default setting is Enable The client s PC will ask RADVD service for the Prefix of IPv6 address automatically and generate an Interface ID by itself to compose a full and unique IPv6 address 3 In the field of HCPv6 Server Configuration when DHCPV6 service is enabled you can assign available IPv6 address for the client manually Vigor2925 Series User s Guide 54 Dr ay Tek lll Confirming IPv6 Service Run Successfully l Make sure you have get the correct IPv6 IP address Get into MS DOS interface and type the command of ipconfig Refer to the following figure GY CAWINDO WSisystem32 cmd exe B x a C Documents and Settings Uwner ipcont ig Windows IP Configuration thernet ada
80. for VPN client Such wizard will guide to set the LAN to LAN profile for VPN dial out connection from server to client step by step 1 Open VPN and Remote Access gt gt VPN Client Wizard The following page will appear VPN and Remote Access gt gt VPN Client Wizard Choose VPN Establishment Environment LAN to LAN VPN Clent Mode Selection Route Mode Please choose a LAN to LAN Profile index Status Name Note For a typical LAN to LAN tunnel please select Route Mode If the remote network is expecting only a single client or ip and is not configured to route the subnet and then select NAT mode If in doubt then select Route Mode Available settings are explained as follows Item Description LAN to LAN Client Choose the client mode Mode Selection Route Mode NAT Mode If the remote network only allows you to dial in with single IP please choose this Vigor2925 Series User s Guide 24 Dray Tek Please choose a LAN to LAN Profile mode otherwise please choose Route Mode Route Wlode Route Mode MAT Mlode 1 Wo pi Pi Pi mi p m m o m a m m a m a m G a m a a a a A Pr Pr Pi ve vee TT ve ve Pr Tr ve ve vee fara vee Pr Tr ve vee Pr Tr P ve Pr i Tr B P fates ve a There are 32 VPN profiles for users to set Index Status Hane A 2 When you finish the mode and p
81. image Sharing O Frivate IP Addresses Criminal Activity legal Drug Violence Ml cay Edpestian Non profits amp NGOs Real Estate Shopping C Cults Network Errors Uncategorised Sites OK Cancel Vigor2925 Series User s Guide 258 Log Block Gambling Nudity Weapons I Tactalece Personal Sites LI Religion C Translators O Greeting cards C Parked Domains Dray Tek Available settings are explained as follows Item Description Profile Name Type a name for the CSM profile The maximum length of the name you can set is 15 characters Black White List Enable Activate white black list function for such profile Group Object Selections Click Edit to choose the group or object profile as the content of white black list Pass allow accessing into the corresponding webpage with the characters listed on Group Object Selections If the web pages do not match with the specified feature set here they will be processed with the categories listed on the box below Block restrict accessing into the corresponding webpage with the characters listed on Group Object Selections If the web pages do not match with the specified feature set here they will be processed with the categories listed on the box below Action Pass allow accessing into the corresponding webpage with the categories listed on the box below Block restrict accessing into the corresponding webpage
82. interface connection It will be refreshed every five seconds Dashboard Dray Tek Vigor2925n ACT WANT QoS Deol WAM Security Router Wireless LAH OM OF FAS Factory Reset WLAN VPN OM os 2 ann L WAKI L 1 F 3 a 5 USE Port Explanation Displayed Ethernet Port It means such port is disconnected D e It means such port is connected with Giga transmission rate physically It means such port is connected physically USB It means no USB device is connected It means a USB device is connected LED left side It means the router or the function is not working It means the router or the function is working For detailed information about the LED display refer to 1 2 LED Indicators and Connectors 2 6 2 Name with a Link A name with a link e g Router Name Current Time WAN1 2 3 and etc below means you can click it to open the configuration page for modification System Information porne Vigor2925n reme time 7 056 Systane ose Peale au eaten Te fot Jan 1 Sat 0 0 53 IPv4 Internet Access Line Mode IP Address MAC Address C wan ERT e O0 10 44 4C 19 C9 00 00 00 WAN Ethernet O0 1D 44 AC 19 C4 00 00 00 WANS J5B 00 10 AA AC 19 CB 00 00 00 Dr ay Tek 35 Vigor2925 Series User s Guide 2 6 3 Quick Access for Common Used Menu All the menu items can be accessed and arranged orderly on the left side of the main page for you
83. is enabled the CPE must send binding request to the server for the purpose of maintaining the binding in the Gateway Please type a number as the minimum period The default setting is 60 seconds Maximum Keep Alive Period If STUN is enabled the CPE must send binding request to the server for the purpose of maintaining the binding in the Gateway Please type a number as the maximum period A value of 1 indicates that no maximum period is specified After finishing all the settings here please click OK to save the configuration 4 17 3 Administrator Password This page allows you to set new password System Maintenance gt Administrator Password Setup Administrator Password Old Password New Password Confirm Password Note Password can contain only a z A Z 0 9 lt gt 4 2 10 Available settings are explained as follows Item Description Old Password Type in the old password The factory default setting for password is admin New Password Type in new password in this field The length of the password is limited to 23 characters Confirm Password Type in the new password again When you click OK the login window will appear Please use the new password to access into the web user interface again Vigor2925 Series User s Guide 386 Dr ay Tek 4 17 4 User Password This page allows you to set new password for user operation System Maintenance gt gt User Password LJEnable User Mo
84. limited to 49 characters Password This field is applicable when you select PPTP or L2TP with or without IPSec policy above The length of the password is limited to 15 characters PPP Authentication This field is applicable when you select PPTP or L2TP with or without IPSec policy above PAP CHAP is the most common selection due to wild compatibility VJ compression This field is applicable when you select PPTP or L2TP with or without IPSec policy above VJ Compression is used for TCP IP protocol header 20 DrayTek Dray Tek compression Normally set to Yes to improve bandwidth utilization IKE Authentication Method This group of fields is applicable for IPSec Tunnels and L2TP with IPSec Policy Pre Shared Key Input 1 63 characters as pre shared key Digital Signature X 509 Select one predefined Profiles set in the VPN and Remote Access gt gt IPSec Peer Identity Peer ID Select one of the predefined Profiles set in VPN and Remote Access gt gt IPSec Peer Identity Local ID Specify a local ID Alternative Subject Name First or Subject Name First to be used for Dial in setting in the LAN to LAN Profile setup This item is optional and can be used only in IKE aggressive mode Local Certificate Select one of the profiles set in Certificate Management gt gt Local Certificate IPSec Security Method This group of fields is a must for IPSec Tunnels and L2TP with IPSec Policy Medium AH Authenti
85. login from the Internet There are several servers provided by the system to allow you managing the router from Internet Check the box es to specify Disable PING from the Internet Check the checkbox to reject all PING packets from the Internet For security issue this function is enabled by default Access List You could specify that the system administrator can only login from a specific host or network defined in the list A maximum of three Ps subnet masks is allowed List IP Indicate an IP address allowed to login to the router Subnet Mask Represent a subnet mask allowed to login to the router Management Port Setup User Define Ports Check to specify user defined port Vigor2925 Series User s Guide 400 Dr ay Tek numbers for the Telnet HTTP and FTP servers Default Ports Check to use standard port numbers for the Telnet and HTTP servers After finished the above settings click OK to save the configuration For IPv6 System Maintenance gt gt Management IPv Management Setup IPv6 Management Setup Management Access Control Allow management from the Internet LJ Telnet Server Port 23 C HTTP Server Port 80 C Enable PING from the Internet Access List List IPv Address Prefix Length 2 a id fa Note Telnet Http server port is the same as IPv4 Available settings are explained as follows Item Description Management Access Allow management from the Internet Enable th
86. message out Object Settings gt gt SMS Mail Service Object Profile Index 1 Profile Name Local number Service Provider kotsms com tw TW Username abc5026 Quota Sending Interval seconds Vigor2925 Series User s Guide 80 Dray Tek 4 After finished the settings click OK to return to previous page Now you have finished the configuration of the SMS Provider profile setting Object Settings gt SMS Mail Service Object SMS Provider Mail Server Setto Factory Default Index Profile Name SMS Provider Local number kotsms com otsms com tw TW 3 kotsms com tw TW 4 kotsms com tw TW 4 kotsms com tw TW 6 kotsms com tw TW I kotsms com tw TW kotsms com tw TW g Custom 1 10 Custom 2 5 Open Object Settings gt gt Notification Object to configure the event conditions of the notification Object Settings gt gt Notification Object Setto Factory Default Index Profile Name Settings Fe Iaa e a e a i ie 6 Choose any index number e g Index 1 in this case to configure conditions for sending the SMS In the following page type the name of the profile and check the Disconnected and Reconnected boxes for WAN to work in concert with the topic of this paper Object Settings gt Notification Object Profile Index 1 Profile Name WAN Notify Category Status VPN Tunnel Disconnected Reconnected Temperature Alert Clout of Range Dr ay Tek 81 Vigor2925 Series U
87. mpg O mp4 Tea Al LJ at L rm Li wmy C 39p E 3gpp 3gpp2 E 3g2 Audio Select All El aac Eam El au D mp3 O m4a O m p D ogg F ra O ram Ol vox O wav Cl wma Clear All Java Select All O cdass jad O jar O jav Ojava C jem M js J J Jtk Clear All Ljse Ojse O15 Activex Select All E alx Ol apb axs O ocx O olb O ole O tlb meee O viv C vrm Coamnression Available settings are explained as follows Item Profile Name Description Type a name for this profile The maximum length of the name you can set is 7 characters 3 Type a name for such profile and check all the items of file extension that will be processed in the router Finally click OK to save this profile Dray Tek 239 Vigor2925 Series User s Guide 4 8 10 SMS Mail Service Object SMS Service Object This page allows you to set ten profiles which will be applied in Application gt gt SMS Mail Alert Service Object Settings gt SMS Mail Service Object SMS Provider Mail Server Set to Factory Default Index Profile Name SMS Provider 4 kotsms com tw TW 2 kotsms com tw TW 3 kotsms com tw TW 4 kotsms com tw TW 5 kotsms com tw TW 6 kotsms com tw TW T kotsms cam tw TW EA kotsms com tw TW3 5 Custom 1 10 Custom 2 Each item is explained as follows Item Description Set to Factory Default Clear all of the settings and return to factory default settings Index Display the profile number that
88. needs you can specify to record information for IM P2P by checking the Log box It will be sent to 22 Dray Tek Syslog server Please refer to section Syslog Mail Alert for more detailed information URL Content Filter Select one of the URL Content Filter profile settings created in CSM gt gt URL Content Filter for applying with this router Please set at least one profile for choosing in CSM gt gt URL Content Filter web page first Or choose Create New from the drop down list in this page to create a new profile For troubleshooting needs you can specify to record information for URL Content Filter by checking the Log box It will be sent to Syslog server Please refer to section Syslog Mail Alert for more detailed information Web Content Filter Select one of the Web Content Filter profile settings created in CSM gt gt Web Content Filter for applying with this router Please set at least one profile for anti virus in CSM gt gt Web Content Filter web page first Or choose Create New from the drop down list in this page to create a new profile For troubleshooting needs you can specify to record information for Web Content Filter by checking the Log box It will be sent to Syslog server Please refer to section Syslog Mail Alert for more detailed information Advance Setting Click Edit to open the following window However it is strongly recommended to use the default settings here Firewall gt gt General Setup Ad
89. not set the session number in this field the system will use the default session limit for the specific limitation you set for each index Add Adds the specific session limitation onto the list above Edit Allows you to edit the settings for the selected limitation Delete Remove the selected settings existing on the limitation list Administration Message Type the words which will be displayed when reaches the maximum number of Internet sessions permitted Default Message Click this button to apply the default message offered by the router Time Schedule Index 1 15 in Schedule Setup You can type in four sets of time schedule for your request All the schedules can be set previously in Application gt gt Schedule web page and you can use the number that you have set in that web page After finishing all the settings please click OK to save the configuration Dr ay Te k 263 Vigor2925 Series User s Guide 4 10 2 Bandwidth Limit The downstream or upstream from FTP HTTP or some P2P applications will occupy large of bandwidth and affect the applications for other programs Please use Limit Bandwidth to make the bandwidth usage more efficient In the Bandwidth Management menu click Bandwidth Limit to open the web page Bandwidth Management gt Bandwidth Limit Bandwidth Limit Enable IP Routed Subnet Disable Default TX Limit Default RX Limit O Allow auto adjustment to make the best utilization of
90. number and the end porting number on the boxes below Port Number Type in the starting port number and the end porting number here if you choose Range as the type 4 After finishing all the settings here please click OK to save the configuration By the way you can set up to 10 service types If you want to edit delete an existed service type please select the radio button of that one and click Edit Delete for modification Retag the Packets for Identification Packets coming from LAN IP can be retagged through QoS setting When the packets sent out through WAN interface all of them will be tagged with certain header and that will be easily to be identified by server on ISP For example in the following illustration the VoIP packets in LAN go into Vigor router without any header However when they go forward to the Server on ISP through Vigor router all of the packets are tagged with AF configured in Bandwidth gt gt QoS gt gt Class automatically Dr ay Te k 273 Vigor2925 Series User s Guide QoS Class 1 VolP QoS Class 2 HTTP QoS Class 3 Mail eo Bandwidth Management gt Quality of Service Class Index 1 _ NO Status Local Address Remote Address Service Type ilar CodcPoint 10 Active Any Any 4any ANY 4 11 Applications Below shows the menu items for Applications 4 11 1 Dynamic DNS The ISP often provides you with a dynamic IP address when you connect to the In
91. packets to once the policy is matched Display the WAN IP or WAN IP alias address which is used as source IP of the outgoing packets Displays the IP address for the start of the source IP Displays the IP address for the end of the source IP Displays the IP address for the start of the destination IP Displays the IP address for the end of the destination IP Displays the IP address for the start of the destination port Displays the IP address for the end of the destination port Use Up or Down link to move the order of the policy Click Index 1 to access into the following page for configuring load balance policy Load Balance Route Policy Index 1 Enable Criteria Protocol Source IP Destination IP Destination Port Send to if Criteria Matched Interface Gateway IP More Options Ary ka O Any Src IF Start Src IP End reat O Any Dest IP Start Dest IP End reat O Any Dest Port Start Dest Port End P WAMI w Default Gateway Specific Gateway fe C Auto Failover to the Other WAN Packet Forwarding to WAN Vid Force NAT Force Routing Available settings are explained as follows Item Enable Dray Tek Description Check this box to enable this policy 181 Vigor2925 Series User s Guide Protocol Source IP Destination IP Destination Port Send to if criteria matched More options Vigor2925 Series User s Guide Use the dro
92. provide accurate URL matching with faster rate L2 the router will check the URL that the user wants to access via WCF If the data has been accessed previously the IP addresses of source and destination IDs will be memorized for a short time about second in the router When the user tries to access the same destination ID the router will check it by comparing the record stored If it matches the page will be retrieved quickly Such item can provide URL matching with the fastest rate L1 L2 Cache the router will check the URL with fast processing rate combining the feature of L1 and L2 Eight profiles are provided here as Web content filters Simply click the index number under Profile to open the following web page The items listed in Categories will be changed according to the different service providers If you have and activate another web content filter license the items will be changed simultaneously All of the configuration made for web content filter will be deleted automatically Therefore please backup your data before you change the web content filter license CSM gt gt Web Content Filter Profile Profile Index 1 Profile Name Default Black White List Enable Action Group Object Selections a Action Groups Categories Child Protection Alcohol amp Tobacco Hate amp Intolerance Porn amp Sexually Ml Cabral Chestinag Li News U Politics O Restaurants amp Dining O General l
93. purchased product and receive news about upcoming products and services UserName Mary Password eeee Auth Code Tee l4he1C lf you cannot read the word click here Forgotten password Don t have a MyVigor Account Create an account now lf you are having difficulty logging in contact our customer se mice Customer Senmice 886 3 597 2727 or Now click Login Your account has been activated You can access into MyVigor server to activate the service e g WCF that you want 91 Vigor2925 Series User s Guide 3 10 How to Configure Certain Computers Accessing to Internet We can specify certain computers e g 192 168 1 10 192 168 1 20 accessing to Internet through Vigor router Others e g 192 168 1 31 and 192 168 1 32 outside the range can get the source from LAN only Internet 1 f a a a a i a fi a PC P i 192 168 1 10 192 168 1 20 The way we can use is to set two rules under Firewall For Rule 1 of Set 2 under Firewall gt gt Filter Setup is used as the default setting we has to create a new rule starting from Filter Rule 2 of Set 2 1 Access into the web user interface of Vigor router 2 Open Firewall gt gt Filter Setup Click the Set 2 link and choose the Filter Rule 2 button Firewall gt gt Filter Setup Fitter Setup Setto Factory Default Comments Comments Default Call Filter Default Data Filter Firewag gt gt Filter Setup gt gt Edit F
94. that users can be authenticated to dial in via VPN connection Site to Site VPN LAN to LAN E site to site VPM LAN to L4N Remote Dial in User Teleworker This item is available when you choose Site to Site VPN LAN to LAN as VPN server mode There are 32 VPN profiles for users to set 301 Vigor2925 Series User s Guide Index Status Hane a 1 faa F 2 E TPY 4 E Tr 5 E Pay Bi Tr 7 E Tr E E fates J E Tr 10 E Tr 11 Tr 12 E Tr 13 raters 14 E Tr 15 E Tr 16 Tr 1 E ater 18 fates 14 Tr 20 E TP 21 faa 22 Tr 23 Tr 24 E Tr 25 fae 26 fates B 2T E Tr 20 fas 29 E PrF k Please choose a This item is available when you choose Remote Dial in Dial in User User Teleworker as VPN server mode There are 32 VPN Accounts tunnels for users to set Allowed Dial in Type This item is available after you choose any one of dial in user account profiles Next you have to select suitable dial in type for the VPN server profile There are several types provided here similar to VPN Client Wizard PPTP IPSec L2TP with IPSec Policy Must Different Dial in Type will lead to different configuration page In addition adjustable items for each dial in type will be changed according to the VPN Server Mode Site to Site VPN and Remote Dial in User selected 2 After making the choices for the server profile please click Next You will see differe
95. the new printer you have added amp Brother HL 1070 Properties General Sharing Ports Advanced Device Settings 8 Brother HL 1070 Print to the following ports Documents will print to the first free checked port Port Description Printer O 3 250 Standard TCP IP Port Epson Stylus COLOR 1160 O P41 Standard TCP IP Port O P1 Standard TCP IP Port HP Lasenet 1300 O P_1 Standard TCP IP Port O P_1 Standard TCP IP Port M IP_1 Standard TCPAP Fort Brother HL 1070 O PDF Local Port PDF995 11 Select LPR on Protocol type p1 number 1 as Queue Name Then click OK Next please refer to the red rectangle for choosing the correct protocol and LPR name Configure Standard CP IP Port Monitor Port Settings Port Name IP_192 168 1 1 Printer Name or IP Address 192 168 1 1 Protocol O Baw LPR Raw Settings LPR Settings Queue Name _ LPR Byte Counting Enabled C SNMP Status Enabled pub L Dr ay Te k 11 Vigor2925 Series User s Guide The printer can be used for printing now Most of the printers with different manufacturers are compatible with vigor router Note 1 Some printers with the fax scanning or other additional functions are not supported If you do not know whether your printer is supported or not please visit www draytek com to find out the printer list Open Support gt FAQ Applicati
96. to Firewall gt gt Filter Rule The firewall filter rules that are not selected in Firewall gt gt General gt gt Default rule can be available for use in User Management gt gt User Profile Time of login log out block unblock for the user s can be sent to and displayed in Syslog Please choose any one of the log items to take down relational records for the user s If such function 1s enabled a pop up window will be displayed on the screen with time remaining for connection if Idle Timeout is set However the system will update the time periodically to keep the connection always on Thus Idle Timeout will not interrupt the network connection Any user from LAN side or WLAN side tries to connect to Internet via Vigor router must be authenticated by the router first There are three ways offered by the router for the user to choose for authentication Web If it is selected the use can type the URL of the router from any browser Then a login window will be popped up and ask the user to type the user name and password for authentication If succeed a Welcome Message configured in User Management gt gt General Setup will be displayed After authentication the destination URL if requested by the user will be guided automatically by the router Alert Tool If it is selected the user can open Alert Tool and type the user name and password for authentication A window with remaining time of connection for such user wil
97. to set general setup for WAN1 WAN2 and WANS respectively In default WAN2 is disabled If you want to enable it simply click the WAN2 link and select Yes in the field of Enable WAN gt General Setup Load Balance Mode Auto Weight we Physical Line Speedi Kbps Mode Type DownLinkfUpLink Active Mode Index Enable WAN1 My Ethernet 4uto negotiation 00 Always On WAN J Ethernet 4uto negotiation o a Always On WAN3 USE 00 Always On Note The line speed setting of WAN interface is avalalbe only when According to Line Speed is selected as the Load Balance Mode Available settings are explained as follows Item Description Load Balance Mode This option is available for multiple WAN for getting enough bandwidth for each WAN port If you know the practical bandwidth for your WAN interface please choose the setting of According to Line Speed Otherwise please choose Auto Weigh to let the router reach the best load balance Load Balance Mode Index Click the WAN interface link under Index to access into the WAN configuration page Dr ay Tek 127 Vigor2925 Series User s Guide Enable V means such WAN interface is enabled and ready to be used Physical Mode Type Display the physical mode and physical type of such WAN interface Line Speed Display the downstream and upstream rate of such WAN interface Active Mode Display whether such WAN interface is Active device or backup device Note In default each
98. type Be sure that 1 The device is properly configured 2 The address on the previous page is correct Either correct the address and perform another search on the network by returning to the previous wizard page or select the device type if you are sure the address is correct Completing the Add Standard TCP IP Printer Port Wizard You have selected a port with the following characteristics SNMP No Protocol RAW Por 9109 Device 192 168 1 1 Pot Name IP_192 163 1 1 Adapter Type Genenc Network Card To complete this wizard click Finish Vigor2925 Series User s Guide 10 Dr ay Te k 9 Now your system will ask you to choose right name of the printer that you installed onto the router Such step can make correct driver loaded onto your PC When you finish the selection click Next Add Printer Wizard Install Printer Software The manufacturer and model determine which printer software to use Li Select the manufacturer and model of your printer If your printer came with an installation disk click Have Disk If your printer is not listed consult your printer documentation for compatible printer software Manufacturer I Printers AST a Brother HL 1060 BR Sule O Ef This driver is digitally signed Windows Update Tell me why driver signing is important Ca 10 For the final stage you need to go back to Control Panel gt Printers and edit the property of
99. values will influence the time delay for WMM accessing categories The difference between AC_VI and AC_VO 359 Vigor2925 Series User s Guide categories must be smaller however the difference between AC_BE and AC_BK categories must be greater Txop It means transmission opportunity For WMM categories of AC_VI and AC_VO that need higher priorities in data transmission please set greater value for them to get highest transmission opportunity Specify the value ranging from 0 to 65535 ACM It is an abbreviation of Admission control Mandatory It can restrict stations from using specific category class 1f it is checked Note Vigor2925 provides standard WMM configuration in the web page If you want to modify the parameters please refer to the Wi Fi WMM standard specification AckPolicy Uncheck default value the box means the AP router will answer the response request while transmitting WMM packets through wireless connection It can assure that the peer must receive the WMM packets Check the box means the AP router will not answer any response request for the transmitting packets It will have better performance with lower reliability After finishing all the settings here please click OK to save the configuration Vigor2925 Series User s Guide 360 Dr ay Tek 4 14 9 AP Discovery Vigor router can scan all regulatory channels and find working APs in the neighborhood Based on the scanning result users will kno
100. via this router with the limitation configured in this user profile The maximum length of the password you can set is 24 characters Confirm Password Type the password again for confirmation Idle Timeout If the user is idle over the limitation of the timer the network connection will be stopped for such user By default the Idle Timeout is set to 10 minutes Max User Login Such profile can be used by many users You can set the limitation for the number of users accessing Internet with the conditions of such profile The default setting is 0 which means no limitation in the number of users Policy It is available only when User Based mode selected in User Management gt gt General Setup Default w Default Create Mew Folic Default If you choose such item the filter rules pre configured in Firewall can be adopted for such user profile Create New Policy If you choose such item the following page will be popped up for you to define another filter rule as a new policy Vigor2925 Series User s Guide 220 Dr ay Tek Dray Tek Log Pop Browser Tracking Window Authentication Landing Page Firewall gt gt Edit Filter Set gt gt Edit Filter Rule Filter Set 1 Rule 2 Comments Indexf 1 15 in Schedule Setup C i E Clear sessions when schedule ON C Enable Direction Source IP Any Destination IP Any o Service Tyoe Anw For the detailed configuration simply refer
101. view the certificate X509 Local Certificate Configuration Name Subject Status Modify draytekdemo O Draytek OU Draytek Sales OK View Delete View Delete View Delete GENERATE IMPORT REFRESH Upload PKCS12 It allows users to import the certificate whose extensions are Certificate usually pfx or p12 And these certificates usually need passwords Note PKCS12 is a standard for storing private keys and certificates securely It is used in among other things Netscape and Microsoft Internet Explorer with their import and export options Upload Certificate and It is useful when users have separated certificates and private Private Key keys And the password is needed if the private key is encrypted REFRESH Click this button to refresh the information listed below View Click this button to view the detailed settings for certificate request a http 192_168 1 1 Certificate Siznm e Request Information Microsoft Internet Explorer Certificate Information Certificate Name server Issuer C TW ST Hsinchu L Hsinchu O Draytek QU MKT CN DT subject emailAddress support idraytek com Subject Alternative Name Valid From Valid To PEM Format Content MITBwetCasuC igauglYIxCchIBoNVEAYTALRENR AWD GYDVOOlEwdIc2 LuYyzhilRiaw Do DVOOQHE wd Ice lLuYzZhitRawlgYDVOGKEwdEcmF SdG6Vr MouwlgyDVYOOLEwiHs 10X CZAIJBQGNVEAMNTAKRUMS IwlaYdKod ThyvcNaGkBFPhnzdkbubs JOGGRyYE1LOeZWsur2 o
102. ways for authentication Web Telnet and Alert Tool User Management gt gt User Profile Profile Index 3 Enable this account ser Name Password Confirm Password Idle Timeout mings O Unlimited Max User Login O Unlimited Policy Default The selection of items could be crested as rules and which not set to active External Server Authentication FJ TARET Authentication Web Alert Tool Telnet d Index 1 15 in Schedule Setup Enable Time Quota 0 min CE ha min C Enable Data Quota o Jo mB Reset quota to default when scheduling time expired C Enable Default Time Quota Doo min Default Data Quota o e Vigor2925 Series User s Guide 108 Dr ay Tek Authentication via Web E IfaLAN client who hasn t passed the authentication opens an external web site in his browser he will be redirected to the router s Web authentication interface first Then the client is trying to access http www draytek com and but brought to the Vigor router Since this is an SSL connection some web browsers will display warning messages With Microsoft Internet Explorer you may get the following warning message Please press Continue to this website not recommended E bttps 192 168 11 cgi bin user_login cgitfid 101 amp src_ip X Uy Favorites Sep E Suggested Sites v g8 Web Slice Gallery v S Certificate Error Navigation Blocked ty Bl me Pager Safetyy Toos i
103. will be added and will be available for you to specify for sending SMS out Object Settings gt gt SMS Mail Service Object Profile Index 9 Profile Name Service Provider clickatell Please contact with your SMS provide to get the exact URL String eg bulksms vsms net 5567 eapi submission send_sms 2 2 0 username gt txtUser amp password txtPwd 8 amp msisdn txtDest 8 amp message txtMsg Username lani23 Quota Sending Interval seconds Dr ay Tek 83 Vigor2925 Series User s Guide 3 9 How to Create an Account for MyVigor The website of My Vigor a server located on http myvigor draytek com provides several useful services such as Anti Spam Web Content Filter Anti Intrusion and etc to filtering the web pages for the sake of protecting your system To access into My Vigor for getting more information please create an account for My Vigor 3 9 1 Create an Account via Vigor Router 1 Click CSM gt gt Web Content Filter Profile The following page will appear CSM gt Web Content Filter Profile Web Filter License Activate Status Not Activated Web Content Filter Profile Table Setto Factory Default Profile Name Profile Name 1 Default 4 2 6 ae E 4 amp Administration Message Max 255 characters Cache L1 L2 Cache lt body gt lt center gt lt br gt lt br gt lt br gt lt p gt The requested Web page lt br gt from 451P 4 lt br gt to t0RL4 lt br gt that is c
104. will be popped up to notify how many time remained when a user accesses into Internet through Vigor router successfully Internet Access Saks Michael you are now connected Time remaining online 00 32 41 Time used 01 12 54 When the time is up all the connection jobs including network IM social media facebook and etc will be terminated Data Quota means the total amount for data transmission allowed for the user The unit is MB Click this box to set and increase the data quota for such profile L J Click this box to decrease the data quota for such profile Set default time quota and data quota for such profile When the scheduling time is up the router will use the default quota settings automatically Enable Check it to use the default setting for time quota and data quota Default Time Quota Type the value for the time manually Default Data Quota Type the value for the data manually m DrayTek After finishing all the settings here please click OK to save the configuration 4 7 3 User Group This page allows you to bind several user profiles into one group These groups will be used in Firewall gt gt General Setup as part of filter rules User Management gt gt User Group User Group Table Setto Factory Default Index Name Index Name i ir 2 18 4 20 5 2 6 22 i 23 8 24 a 25 40 26 u 27 iz 28 13 29 14 30 16 32 Please click any
105. www dyndns org max 64 characters max 23 characters Wii Available settings are explained as follows Item Enable Dynamic DNS Account WAN Interface Service Provider Service Type Domain Name Login Name Password Wildcard and Backup MX Vigor2925 Series User s Guide Description Check this box to enable the current account If you did check the box you will see a check mark appeared on the Active column of the previous web page in step 2 WANI WAN2 WANS First While connecting the router will use WAN1 WAN2 WAN3 as the first channel for such account If WANI WAN2 WAN3 fails the router will use another WAN interface instead WANI WAN2 WANS Only While connecting the router will use WANI WAN2 WANS as the only channel for such account WAN First AA Ml F rst Select the service provider for the DDNS account Select a service type Dynamic Custom or Static If you choose Custom you can modify the domain that is chosen in the Domain Name field Type in one domain name that you applied previously Use the drop down list to choose the desired domain Type in the login name that you set for applying domain Type in the password that you set for applying domain The Wildcard and Backup MX Mail Exchange features are not supported for all Dynamic DNS providers You could get more detailed information from their websites 276 Dray Tek Mail Extender Determine Real WA
106. x 6 X f X a x g x 10 x Each item 1s explained as follows Item Description Name Display the name of the profile that you create URL Display the URL Active Display current status active or inactive of such profile Click number link under Index filed to set detailed configuration SSL VPN gt SSL Web Proxy Profile Index 1 Access Method Disable Disable a Note URL format must be entered as http ot Port Redirection Domain_name directory where Domain_name is a FODH Available settings are explained as follows Item Description Name Type name of the profile The length of the name is limited to 15 characters Vigor2925 Series User s Guide 364 Dr ay Tek URL Type the address function variation or IP address or path of the proxy server Host IP Address If you type function variation as URL you have to type corresponding IP address in this filed Such field must match with URL setting Access Method There are three modes for you to choose Disable the profile will be inactive If you choose Disable all the web proxy profile appeared under VPN remote dial in web page will disappear Secured Port Redirection such technique applies private port mapping to random WAN port There are two restrictions for proxy web server for such selection 1 it is only used for WAN to LAN access the web server must be configured behind vigor router 2 web server gateway must be indicated to vigor rou
107. 100000Kbps 259 25 255 259 Inactive Status Setup Class Rule Index Name Rule Service Type Class 2 i Edit Class 3 Edit 3 In the following page type a name e g VoIP for such class and click Add Vigor2925 Series User s Guide 68 Dr ay Tek Bandwidth Management gt Quality of Service Class Inge O Tag packets as ee a DiffServ TEE NO Status Local Address Remote Address CodePoint Service Type 1 Empty gt 4 Check the box of ACT Click Edit to specify the local address Bandwidth Management gt gt Quality of Service Rule Edit IPv4 OIPv6 Local Address Remote Address DiffServ CodePoint Service Type Predefined w Note Please choose setup the Service Type first 5 In the pop up window choose Range Address as the Address Type and type the start IP address and end IP address in relational fields Click OK to save the settings and exit the window Ethernet Type IPw4 Address Type Range Address Start IP Address End IP Address Subnet Mask 6 Click OK again to save the settings Bandwidth Management gt gt Quality of Service Rule Edit ACT Ethernet Type IPv4 OIPv6 Local Address Remote Address DiffServ CodePoint Service Type Predefined ka Note Please choose setup the Service Type first Dr ay Te k 69 Vigor2925 Series User s Guide 7 The class rule for VoIP has been set Click OK to return to previous page Bandwidth Managemen
108. 1P PeerGREIP 5 TCP IP Network Settings My WAN IP 0 0 0 0 RIP Direction Rone Catewar I 0000 From first subnet to remote network you have to Remote Network IP 192 168 1 0 do C Change default route to this VPN tunnel Only single WAN supports this Remote Network Mask Local Network Mask 255 255 255 0 6 Click OK to save the settings Dr ay Tek 65 Vigor2925 Series User s Guide 7 Open VPN and Remote Access gt gt Connection Management to check the dial in connection status from branch office VPN and Remote Access gt gt Connection Management Dial out Tool Refresh Seconds V2920 172 16 2 145 VPN Connection Status Current Page 1 Page No Go Tx Tx Rate Rx Rx Rate VPN Type Remote IP Virtual Network Pkts Bps Pkts Bps UpTime 1 IPSec Tunnel VPN Server 9 DES SHAL Auth 218 242 130 19 192 168 1 0 24 393 3 291 3 0 13 58 Drop vse Data is encrypted AAAAA AAA Ld led ISTIL EPIL YPL LEL Configuration on Vigor Router for Branch Office 1 Log into the web user interface of Vigor router 2 Open VPN and Remote Access gt gt LAN to LAN to create a LAN to LAN profile The following settings are for a permanent VPN connection VPN and Remote Access gt gt LAN to LAN LAN to LAN Profiles Setto Factory Default View All Online Offline Trunk POL Search Index Name Active Status Index Name Active Status 1 27 Oo qf o 2 77 C 18
109. 20101005104801 Vigor2710vn Vigor2710 DF Vigor2380 Vigor2830 Vigor2z925 Vigor2925 9 From the Device s Service section click the Trial About Us Device Inf ti Broduci evice inrormation My Information Nickname vigor2850 i Serial 2011031609200201 VigorACs SI Model Vigor2850 Series Customer Survey Expired License Action Status Start Date Expired Date The Commtouch GlobalView Web Filter is provided for Vigor router with only 1 month trial After trial eriod please purchase the official package from your local DrayTek dealer distributor BPM is the web content titer based on service operated in Germany Wve recommend only users live in Germany ta try the BRIM VAC service This js a free service without guarantee 10 In the following page check the box of I have read and accept the above Agreement The system will find out the date for you to activate this version of service Then click Next Dray Tek 45 Vigor2925 Series User s Guide Confirm Message About Us Cancel My Information User Name james fae VigorACs 5I Serial 2011031609200201 VigorPro Model Vigor2o50 End User License Agreement FLEASE READ THIS SOFTWARE LICENSE AGREEMENT LICENSE CAREFULLY BEFORE DOWNLOADING OR OTHERWISE USING THE SOFTWARE BY DOWNLOADING INSTALLING OR USING THE SOFTWARE YOU ARE AGREEING TO BE BOUND BY THE TERNS OF THIS LICENSE IF You DO NOT AGREE TO THE TERNS OF THIS LICENSE YOU ARE NOT AUTH
110. 255 F Gateway IP Address Network Interface Cancel Delete 3 Return to Static Route Setup page Click on another Index Number to add another static route as show below which regulates all packets destined to 211 100 88 0 will be forwarded to 192 168 1 3 Click OK LAN gt Static Route Setup Index No 2 Enable Destination IP Address Subnet Mask 255 255 255 0 Gateway IP Address Network Interface LANT Dray Te k 171 Vigor2925 Series User s Guide 4 Go to Diagnostics and choose Routing Table to verify current routing table Diagnostics gt gt View Routing Table Current Running Routing Table IPv6 Routing Table Refresh r C connected 5 static R RIP default private 192 168 10 07 255 255 255 0 via 192 168 1 2 192 168 1 0 255 255 255 0 directly connected 211 100 88 07 255 255 255 0 Via 192 168 1 3 4 2 4 VLAN With the 5 port Gigabit switch on the LAN side Vigor router provides extremely high speed connectivity for the highest speed local data transfer of any server or local PCs On the wireless equipped model each of the wireless SSIDs can also be grouped within one of the VLANS Tagged VLAN The tagged VLANs 802 1q can mark data with a VLAN identifier This identifier can be carried through an onward Ethernet switch to specific ports The specific VLAN clients can also pick up this identifier as it is just passed to the LAN You can set the priorities for LAN side QoS You can
111. 3 Edit Enable the First Priority for VoIP SIP RTP SIP UDP Port 5060 Default 5060 Available settings are explained as follows Item Description General Setup Index Display the WAN interface number that you can edit Status Display if the WAN interface is available for such function or not Bandwidth Display the inbound and outbound bandwidth setting for the WAN interface Direction Display which direction that such function will influence Class 1 Class2 Class 3 Others Display the bandwidth percentage for each class UDP Bandwidth Control Display the UDP bandwidth control is enabled or not Online Statistics Display an online statistics for quality of service for your reference Setup Allow to configure general QoS setting for WAN interface Class Rule Index Display the class number that you can edit Name Display the name of the class Rule Allow to configure detailed settings for the selected Class Service Type Allow to configure detailed settings for the service type Enable the First Priority When this feature is enabled the VoIP SIP UDP packets will for VoIP SIP RTP be sent with highest priority SIP UDP Port Set a port number used for SIP Dr ay Tek 267 Vigor2925 Series User s Guide This page displays the QoS settings result of the WAN interface Click the Setup link to access into next page for the general setup of WAN interface As to class rule simply click the E
112. 379 4 16 4 USB Disk Status 00 0 0 cece ccccssssssseeeeeeeeeeeeeeeeeeeeaaeeeaesessseeeeeeeeeeseessaaasesseseseeeeeeeeeeeees 379 4 16 5 Temperature SONSOM ccccsssssssseeeceeeeeeeceeeeeeeaaeeseseeeeeeeeeeeeeeeeeaaaausgsedeeeeeeeeeeeeessnaaaaas 381 4 16 6 Modem Support LiSt ccccccecccceeeseesseeeeeeeeeeeeeeeeeeeeeeeessaeeeseeeeesssseaaeeeeeeesssaaageeeeees 382 4 17 System AMC ANG sssrinin erinadi ea a a a i cea dsnanclnetecsuicemandinenonsienmers 383 AM AM DY e EEE e E E E E E E E E E E T 383 Mae a OO E E E E E E E EE E PEE A I E 385 4 17 3 Administrator Password ican xa srerecemetannccuasrcrsinsteiasunetuasanseal nina esumesiuyeiernont cred ebutetabeiiads 386 4 17 4 User Password exis ingnvasscimedavn ixasseusnsatsregederateteiasmiaisnetuvasah dininin iinan idinan niaii fra edeneranoauads 387 4 17 5 Login Page ale CUNO to otumasuoacanarodanexsruian seaadats san sentonaateandastadadanatntnaneueayactsrainietatstouan 390 4 17 6 GOlmMOUPatlOn BACKUD cisececsezenensadtacavenatenccaadincacscescaanandieasatecd acadaaeSextesadjesanngsuenecgaddecaces 392 AAT SY SIOO Mail AIET enssins qudl cations Eaa a Ea aai 394 A4179 Mme and Dalo airera raua E i a a eE 397 EAT T OIE a e A E E E E saaloususeetessnanicaioss 398 ATO Maagen aE EEEE E O EE EEE TOEA I E EEE 400 41711 FREDO 0 yS Cll een e E E E E E 402 4 17 12 Firmware Upgrade viccatassenixneacioranransnectiaceunaeunneiaves taaileacumasitnaladaisunnt ehailniwnatsntenl aceunacuanae 403 ANEW B
113. 4 Dr ay Tek 1 2 2 For Vigor2925n py oe Vd Tool Vigor2925n ae Wrote ss LAF i i OWOFFIWPS act WANI QoS saana use WANE a ee Dual WAN Security Router USB WAN WEF Factory i g n i Riese WLAN VPM DMZ 7 a 5 LED Status WAND LAN i Explanation ACT Activity Blinking Off USB n Blinking On Blinking WLAN WANI WAN2 On S mh Blinking VPN QoS WCF gt 5 Q 5 DMZ 5 Blinking LED on Connector Left WANI LED wae Blinking Right LED Off Left LANI LED Off LANS Blinking On Off Right LED Dray Tek The router is powered on and running normally The router is powered off USB device is connected and ready for use The data is transmitting Wireless access point is ready It will blink slowly while wireless traffic goes through ACT and WLAN LEDs blink quickly and simultaneously when WPS is working and will return to normal condition after two minutes You need to setup WPS within 2 minutes Internet connection is ready Internet connection is not ready The data is transmitting The VPN tunnel is active The QoS function is active The Web Content Filter is active It is enabled from Firewall gt gt General Setup The DMZ function is enabled The DMZ function is disabled The data is transmitting The port is connected The port is disconnected The data is transmitting The port is connected with 1000Mbps The por
114. 4 Type the static Pv4 address for the remote server Address 6in4 IPv6 Address Type the static IPv6 address for Pv4 tunnel with the value for prefix length LAN Routed Prefix Type the static IPv6 address for LAN routing with the value for prefix length Tunnel TTL Type the number for the data lifetime in tunnel After finished the above settings click OK to save the settings Dr ay Tek 147 Vigor2925 Series User s Guide Below shows an example for successful IPv6 connection based on 6in4 Static Tunnel mode Online Status Physical Connection System Uptime Oday 0 4 16 IPv4 IPv6 LAN Status IP Address 2001 4DD0 FFO0 83E4 21D AAFF FE83 11B64 64 Global FE80 21D AAFF FE83 11B4 64 Link TA Packets RX Packets TA Bytes 80 1244 WAN1 IPv6 Status Enable Mode Up Time 6in4 Static Tunnel 0 04 07 Gateway IP 2001 4DD0 FF10 83E4 2131 64 Global FE80 COA8 651D 128 Link TA Packets RX Packets TX Bytes RX Bytes 3 26 11 2302 Details Page for IPv6 6rd in WAN1 WAN2 This type allows you to setup 6rd for WAN interface WAN 1 PPPoE Static or Dynamic IP PPTP L2TP IPv6 Internet Access Mode Connection Type 6rd a 6rd Settings 6rd Mode Auto 6rd Static 6rd Static 6rd Settings IPv4 Border Relay 192 168 101 111 IPv4 Mask Length 0 6rd Prefix 2001 E41 6rd Prefix Length 32 OK Cancel Available settings are explained as follows Item Description 6rd Mode Auto 6rd Retrieve 6rd prefix auto
115. 400 Accounts Index WAN Interface Domain Name Active ie WAN First x 2 WAN First x a WANT First x Available settings are explained as follows Item Description Set to Factory Clear all profiles and recover to factory settings Default Enable Dynamic Check this box to enable DDNS function DNS Setup View Log Display DDNS log status Force Update Force the router updates its information to DDNS server Auto Update Set the time for the router to perform auto update for DDNS interval Service Index Click the number below Index to access into the setting page of DDNS setup to set account s WAN Interface Display the WAN interface used Domain Name Display the domain name that you set on the setting page of DDNS setup Active Display if this account is active or inactive 3 Select Index number 1 to add an account for the router Check Enable Dynamic DNS Account and choose correct Service Provider dyndns org type the registered hostname hostname and domain name suffix dyndns org in the Domain Name block The following two blocks should be typed your account Login Name test and Password test Dr ay Te k 275 Vigor2925 Series User s Guide Applications gt Dynamic DNS Setup gt Dynamic DONS Account Setup Index 1 Enable Dynamic DNS Account WAN Interface Service Provider Service Type Domain Name Login Name Password O Wildcards Ol Backup Mx Mail Extender Determine Real WAN IP WAN First dyndns org
116. 716 ms 64 bytes from 192 165 171 temp segqes ttl 255 timesh 731 me from 192 160 1 1 temp seg 4 thl 255 tinesh 72 fie 197 1661 9 prifig statistics F packet troansiitted 5 packets recerved packet loss rourd trip win ava mas B 697 E 7425 8 755 M Vigorid draytek f 5 4 Checking If the ISP Settings are OK or Not Open WAN gt gt Internet Access page and then check whether the ISP settings are set correctly Click Details Page of WAN1 WANS3 to review the settings that you configured previously WAN gt Internet Access Internet Access Index DisplayName Physical Mode WANT Ethernet Static or Dynamic IP v Details Page None WAN Ethernet PPPoE Static or Dynamic IP l otiak HAR PPTF L2TP Note Only one WAN can support IPv 5 5 Problems for 3G Network Connection When you have trouble in using 3G network transmission please check the following Check if USB LED lights on or off You have to wait about 15 seconds after inserting 3G USB Modem into your Vigor2925 Later the USB LED will light on which means the installation of USB Modem is successful If the USB LED does not light on please remove and reinsert the modem again If it still fails restart Vigor2925 USB LED lights on but the network connection does not work Check the PIN Code of SIM card is disabled or not Please use the utility of 3G USB Modem to disable PIN code and try again If it still fails it might be the complianc
117. AN and LAN When you finish the configuration please click OK to save and exit this page Vigor2925 Series User s Guide 158 Dr ay Tek Details Page for LAN1 Ethernet TCP IP and DHCP Setup There are two configuration pages for LAN1 Ethernet TCP IP and DHCP Setup based on IPv4 and IPv6 Setup Click the tab for each type and refer to the following explanations for detailed information LAN gt General Setup LAN 1 Ethernet TCP IP and DHCP Setup LAN 1 IPv6 Setup Network Configuration For NAT Usage DHCP Server Configuration Enable Server Disable Server IP Address 192 168 1 1 C Enable Relay Agent Subnet Mask 255 255 255 0 Start IP Address 19 168 1 10 IP Pool Counts 50 Gateway IP Address 192 168 1 1 RIF Protocol Control Lease Time 259200 s DNS Server IP Address Primary IP Address Secondary IP Address Mil Available settings are explained as follows Dray Tek Item Network Configuration DHCP Server Configuration Description For NAT Usage IP Address Type in private IP address for connecting to a local private network Default 192 168 1 1 Subnet Mask Type in an address code that determines the size of the network Default 255 255 255 0 24 RIP Protocol Control Disable deactivate the RIP protocol It will lead to a stoppage of the exchange of routing information between routers Default Enable activate the RIP protocol DHCP stands for Dynamic Host
118. AVC UV OM aE E stotdaedasuaeusnacganetonnbdacssasatesseesdannestadens 404 AMO MONO S CS t can sancecanttretstivadscununcuadesinasdwsiansse tnciccUmiusinsuaieissiaescmesatnduce teres functdesaaevetemumsatneen 405 4 18 1 Dial out Triggering xisisccsncsesswsccndnswosciiccamninncbacuvalesalncwendnsunsiondl aana ETERNE AAA ANATINAE 406 4 18 2 Routing Table sereo E A E a 407 A 18 3 ARP Cache Table nirna e E ERE Eaa 408 A AGA IPVG NCIQGNDOUN Tale esii E E 408 71a so DAOP TDG Ree eee ne ee ee Oc ee ee eee ee 409 Ae 19 6 NAT DeCSSIONS Table sunno a a nactateace seen 410 Aao FNO AIO SIG saa a E E sasuceata qustialtnenobaend 411 A 1o o Ale FOW MONO erse uisccladl edi len Gutenan aan sandnatiionvesianutucans 412 Bees Mele Ale e E E E E E 414 A10 10 Tace ROU Goan rT ee i 415 AASA oy O EXPO O ee a a e a val adessevaVacnes 416 41812 IPVO TOPO SAS ans eT T ra 417 Vigor2925 Series User s Guide x Dr ay Tek 4 19 External Devices xicicdenacaicwesesocetimtebaeweatceeraociaceiutluaisiouves steeedensieneeedegaoedeasnendadeuneniaesaseneednacnied 418 TAIDE O eee ne ee ne eee 418 4 19 2 Access Point Devices sri cavesrtiandsuneciansanananatannsounisieddduateyasiaocensteanduastaumavanstantnasSsuawakdaadee 419 Trouble Shooting ssssssnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn nnmnnn 426 5 1 Checking If the Hardware Status Is OK or NoOb cccccccccececseseeeeeeeeeeeeeesaeeseeeeeeesauaaaeeeeeeess 426 5 2 Checking If the Network Connection
119. Bandwidth Management gt gt Quality of Service Bandwidth Management gt Quality of Service General Setup Setto Factory Default UDP Index Status Bandwidth Direction Class Class Class Others Bandwidth Onl ine 1 2 3 Danii Statistics WAN1 Disable 101060 00Kbps 98180 00Kbps 25 25 2556 25 Inactive Status Setup WAN Disable 100000Kbps 100000Kbps 25 25 25 25 Inactive Status Setup WANS Disable 100000Kbps 100000Kbps 25 25 25 25 Inactive Status Setup Class Rule Index Name Rule Service Type Class 1 Edit Class 2 Edit Edit Class 3 dit 2 Click Setup link of WAN 1 2 3 Make sure the QoS Control on the left corner is checked And select BOTH in Direction Bandwidth Management gt gt Quality of Service WAN General Setup Enable the QoS Control WAN Inboun WAN Outbo ir 3 Set Inbound Outbound bandwidth Bandwidth Management gt Quality of Service WAN General Setup Enable the Qo5 Control BOTH WAN Inbound Bandwidth 100000 Kbps WAN Outbound Bandwidth 100000 Kbps Index Class Name Reserved_bandwidth Ratio Class 1 VoIP 25 ee Note The rate of outbound inbound must be smaller than the real bandwidth to ensure correct calculation of QoS It is suggested to set the bandwidth value for inbound outbound as 80 85 of physical network speed provided by ISP to maximize the QoS performance Vigor2925 Series User s Guide 72 Dray Tek Return to previous page Enter the Name of Index Class 1 b
120. C Reset WLAN VPN DMZ Vt USB WAN E LAN y Load BalanceRoute Po ic System Information a 0 0 41 ystem Status rom a S Router Name C fCunentime 2000an 1 Sak 00 55 Dynamnic DNS User Management _ Oct 9 2013 16 02 43 TR 069 Objects Setting k LAN MAC Address 00 1D AA AC 19 C8 User Management CSM BS IM P2P Block Bandwidth Management IPv4 internet Access Applications a Line Mode IP Address MAC Address UpTime VPN and Renate _WAN1__ Ethernet Disconnected __ 00 1D AA AC 19 C9 giaa a i WAN2 _ Ethernet Disconnected ___ 00 1D AA AC 19 CA SSL VPN 4 wans Q0 1D A4 AC 19 CB USB Application y System Maintenance IPv6 Internet Access Diagnostics K Mode _ _________ Address Scope UpTime External Devices a LAN RADVD DHCPv6 FE8O0 21D AAFF FEAC 19C8 64 Link _ q interface Product Registration WAN i all Rigel FEE 0 oLANI N LANS Connected 0 USB 1 og Mail Alert irewall Object Setting Data Flow Monitor Connected 0 WAN 1 WAN WANS lt iii gt 4 1 WAN Quick Start Wizard offers user an easy method to quick setup the connection mode for the router Moreover if you want to adjust more settings for different WAN modes please go to WAN group 4 1 1 Basics of Internet Protocol IP Network IP means Internet Protocol Every device in an IP based Network including routers print server and host PCs needs an IP address to
121. C ins 3 O 19 777 d ra 77 a P 20 777 C E 5 777 Fi A 21 277 C 6 oO 22 d I eee O rin 3 E F m 3 Click any index number to open the configuration page Type a name which is easy for identification for such profile in this case type VPN Client and check the box of Enable This Profile For such Vigor router will be set as a client the call direction shall be set as Dial out Check the box of Always on for a permanent VPN connection VPN and Remote Access gt gt LAN to LAN Profile Index 1 1 Common Settings Call Direction Both Dial Out Dial in Profile Name VPN Client a Idle Timeout 1 second s VPN Dial Out Through WANT First O Enable PING to keep alive Netbios Naming Packet Pass Block PING to the IP tS Multicast via VPN Pass Block for some IGMP IP Camera DHCP Relay etc Enable this profile Vigor2925 Series User s Guide 66 Dr ay Tek 4 Now navigate to the next section Dial Out Settings to select the PSec Tunnel service and type the remote server P host name e g 218 242 133 91 in this case Press the IKE Pre Shared Key button to set the PSK and select Medium AH or High ESP as the security method 2 Dial Out Settings Type of Server am calling Username 77 PPTP Password f IPsec Tunnel PPP Authentication P CHA L2TP with IPsec Policy VJ Compression On Off Server IP Host Name for VPN IKE Authenticatio
122. Default Rule tab Choose the profile just configured from the drop down list in the field of URL Content Filter Now users cannot open any web page with the word facebook inside Firewall gt gt General Setup General Setup General Setup Actions for default rule Application Filter Sessions Control Quality of Service Load Balance policy User Management APP Enforcement Web Content Filter Advance Setting URL Content Filter 101 Action Profile Pass y 60000 None o m e Auto Select None k None 2tace apps fig ea Syslog Vigor2925 Series User s Guide 3 12 How to Setup Address Mapping Address Mapping is used to map a specified private IP or a range of private IPs of NAT subnet into a specified WAN IP or WAN IP alias IP Refer to the following figure Group 1 192 168 20 X Host 1 192 168 1 23 WAN1 202 211 100 10 er Host 2 E i 192 168 1 100 ee WAN2 a 203 98 200 10 Host 3 192 168 1 56 Groupi maps to WAN1 Host 1 maps to WAN1 Host 2 maps to WAN1 alias Host 3 maps to WAN2 Suppose the WAN settings for a router are configured as follows WANT 202 211 100 10 WAN1 alias 202 211 100 11 WAN 203 98 200 10 Without address mapping feature when a NAT host with an IP say 192 168 1 10 sends a packet to the WAN side or the Internet the source address of the NAT host will be mapped into either
123. Dray Te k 353 Vigor2925 Series User s Guide 4 14 6 WDS WDS means Wireless Distribution System It is a protocol for connecting two access points AP wirelessly Usually it can be used for the following application Provide bridge traffic between two LANs through the air Extend the coverage range of a WLAN To meet the above requirement two WDS modes are implemented in Vigor router One is Bridge the other is Repeater Below shows the function of WDS bridge interface LANS LAN1 LAN2 The application for the WDS Repeater mode is depicted as below Host with Host with Host with bridge Interface 1 repeater Interface bridge Interface 2 v Y a e gt nns ass ss ses we wow wwe The major difference between these two modes is that while in Repeater mode the packets received from one peer AP can be repeated to another peer AP through WDS links Yet in Vigor2925 Series User s Guide 334 Dr ay Te k Bridge mode packets received from a WDS link will only be forwarded to local wired or wireless hosts In other words only Repeater mode can do WDS to WDS packet forwarding In the following examples hosts connected to Bridge 1 or 3 can communicate with hosts connected to Bridge 2 through WDS links However hosts connected to Bridge 1 CANNOT communicate with hosts connected to Bridge 3 through Bridge 2 Host with Host with _ Host with bridge Interface 1 bridge Interfa
124. E Static or Dynamic IP PPTP L2TP IPv6 Enable Disable PPP MP Setup PPP Authentication PAP or CHAP sa Idle Timeout ao second s Username fe IP Address Assignment Method IPCP Index 1 15 in Schedule Setup Fixed IP Yes No Dynamic IP b ft Fixed IP Address fF WAN Connection Detection Default MAC Address Mode Specify a MAC Address Ping IP sid MAC Address oo 10 aa fas B7 Jea TIL aiis Max 1492 Available settings are explained as follows Item Description Enable Disable Click Enable for activating this function If you click Disable this function will be closed and all the settings that you adjusted in this page will be invalid ISP Access Setup Enter your allocated username password and authentication parameters according to the information provided by your ISP Username Type in the username provided by ISP in this field The maximum length of the user name you can set is 63 characters Vigor2925 Series User s Guide 132 Dr ay Tek Password Type in the password provided by ISP in this field The maximum length of the password you can set is 62 characters Index 1 15 in Schedule Setup You can type in four sets of time schedule for your request All the schedules can be set previously in Application gt gt Schedule web page and you can use the number that you have set in that web page WAN Connection Such function allows you to verify whether net
125. Enable or Disable profile name member or member2 Delete Click this button to delete the selected VPN TRUNK profile The corresponding members LAN to LAN profiles grouped in the deleted VPN TRUNK profile will be released and that profiles in LAN to LAN will be displayed in black Time for activating VPN TRUNK VPN Backup mechanism profile VPN TRUNK VPN Backup mechanism will be activated automatically after the initial connection of single VPN Tunnel off line The content in Member1 2 within VPN TRUNK VPN Backup mechanism backup profile is similar to dial out profile configured in LAN to LAN web page VPN TRUNK VPN Backup mechanism backup profile will process and handle everything unless it is off line once it is activated Time for activating VPN TRUNK VPN Load Balance mechanism profile After finishing the connection for one tunnel the other tunnel will dial out automatically within two seconds Therefore you can choose any one of members under VPN Load Balance for dialing out Time for activating VPN TRUNK Dial out when VPN Load Balance Disconnected For there is one Tunnel created and connected successfully to keep the load balance effect between two tunnels auto dial will be executed within two seconds To close two tunnels of load balance after connecting please click Disable for Status in General Setup field How can you set a VPN TRUNK VPN Backup Load Balance mechanism profile 1 First of
126. Ethernet Disconnected 00 1D AA AC 19 C9 eben wan ethernet Disconnected 00 1D AA AC 19 CA RADIUS pee S Cwans fuse Disconnected 00 10 AA AC 19 C8 jock Setting USB Application E System Maintenance IPv6 Internet Access Diagnostics Li Mode Address Cid Scope UpTime External Devices LAN _ RADVD DHCPv6 FES8O 21D AAFF FEAC 19C8 64 Link _ Quick Access em Status Dynamic DNS Interface Product Registration E WAN All Rights Reserved l gom A eee eee 4 bee 3 WLAN Connected 0 Connected 0 USB 1 Connected 0 OWANI OWAN2 WANS Lilt gt Note The home page will be different slightly in accordance with the type of the router you have 5 The web page can be logged out according to the chosen condition The default setting is Auto Logout which means the web configuration system will logout after 5 minutes without any operation Change the setting for your necessity Vigor2925 Series User s Guide 14 Dr ay Te k 2 2 Changing Password Please change the password for the original security of the router 1 Open a web browser on your PC and type http 192 168 1 1 A pop up window will open to ask for username and password 2 Please type admin admin as Username Password for accessing into the web user interface with admin mode 3 Goto System Maintenance page and choose Administrator Password System Maintenance gt gt Administrator Password Setup Adm
127. FEP PECS T1E 19 BOS iE gt c bey lm oa ay OO TEPEE Pees ABS eS ees eee ee eee eee i FERU 73230 FFFS FECS 4305 16 50 7 c8 43 0 lope a es co LAAL AAL LAAL LEP UZi i Bo Dea io Eia m E A F Gai T LF i T F Gd m m mm m m mm FF ie Wy C 1 aR E F 1 i L TEF FET L F Lebel my l r m mi mo Mi Pa a mi rm mi mi mi pa be m D jt ee DmK a nOg a G Da Fn TS i ea E er i F r Po J 8 bn E B a ter kra C a ad 2i s er 3 F i 20 a2 e ae ak nay Te Pain ATA 33 S33 ff Os A7 3 EPU TE a0 F PUA OP oe ee eee ee ee E dambi T Available settings are explained as follows Item Description Refresh Click it to reload the page Vigor2925 Series User s Guide 408 rr D H co H in oe Refresh m I 1 a oa om in itl bo BD aj aly I i h Dray Tek 4 18 5 DHCP Table The facility provides information on IP address assignments This information is helpful in diagnosing network problems such as IP address conflicts etc Click Diagnostics and click DHCP Table to open the web page Diagnostics gt gt View DHCP Assigned IP Addresses DHCP IP Assignment Table DHCP v6 IP Assignment Table Refresh 192 168 1 1 255 255 255 0 DHCP server On MAC Address Leased Time HOST ID EO CB 4E DA 48 793 70 23 20 carrie 0cTeb251 00 1D AA A8 B7 D Diagnostics gt gt View DHCP Assigned IP Addresses DHEP IP Assignment Table DHCPv6 IP Assignment Table DHCPY6
128. Guide 4 12 3 Remote Access Control Enable the necessary VPN service as you need If you intend to run a VPN server inside your LAN you should disable the VPN service of Vigor Router to allow VPN tunnel pass through as well as the appropriate NAT settings such as DMZ or open port VPN and Remote Access gt gt Remote Access Control Setup Remote Access Control Setup Enable PPTP VPN Service Enable IPSec VPN Service Enable L2TP VPN Service Enable SSL VPN Service Eee a Enable OpenVPN Service Note If you intend running a VPN server inside your LAN you should uncheck the appropriate protocol above to allow pass through as well as the appropriate NAT settings After finishing all the settings here please click OK to save the configuration 4 12 4 PPP General Setup This submenu only applies to PPP related VPN connections such as PPTP L2TP L2TP over IPSec VPN and Remote Access gt gt PPP General Setup PPP General Setup PPP MP Protocol LDAP Server Profiles for PPP Authentication ree me vce al Encryption Mutual Authentication PAP ves No Username f Password fs IP Address Assignment for Dial In Users When DHCP Disable set Assigned IP start LAN 1 LAN 2 Lan 3 192 168 3200 LAN 4 LAN 5 Available settings are explained as follows Item Description Dial In PPP PAP Only elect this option to force the router to Authentication authenticate dial in users with the PAP protocol Vigor2925 Series
129. IP Source IP o DIP Destination IP URLs URL CL Category SRNAME Router Name Available settings are explained as follows Item Description Activate Click it to access into MyVigor for activating WCF service Setup Query Server It is recommended for you to use the default setting auto selected You need to specify a server for categorize searching when you type URL in browser based on the web content filter profile Setup Test Server It is recommended for you to use the default setting auto selected Find more Click it to open http myvigor draytek com for searching another qualified and suitable server Test a site to verify Click this link to do the verification whether it is categorized Set to Factory Default Click this link to retrieve the factory settings Default Message You can type the message manually for your necessity or click this button to get the default message which will be displayed on the field of Administration Message Dr ay Tek 257 Vigor2925 Series User s Guide Cache None the router will check the URL that the user wants to access via WCF precisely however the processing rate is normal Such item can provide the most accurate URL matching L1 the router will check the URL that the user wants to access via WCF If the URL has been accessed previously it will be stored for a short time about 1 second in the router to be accessed quickly if required Such item can
130. Index 1 15 in Schedule Setup Available settings are explained as follows Item Description Common Settings Profile Name Specify a name for the profile of the LAN to LAN connection Enable this profile Check here to activate this profile VPN Dial Out Through Use the drop down menu to choose a proper WAN interface for this profile This setting Vigor2925 Series User s Guide is useful for dial out only 318 Dray Tek Dray Tek 4 WANT First w BVWAN1 First WAN Only WAN First WAN Only WAN Only Backup WAN WAN Only Backup WAN J WANS First WANS Only WANI First WAN2 First WAN3 First While connecting the router will use WAN1 WAN2 WAN3 as the first channel for VPN connection If WANI WAN2 WANS fails the router will use another WAN interface instead WANI Only WAN2 Only WAN 3 Only While connecting the router will use WAN1I WAN2 WAN3 as the only channel for VPN connection WANI Only Backup WAN2 While connecting the router will use WAN2 for VPN connection If WAN fails the router will use backup WAN1 interface instead WAN2 Only Backup WANI While connecting the router will use WAN1 for VPN connection If WANT fails the router will use backup WAN2 interface instead Netbios Naming Packet Pass click it to have an inquiry for data transmission between the hosts located on both sides of VPN Tunnel while connecting Block When there is confl
131. Internet Explorer itp 192 168 1 1 Service Type Edit Service Type User defined Protocol TCP UDP v Source Port W 137 A139 Destination Port 1 65535 Service Group or Service Object or Service Object or Service Object oa To set the service type manually please choose User defined as the Service Type and type them in this dialog In addition if you want to use the service type from defined groups or objects please choose Group and Objects as the Service Type User defined Ls er d efi E d Group and Objects Protocol Specify the protocol s which this filter rule will apply to Source Destination Port when the first and last value are the same it indicates one port when the first and last values are different it indicates a range for the port and available for this service type when the first and last value are the same it indicates all the ports except the port defined here when the first and last values are different it indicates that all the ports except the range defined here are available for this service type gt the port number greater than this value is available lt the port number less than this value is available for this profile Service Group Object Use the drop down list to choose the one that you want Specify the action for fragmented packets And it is used for Data Filter only Don t care
132. K to save and exit this page Vigor2925 Series User s Guide 164 Dr ay Te k Details Page for IP Routed Subnet LAN gt General Setup TCPAP and DHCP Setup for IP Routed Subnet Network Configuration DHCP Server Configuration OEnable Disable Start IP Address fs For Routing Usage IF Pool Counts lo max 32 IP Address 192 168 0 1 Lease Time 250200 s Subnet Mask 255 255 255 0 C Use LAN Port Fi po Use MAC Address RIP Protocol Control a Index Matched MAC Address given IP Address MAC Address HE HW HOR OR Available settings are explained as follows Item Description Network Configuration Enable Disable Click Enable to enable such configuration click Disable to disable such configuration For Routing Usage IP Address Type in private IP address for connecting to a local private network Default 192 168 1 1 Subnet Mask Type in an address code that determines the size of the network Default 255 255 255 0 24 RIP Protocol Control Disable deactivate the RIP protocol It will lead to a stoppage of the exchange of routing information between routers Default Enable activate the RIP protocol DHCP Server DHCP stands for Dynamic Host Configuration Protocol Configuration The router by factory default acts a DHCP server for your network so it automatically dispatch related IP settings to any local user configured as a DHCP client It is highly recommended that you leave the router enab
133. LAN tunnels authenticated without CA via SmartVPN TIE TIL a E E A A A 57 3 3 How can get the files from USB storage device connecting to Vigor router 068 61 3 4 How to Build a LAN to LAN VPN Between Remote Office and Headquarter via IPSec Tunnel FIV IG Soccer patter E E E T T E 64 Dr ay Tek vii Vigor2925 Series User s Guide 3 5 How to Optimize the Bandwidth through QoS Technology cccccccseeeeeeeeeeeeeeeeeeeeeeeeeenes 68 20 OOS CUNG Example ae eh ne nee ee nee ee eee ee ee ee 72 3 7 HOw to USE Landing Page FOALS cainedetacunsadsedwenanQermathlaiwcstsdaietoaiarwaceabaneectncommaaeaweraiean 76 3 8 How to Send a Notification to Specified Phone Number via SMS Service in WAN DISCONNEC UOM eiieou AET E EE E ANRA N 80 3 9 How to Create an Account for MYVIQOS cccccceccseeseceeeeeeeaeeeeseeeeeeeseaeeaeeseeeessaeaeeeeeeeeeeseaas 84 3 9 1 Create an Account via Vigor Router cccccccccseeeeceeeeeeeeeeeeeceeeseeeeesueueeeseesaseeeseesaaeeeess 84 3 9 2 Create an Account via MyVigor Web Site cccccccceeceeeeeeeeeeseeeeeeeeeeeaaeeeeeeeessaaanseeeeeees 88 3 10 How to Configure Certain Computers Accessing to Internet cccccceeessseeeeeeeeeeeeeeeens 92 3 11 How to Block Facebook Service Accessed by the Users via Web Content Filter URL PTS FIST areca screen torent sin eaeen epsnainteat earn enamine agen amioasie aicemanausit nasneeransemnsuaasaranneiacasedsonemeaoneanies 96 3 12 How to
134. Line VigorIPPB 3510 Connection Uptime 00 00 16 IP Address 172 17 3 1 Online Vigor2820 Series Connection Uptime 00 00 16 IP Address 172 17 3 193 OnLine VigorlPPB 3510 Connection Uptime 00 00 16 IP Address 172 17 3 160 Chew f rc twome soon Cereac moaeeoctioe llIntinmna 00m m0 dA When you finished the configuration click OK to save it Note Only DrayTek products can be detected by this function 4 19 2 Access Point Devices Vigor2925 series can be treated as a server named APM server which manages access point devices Basically Vigor2925 series can manage up to 5 devices Access Point treated as a client at one time The access point shall be registered to Vigor2925 series first Then the Status page will display the registered access point automatically when this page is open This page is very convenient for the network administrator to control or modify the managed access point at any time Status The status page can display related information of the registered client such as device name IP address SSID encryption channel the number of the wireless clients firmware version of the access point the accessing password about the managed access point External Device gt gt Access Point Devices Status WLAN Profile Clear Refresh APS00_O0S07RCCOSBC 192 16 6 86 12 APSOO OOSO7RCOLEYS 192 168 86 13 Mote Green Online Red Offline Grey Hidden SSID Available settings are explained as follows
135. MS profiles which will be sent out according to different conditions SMS Provider This page allows you to specify SMS provider who will get the SMS what the content is and when the SMS will be sent Application gt SMS Mail Alert Service SMS Provider Mail Server Setto Factory Default Index SMS Provider Recipient Notify Profile Sschedule 1 15 3 Ld 30 otify_atta Ld fe ee e CE 6 o IL 70 T O o 8 o P n Io 9 IL 10 O 7 fe a Available settings are explained as follows Item Description Index Check the box to enable such profile SMS Provider Use the drop down list to choose SMS service provider You can click SMS Provider link to define the SMS server Dr ay Tek 289 Vigor2925 Series User s Guide Recipient Notify Schedule Type the name of the one who will receive the SMS Use the drop down list to choose a message profile The recipient will get the content stated in the message profile You can click the Notify Profile link to define the content of the SMS Type the schedule number that the SMS will be sent out You can click the Schedule 1 15 link to define the schedule After finishing all the settings here please click OK to save the configuration Mail Server This page allows you to specify Mail Server profile who will get the notification e mail what the content is and when the message will be sent Application gt gt SMS Mail Alert Service SMS Provi
136. Max Transmit Unit for packet The default setting is 1492 PPP Authentication Select PAP only or PAP or CHAP for PPP Idle Timeout Set the timeout for breaking down the Internet after passing through the time without any action WAN IP Alias If you have multiple public IP addresses and would like to utilize them on the WAN interface please use WAN IP Alias You can set up to 8 public IP addresses other than the current one you are using E WANIIF Alias Windows Internet Explorer Sil Eg Je http 192 168 1 Lidochvipalias htn 193 168 1 doch WANT IP Alias Multi NAT Index Enable Aux WAN IP Join NAT IP Pool L ad CI L E ad d Fixed IP Usually ISP dynamically assigns IP address to you each time you connect to it and request In some case your ISP provides service to always assign you the same IP address whenever you request In this case you can fill in this IP address in the Fixed IP field Please contact your ISP before you want to use this function Click Yes to use this function and type in a fixed IP address in the box Fixed IP Address Type a fixed IP address Obtain an IP address automatically Click this button to obtain the IP address automatically 13s DrayTek Specify an IP address Click this radio button to specify some data IP Address Type the IP address Subnet Mask Type the subnet mask After finishing all the settings here please click OK to activate them D
137. Mode is selected in Firewall gt gt General Setup User Management cannot be used any more Please uncheck Transparency Mode first if you want to utilize user management to handle users in LAN WAN or WLAN Dr ay Tek 217 Vigor2925 Series User s Guide 4 7 1 General Setup General Setup can determine the standard rule based or user based for the users controlled by User Management The mode standard selected here will influence the contents of the filter rule s applied to every user User Management gt General Setup General Setup Mode Rule Based Web Authentication HTTPS jS Notice 1 User Management will refer to active rules in Data Filter as whitelists and blacklists in user based firewall mode 2 Users match the above lists will not be required for authentication The firewall rules policy will still valid 3 Otherwise authentication required for users not matched the above lists The firewall rules designated in the user profile s policy will still valid Landing Page Max 255 characters Preview Setto Factory Default lt body stats l gt lt script language jJavascript gt window location http www draytek com lt script gt lt body gt Available settings are explained as follows Item Description Mode There are two modes offered here for you to choose Each mode will bring different filtering effect to the users involved User Based If you choose such mode the router will apply th
138. N IP If the mail server is defined with another name please type the name in this area Such mail server will be used as backup mail exchange If a Vigor router is installed behind any NAT router you can enable such function to locate the real WAN IP When the WAN IP used by Vigor router is private IP this function can detect the public IP used by the NAT router and use the detected IP address for DDNS update There are two methods offered for you to choose Internet IP WAN IP InternetiF l WAN IP If it is selected and the WAN IP of Vigor router is private DDNS update will take place right away Internet IP If it is selected and the WAN IP of Vigor router is private it will be converted to public IP before DDNS update takes place 4 Click OK button to activate the settings You will see your setting has been saved Disable the Function and Clear all Dynamic DNS Accounts In the DDNS setup menu uncheck Enable Dynamic DNS Setup and push Clear All button to disable the function and clear all accounts from the router Delete a Dynamic DNS Account In the DDNS setup menu click the Index number you want to delete and then push Clear All button to delete the account 4 11 2 LAN DNS LAN DNS is a simple version of DNS server It is not necessary for the user to build another DNS server in LAN With such feature the user can configure some services such as ftp www or database with domain name which is easy to
139. NI Down O any WANI Down lt lt 1 10 11 20 21 30 31 40 41 50 gt gt Next gt gt 5 Click Index number 1 and 2 to configure the details After finished the settings click OK to save the settings respectively Load Balance Route Policy Index 1 Enable criteria Protocol any Source IP any Sre IP Start Src IP End r 192 166 1 31 Destination IP Dest IP Start Dest IP End any Destination Port Dest Port Start Dest Port End send to if criteria matched Interface WAN v Interface Address 1 w Gateway IP default gateway O specificgateway more options O Auto Failover To The Other WAN Packet Forwarding to WAN via force NAT force Routing Vigor2925 Series User s Guide 104 Dr ay Te k And Load Balance Route Policy Index 2 Enable criteria Protocol Source IP Destination IP Destination Port send to if criteria matched Interface Interface Address Gateway IP more options any any Src IP Start 192 168 1 100 Src IP End 192 168 1 100 any Dest IP Start Dest IP End any Dest Port Start Dest Port End default gateway specificgateway O Auto Failover To The Other WAN Packet Forwarding to WAN via force NAT force Routing oK Clear Cancel 6 Upon completing the above configuration you have specified the outgoing IP address es for some specific computers Load Balance Route Policy Pol
140. Name fs IM P2P Protocol OTHERS SelectAll Clear Al Support List Action DHS FIP IRC MMTP POPS SNMP SSH SSL TLS My SL Oracle PostgreSgL Informis Available settings are explained as follows Item Description Profile Name Type a name for the CSM profile The maximum length of the name you can set is 15 characters Select All Click it to choose all of the items in this page Clear All Uncheck all the selected boxes Support List Display the all the information name version and note about IM P2P Protocol and others applications that Vigor router supports for APPE function Action Block Block all the packets passing with the settings configured in this page Pass Pass all the packets with the settings configured in this page The profiles configured here can be applied in the Firewall gt gt General Setup and Firewall gt gt Filter Setup pages as the standard for the host s to follow Below shows the items which are categorized under IM Dr ay Tek 249 Vigor2925 Series User s Guide CSM gt APP Enforcement Profile Profile Index 1 Activity Application Login Message File Transfer Game Conferencel Video Voice Other Activities Profile Name IM Par Select All Clesr All Protocol Misc Advanced Management MSN YahooIM AIM lt v5 9 O O O O O O O O O Oo F O O O o O ICQ IM Application VoIP DAIM6 7 O GoogleChat OQnext O gy T O XFire O
141. No Strict no limitation Choose one of the QoS rules to be applied as firewall rule For detailed information of setting QoS please refer to the related section later Choose the WAN interface for applying Policy Route Such item is available only when Rule Based is selected in User Management gt gt General Setup The general firewall rule will be applied to the user user group all users specified here User Object Create New User User Group Create Mew Group ALL Note When there is no user profile or group profile existed Create New User or Create New Group item will appear for you to click to create a new one Select an APP Enforcement profile for global IM P2P application blocking If there is no profile for you to select please choose Create New from the drop down list in this page to create a new profile All the hosts in LAN must follow the standard configured in the APP Enforcement profile selected here For detailed information refer to the section of APP Enforcement profile setup For 209 Vigor2925 Series User s Guide URL Content Filter URL Content Filter Web Content Filter Advance Setting Vigor2925 Series User s Guide troubleshooting needs you can specify to record information for IM P2P by checking the Log box It will be sent to Syslog server Please refer to section Syslog Mail Alert for more detailed information Select one of the URL Content Filter profile settings crea
142. OK to save the settings Vigor2925 Series User s Guide 78 Dr ay Te k 5 Dray Tek User Management gt User Profile Profile Index 3 Enable this account User Name Password Confirm Password Idle Timeout Max User Login External Server Authentication Log Pop Browser Tracking Window Authentication Landing Page Enable Time Quota Indexf1 15 in Schedule Setup min s O Unlimited O Unlimited Web Alert Tool Telnet min s Refresh more mints 4 Open any browser e g FireFox Internet Explorer The logging page will appear and asks for username and password Please type the correct username and password Username Password Copyright GrayTek Corp All Rights Reserve www draytek com Za NDS ea l j D DiayTek Cop Headquarter A CI DiayTek Group O ME O B Dray Tek ES What s New gt DrayTek Milestone Development for Reliable IP based Network gt gt more Awards Reviews gt DrayTek VigorlPPBX 2820 got the positive review by MREZA magazine in Croatia gt gt more Events WEXPy DrayTek Unveils Latest Solutions for Next Generation Networks at C fi www draytek com user index php 7Lang en US New Homepage About DrayTek Solutions GBIT Click Login If the logging is successful you will be directed into the website of e 7 aa 7 l i amp 4 J 4 A ei Sg K 4a AO AN ei s ta v UNE wl Fe A O abe MyVigor Login Globa
143. ORIZED TO DOWNLOAD OR USE THIS SOFTWARE 1 Scope hawe read and accept the above Agreement Please check this box 11 When this page appears click Register a search vy Apply For A License Number About Us Product My Information Serice Name WCF VigorACS SI STEP 2 Puare Activation Date MM DD YYYY 03 16 2011 Customer Survey 12 Wait for a moment until the following page appears DrayTek Service Activation Service Name Start Date Expire Date Status Web Content filter 2011 03 28 011 04 27 Commtouch Please check if the license fits with the service provider of your signature To ensure normal operation for your router update your signature again is recommended Copyright amp DrayTek Corp All Rights Reserved Close 13 Click Close Vigor2925 Series User s Guide 46 Dr ay Te k Tutorials and Applications 3 1 How to configure settings for IPv6 Service in Vigor2925 Due to the shortage of IPv4 address more and more countries use IPv6 to solve the problem However to continually use the original rich resources of IPv4 both IPv6 and IPv4 networks shall communicate for each other via intercommunication mechanism to complete the shifting job from IPv4 to IPv6 gradually At present there are three common types of intercommunication mechanisms Dual Stack The user can use both IPv4 and IPv6 techniques at the same time That means adding an IPv6 stack on t
144. P Index Status Bandwidth Direction Cass Cass Class Others Bandwidth aime 1 2 3 Statistics Control WANI Disable 100000Kbps 100000Kbps Outbound 25 25 25 25 Inactive Status Setup WAN Disable 100000Kbps 100000Kbps Outbound 25 25 25 25 Inactive Status Setup WANS Disable 100000Kbps 100000Kbps 25 245 25 2556 Inactive Status Setup Class Rule Index Name Rule Service Type Class 1 Edit Class 2 Edit Edit Class 3 Edit Enable the First Priority for VoIP SIP RTP SIP UDP Port 5060 Default 5060 2 After you click the Edit link you will see the following page Bandwidth Management gt gt Quality of Service User Defined Service Type NO Name Protocol Port 1 Empty Add Vigor2925 Series User s Guide 212 Dr ay Te k 3 For adding a new service type click Add to open the following page Bandwidth Management gt Quality of Service Service Type Edit Service Name fe Port Configuration Type Single Range Port Number oo 2 bo Available settings are explained as follows Item Description Service Name Type in a new service for your request The maximum length of the name you can set is 11 characters Service Type Choose the type TCP UDP or TCP UDP or other for the new service Port Configuration Type Click Single or Range as the Type If you select Range you have to type in the starting port
145. P P3 P4 F5 Available settings are explained as follows Item Description Enable IGMP Proxy Check this box to enable this function The application of multicast will be executed through WAN port In addition such function is available in NAT mode WANT IWAN 5 WANG i PWC Enable IGMP Snooping Check this box to enable this function Multicast traffic will be forwarded to ports that have members of that group Disabling IGMP snooping will make multicast traffic treated in the same manner as broadcast traffic Refresh Click this link to renew the working multicast group status Group ID This field displays the ID port for the multicast group The available range for IGMP starts from 224 0 0 0 to 239 255 255 254 P1 to P5 It indicates the LAN port used for the multicast group After finishing all the settings here please click OK to save the configuration Dr ay Tek 287 Vigor2925 Series User s Guide 4 11 8 Wake on LAN A PC client on LAN can be woken up by the router it connects When a user wants to wake up a specified PC through the router he she must type correct MAC address of the specified PC on this web page of Wake on LAN WOL of this router In addition such PC must have installed a network card supporting WOL function By the way WOL function must be set as Enable on the BIOS setting Application gt Wake on LAN Wake on LAN Note Wake on LAN integrates with Bind IP to MAC function only binded
146. P Client Identifier for some ISP Router Name WAN Connection Detection L Enable Ping IP E A TTL Specify an IP address IP Address f MTU Max 1500 Subnet Mask f Gateway IP Address f RIP Protocol C Enable RIP Default MAC Address Specify a MAC Address MAC Address ho Ja Ba Eg DNS Server IP Address Primary IP Address 6 6 8 8 Secondary IP Address 6 6 44 Available settings are explained as follows Dray Tek Item Enable Disable Keep WAN Connection WAN Connection Detection MTU Description Click Enable for activating this function If you click Disable this function will be closed and all the settings that you adjusted in this page will be invalid Normally this function is designed for Dynamic IP environments because some ISPs will drop connections if there is no traffic within certain periods of time Check Enable PING to Keep alive box to activate this function PING to the IP If you enable the PING function please specify the IP address for the system to PING it for keeping alive PING Interval Enter the interval for the system to execute the PING operation Such function allows you to verify whether network connection is alive or not through ARP Detect or Ping Detect Mode Choose ARP Detect or Ping Detect for the system to execute for WAN detection Ping IP If you choose Ping Detect as detection mode you have to type IP address in this field for pingi
147. PCs can wake up through IP Wake by MAC Address w IP Address macaddress f fe 4 Result J y o Available settings are explained as follows Item Description Wake by Two types provide for you to wake up the binded IP If you choose Wake by MAC Address you have to type the correct MAC address of the host in MAC Address boxes If you choose Wake by IP Address you have to choose the correct IP address Wake by MAC Address MAC Address P Address IP Address The IP addresses that have been configured in Firewall gt gt Bind IP to MAC will be shown in this drop down list Choose the IP address from the drop down list that you want to wake up MAC Address Type any one of the MAC address of the bound PCs Wake Up Click this button to wake up the selected IP See the following figure The result will be shown on the box Vigor2925 Series User s Guide 288 Dr ay Tek Application gt gt Wake on LAN Wake on LAN Note Wake on LAN integrates with Bind IP to MAC function only binded PCs can wake up through IP Wake by MAC Address IP Address mac address C YE YK 4 Result Send command to client done 4 11 9 SMS Mail Alert Service The function of SMS Short Message Service Mail Alert is that Vigor router sends a message to user s mobile or e mail box through specified service provider to assist the user knowing the real time abnormal situations Vigor router allows you to set up to 10 S
148. Packets 14 5 Vigor2925 Series User s Guide 52 Dr ay Te k Static IPv6 Choose Static IPv6 Type IPv6 address Prefix Length and Gateway Address WAN gt Internet Access WAN 2 PPPoE Static or Dynamic IF PPTP L2TP Pw internet Access Mode Connection Type Static PVG Static IPvi Address configuration Prefis Length Scope 20U01 BO1L0 7300 201 21D AAFF FEA6 2564 64 Global E 2001 1111 2222 5555 210 AAFF FEA6 2564 64 Global FESO 21D AAFF FEA6B 2564 64 Link Static Pv Gateway configuration IPv6 Gateway Address OK Cancel Click OK and open Online Status If the connection is successful the physical connection will be shows as follows Online Status Physical Connection System Uptime 0 4 2 IPv4 IPvi LAN Status IP Address FESO 210 44FF FES6 2568 64 Link TX Packets RX Packets TX Bytes RX Bytes 4 O aie 0 WAN IPv6 Status Enable Mode Up Time Static IP 6 Gateway IP 2001 BOLO s00 20T 210 oe Tl mS Tore Peo FESO0 210 44FF FE46 2564 64 Link TX Packets RX Packets o 2 Dr ay Tek 53 Vigor2925 Series User s Guide ll Configuring the LAN Settings After finished the WAN settings for IPv6 please configure the LAN settings to make the router s client getting the Pv6 address 1 Access into the web user interface of Viogr2925 Open LAN gt gt General Setup Click the IP v6 button Note Only the subnet of LAN1 supports IPv6
149. S attacks protection IP Filters Depending on whether there is an existing Internet connection or in other words the WAN link status is up or down the IP filter architecture categorizes traffic into two Call Filter and Data Filter Call Filter When there is no existing Internet connection Call Filter is applied to all traffic all of which should be outgoing It will check packets according to the filter rules If legal the packet will pass Then the router shall initiate a call to build the Internet connection and send the packet to Internet Data Filter When there is an existing Internet connection Data Filter is applied to incoming and outgoing traffic It will check packets according to the filter rules If legal the packet will pass the router The following illustrations are flow charts explaining how router will treat incoming traffic and outgoing traffic respectively Outgoing Traffic Vigor2925 Series User s Guide 198 Dr ay Te k Stateful Packet Inspection SPI Stateful inspection is a firewall architecture that works at the network layer Unlike legacy static packet filtering which examines a packet based on the information in its header stateful inspection builds up a state machine to track each connection traversing all interfaces of the firewall and makes sure they are valid The stateful firewall of Vigor router not just examine the header information also monitor the state of the co
150. SSID The default name will be displayed Change the SSID if it is required Next choose LAN A or LAN B as the subnet If required you can check the box of Hide SSID Then it will not be recognized by wireless station when the user tries to search the Access Point for connection VLAN Type the value for such SSID Packets transferred from such SSID to LAN will be tagged with the number Isolate From LAN Check this box to make the wireless clients stations with the same SSID not accessing for Dr ay Tek 423 Vigor2925 Series User s Guide Security Setting Access Control Vigor2925 Series User s Guide wired PC in LAN Isolate From Member Check this box to make the wireless clients stations with the same SSID not accessing for each other Disable There are several modes provided for you to choose WPA Algorithm Select TKIP AES or TKIP AES as the algorithm for WPA Such feature is available for WPA2 802 1x WPA 802 1x WPA PSK or WPA2 PSK or Mixed WPA WPA2 PSK mode Pass Phrase Either 8 63 ASCII characters such as 012345678 or 64 Hexadecimal digits leading by Ox such as 0x321253abcde Such feature is available for WPA PSK or WPA2 PSK or Mixed WPA WPA2 PSK mode Key Renewal Interval Either 8 63 ASCII characters such as 012345678 or 64 Hexadecimal digits leading by Ox such as 0x321253abcde Such feature is available for WPA PSK or WPA2 PSK or Mixed WPA WPA2 PSK mode
151. Settings on Your Computer Is OK or Not 427 5 3 Pinging the Router from Your Computer cccccccseeeseeceeeeeecseeeeeeeeeeeseeeeeeeeeeeeeessaaaseeeeeeees 429 5 4 Checking If the ISP Settings are OK or NoOt cccccecceeeeeeeeeeeeeeeeeeeeeeeeeeaaaeeaaneeeeeeeeeeeeeeeees 430 5 5 Problems for 3G Network Connection ccccccccccssseceeeceeeseceeceeeeeeceeeceeeeeeesseeaeecesesaeaeeeess 430 5 6 Backing to Factory Default Setting If Necessary c cecceeceeeeeeeeeeeeeeeeeaaaaeeeeeeeeeeeeeeeeeees 431 5 7 Contacting Your Dealer ccccccccseeeccccceeceeeeeeeceeeeeeaeeseeeeeeeeseseaeseeeeessuaasseeeeeeesssaaaseeeeeeeeees 432 Dr ay Tek xi Vigor2925 Series User s Guide Introduction Vigor2925 series is a VDSL2 router It integrates IP layer QoS NAT session bandwidth management to help users control works well with large bandwidth By adopting hardware based VPN platform and hardware encryption of AES DES 3DES the router increases the performance of VPN greatly and offers several protocols such as IPSec PPTP L2TP with up to 32 VPN tunnels The object based design used in SPI Stateful Packet Inspection firewall allows users to set firewall policy with ease CSM Content Security Management provides users control and management in IM Instant Messenger and P2P Peer to Peer more efficiency than before By the way DoS DDoS prevention and URL Web content filter strengthen the security outsid
152. Setup Address Mapping cccccccccsseccccecccsseeseecceeeeseeeeeecceeeeeseeeaeseeeeeeesseaaseeeeeeees 102 3 13 How to Setup Load Balance for Packets ccccccceseccceeeeceeeeseeeeeeeeeseeeeeeeeeeeeseaaaeeeeeeees 106 3 14 How to Authenticate Clients via User Manageme n ccccccsseeeceeeeseeeeeeeeeeeeeeeesaeeeeees 108 210 THOU LOM Se DN Files E E a esas osaesisec ao sane soceue cc beceseuecoaeees 118 3 1 aie to use AP Management function in Vigor2925 to check AP status and deploy aie BONUS asters arcane cet wn ele pn E E psn tania EEE E E E E T E 4 1 1 Basics of Internet Protocol IP N tWOrk cccccccseeeeeeeeseeeeeeeeeeseeeeeeeseaseesaaeeeseaaaeess 125 41 2 Generdl SO WID see ixccasecemcasiomenecdaneatiaasendeneentinesdeasimasxod aaa ga EE EE Ni 127 4 1 3 Mnemo NCC CSS ceannann a EE r Eae 131 41A M t VLAN saannin ERNA aE 150 Bile WAN BUGG OT mare ioie r E A E E E E 154 Ae CAN ee A A E AE e 155 de FBA e OLAN eaaa E E E 155 2 E E Ee eI AAE E A E A E A A ET 157 M IC ROE eaae E a EEA TETE ER E E ei 167 MANEA N a AE E TTE E a i 172 42S Bnd IP 10 MAC src cacespe se cee saatcesnzmesGascavessuue sass E NERA EE OAN trainin 176 Ao LAN PO MUTO ose 5 ogee sac a rE EENE A EAER EE EE 178 42 7 Web Portal SeU a EE E T eee eee 179 AS Load Balance Route Poly crenna 180 AA NAT E A E A Desa eastaceseeeges es asaetasese 183 4 4 1 Port Redirection cccccecccccceesceeceeeeeeeeeeeceeceeeeeceuseeeseeeceeseusceeseusecess
153. Status gt gt Drop PPP Enable Mode Up Time YES PPF 00208 IP Gateway IP 2001 8010 7300 201 210 44FF FE46 2564 128 Global FE80 90 1400 242 4D52 FESO 10 A4FF FE46 2564 1298 Link DNS IP 2001 E000 168 1 2001 6000 165 12 TX Packets RX Packets TX Bytes RX Bytes F g 54 4 itg Note At present the IPv6 prefix can be acquired via the PPPOE mode connection which is available for the areas such as Taiwan hinet the Netherlands Australia and UK Details Page for IPv6 TSPC in WAN1 WAN2 WAN3 Tunnel setup protocol client TSPC is an application which could help you to connect to IPv6 network easily Please make sure your IPv4 WAN connection is OK and apply one free account from hexago http gogonet gogo6 com page freenet6 account before you try to use TSPC for network connection TSPC would connect to tunnel broker and requests a tunnel according to the specifications inside the configuration file It gets a public IPv6 IP address and an IPv6 prefix from the tunnel broker and then monitors the state of the tunnel in background After getting the IPv6 prefix and starting router advertisement daemon RADVD the PC behind this router can directly connect to IPv6 the Internet WAN gt gt Internet Access WAN 1 PPPoE Static or Dynamic IP PPTP IPv6 Internet Access Mode Connection Type TSPC Configuration Available settings are explained as follows Vigor2925 Series User s Guide 142 Dr ay Te k Item
154. The goal for this is prevent the TCP SYN packets attempt to exhaust the limited resource of Vigor router By default the threshold and timeout values are set to 50 packets per second and 10 seconds respectively That means when 50 packets per second received they will be regarded as attack event and the session will be paused for 10 seconds Check the box to activate the UDP flood defense function Once detecting the Threshold of the UDP packets from the Internet has exceeded the defined value the Vigor router 213 Vigor2925 Series User s Guide Enable ICMP flood defense Enable PortScan detection Block IP options Block Land Block Smurf Block trace router Block SYN fragment Block Fraggle Attack Vigor2925 Series User s Guide will start to randomly discard the subsequent UDP packets for a period defined in Timeout The default setting for threshold and timeout are 150 packets per second and 10 seconds respectively That means when 150 packets per second received they will be regarded as attack event and the session will be paused for 10 seconds Check the box to activate the ICMP flood defense function Similar to the UDP flood defense function once if the Threshold of ICMP packets from Internet has exceeded the defined value the router will discard the ICMP echo requests coming from the Internet The default setting for threshold and timeout are 50 packets per second and 10 seconds r
155. Time Setup is working properly Configure the PPPoE always on from 9 00 to 18 00 for whole week Configure the Force Down from 18 00 to next day 9 00 for whole week oF i a Assign these two profiles to the PPPoE Internet access profile Now the PPPoE Internet connection will follow the schedule order to perform Force On or Force Down action according to the time plan that has been pre defined in the schedule profiles Dray Te k 281 Vigor2925 Series User s Guide 4 11 4 RADIUS Remote Authentication Dial In User Service RADIUS is a security authentication client server protocol that supports authentication authorization and accounting which is widely used by Internet service providers It is the most common method of authenticating and authorizing dial up and tunneled network users The built in RADIUS client feature enables the router to assist the remote dial in user or a wireless station and the RADIUS server in performing mutual authentication It enables centralized remote access authentication for network management Applications gt gt RADIUS RADIUS Setup Server IP Address Destination Port 1812 Available settings are explained as follows Item Description Enable Check to enable RADIUS client feature Server IP Address Enter the IP address of RADIUS server Destination Port The UDP port number that the RADIUS server is using The default value is 1812 based on RFC 2138 Shared Secret The RADIUS server
156. User s Guide 296 Dr ay Tek When you choose IPSec you will see the following graphic VPN and Remote Access gt gt VPN Client Wizard VPN Client IPsec Settings Profile Name 7T VPN Dial Out Through L Always on Server IP Host Name for VPN e g draytek com or 123 45 67 89 IKE Authentication Method Pre Shared Key Confirm Pre Shared Key Digital Signature x 509 Peer ID Local ID Alternative Subject Name First Subject Name First Local Certificate IPsec Securily Melhud Medium AH High ESP Remote Network IP Remote Network Mask When you choose L2TP you will see the following graphic VPN and Remote Access gt gt VPN Client Wizard VPN Client L2TP Settings Profile Name VPN Dial Out Through WAN First LI Always on Server IP Host Name for VPN e g draytek com or 123 45 67 89 Username Password Remote Network IP Remote Network Mask 255 255 255 0 Tl Dray Tek 297 Vigor2925 Series User s Guide When you choose L2TP over IPSec Nice to Have or L2TP over IPSec Must you will see the following graphic VPN and Remote Access gt gt VPN Client Wizard VPN Client L2TP over IPsec Nice to Have Settings Profile Name VPN Dial Qut Through O Always on Server IP Host Name for VPN e g draytek com or 123 45 67 89 IKE Authentication Method Pre Shared Key Confirm Pre Shared Key Digital Signature X 509 Peer ID Local ID Alternative Subject Name Fir
157. User s Guide 306 Dr ay Te k Dray Tek Dial In PPP Encryption MPPE Mutual Authentication PAP Assigned IP Start LDAP Server Profiles for PPP Authentication PAP or CHAP Selecting this option means the router will attempt to authenticate dial in users with the CHAP protocol first If the dial in user does not support this protocol it will fall back to use the PAP protocol for authentication Optional MPPE This option represents that the MPPE encryption method will be optionally employed in the router for the remote dial in user If the remote dial in user does not support the MPPE encryption algorithm the router will transmit no MPPE encrypted packets Otherwise the MPPE encryption scheme will be used to encrypt the data Optional MPPE Optional MPPE Require MPPE40 128 bit Maximum MPPE 268 bit Require MPPE 40 128bits Selecting this option will force the router to encrypt packets by using the MPPE encryption algorithm In addition the remote dial in user will use 40 bit to perform encryption prior to using 128 bit for encryption In other words if 128 bit MPPE encryption method is not available then 40 bit encryption scheme will be applied to encrypt the data Maximum MPPE This option indicates that the router will use the MPPE encryption scheme with maximum bits 128 bit to encrypt the data The Mutual Authentication function is mainly used to communicate with other routers or clients who
158. User s Guide 32 Dr ay Tek Password The wireless mode offered by this wizard is WPA2 PSK The WPA encrypts each frame transmitted from the radio using the key which either PSK Pre Shared Key entered manually in this field below or automatically negotiated via 802 1x authentication Either 8 63 ASCII characters such as 012345678 or 64 Hexadecimal digits leading by Ox such as 0x321253abcde Rate Control It controls the data transmission rate through wireless connection Upload Check Enable and type the transmitting rate for data upload Default value is 30 000 kbps Download Type the transmitting rate for data download Default value is 30 000 kbps Next Click it to get into the next setting page Cancel Exit the wireless wizard without saving any changes 4 After typing the required information click Next 5 The following page will display the configuration summary for wireless setting Wireless Wizard Configuration Summary Basic Wireless Settings Mode Mixedi11b 11g 1in Channel Channel 6 2437MHz2 Host AP Configurations Name OrayTek Guest AP Configurations Status Disabled Name OrayTek Guest Password Y EE E E kk k Hkk k Rate Control Disabled 6 Click Finish to complete the wireless settings configuration Wireless Wizard Wireless Wizard Setup OK Dr ay Tek 33 Vigor2925 Series User s Guide 2 6 Introducing Dashboard Dashboard shows the connection status including Sys
159. VPN connection If WAN fails the router will use backup WAN2 interface instead Check to enable router always keep VPN connection Type the IP address of the server or type the host name for such VPN profile IKE Authentication Method usually applies to those are remote dial in user or node LAN to LAN which uses dynamic IP address and PSec related VPN connections such as L2TP over IPSec and IPSec tunnel Pre Shared Key Specify a key for IKE authentication Confirm Pre Shared Key Confirm the pre shared key Click Digital Signature to invoke this function Peer ID Choose the peer ID selection from the drop down list Local ID Choose Alternative Subject Name First or Subject Name First Local Certificate Use the drop down list to choose one of the certificates for using You have to configure one certificate at least previously in Certificate Management gt gt Local Certificate Otherwise the setting you choose here will not be effective Medium Authentication Header AH means data will be authenticated but not be encrypted By default this option is active High Encapsulating Security Payload ESP means payload data will be encrypted and authenticated You may select encryption algorithm from Data Encryption Standard DES Triple DES 3DES and AES This field is used to authenticate for connection when you select PPTP or L2TP with or without IPSec policy above The length of the use name is
160. Vigor2925 Series User s Guide Channel Hide SSID SSID Isolate Rate Control Vigor2925 Series User s Guide Mixed 11b 11g lini 5 11b Only 11g Only 11n Only 2 4 GHz Mixed 1b 1 1g Mixed l1g 11n i Mixed 1 1 6 11 q 1 ny Means the channel of frequency of the wireless LAN The default channel is 6 You may switch channel if the selected channel is under serious interference If you have no idea of choosing the frequency please select Auto to let system determine for you Channel 6 2443 MHz Auto Channel 1 2412MHz Channel 4 241 MHz Channel 3 2422MHz Channel 4 242 MHz Channel 5 2432MHz Channel 6 2437MHz Channel 7 2442MHz Channel 6 244 MHz Channel 9 2452MHz Channel 10 245 MHz Channel 11 2462MHz Channel 12 2467MHz Channel 13 24 2MHz Check it to prevent from wireless sniffing and make it harder for unauthorized clients or STAs to join your wireless LAN Depending on the wireless utility the user may only see the information except SSID or just cannot see any thing about Vigor wireless router while site surveying The system allows you to set four sets of SSID for different usage In default the first set of SSID will be enabled You can hide it for your necessity Means the identification of the wireless LAN SSID can be any text numbers or various special characters VPN Check this box to make the wireless clients stations with different VPN not accessing for eac
161. _LAN or High Speed Internet Details i Local 4rea Connection Enabled ey a Realtek RTLG139 810x Family Network Connections System Folder The UPnP facility on the router enables UPnP aware applications such as MSN Messenger to discover what are behind a NAT router The application will also learn the external IP address and configure port mappings on the router Subsequently such a facility forwards packets from the external ports of the router to the internal ports used by the application e Broadband Connection on Router Properties EJES Advanced Settings iege i oa General Services Select the services running on your network that Internet users can ACCESS y IP Broadband Connection on Router L Connect to the Internet using Ftp Example menmegr 192 169 29 11 131 35 60654 UDP menmegr 192 168 29 11 7824 13251 UDP m nmegr 192 168 29 11 5789 E3231 TCP Thie connection allows pou to connect to the Internet through a shared connection on another computer Settings it Show icorin notification area when connected Aled Edit cee _ ee Se ee z a The reminder as regards concern about Firewall and UPnP Can t work with Firewall Software Enabling firewall applications on your PC may cause the UPnP function not working properly This is because these applications wil
162. _http _tcp local 2 HP LaserJet 1300 _ipp _tcp local 2 tctseng virtual machine ty _udisks ssh _tcp local 2 tctseng virtual machine 00 0c 29 76 be 24 _workstation _tcp local 2 tomkao desktop 00 0c 29 26 09 5d _workstation _tcp local 3 Open System Maintenance gt gt Management Type a name e g Dray_2925 as the Router Name and click OK System Maintenance gt gt Management IPv4 Management Setup IPv6 Management Setup Router Name Vigor Router Management Port Setup User Define Ports Default Ports Management Access Control Telnet Port Default Allow management from the Internet HTTP Port an Default FTP Server HTTPS Port Default HTTP Server FTP Port Default HTTPS Server Telnet Server 23H Port Default SSH Server Disable PING from the Internet Access List List Subnet Mask 4 Next open Applications gt gt Bonjour Check the service that you want to use via Bonjour Applications gt gt Bonjour Bonjour Setup HTTP Server Telnet Server FIP Server SSH Server LPR Printer Server Vigor2925 Series User s Guide 292 Dr ay Te k 5 Open the DNSSD page again The available items will be changed as the follows It means the Vigor router based on Bonjour protocol is ready to be used as a printer server FTP server SSH Server Telnet Server and HTTP Server chrome dnssd content browser html e B Google DNSSD for Firefox Browser Configuration Options Dia
163. account Note If you have used Service Activation Wizard to activate WCF service you can skip this section WCE adopts the mechanism developed and offered by certain service provider e g DrayTek No matter activating WCF feature or getting a new license for web content filter you have to click Activate to satisfy your request Be aware that service provider matching with Vigor router currently offers a period of time for trial version for users to experiment If you want to purchase a formal edition simply contact with the channel partner or your dealer Click CSM and click Web Content Filter Profile to open the profile setting page The default setting for Setup Query Server Setup Test Server is auto selected You can choose another server for your necessity by clicking Find more to open http myvigor draytek com for searching another qualified and suitable one Vigor2925 Series User s Guide 256 Dr ay Tek CSM gt gt Web Content Filter Profile oO Web Filter License Activate Status Not Activated Setup Query Server auto selected Find more Setup Test Server auto selected Find more Web Content Filter Profile Table Setto Factory Default Profile Name Profile Name Default Z 3 4 Administration Message Max 255 characters Default Message Cache L1 L Cache shodys lt center gt lt hbr gt lt hr gt lt br gt lt p gt The requested Web page lt br gt from 431P lt hr gt to URLS Legend AS
164. act your dealer for advanced help 5 1 Checking If the Hardware Status Is OK or Not Follow the steps below to verify the hardware status 1 Check the power line and WLAN LAN cable connections Refer to 1 3 Hardware Installation for details 2 Turn on the router Make sure the ACT LED blink once per second and the correspondent LAN LED is bright Ira Tol iy A A aranan Wireless LAN 4 ON OFFIWPS ACT WANI QoS nanan WAN2 WCF USB 2 _ Factory Reset WLAN VPN DMZ USB 3 If not it means that there is something wrong with the hardware status Simply back to 1 3 Hardware Installation to execute the hardware installation again And then try again Vigor2925 Series User s Guide 426 Dr ay Te k 5 2 Checking If the Network Connection Settings on Your Computer Is OK or Not Sometimes the link failure occurs due to the wrong network connection settings After trying the above section if the link is stilled failed please do the steps listed below to make sure the network connection settings is OK For Windows The example is based on Windows XP As to the examples for other operation systems please refer to the similar steps or find support notes in www DrayTek com 1 Goto Control Panel and then double click on Network Connections Jetatork Connections 2 Right click on Local Area Connection and click on Properties Disable Status Repair Bridge Connections Create Shortcut
165. address in the boxes and click this button to add Delete Click it to delete the selected MAC address Edit Click it to edit the selected MAC address Cancel Click it to cancel the job of adding deleting and editing When you finish the configuration please click OK to save and exit this page Vigor2925 Series User s Guide 166 Dr ay Tek 4 2 3 Static Route Go to LAN to open setting page and choose Static Route The router offers IPv4 and IPv6 for you to configure the static route Both protocols bring different web pages Static Route for IPv4 LAN gt Static Route Setup IPv4 IPv6 Setto Factory Default View Routing Table Index Destination Address Status Index Destination Address Status i 777 7 6 777 7 2 777 777 7 3 Tre a Pr 4 777 7 9 777 7 45 777 10 777 lt lt 1 10 11 20 21 30 gt Next gt Status w Active x Inactive Empty Available settings are explained as follows Item Description Set to Factory Default Clear all of the settings and return to factory default settings Viewing Routing Table Displays the routing table for your reference Diagnostics gt gt View Routing Table Current Running Routing Table IPv6 Routing Table Refresh Key C connected S static R RIP default private Cc 192 168 1 0 255 255 255 090 directly connected LANi asi Index The number 1 to 30 under Index allows you to open next page to set u
166. ae 2 d sai 18 F n 3 LI ae 19 F e 4 777 d She 20 a d i 5 a8 LI 21 C 6 d nee 22 C i 222 d a 23 2 C o B d ia 24 F gus 9 O 25 277 C 10 oe d a 26 F nee 11 77 LI 27 E 12 LI ae 28 C gui 13 a d ae 29 E a 14 be d aoe 30 2 F 15 P d oe 31 A 16 d ae 32 F lt lt 1 32 33 64 gt gt Next gt gt Note User Accounts need to be added into User Group to enable SSL Portal Login Note There are 64 profiles for configuration but the number of concurrent sessions is up to 25 sessions Click each index to edit one remote user profile Vigor2925 Series User s Guide 368 Dr ay Te k SSL VPN gt Remote Dial in User Index No 1 User account and Authentication Username 777 d i n upan Password Max 19 char oOo pee tance arenes C Enable Mobile One Time Passwords mOTP Allowed Dial In Type PIN Code soe Secret o IPsec Tunnel IKE Authentication Method L2TP with IPsec Policy Pre Shared Key SSL Tunnel d C Digital Signature x 509 C Specify Remote Node Remote Client IP IPsec Security Method orPeerID o Medium AH Netbios Naming Packet Pass Block High ESP DES 3DES AES Multicast via VPN OPass Block Local ID optional fs for some IGMP IP Camera DHCP Relay etc Subnet CO Assign Static IP Address wo d Available set
167. aeataccidedeseessdpaessaeeeatennoasens 349 OA WES a E E E 351 LIEND e E E ets 354 4 14 7 Advanced SOQTUING woes stascedcecacicedesvenseadereadeceevandcedesensedyavenieedixeasdendeceacededdasdendeiaedecea enieeses 357 4 14 8 WMM Configuration cccccssssseseeeceeeeeeeeeeeeeeeeaaeeeesseeeeeeeeeeeeeeeeeaaaaaessedeeeeeeeeeeeeessnaaaaas 359 4149 AF DISCOVOIY sus tatrizonachiuen neo s atin EE AAEE NEEE REES 361 ATA WO Staion S aa E E a 362 A ENF N e E ee ee ee eee ee eee eee 363 4 15 1 General SCtUP ccccccccccccccccenseeesseeeeeeeeeeceeeeeeeaauaueasaceeeeeeeeeeeeeesseeeaaaaseseeeeeeeeeeeseeeesees 363 4 15 2 SSL Web Proxy cccccccccccccsccsseccssssseneeeeeeeeeeeeseseeeecoassssseeeeeeeeeeeceeeessccoasssseseseeeeeeeeeeees 364 4 15 3 SSLAPPICAUON sissen snaa aE aa 365 dA U Sr ACCOUNT cererea raiaws neds uuhiieanancobbhasnabbesatcionausawiignnhenenhiesesdienhaawad 368 A D UO O e E nee ee 372 415 6 Online User StalU isre EEE EEE 374 4 16 USB Application ixcciccas cxnccsnetesencecetiovsdexdaeesseuene deeeseesnndeaksine tiled ebenedsedassmeaednedediadateesiesestoutadesanse 375 4 16 1 USB General SettingS ceeccccccccecesseeseeeeeeeceeaesseeeeeeeeesaeessseeeeeesseaeseeeeeeessaeagseseeees 375 4 16 2 USB User Manageme n cccccccccsssssseeeeeeeceeeeeeeeceeeeeseeseseeeeessseeaaeeeeeeesssaaaaeeeeess 376 4 16 3 File EXPlOrer ccccccccsscccccsseecceseecsaececsesseeessaeeecseaseeessaseeessageeeeseueeessageeessenseessseaes
168. aemon radvd sends Router Advertisement messages specified by RFC 2461 to a local Ethernet LAN periodically and when requested by a node sending a Router Solicitation message These messages are required for IPv6 stateless auto configuration Disable Click it to disable RADVD server Advertisement Lifetime The lifetime associated with the default router in units of seconds It s used to control the lifetime of the prefix The maximum value corresponds to 18 2 hours A lifetime of 0 indicates that the router is not a default router and should not appear on the default router Dray Te k 161 Vigor2925 Series User s Guide list DHCPv6 Server Enable Server Click it to enable DHCPV6 server Configuration DHCPv6 Server could assign IPv6 address to PC according to the Start End IPv6 address configuration Disable Server Click it to disable DHCPvV6 server Start IPv6 Address End IPv6 Address Type the start and end address for IPv6 server DNS Server IPv6 Address Primary DNS Sever Type the IPv6 address for Primary DNS server Secondary DNS Server Type another IPv6 address for DNS server if required Static IPv6 Address IPv6 Address Type static IPv6 address for LAN configuration Prefix Length Type the fixed value for prefix length Add Click it to add a new entry Delete Click it to remove an existed entry Current IPv6 Address Display current used IPv6 addresses Table When you finish the configuration
169. age displays the syslog recorded on the USB storage disk USB Application gt Syslog Explorer Web Syslog USB Syslog Note The syslog will show while the saved syslog file size is over 1MB Folder n a File n a Page n a Log Type n a Time Log Type Message Available settings are explained as follows Item Description Time Display the time of the event occurred Log Type Display the type of the record Message Display the information for each event 4 18 12 IPv6 TSPC Status IPv6 TSPC status web page could help you to diagnose the connection status of TSPC If TSPC has configured properly the router will display the following page when the user connects to tunnel broker successfully Diagnostics gt gt IPv6 TSPC Status WANT WAN WANS Refresh TSPC Enabled TSPC Connection Status Local Endpoint v4 Address 114 44 54 220 Local Endpoint vw Address 001 05c0 1400 000b 0000 0000 0000 1059 Router DNS name 88366666 broker freenet net Remote Endpoint v4 Address Siiri ra li Remote Endpoint v Address 2001 05c0 1400 000b 0000 0000 0000 10b8 Tspc Prefix 2001 05c0 1502 0d00 0000 0000 0000 0000 Tspe Prefixlen 56 Tunnel Broker amsterdam freenet net Tunnel Status Connected Dr ay Tek 417 Vigor2925 Series User s Guide Available settings are explained as follows Item Description Refresh Click this link to refresh this page manually 4 19 External Devices Vigor router can b
170. al Signature x 509 The peer that starts the negotiation proposes all its policies to the remote peer and then remote peer tries to find a highest priority match with its policies Eventually to set up a secure tunnel for IKE Phase 2 gt Phase 2 negotiation IPSec security methods including Authentication Header AH or Encapsulating Security Payload ESP for the following IKE exchange and mutual examination of the secure tunnel establishment There are two encapsulation methods used in IPSec Transport and Tunnel The Transport mode will add the AH ESP payload and use original IP header to encapsulate the data payload only It can just apply to local packet e g L2TP over IPSec The Tunnel mode will not only add the AH ESP payload but also use a new IP header Tunneled IP header to encapsulate the whole original IP packet Authentication Header AH provides data authentication and integrity for IP packets passed between VPN peers This is achieved by a keyed one way hash function to the packet to create a message digest This digest will be put in the AH and transmitted along with packets On the receiving side the peer will perform the same one way hash on the packet and compare the value with the one in the AH it receives Encapsulating Security Payload ESP is a security protocol that provides data confidentiality and protection with optional authentication and replay detection service VPN and Remote Access gt gt IPsec General S
171. all go to VPN and Remote Access gt gt LAN to LAN Set two or more LAN to LAN profiles first that will be used for Member and Member2 If you do not set enough LAN to LAN profiles you cannot operate VPN TRUNK VPN Backup Load Balance mechanism profile management well 2 Access into VPN and Remote Access gt gt VPN TRUNK Management 3 Set one group of VPN TRUNK VPN Backup Load Balance mechanism backup profile by choosing Enable radio button type a name for such profile e g 071023 choose one of the LAN to LAN profiles from Member drop down list choose one of the LAN to LAN profiles from Member2 drop down list and click Add at last General Setup Status Enable Disable Profile Name 07 1023 Memberi Please choose the combination that you want Member Please choose the combination that you want Please choose the combination that you want i i y i r Attribute Mode No Name gt Connect ion lType gt VPN ServerlIP Private Network gt 1 To A PlaceIPSec 192 168 2 25 20 20 20 0 F To B Site IPSec 192 168 2 26 20 20 21 0 Add Edit Delete Dr ay Tek 331 Vigor2925 Series User s Guide 4 Take a look for LAN to LAN profiles Index 1 is chosen as Member index 2 is chosen as Member2 For such reason LAN to LAN profiles of 1 and 2 will be expressed in red to indicate that they are fixed If you delete the VPN TRUNK VPN Backup Load Balance mechanism profile the selected LAN to LAN profiles will be releas
172. ame Otherwise the VPN connection is unable to establish successfully Remote Dial in Main Office Remote User by OpenVPN Installed SmartVPN Client Vigor3200 Series V 3 6 3 OpenVPN General Setup Port 1194 Cipher Algorithm AESIZ8 4 HMAC Algorithm SHAI Certificate Authentication Ei Note The OpenVPN choice supported by Vigor3200 Series can work with Windows Linux and Mac OS For the Windows based PC users can use SmartVPN client to simplify settings in the client devices Note Before configuring settings for OpenVPN you should install SmartVPN Client 4 1 0 1 on your PC and latest firmware version on your Vigor router Dr ay Tek 57 Vigor2925 Series User s Guide Settings for Router Main Office 1 Access into the web user interface of Vigor router 2 Open VPN and Remote Access gt gt OpenVPN General Setup to configure the OpenVPN setting with disabled Certificate Authentication Click OK to save the settings VPN and Remote Access gt gt OpenVPN General Setup OpenVPN General Setup Cipher Algorithm HMAC Algorithm SHAT w Note OpenVPN on vigor only support UDP protocol and TUN device interface currently So please setup corresponding configurations on the client side 3 Open VPN and Remote Access gt gt Remote Dial in User to create a profiles for Dial in User Set the Username e g jos and Password e g jos for OpenVPN Click OK to save the settings VPN an
173. and cannot be changed Commtouch is the web content filter based on Commtouch operated in the worldwide There is a 30 day trial period After trial you can purchase DrayTek s prepared Commtouch GlobalView WCF package from retailing outlets BPjM is WCF for German Speaking users The fragfINN is whitelist for German Speaking users The BPjM is ideal for your family to provide more Internet security for youngsters The fragFINN is designed for protecting kids from inadequate web sites More info is available at http www draytek de jugendschutz 4 Setting confirmation page will be displayed as follows please click Next Service Activation Wizard Please confirm your settings Sevice Type Trial version Sevice Activated Web Content Filter Commtouch Please click Back to re select service type you to activate Vigor2925 Series User s Guide 28 Dr ay Tek 5 Wait fora moment till the following page appears Service Activation Wizard Connection Succeeded Please check the following item s to enable services on your router Enable Web Content Filter When such page appears you can enable or disable these services for your necessity Then click Finish Note The service will be activated and applied as the default rule configured in Firewall gt gt General Setup 6 Now the web page will display the service that you have activated according to your selection s The valid time for the free trial of these se
174. and client share a secret that is used to authenticate the messages sent between them Both sides must be configured to use the same shared secret The maximum length of the shared secret you can set is 36 characters Confirm Shared Secret Re type the Shared Secret for confirmation After finished the above settings click OK button to save the settings 4 11 5 Active Directory LDAP Lightweight Directory Access Protocol LDAP is a communication protocol for using in TCP IP network It defines the methods to access distributing directory server by clients work on directory and share the information in the directory by clients The LDAP standard 1s established by the work team of Internet Engineering Task Force IETF As the name described LDAP is designed as an effect way to access directory service without the complexity of other directory service protocols For LDAP is defined to perform inquire and modify the information within the directory and acquire the data in the directory securely therefore users can apply LDAP to search or list the directory object inquire or manage the active directory General Setup Vigor2925 Series User s Guide 282 Dr ay Te k This page allows you to create several profiles enable the function and specify general settings for LDAP server Applications gt gt Active Directory LDAP Active Directory LDAP Setto Factory Default General Setup a E l LJ Enable Bind Type Server Add
175. and the host name can have as many as 15 characters and a host name can have as many as 23 characters but both cannot contain any of the following lt gt 7 Available settings are explained as follows Item Description General Settings Simultaneous FTP Connections This field is used to specify the quantity of the FTP sessions The router allows Dray Te k 375 Vigor2925 Series User s Guide Samba Service Settings Access Mode NetBios Name Service up to 6 FTP sessions connecting to USB storage disk at one time Default Charset At present Vigor router supports four types of character sets Default Charset is for English based file name English w Chinese Simnle Chinese Traditional German Click Enable to invoke samba service via the router LAN Only Users coming from internet cannot connect to the samba server of the router LAN And WAN Both LAN and WAN users can access samba server of the router For the NetBios service of USB storage disk you have to specify a workgroup name and a host name A workgroup name must not be the same as the host name The workgroup name can have as many as 15 characters and the host name can have as many as 23 characters Both them cannot contain any of the following lt gt Workgroup Name Type a name for the workgroup Host Name Type the host name for the router After finishing all the settings here please click OK to save t
176. appear so that you could configure the SSID and the wireless channel Please refer to the following figure for more information Wireless LAN gt gt General Setup General Setting IEEE 602 11 Enable Wireless LAN Mode Mixed 11b 11g 11n Indexf1 15 in Schedule Setup Only schedule profiles that have the action Force Down are applied to the WLAN all other actions are ignored Enable Hide SSID SSID Isolate Member Isolate VPN E E m H 2 oO 3 D PO 4 O po Isolate Member Wireless clients stations with the same SSID cannot access for each other Isolate VPNisolate wireless with remote dial in and LAN to LAN VPN Channel Channel 6 2437MHz Long Preamble LJ Long Preamble necessary for some old 802 11 b devices only lower performance Packet OVERDRIVET C Tx Burst Note The same technology must also be supported in clients to boost WLAN performance Rate Control Enable Upload Download SSID 1 O kbps 30000 __ kbps SSID 2 o 30000 __ kbps 30000 __ kbps SSID 3 E kbps kbps SSID 4 E 30000 _ kbps kbps Note range 100 50 000 kbps Available settings are explained as follows Item Description Enable Wireless LAN Check the box to enable wireless function Mode At present the router can connect to 11b Only 11g Only 11n Only 2 4 GHz Mixed 11b 11g Mixed 11g 11n and Mixed 11b 11g 11n stations simultaneously Simply choose Mixed 11b 11g 11n mode Dray Te k 345
177. ar all of the settings and return to factory default settings Profile Name Display the name of the profile scanned by Vigor router Main SSID Display the SSID used by the Vigor router Security Display the mode used by the Vigor router Multi SSID Display if the multi SSID function is enabled or not WLAN ACL Display the access control None White List or Black List configured for such profile Rate Control Display if the function of rate control is enabled or not Clone It will pop up a window for you to copy the parameter settings from a profile to another profile Clone WLAN Profile Setting Original Profile Name Default Renmedas ET Select Profile Index 1 Mone Original Profile Name Display the original profile name of the selected index Select Profile Index Choose the index number of the profile that you want to clone from Renamed as When a profile index is selected the original name will be displayed in the box first You can change it by typing a new name Edit It allows you to modify the detailed settings for each WLAN profile Cancel It can cancel the settings you just made on this page Apply To Device The WLAN profile can be applied to specified Device AP device if it is required Simply check the box on the left side of the WLAN profile you want and then click the Apply To Device button The following dialog box will appear Mozilla Firefox 192 168 86 1 docA
178. ar tag from riha After finishing all the settings here please click OK to save the configuration Vigor2925 Series User s Guide 216 Dray Tek 4 7 User Management User Management is a security feature which disallows any IP traffic except DHCP related packets from a particular host until that host has correctly supplied a valid username and password Instead of managing with IP address MAC address User Management function manages hosts with user account Network administrator can give different firewall policies or rules for different hosts with different User Management accounts This is more flexible and convenient for network management Not only offering the basic checking for Internet access User Management also provides additional firewall rules e g CSM checking for protecting hosts Internet NS WLAN _User_Group_A Password wugi23 Lisa s notebook Allen s PC be Tom s PC ae lt lt David s notebook lt LAN WLAN User_Group_B LAN _User_Group_1 Password wug456 Password lug123 Nina s PC Diana s PC _ LAN aaa 3 lt Not controlled by user Management LAN User Group 2 Password lug456 Fr Note Filter rules configured under Firewall usually are applied to the host the one that the router installed only With user management the rules can be applied to every user connected to the router with customized profiles Note If Transparency
179. art Below shows an example of temperature graph USB Application gt gt USB Temper Record Temperature Sensor Settings Temperature Chart Refresh Min s 11 37 13 37 15 37 17 37 aT 01 37 03 37 05 37 Current Temperature 20 94 Average Temperature 22 03 Maximum Temperature 22 69 Minimum temperature 20 56 4 16 6 Modem Support List Such page provides the information about the brand name and model name of the USB modems which are supported by Vigor router USB Application gt Modem Support List The following compatibility tests listed above Vigor router models with USB modems mobiles If it is confirmed as the latest and still does not work please contact supporti draytek com 3 56 Brand Module Status Ai ko Aiko 83D Y BandRich Bandluxe C170 BandRich Bandluxe c270 i BandRich Bandluxe C321 BandRich Bandluxe C331 Bandluxe C502 Huawei E169u Huawei E173 Huawei E220 lt lt BandRich Huawei Huawei Huawei Sony Ericsson Sony Ericsson MD300 Vodafone Vodafone K3765 2 Vodafone Vodafone K4605 ZTE ZTE MF626 ZTE ZTE MF62 plus ZTE ZTE MF633 TE ZTE MF636 THEI Vigor2925 Series User s Guide 382 Dr ay Te k 4 17 System Maintenance For the system setup there are several items that you have to know the way of configuration System Status TR 069 Administrator Password User Password Login Page Greeting Configuration Backup Syslog Mail Alert Time and Date
180. as a DNS proxy server and maintain a DNS cache If the IP address of a domain name is already in the DNS cache the router will resolve the domain name immediately Otherwise the router forwards the DNS query packet to the external DNS server by establishing a WAN e g DSL Cable connection When you finish the configuration please click OK to save and exit this page Vigor2925 Series User s Guide 160 Dr ay Tek Details Page for LAN1 IPv6 Setup There are two configuration pages for LAN1 Ethernet TCP IP and DHCP Setup based on IPv4 and IPv6 Setup Click the tab for each type and refer to the following explanations for detailed information Below shows the settings page for IPv6 LAN gt gt General Setup LAN 1 Ethernet TCP IP and DHCP Setup LAN 1 IPv6 Setup RADVD Configuration Enable Disable Advertisement Lifetime 1800 Seconds Range 600 9000 DHCPv6 Server Configuration Enable Server Disable Server DNS Server IPv6 Address Static Pv6 Address configuration IPv6 Address Prefix Length Co Ce CET Current IPv6 Address Table Index IPv Address Prefix Length 1 FE80 21D A4AAFF FEA8 B768 64 Link It provides 2 daemons for LAN side IPv6 address configuration One is RADVD stateless and the other is DHCPv6 Server Stateful Available settings are explained as follows Item Description RADVD Configuration Enable Click it to enable RADVD server The router advertisement d
181. ase click Enable to activate this profile If you click Disable the selected or current used VPN TRUNK Backup Load Balance mechanism profile will not have any effect for VPN tunnel Profile Name Type a name for VPN TRUNK profile Each profile can group two VPN connections set in LAN to LAN The saved VPN profiles in LAN to LAN will be shown on Member and Member fields The length of the name is limited to 11 characters Member 1 Member2 Display the selection for LAN to LAN dial out profiles configured in VPN and Remote Access gt gt LAN to LAN for you to choose for grouping under certain VPN TRUNK VPN Backup Load Balance mechanism profile No Index number of LAN to LAN dial out profile Name Profile name of LAN to LAN dial out profile Connection Type Connection type of LAN to LAN dial out profile VPN ServerIP Private Network VPN Server IP of LAN to LAN dial out profiles Active Mode Display available mode for you to choose Choose Backup or Load Balance for your router Add Add and save new profile to the backup profile list The corresponding members LAN to LAN profiles grouped in such new VPN TRUNK VPN Backup mechanism profile will be locked The profiles in LAN to LAN will be displayed in red VPN TRUNK VPN Load Balance mechanism profile will be locked The 30 Dray Tek profiles in LAN to LAN will be displayed in blue Update Click this button to save the changes to the Status
182. ategorized with CL lt br gt has been blocked by tRNAME Web Content Filter lt p gt Please contact your system administrator for further information lt center gt lt body gt Or Click System Maintenance gt gt lt Activation to open the following page System Maintenance gt Activation Activate via interface auto selected i Status Not Activated Authentication Message Activation authenticate fail contact with support draytek com 2012 10 30 16 17 01 Vigor2925 Series User s Guide 84 Dr ay Tek 2 Click the Activate link A login page for MyVigor web site will pop up automatically Please take a moment to register Membership Registration entitles you to upgrade firmware for your purchased product and receive news about upcoming products and services UserName I Password txxhdd If you cannot read the word click here Forgotten password Auth Code Don t have a MyVigor Account Create an account now If you are having difficulty logging in contact our customer service Customer Service 886 3 597 2727 or 3 Click the link of Create an account now 4 Check to confirm that you accept the Agreement and click Accept Create an account Please enter personal profile prerson al Information Draytek provides My igor myvigor draytek com service according to this agreement Ahen you use MyYigor service t means that you have read understand and agree to acce
183. ation Samba Path If you choose Samba you have to specify the path of the Samba service 3 Enter the required information 4 After finished the above settings click OK to save the configuration SL VPN gt gt SSL Application SSL Applications Profiles Index Name Host Address Service Active 1 VNC_1 192 168 1 51 5900 VNC W 2 x 3 x Dray Te k 367 Vigor2925 Series User s Guide 4 15 4 User Account With SSL VPN Vigor2925 series let teleworkers have convenient and simple remote access to central site VPN The teleworkers do not need to install any VPN software manually From regular web browser you can establish VPN connection back to your main office even in a guest network or web cafe The SSL technology is the same as the encryption that you use for secure web sites such as your online bank The SSL VPN can be operated in either full tunnel mode or proxy mode Now Vigor2925series allows up to 16 simultaneous incoming users For SSL VPN identity authentication and power management are implemented through deploying user accounts Therefore the user account for SSL VPN must be set together with remote dial in user web page Such menu item will guide to access into VPN and Remote Access gt gt Remote Dial in user SSL VPN gt Remote Dial in User Remote Access User Accounts Setto Factory Default View AI OOnline Offline PL Search Index User Active Status Index User Active Status 1 d 17 E
184. ation There are two different behaviors when a User Management account and a VPN profile share the same Username If SSL Tunnel or SSL Web Proxy is enabled in the VPN profile the user profile in User Management will always be invalid for Web authentication For example if you create a user profile in User Management with chaochen test as username password while a VPN Remote Dial in user profile with the same username chaochen but a different password 1234 you will always get error message The username or password you entered is incorrect when you use chaochen test via Web to do authentication VPN and Remote Access gt gt Remote Dial in User Index No 1 User account and Authentication Username Enable this account Password Max 19 char Idle Timeout second s Cl Enable Mobile One Time Passwords mOTP Allowed Dial In Type PPTP IPsec Tunnel IKE Authentication Method r wi i Pre Shared Key 7 E Ol Digital Signaturef 5o09 C Specify Remote Node Remote Client IP IPsec Security Method MecdiumtaH orPeerIDf High ESP l DES 3DES v AES Netbios Naming Packet Pass Block Local ID optional O O Multicast via VPN Pass Block ifor some IGMP IP Camera DHCP Relay etc Subnet O Assign Static IP Address 0K Clear _Cancet_ If SSL Tunnel or SSL Web Proxy is disabled in the VPN profile a User Management account and a remote dial in VPN profile can use the same Username even wi
185. ation WPS Status Configured SSID DrayTek Authentication Mode WPAZ PSK Device Configure Configure via Push Button Stat PBC Configure via Client PinCode OoOo Start PIN Note WPS can help your wireless client automatically connect to the Access point WPS is Disabled WPS is Enabled Waiting for WPS requests from wireless clients Available settings are explained as follows Item Description Enable WPS Check this box to enable WPS setting WPS Status Display related system information for WPS If the wireless security encryption function of the router is properly configured you can see Configured message here SSID Display the SSID1 of the router WPS is supported by SSID1 only Authentication Mode Display current authentication mode of the router Only WPA2 PSK and WPA PSK support WPS Configure via Push Click Start PBC to invoke Push Button style WPS setup Button procedure The router will wait for WPS requests from wireless clients about two minutes The WPS LED on the router will blink fast when WPS is in progress It will return to normal condition after two minutes You need to setup WPS within two minutes Configure via Client Please input the PIN code specified in wireless client you PinCode wish to connect and click Start PIN button The WPS LED on the router will blink fast when WPS is in progress It will return to normal condition after two minutes You need to setup WPS within two minutes
186. ation you can type the IP address of the Vigor router and username password created in USB Application gt gt USB User Management on the client software Then the client can use the FTP site USB storage disk or share the Samba service through Vigor router 4 16 1 USB General Settings This page will determine the number of concurrent FTP connection default charset for FTP server and enable Samba service At present the Vigor router can support USB storage disk with formats of FAT16 and FAT32 only Therefore before connecting the USB storage disk into the Vigor router please make sure the memory format for the USB storage disk is FAT 16 or FAT32 It is recommended for you to use FAT32 for viewing the filename completely FAT16 cannot support long filename USB Application gt USB General Settings USB General Settings General Settings Simultaneous FTP Connections 5 Maximum 6 Default Charset English w Samba Service Settings Network Neighborhood OQenable Disable Access Mode LAN Only LAN And WAN NetBios Name Service Workgroup Name Host Name Note 1 If Charset is set to English only English long file name is supported 2 Multi session ftp download will be banned by Router FTP server If your ftp client have multi connection mechanism such as FileZilla you may limit client connections setting to 1 to get better performance 3 A workgroup name must not be the same as the host name The workgroup name
187. ation Object and click the number e g 1 under Index column for configuration in details Object Settings gt gt Notification Object Index Profile Name e ie lh 2 The configuration page will be shown as follows Object Settings gt gt Notification Object Profile Index 1 Profile Name Category Status WAN Disconnected Reconnected VPN Tunnel Disconnected Reconnected Temperature Alert O out of Range Available settings are explained as follows Item Description Profile Name Type a name for such notification profile The maximum length of the name you can set is 15 characters Category Display the types that will be monitored Status Display the status for the category You can check the box you want to be monitored 3 After finishing all the settings here please click OK to save the configuration Object Settings gt gt Notification Object Setto Factory Default Index Profile Name Settings Notify attack WAN VPN en It jee Vigor2925 Series User s Guide 246 Dr ay Tek 4 9 CSM Profile Content Security Management CSM CSM is an abbreviation of Content Security Management which is used to control IM P2P usage filter the web content and URL content to reach a goal of security management APP Enforcement Filter As the popularity of all kinds of instant messenger application arises communication cannot become much easier Nevertheless while some industry may leverage this as a great to
188. ation through network accessing e g PPTP L2TP IPSec If you check this box the function of SSL Tunnel for this account will be activated immediately OpenVPN Tunnel Allow the remote dial in user to make an OpenVPN connection through Internet Specify Remote Node Check the checkbox to specify the IP address of the remote dial in user ISDN number or peer ID used in IKE aggressive mode If you uncheck the checkbox the connection type you select above will apply the authentication methods and security methods in the general settings Netbios Naming Packet Pass Click it to have an inquiry for data transmission between the hosts located on both sides of VPN Tunnel while connecting Block When there is conflict occurred between the hosts on both sides of VPN Tunnel in connecting such function can block data transmission of Netbios Naming Packet inside the tunnel Multicast via VPN Some programs might send multicast packets via VPN connection Pass Click this button to let multicast packets pass through the router Block This is default setting Click this button to let multicast packets be blocked by the router Chose one of the subnet selections for such VPN profile Subnet Assign Static IP Address Please type a static IP address for the subnet you specified This field is applicable when you select PPTP or L2TP with or without IPSec policy above This field is applica
189. available bandwidth Limitation List Index Start IP End IP TX limit RK limit Shared Specific Limitation startIp end P S O Each OShared TX Limit RX Limit C Smart Bandwidth Limit For any LAN IP Not in Limitation List when session number exceeds Note For TX RX a setting of O means unlimited bandwidth Time Schedule Index 1 15 in Schedule Setup Note Action and Idle Timeout settings will be ignored To activate the function of limit bandwidth simply click Enable and set the default upstream and downstream limit Available settings are explained as follows Item Description Bandwidth Limit Enable Click this button to activate the function of limit bandwidth Vigor2925 Series User s Guide IP Routed Subnet Check this box to apply the bandwidth limit to the second subnet specified in LAN gt gt General Setup Disable Click this button to close the function of limit bandwidth Default TX limit Define the default speed of the upstream for each computer in LAN Default RX limit Define the default speed of the 26 Dray Tek downstream for each computer in LAN Allow auto adjustment Check this box to make the best utilization of available bandwidth Limitation List Display a list of specific limitations that you set on this web page Specific Limitation Start IP Define the start IP address for limit bandwidth End IP Define the end IP addr
190. ave the configuration Dr ay Tek 311 Vigor2925 Series User s Guide 4 12 7 OpenVPN General Setup OpenVPN is a comprehensive SSL VPN software that combines OpenVPN server functions enterprise management mechanism simplified OpenVPN Connect User Interface and OpenVPN Client software package It can work on Windows Linux OS and Macintosh operating system OpenVPN Access Server offers a wide range of configurations for remote access to private cloud network resources and or internal network Note Vigor2925 will support up to 25 simultaneous dial in OpenVPN tunnels In general there are two advantages of OpenVPN OpenVPN can be operated on different systems such as Windows Linux and Mac OS Based on the standard protocol of SSL encryption OpenVPN can provide you with a scalable client server mode permitting multi clients to connect to a single OpenVPN Server process over a single TCP or UDP port VPN and Remote Access gt gt OpenVPN General Setup OpenVPN General Setup Port 1194 Cipher Algorithm AES125 HMAC Algorithm SHAT Certificate Authentication Note OpenVPN on vigor only support UDP protocol and TUN device interface currently So please setup corresponding configurations on the client side Available settings are explained as follows Item Description Port Usually the default UDP port number for OpenVPN is 1194 Cipher Algorithm Two encryptions are supported AES128 and AES256 HMAC Al
191. ave the configuration Dray Te k 373 Vigor2925 Series User s Guide 4 15 6 Online User Status If you have finished the configuration of SSL Web Proxy server users can find out corresponding settings when they access into DrayTek SSL VPN portal interface Dray Tek Provide SSL WPH SSL Web Proxy SSL Tunnel logout J INFO Main Page id mike You have successfully logged in 1 2 17 1 42 y E elisa ivil l Welcome to DrayTek ou are given the following privileges SaL HA SSL Web Proxy SSL Tunnel Timeout ater 5 minutes Reset Copyright 2006 DrayTek Corp All Rights Reserved Next users can open SSL VPN gt gt Online Status to view logging status of SSL VPN SSL VPN gt Online User Status Refresh Seconds Active User Host IP Time out seconds Action Kate 192 168 30 14 299 Available settings are explained as follows Item Description Active User Display current user who visit SSL VPN server Host IP Display the IP address for the host Time out Display the time remaining for logging out Action You can click Drop to drop certain login user from the router s SSL Portal UI Vigor2925 Series User s Guide 374 Dr ay Tek 4 16 USB Application USB storage disk connected on Vigor router can be regarded as a server By way of Vigor router clients on LAN can access write and read data stored in USB storage disk with different applications After setting the configuration in USB Applic
192. ay cause undesired operation Please visit http www draytek com user SupportDLRTTECE php This product is designed for 2 4GHz WLAN network throughout the EC region D ra y T e k v Vigor2925 Series User s Guide Vigor2925 Series User s Guide vi Dr ay Te k Table of Contents NATH OCU CUO serinus aannaaien aaa ESEE 1 1 1 Web Configuration Buttons Explanation cccccccccccccceceeesesseeeeeeeesseaeeeceeeeessaeaeseeeeeeeessaaaasees 2 1 2 LED Indicators and Connectors ccccccseeeccceccesseceeeeeeeseceeeceeseceeeceasececeuseceeesseaecesessaeeeees 3 2A FOr VICOVZ IZ er T E EA E ER AES 3 122 FOr VIGOV 292 Oil ser E E E T E E A E REET 5 1 PIO A INST TOR sseni a a aa a a 7 1 4 Printer Installation sess cei osc dcassiasistie acietinsbadle leeeiedeusnenstcs wduciededledadeealsadeed dens teaatabiadedenas adveodecaadtiodaasteteends 8 Basic SOC UUIN 5 raahcpeseses etc Sere tesaagotans dacatedusendasasesesacaiedatedeaeuneauiunesesuienmtecens 13 2 1 Accessing Web Fe AO Csi rece tsecesetancencetasede foc satusnd essen catitsedsdnceencasutsaceeuanasneceasede aandsedeemessanr nace 13 2 2 Changing Password ssceemsconseadesicevenionssneceondan sinned dxisesionticisatemadoceuivetaenacedsdenskniocuanuaenietacnseadedeesussesons 15 2 3 QUICK Start Wizard 0 eeeccccccceccceseseceeeeceeeeensseceeeeeeeeeeesssecesseeeeaeeseeceeeeeaeasseeeeeseesaaaaseeeeeeeess 16 2 3 1 For WAN1 WAN2 Ethernet acoscasosniictondvantaninesndsweniirasanstnani
193. be accessed Applications gt gt LAN DNS LAN DNS Resolution Enable Index o 1 o 2 P 3 o 4 LJ 5 o 6 o i O 8 o 9 O 10 lt 4 10 11 20 gt gt Dray Tek Set to Factory Default Profile Domain Name 277 Vigor2925 Series User s Guide Each item is explained as follows Item Description Set to Factory Default Clear all profiles and recover to factory settings Enable Check the box to enable the selected profile Index Click the number below Index to access into the setting page of schedule Profile Display the name of the LAN DNS profile Domain Name Display the domain name of the LAN DNS profile You can set up to 20 LAN DNS profiles To create a LAN DNS profile 1 Click any index say Index No 1 2 The detailed settings of the call schedule with index 1 are shown below Applications gt gt LAN DNS Profile Index 1 Profile DomainName S O IP Address List Index IP Address Same Subnet Reply OK Available settings are explained as follows Item Description Enable Check this box to enable such profile Profile Type a name for such profile Domain Name Type the domain name for such profile Vigor2925 Series User s Guide 278 Dr ay Tek IP Address List The IP address listed here will be used for mapping with the domain name specified above In general one domain name maps with one IP address If required you can configure two IP addresses mapping with the same domain
194. ber here such binding tunnel table can be established IGMP means when the source IP destination IP destination port and fragment conditions match with the settings specified here and IGMP Service Port also fits the number here such binding tunnel table can be established Other means when the source IP destination IP destination port and fragment conditions match with the settings specified here with different TCP Service Port UDP Service Port ICMP IGMP such binding tunnel table can be established z DrayTek Detail Information This field will display detailed information for Binding Tunnel Policy Below shows a successful binding tunnel policy for load balance YPN Load Balance Advance Settings Mozilla Firefox 192 168 1 1 doc ypntlb htm VPN Load Balance Advance Settings Profile Name 1 Load Balance Algorithm Round Robin Weighted Round Robin Auto Weighted O According to Speed Ratio Member1 Member2 50 50 v VPN Load Balance Policy edit O Insert after Tunnel Bind Table Index 1 64 Active Active Binding Dial Out Profile 1 Src IP Start 0 0 0 0 Dest IP Start 0 0 00 End 255 255 255 255 End 255 255 255 255 Dest Port Start End 65535 Protocol any Mj lo Detail Information VPN Load Balance Profile name 1 J Algorithm Round Robin sNo 1 gt Tunnel Bind Table Idnex l Binding Dial Out Index Binding protocol Binding Sre IP Bindi
195. bject Name First Subject Name First Peer IPVPH Client IP Peer ID Site to Site Information Remote Network IP 0 0 0 Remote Network Mask 255 255 255 0 Available settings are explained as follows Item Description Profile Name Type a name for such profile The length of the file is limited to 10 characters User Name This field is used to authenticate for connection when you select PPTP or L2TP with or without IPSec policy above The length of the name is limited to 11 characters Password This field is used to authenticate for connection when you select PPTP or L2TP with or without IPSec policy above The length of the name is limited to 11 characters Pre Shared Key For IPSec L2TP IPSec authentication you have to type a pre shared key The length of the name is limited to 64 characters Confirm Pre Shared Type the pre shared key again for confirmation Key Digital Signature Check the box of Digital Signature to invoke this function X 509 Peer ID Choose the peer ID selection from the drop down list Local ID Choose Alternative Subject Name First or Subject Name First Peer IP VPN Client Type the WAN IP address or VPN client IP address for the IP remote client Peer ID Type the ID name for the remote client The length of the name is limited to 47 characters Vigor2925 Series User s Guide 304 Dr ay Tek Remote Network IP Please type one LAN IP address according to the real location of the remote hos
196. bject Profiles Set to Factory Default Index Name Index Name 17 EBRBREBERREB BEI B le E l RJ e ree Arr eRe Pe 32 ia iT a oT i lt lt 1 32 33 64 65 96 97 128 129 160 161 192 gt gt Dr ay Tek 225 Vigor2925 Series User s Guide Available settings are explained as follows Item Description Set to Factory Default Index Name Clear all profiles Display the profile number that you can configure Display the name of the object profile To set a new profile please do the steps listed below 1 Click the number e g 1 under Index column for configuration in details 2 The configuration page will be shown as follows Objects Setting gt IP Object Profile Index 1 Name Interface Address Type Mac Address Start IP Address End IP Address Subnet Mask Invert Selection oo Yoo Yoo foo jo Yoo 192 168 1 59 192 168 1 65 l Available settings are explained as follows Item Name Interface Address Type Vigor2925 Series User s Guide Description Type a name for this profile Maximum 15 characters are allowed Choose a proper interface Any bi Any sits ANDM RTAVPN WAN For example the Direction setting in Edit Filter Rule will ask you specify IP or IP range for WAN or LAN DMZ RT VPN or any IP address If you choose LAN DMZ RT VPN as the Interface here and choose LAN DMZ RT VPN as the direc
197. bjects Setting gt IPv6 Group Profile Index 1 Available IPv6 Objects Selected IPv6 Objects 4 Clear Cancel Dray Te k 231 Vigor2925 Series User s Guide Available settings are explained as follows Item Description Name Type a name for this profile Maximum 15 characters are allowed Available IPv6 All the available IPv6 objects with the specified interface Objects chosen above will be shown in this box Selected IPv6 Objects Click gt gt button to add the selected IPv6 objects in this box 3 After finishing all the settings please click OK to save the configuration 4 8 5 Service Type Object You can set up to 96 sets of Service Type Objects with different conditions Objects Setting gt Service Type Object Service Type Object Profiles Set to Factory Default Index Name index Name Tf io foo Joo Ro Ro Ro Ro Ro Ro Bo Ro mo Ro j oe M gt S 6 oo N joo On e joe e gt S e co k k k k k k z z A e la la l le S S B is e m I gt I e e Is e mn ma k a Pd a a a E mn iD E v k Next gt gt Available settings are explained as follows Item Description Set to Factory Default Clear all profiles Index Display the profile number that you can configure Name Display the name of the object profile To set a new profile please do the steps listed below 1 Click the number e g 1 under Index column for configuration in details Vigor2925 S
198. ble when you select PPTP or L2TP with or without IPSec policy above Check this box to make the authentication with mOTP function 370 Dray Tek Item Description mOTP PIN Code Type the code for authentication e g 1234 Secret Use the 32 digit secret number generated by mOTP in the mobile phone e g e759bb6f0e94c7ab4fe6 IKE Authentication This group of fields is applicable for IPSec Tunnels and L2TP Method with IPSec Policy when you specify the IP address of the remote node The only exception is Digital Signature X 509 can be set when you select IPSec tunnel either with or without specify the IP address of the remote node Pre Shared Key Check the box of Pre Shared Key to invoke this function and type in the required characters 1 63 as the pre shared key Digital Signature X 509 Check the box of Digital Signature to invoke this function and Select one predefined Profiles set in the VPN and Remote Access gt gt IPSec Peer Identity IPSec Security Method This group of fields is a must for IPSec Tunnels and L2TP with IPSec Policy when you specify the remote node Check the Medium DES 3DES or AES box as the security method Medium Authentication Header AH means data will be authenticated but not be encrypted By default this option is invoked You can uncheck it to disable it High Encapsulating Security Payload ESP means payload data will be encrypted and authenticated You may select encryp
199. bnet Prefix 2001 40D0 FF00 8805 2 Note If Always On is not enabled AICCU connection would only retry three times Lox Click OK and open Online Status If the connection is successful the physical connection will be shows as follows Online Status Physical Connection System Uptime 0 1 18 IPv4 IPvo LAN Status IP Address ao 4000 FFOO sn ao css ancl 2568 64 Global TX Packets ra Packets TX Bytes RX Bytes 147 187 34205 19176 WAN IPv6 Status Enable Up Time 0 00 48 bateway IP TX Packets RX Packets RX Bytes 186 137 33093 51 Vigor2925 Series User s Guide DHCPv6 Client Choose DHCPV6 Client Click one of the identity associations and type the AID number WAN gt gt Internet Access WAN 2 PPPoE Static or Dynamic IF PPTP L2TP IPv6 Internet Access Mode Connection Type DHCPv6 Client Configuration Identity Association Prefix Delegation Tol Non temporary Address IAID Identity Association ID 972573680 Click OK and open Online Status If the connection is successful the physical connection will be shows as follows Online Status Physical Connection System Uptime 0 0 50 IPw4 IPvG LAN Status IP Address TX Packets RX Packets TX Bytes RX Bytes 6 205 156 WAN IPv6 Status Enable Mode Up Time 9 00 40 Gateway IP 2001 1111 2999 33331 1111 128 Glabal FES0 210 44FF FE46 2564 64 Link DNS IP 2001 48604860 65868 2001 4860 4860 5844 TX Packets RX
200. by the uploading TCP ACK you can check this box to push ACK of upload faster to speed the network traffic Limited_bandwidth Ratio The ratio typed here is reserved for limited bandwidth of UDP application Note The rate of outbound inbound must be smaller than the real bandwidth to ensure correct calculation of QoS It is suggested to set the bandwidth value for inbound outbound as 80 85 of physical network speed provided by ISP to maximize the QoS performance Dr ay Te k 269 Vigor2925 Series User s Guide Edit the Class Rule for QoS 1 The first three Class 1 to Class 3 class rules can be adjusted for your necessity To add edit or delete the class rule please click the Edit link of that one Bandwidth Management gt gt Quality of Service General Setup Set to Factory Default Online Statistics Class Class Class UDP 1 3 3 Others Bandwidth Control WAN Disable 100000Kbps 100000Kbps Outbound 25 25 25 25 Inactive Status Setup WAN Disable LO0000Kbps 100000Kbps Outbound 25 25 25 25 Inactive Status Setup WANS Disable 100000Kbps 100000Kbps 255 255 25 255 Inactive Status Setup Index Status Bandwidth Direction Class Rule Index Service Type Class 1 Class 2 Edit Class 3 Enable the First Priority for VoIP SIP RTP SIP UDP Port 5060 Default 5060 2 After you click the Edit link you will see the following page Now you can define the name for that Class In this case Te
201. c IP address and the router will do the inversion based on its table Therefore the internal host can communicate with external host smoothly The benefit of the NAT includes Save cost on applying public IP address and apply efficient usage of IP address NAT allows the internal IP addresses of local hosts to be translated into one public IP address thus you can have only one IP address on behalf of the entire internal hosts Enhance security of the internal network by obscuring the IP address There are many attacks aiming victims based on the IP address Since the attacker cannot be aware of any private IP addresses the NAT function can protect the internal network Note On NAT page you will see the private IP address defined in RFC 1918 Usually we use the 192 168 1 0 24 subnet for the router As stated before the NAT facility can map one or more IP addresses and or service ports into different specified services In other words the NAT function can be achieved by using port mapping methods Dray Tek 183 Vigor2925 Series User s Guide Below shows the menu items for NAT 4 4 1 Port Redirection Port Redirection is usually set up for server related service inside the local network LAN such as web servers FTP servers E mail servers etc Most of the case you need a public IP address for each server and this public IP address domain name are recognized by all users Since the server is actually located
202. cation Header means data will be authenticated but not be encrypted By default this option is active High ESP Encapsulating Security Payload means payload data will be encrypted and authenticated Select from below DES without Authentication Use DES encryption algorithm and not apply any authentication scheme DES with Authentication Use DES encryption algorithm and apply MDS or SHA 1 authentication algorithm 3DES without Authentication Use triple DES encryption algorithm and not apply any authentication scheme 3DES with Authentication Use triple DES encryption algorithm and apply MD5 or SHA 1 authentication algorithm AES without Authentication Use AES encryption algorithm and not apply any authentication scheme AES with Authentication Use AES encryption algorithm and apply MDS or SHA 1 authentication algorithm Advanced Specify mode proposal and key life of each IKE phase Gateway etc The window of advance setup is shown as below 321 Vigor2925 Series User s Guide IKE advanced setiag 5 Th d IKE phase 1 proposal IKE phase 1 key Hennie F key H enO 86200 Perfect Forward Seaet Disable Enable Local ID CE phase p IKE phase 2 proposal f CE phase 2 IKE phase 1 mode Select from Main mode and Aggressive mode The ultimate outcome is to exchange security proposals to create a protected secure channel Main mode is more secure than Aggressive mode since more exchanges are done in a secure channe
203. ce 2 bridge Interface 3 Click WDS from Wireless LAN menu The following page will be shown Wireless LAN gt gt WDS Settings WDS Settings Setto Factory Default Mode v Bridge Enable Peer MAC Address Security 1 i tid Disable WEP Pre shared Key i da E 2 WEP Use the same WEP key set in Security Settings Note Disable unused links to get better performance Pre shared Key Type Repeater WPA WPA Enable Peer MAI Key Note WPA and WPA are not compatible with Ft e DrayTek WPA J ile Type 8 63 ASCII characters or 64 hexadecimal digits leading by Ox for example cfgsO1az or Ox655abed Access Point Function Enable Disable Status Cl Send Hello message to peers Note The status is valid only when the peer also supports this function Dray Te k 355 Vigor2925 Series User s Guide Available settings are explained as follows Item Description Mode Choose the mode for WDS setting Disable mode will not invoke any WDS setting Bridge mode is designed to fulfill the first type of application Repeater mode is for the second one Disable Security There are three types for security Disable WEP and Pre shared Key The setting you choose here will make the following WEP or Pre shared key field valid or not Choose one of the types for the router WEP Check this box to use the same key set in Se
204. cess gt gt LAN to LAN Profile Index 1 RIT Call Direction VPN Server a Profile Name Enable this profile O Always on Idle Timeout o second s VPN Dial Out Through WAN First C Enable PING to keep alive Netbios Naming Packet Pass OBlock PING to the IP fs Multicast via VPN Pass OBlock for some IGMP IP Camera DHCP Relay etc 2 Dial Out Settings Vigor2925 Series User s Guide 64 Dr ay Te k 4 Now navigate to the next section Dial In Settings to check PPTP IPSec Tunnel and L2TP boxes Check the box of Specify Remote and type the Peer VPN Server IP e g 218 242 130 19 in this case Press the IKE Pre Shared Key button to set the PSK and select Medium AH or High ESP as the security method 3 Dial In Settings Allowed Dial In Type Username 779 IPsec Tunnel VJ Compression On off L2TP with IPsec Policy Specify Remote VPN Gateway IKE Authentication Method Pre Shared Key Peer VPN Server IP IKE Pre Shared Key Siaubas Digital Signature xX 509 Local ID Alternative Subject Name First Subject Name First iPsec Security Method Medium AH High ESP DES MV 3DES M AES 4 Gre over IPsec Settings 5 Continue to navigate to the TCP IP Network Settings for setting the LAN IP for remote side AIGA ESP WJ DES BJ SVES WH AES 4 Gre over IPsec Settings C Enable IPsec Dial Out function GRE over IPsec O Logical Traffic My GRE
205. characters lt body gt lt center gt lt br gt lt br gt lt br gt lt p gt The requested Web page lt br gt from t51P4 lt br gt to tURLt lt br gt that is categorized with CLt lt br gt has been blocked by RNAME Web Content Filter lt p gt Please contact your system administrator for further information lt center gt lt body gt How to register activate Web Content Filter WCF license Please visit for getting more information How to Register AI AV AS WCE Service Service Activation Wizard http www draytek com user SupportFA ODetail php ID 1955 How to Activate Anti Virus Anti Intrusion Anti Spam Service http www draytek com user SupportFA QODetail php ID 286 How to use the Web Content Filter WCF http www draytek com user SupportFA QODetail php ID 1953 What the Web Content Filter WCF license benefits are http www draytek com user PdInfoDetail php Id 1 10 Vigor2925 Series User s Guide 96 Dr ay Tek 2 Open CSM gt gt Web Content Filter Profile to create a WCF profile Check Social Networking with Action Block LE I AS Lope Leisure Select All LJ Entertainment Ll Games Ll Sports LJ Travel LJLeisure amp Recreation Fashion amp Beauty Clear All Business Peers Business L Job Search L Web based Mail Clear All Chating Select All L chat LJInstant Messaging Clear All Computer Internet LJ Anonymizers L Forums amp Newsgroups Computers Select All L Download Sites L
206. ck Start Wizard Setup OK will appear Then the system status of this protocol will be shown Quick Start Wizard Setup OR 5 Now you can enjoy surfing on the Internet Vigor2925 Series User s Guide 26 Dr ay Te k 2 4 Service Activation Wizard Service Activation Wizard can guide you to activate WCF service Web Content Filter with a quick and easy way For the Service Activation Wizard is only available for admin operation therefore please type admin admin on Username Password while Logging into the web user interface Service Activation Wizard is a tool which allows you to use trial version or update the license of WCF directly without accessing into the server MyVigor located on http myvigor draytek com For using Web Content Filter Profile please refer to later section Web Content Filter Profile for detailed information Now follow the steps listed below to activate WCF feature for your router Note Such function is available only for Admin Mode 1 Open Service Activation Wizard Dashboard Quick Start Wizard Service Activation W E Wizard Online Status 2 The screen of Service Activation Wizard will be shown as follows Choose the one you need and click Next In this case we choose to activate free trail edition Service Activation Wizard Select the service type that you want to activate This wizard is used for activating Web Content Filter Please choose the edition y
207. clients and the encryption key is obtained dynamically from RADIUS server with 802 1X protocol Mixed WPA WPA2 802 1x only Accepts WPA and WPA2 clients simultaneously and the encryption key is obtained dynamically from RADIUS server with 802 1X protocol WPA PSK Accepts only WPA clients and the encryption key should be entered in PSK WPA2 PSK Accepts only WPA2 clients and the encryption key should be entered in PSK Mixed WPA WPA2 PSK Accepts WPA and WPA2 clients simultaneously and the encryption key should be entered in PSK WPA The WPA encrypts each frame transmitted from the radio using the key which either PSK Pre Shared Key entered manually in this field below or automatically negotiated via 802 1x authentication Either 8 63 ASCII characters such as 012345678 or 64 Hexadecimal digits leading by Ox such as 0x321253abcde Type Select from Mixed WPA WPA2 or WPA2 only Pre Shared Key PSK Either 8 63 ASCII characters such as 012345678 or 64 Hexadecimal digits leading by Ox such as 0x321253abcde WEP 64 Bit For 64 bits WEP key either 5 ASCII characters such as 12345 or 10 hexadecimal digitals leading by Ox such as 0x4142434445 128 Bit For 128 bits WEP key either 13 ASCII characters such as ABCDEFGHIJKLM or 26 hexadecimal digits leading by Ox such as 0x4142434445464748494A4B4C4D Encryption Mode B4 Bit All wireless devices must support the same WEP encryption bit si
208. cted WAN interface 1s down Packet Forwarding to WAN via Choose Force NAT or Force Routing 182 DrayTek When you finish the configuration please click OK to save and exit this page Load Balance Route Policy Policy Route Index Enable Protocol Interface TEF any any any any any any any any me e e N N i 2 3 4 5 6 fi a I 10 any WAR 1 WAR 1 WAR 1 WAR 1 WAR 1 WAR 1 WAR 1 WAR 1 WAR 1 WAR 1 Interface Src IP Src Address Start Any 4 4 NAT End Start Any Dest IP End Any Setto Factory Default an oe Move Move ort Port Gavin Start End Any Any Down Down Down Down Down Down Down Down Down Down Next gt gt Usually the router serves as an NAT Network Address Translation router NAT is a mechanism that one or more private IP addresses can be mapped into a single public one Public IP address is usually assigned by your ISP for which you may get charged Private IP addresses are recognized only among internal hosts When the outgoing packets destined to some public server on the Internet reach the NAT router the router will change its source address into the public IP address of the router select the available public port and then forward it At the same time the router shall list an entry in a table to memorize this address port mapping relationship When the public server response the incoming traffic of course is destined to the router s publi
209. cupancy applications LAN gt gt General Setup General Setup Index Status DHCP IP Address LAN 1 Vv W 192 168 1 1 Details Page LAN 2 LI 192 168 2 1 Details Page LAN 3 O 192 168 3 1 Details Page LAN 4 L 192 168 4 1 Details Page LAN 5 F 192 168 5 1 Details Page DMZ LI 192 168 6 1 Details Page IP Routed Subnet 192 168 0 1 Details Page Advanced you can configure DHCP options here L Force router to use DNS server IP address settings specified in LAN Inter LAN Routing Subnet LAN 1 LAN 2 LAN 3 LAN 4 LAN 5 LAN 1 LAN 2 LC Dr ay Tek 175 Vigor2925 Series User s Guide 4 2 5 Bind IP to MAC This function is used to bind the IP and MAC address in LAN to have a strengthening control in network When this function is enabled all the assigned IP and MAC address binding together cannot be changed If you modified the binding IP or MAC address it might cause you not access into the Internet Click LAN and click Bind IP to MAC to open the setup page LAN gt Bind IP to MAC Bind IP to MAC Enable Disable Strict Bind ARP Table Select All Sort Refresh IP Bind List Select All Sart IP Address Mac Address e Index IP Address Mac Address 192 168 1 10 EO CB 4E DA 48 73 Add or Update Mac Address ry EEH Note IP MAC binding presets DHCP Allocations If you select Strict Bind unspecified LAN clients cannot access the Internet
210. curity Settings page If you did not set any key in Security Settings page this check box will be dimmed Pre shared Key Type There are some types for you to choose WPA and WPA2 are used for WDS devices e g 2920n wireless router you can set the encryption mode as WPA or WPA2 to establish your WDS system between AP and the router Key Type 8 63 ASCII characters or 64 hexadecimal digits leading by 0x Bridge If you choose Bridge as the connecting mode please type in the peer MAC address in these fields Four peer MAC addresses are allowed to be entered in this page at one time Yet please disable the unused link to get better performance If you want to invoke the peer MAC address remember to check Enable box in the front of the MAC address after typing Repeater If you choose Repeater as the connecting mode please type in the peer MAC address in these fields Four peer MAC addresses are allowed to be entered in this page at one time Similarly if you want to invoke the peer MAC address remember to check Enable box in the front of the MAC address after typing Access Point Function Click Enable to make this router serving as an access point click Disable to cancel this function Status It allows user to send hello message to peers Yet it is valid only when the peer also supports this function After finishing all the settings here please click OK to save the configuration Vigor2925 Series User s Guid
211. cy will still valid 3 Otherwise authentication required for users not matched the above lists The firewall rules designated in the user profile s policy will still valid Landing Page Max 255 characters Preview Setto Factory Default Login success 3 Now you can enable the Landing Page function Open User Management gt User Profile and click one of the index number e g index number 3 links User Management gt User Profile User Profile Table Profile Name admin Dial In User gt bf me Vigor2925 Series User s Guide 76 Dr ay Tek 4 In the following page check the box of Landing page and click OK to save the settings User Management gt User Profile Profile Index 3 oe Enable this account User Name Password esse sid Confirm Password O Idle Timeout min s O Unlimited Max User Login O Unlimited External Server Authentication Pop Browser Tracking Window Authentication Web Alert Tool Telnet Enable Time Quota mints Refresh more mints Index 1 15 in Schedule Setup O 5 Open any browser e g FireFox Internet Explorer The logging page will appear and asks for username and password Please type the correct username and password Username Password 6 Click Login If the logging is successful you will see the message of Login Success from the browser you use we Piveni bar Drasrtek i l C oft Be biee
212. d Remote Access gt Remote Dial in User Index No 1 User account and Authentication cenie Enable this account Password Idle Timeout 300 second s Allowed Dial In Type PIN Code C IPsec Tunnel IKE Authentication Method Fre Shared Key akhi im OpenVPN Tunnel Digital Signature X 509 C Specify Remote Node Remote Client IP C L2TP with IPsec Policy Vigor2925 Series User s Guide 58 Dr ay Te k Settings for PC Remote User 1 Execute SmartVPN Client Click Insert to create a new dial in VPN profile e g Profile 6 DrayTek Smart FPN Client 4 1 0 1 x Dray Tek AE Step 0 EnablejAllow IPSec NAT Traversal and L2TP This step will add the ProhibitIpSec registry value and the AssumeUDPEncapsulationContextOnSendRule registry value to er For more infomation please read the article Q240262 and Q618043 in the Microsoft Knowledgement Base Configure Step 1 Dial to ISP IF you have already gotten a public IP you can skip this step Step 2 Connect to VPN Server 2 Type a name e g Profile 6 as the Profile Name and an IP address e g 200 200 200 200 as VPN Server IP Set jos jos as the User Name Password Click OpenVPN as the type of VPN and click OK to display the OpenVPN Setting dialog Dial To TFN X Profile Hara Profile 6 C Auto re dial after disconnect C Auto nun when system start up Open FM Setting VEN Server PROST Namai puch as 123 45 67 6 3
213. d as follows Item Description Enable the QoS Control The factory default for this setting is checked Please also define which traffic the QoS Control settings will apply to IN apply to incoming traffic only OUT apply to outgoing traffic only BOTH apply to both incoming and outgoing traffic Check this box and click OK then click Setup link again You will see the Online Statistics link appearing on this page WAN Inbound It allows you to set the connecting rate of data input for Bandwidth WAN interface For example if your ADSL supports 1M of downstream and 256K upstream please set 1000kbps for this box The default value is 10000kbps WAN Outbound It allows you to set the connecting rate of data output for Bandwidth WAN interface For example if your ADSL supports 1M of downstream and 256K upstream please set 256kbps for this box The default value is 10000kbps Reserved Bandwidth It is reserved for the group index in the form of ratio of Ratio reserved bandwidth to upstream speed and reserved bandwidth to downstream speed Enable UDP Bandwidth Check this and set the limited bandwidth ratio on the right Control field This is a protection of TCP application traffic since UDP application traffic such as streaming video will exhaust lots of bandwidth Outbound TCP ACK The difference in bandwidth between download and upload Prioritize are great in ADSL2 environment For the download speed might be impacted
214. d device Sessions Display the session number that you specified in Limit Session web page Action Block can prevent specified PC accessing into Internet within 5 minutes Page Refresh Sessions Action APP QoS I Block Unblock the device with the IP address will be blocked in five minutes The remaining time will be shown on the session column Page Refresh Sessions Action APP QoS blocked 299 Unblock Current Peak Speed Current means current transmission rate and receiving rate for WAN interface Peak means the highest peak value detected by the router in data transmission Speed means line speed specified in WAN gt gt General Setup If you do not specify any rate at that page here will display Auto for instead 413 Vigor2925 Series User s Guide 4 18 9 Traffic Graph Click Diagnostics and click Traffic Graph to pen the web page Choose WANI WAN2 WAN3 Bandwidth Sessions daily or weekly for viewing different traffic graph Click Reset to zero the accumulated RX TX received and transmitted data of WAN Click Refresh to renew the graph at any time Diagnostics gt Traffic Graph Refresh Mints 1 Refresh Daily Show Chart WAN Bandwidth WAN Bandwidth WAN2 Bandwidth WAN3 Bandwidth Sessions WANI total TX 0 Bytes RX 0 Bytes WAN total TX 0 Bytes RX 0 Bytes WANS total TX 0 Bytes RX 0 Bytes The horizontal axis represents time Yet the vertical axis has different
215. d on the fields of TCP IP headers only On the other hand Vigor router can prevent user from accidentally downloading malicious codes from web pages It s very common that malicious codes conceal in the executable objects such as ActiveX Java Applet compressed files and other executable files Once downloading these types of files from websites you may risk bringing threat to your system For example an ActiveX control object is usually used for providing interactive web feature If malicious code hides inside it may occupy user s system For example if you add key words such as sex Vigor router will limit web access to web 29 99 sites or web pages such as www sex com www backdoor net images sex p_386 html Or you may simply specify the full or partial URL such as www sex com or sex com Also the Vigor router will discard any request that tries to retrieve the malicious code Click CSM and click URL Content Filter Profile to open the profile setting page CSM gt gt URL Content Filter Profile ww URL Content Filter Profile Table Setto Factory Default Profile Name Profile Name iB 3 2 6 3 I 4 8 Administration Message Max 255 characters Default Message lt body gt lt center gt lt br gt lt p gt The requested Web page has been blocked by URL Content Filter lt p gt Please contact your system administrator for further information lt center gt lt body gt Each ite
216. data transmission WPA applies Temporal Key Integrity Protocol TKIP for data encryption while WPA2 applies AES The WPA Enterprise combines not only encryption but also authentication Since WEP has been proved vulnerable you may consider using WPA for the most secure connection You should select the appropriate security mechanism according to your needs No matter which security suite you select they all will enhance the over the air data protection and or privacy on your wireless network The Vigor wireless router is very flexible and can support multiple secure connections with both WEP and WPA at the same time Separate the Wireless and the Wired LAN WLAN Isolation enables you to isolate your wireless LAN from wired LAN for either quarantine or limit access reasons To isolate means neither of the parties can access each other To elaborate an example for business use you may set up a wireless LAN for visitors only so they can connect to Internet without hassle of the confidential information leakage For a more flexible deployment you may add filters of MAC addresses to isolate users access from wired LAN Manage Wireless Stations Station List will display all the station in your wireless network and the status of their connection Below shows the menu items for Wireless LAN Wireless LAN Vigor2925 Series User s Guide 344 Dr ay Te k 4 13 2 General Setup By clicking the General Settings a new web page will
217. de for simple web configuration User Password Setto Factory Default Note 1 Password can contain only a zA Z0 9 lt gt 4 F 3 2 Password can t be only Example or or js illegal but 123 or 45 is OK Available settings are explained as follows Item Description Enable User Mode for After checking this box you can access into the web user simple web configuration interface with the password typed here for simple web configuration The settings on simple web user interface will be different with full web use interface accessed by using the administrator password Password Type in new password in this field The length of the password is limited to 31 characters Confirm Password Type in the new password again Set to Factory Default Click to return to the factory default setting When you click OK the login window will appear Please use the new password to access into the web user interface again Below shows an example for accessing into User Operation with User Password 1 Open System Maintenance gt gt User Password 2 Check the box of Enable User Mode for simple web configuration to enable user mode operation Type a new password in the field of New Password and click OK System Maintenance gt gt User Password Enable User Mode for simple web configuration User Password Password Confirm Password Dray Te k 387 Vigor2925 Series User s Guide 3 The following screen wil
218. der Seeneeeeene Mail Server Setto Factory Default Recipient Notify Profile schedule 1 15 IL Available settings are explained as follows Item Index Mail Service Recipient Notify Vigor2925 Series User s Guide Description Check the box to enable such profile Use the drop down list to choose mail service provider You can click Mail Service link to define the mail server Type the e mail address of the one who will receive the notification message Use the drop down list to choose a message profile The recipient will get the content stated in the message profile You can click the Notify Profile link to define the content of the mail message 20 Dray Tek Schedule Type the schedule number that the notification will be sent out You can click the Schedule 1 15 link to define the schedule After finishing all the settings here please click OK to save the configuration 4 11 10 Bonjour Bonjour is a service discovery protocol which is a built in service in Mac OS X for Windows or Linux platform there are correspondent softwares to enable this function for free Usually users have to configure the router or personal computers to use above services Sometimes the configuration e g IP settings port number is complicated and not easy to complete The purpose of Bonjour is to decrease the settings configuration e g IP setting If the host and user s computer have the plug in bonj
219. dit link to access into next for configuration You can configure general setup for the WAN interface edit the Class Rule and edit the Service Type for the Class Rule for your request Online Statistics Display an online statistics for quality of service for your reference This feature is available only when the Quality of Service for WAN interface is enabled Bandwidth Management gt gt Quality of Service WAN Online Statistics Refresh Interval 5 seconds Refresh Index Direction Class Name Reserved bandwidth Ratio Outbound Throughput Bytes sec 1 OUT VoIP o zZ OUT 20 a a OUT 25 E 4 OUT 25 E a OUT Others 20 o Outbound Status VoIP Others Cancel General Setup for WAN Interface When you click Setup you can configure the bandwidth ratio for QoS of the WAN interface There are four queues allowed for QoS control The first three Class 1 to Class 3 class rules can be adjusted for your necessity Yet the last one is reserved for the packets which are not suitable for the user defined class rules Bandwidth Management gt Quality of Service WAN General Setup WAN Inbound Bandwidth 100000 kKbps WAN Outbound Bandwidth 100000 Kbps Index Class Name Reserved bandwidth Ratio Class 1 25 Class 2 25 Class 3 25 o Others ls J L Enable UDF Bandwidth Control Limited_bandwidth Ratio s Yo C Outbound TCP ACK Prioritize Vigor2925 Series User s Guide 268 Dr ay Te k Available settings are explaine
220. dle Timeout mings O Unlimited Mas User Login booo O Unlimited Pop Browser Tracking Window Authentication web Alert Tool Telnet Landing Page d Index 1 15 in Schedule Setup J Enable Time Quota o min JE Je min C Enable Data Quota Q CCo mea Reset quota to default when scheduling time expired E Enable Default Time Quota oo min Default Data Quota o MB Dr ay Tek 219 Vigor2925 Series User s Guide Available settings are explained as follows Item Description Enable this account Check this box to enable such user profile User Name Type a name for such user profile e g LAN_User_Group_l WLAN_User_Group_A WLAN_User_Group_B etc When a user tries to access Internet through this router an authentication step must be performed first The user has to type the User Name specified here to pass the authentication When the user passes the authentication he she can access Internet via this router However the accessing operation will be restricted with the conditions configured in this user profile The maximum length of the name you can set is 24 characters Password Type a password for such profile e g lug123 wug123 wug456 etc When a user tries to access Internet through this router an authentication step must be performed first The user has to type the password specified here to pass the authentication When the user passes the authentication he she can access Internet
221. e If you want to reboot the router using the current configuration check Using current configuration and click Reboot Now To reset the router settings to default values check Using factory default configuration and click Reboot Now The router will take 5 seconds to reboot the system Note When the system pops up Reboot System web page after you configure web settings please click Reboot Now to reboot your router for ensuring normal operation and preventing unexpected errors of the router in the future Vigor2925 Series User s Guide 402 Dr ay Tek 4 17 12 Firmware Upgrade Before upgrading your router firmware you need to install the Router Tools The Firmware Upgrade Utility is included in the tools The following web page will guide you to upgrade firmware by using an example Note that this example is running over Windows OS Operating System Download the newest firmware from DrayTek s web site or FTP site The DrayTek web site is www DrayTek com or local DrayTek s web site and FTP site is ftp DrayTek com Click System Maintenance gt gt Firmware Upgrade to launch the Firmware Upgrade Utility System Maintenance gt gt Firmware Upgrade Web Firmware Upgrade Select a firmware file telase Rete Se Click Upgrade to upload the file Upgrade TFTP Firmware Upgrade from LAN Current Firmware Version 3 7 3 Firmware Upgrade Procedures Click OK to start the TFTP server Open the Firmware Upg
222. e It determines the size of TCP protocol O 65535 The more the value is the better the performance will be However if the network is not stable small value will be proper Session timeout Setting timeout for sessions can make the best utilization of network resources However Queue timeout is configured for TCP protocol only session timeout is configured for the data flow which matched with the firewall rule DrayTek Banner Please uncheck this box and the following screen will not be shown for the unreachable web page The default setting is Enabled The requested Web page has been blocked by Web Content Filter Please contact your system administrator for further information Powered by Draytek Strict Security Checking For the sake of security you might want the router executing strict security checking for data transmission The router performance will be affected if you invoke strict security checking APP Enforcement Check this box to execute the critical checking for all the files transferred via IM P2P Dray Te k 211 Vigor2925 Series User s Guide Example As stated before all the traffic will be separated and arbitrated using on of two IP filters call filter or data filter You may preset 12 call filters and data filters in Filter Setup and even link them in a serial manner Each filter set is composed by 7 filter rules which can be further defined After that in General Setup you may sp
223. e 4 6 2 General Setup General Setup allows you to adjust settings of IP Filter and common options Here you can enable or disable the Call Filter or Data Filter Under some circumstance your filter set can be linked to work in a serial manner So here you assign the Start Filter Set only Also you can configure the Log Flag settings Apply IP filter to VPN incoming packets and Accept incoming fragmented UDP packets Click Firewall and click General Setup to open the general setup page General Setup Page Such page allows you to enable disable Call Filter and Data Filter determine general rule for filtering the incoming and outgoing data Firewall gt gt General Setup General Setup General Setup Default Rule Call Filter Data Filter Enable Start Filter Set Set 1 Disable Enable Start Filter Set Set 2 w Disable Accept large incoming fragmented UDP or ICMP packets for some games ex CS Enable Strict Security Firewall Available settings are explained as follows Item Call Filter Data Filter Accept large incoming Vigor2925 Series User s Guide Description Check Enable to activate the Call Filter function Assign a start filter set for the Call Filter Check Enable to activate the Data Filter function Assign a start filter set for the Data Filter Some on line games for example Half Life will use lots of fragmented UDP packets to transfer game data Instincti
224. e Edit Edit Edit dit In the Setup page check the box of Enable the QoS Control Type 30 50 and 15 in the boxes for VoIP IPTV and Data Email respectively Check the box of Enable UDP Click OK to save the settings The class rules for WANI are defined as shown below 10 Bandwidth Control Bandwidth Management gt Quality of Service WAN1 General Setup Enable the QoS Control Index Class Name Class 1 VoIP Class 2 IPTV Class 3 Data Email Others C Enable UDP Bandwidth Control C outbound TCP ACK Prioritize 11 Bandwidth Management gt gt Quality of Service General Setup Index Status Bandwidth WAN1 Enable 101060 00Kbps 98180 00Kbps Outbound WAN2 Disable WAN3 Disable 100000Kbps 100000Kbps 100000Kbps 100000Kbps Class Rule Index Name Dray Tek a 30 25 25 r 70 2 50 25 25 Class Class Class 3 15 25 25 Setto Factory Default UDP Others Bandwidth Online Statistics Control Inactive Status Setup 25 Inactive Status Setup 25 Inactive Status Setup Rule Service Type Vigor2925 Series User s Guide 3 6 QoS Setting Example Assume a teleworker sometimes works at home and takes care of children When working time he would use Vigor router at home to connect to the server in the headquarter office downtown via either HTTPS or V PN to check email and access internal database Meanwhile children may chat on Skype in the restroom 1 Goto
225. e Control checkbox to allow system administrators to login from the Internet There are several servers provided by the system to allow you managing the router from Internet Check the box es to specify Enable PING from the Internet Check the checkbox to enable all PING packets from the Internet For security issue this function is disabled by default Access List You could specify that the system administrator can only login from a specific host or network defined in the list A maximum of three Ps subnet masks is allowed IPv6 Address Prefix Length Indicate the IP address es allowed to login to the router After finished the above settings click OK to save the configuration Dray Te k 401 Vigor2925 Series User s Guide 4 17 11 Reboot System The Web user interface may be used to restart your router Click Reboot System from System Maintenance to open the following page System Maintenance gt Reboot System Reboot System Do you want to reboot your router 7 Using current configuration Using factory default configuration Reboot Now Auto Reboot Time Schedule Index 1 15 in Schedule Setup Note Action and Idle Timeout settings will be ignored Index 1 15 in Schedule Setup You can type in four sets of time schedule for performing system reboot All the schedules can be set previously in Applications gt gt Schedule web page and you can use the number that you have set in that web pag
226. e 356 Dr ay Tek 4 14 7 Advanced Setting This page allows users to set advanced settings such as operation mode channel bandwidth guard interval and aggregation MSDU for wireless data transmission Wireless LAN 2 4GHz gt Advanced Setting HT Physical Mode Operation Mode Mixed Mode Green Field Channel Bandwidth 20 20 40 Guard Interval long auto Aggregation MSDU A MSDU Disable Enable Long Preamble Disable Enable Packet OVERDRIVE TX Burst Disable Enable Wireless LAN SGHz gt gt Advanced Setting Physical Mode Operation Mode Mixed Mode Green Field Channel Bandwidth 20 20 40 Guard Interval long auto Aggregation MSDU A MSDU Disable Enable Available settings are explained as follows Item Description Operation Mode Mixed Mode the router can transmit data with the ways supported in both 802 1 1a b g and 802 11n standards However the entire wireless transmission will be slowed down if 802 11g or 802 11b wireless client is connected Green Field to get the highest throughput please choose such mode Such mode can make the data transmission happening between 11n systems only In addition it does not have protection mechanism to avoid the conflict with neighboring devices of 802 1 1a b g Channel Bandwidth 20 the router will use 20Mhz for data transmission and receiving between the AP and the stations 20 40 the router will use 20Mhz or 40Mhz fo
227. e and control inside Object based firewall is flexible and allows your network be safe User Management implemented on your router firmware can allow you to prevent any computer from accessing your Internet connection without a username or password You can also allocate time budgets to your employees within office network With the 6 port Gigabit switch on the LAN side provides extremely high speed connectivity for the highest speed local data transfer of any server or local PCs The tagged VLANs IEEE802 1Q can mark data with a VLAN identifier This identifier can be carried through an onward Ethernet switch to specific ports The specific VLAN clients can also pick up this identifier as it is just passed to the LAN You can set the priorities for LAN side QoS You can assign each of VLANs to each of the different IP subnets that the router may also be operating to provide even more isolation The said functionality is tag based Multi subnet Multiple Private LAN Subnets On the Wireless equipped models each of the wireless SSIDs can also be grouped within one of the VLANs In addition Vigor2925 series supports USB interface for connecting USB printer to share printing function or 3G USB modem for network connection Vigor2925 series provides two level management to simplify the configuration of network connection The user mode allows user accessing into WEB interface via simple configuration However if users want to have advanced configu
228. e filter rules configured in User Management gt gt User Profile to the users Rule Based If you choose such mode the router will apply the filter rules configured in Firewall gt gt General Setup and Filter Rule to the users Web Authentication Choose the protocol for web authentication Landing Page Type the information to be displayed on the first web page when the LAN user accessing into Internet via such router After finishing all the settings here please click OK to save the configuration Vigor2925 Series User s Guide 218 Dr ay Tek 4 7 2 User Profile This page allows you to set customized profiles up to 200 which will be applied for users controlled under User Management Simply open User Management gt gt User Profile User Management gt gt User Profile User Profile Table Setto Factory Default Profile Name Profile Name admin Dial In User LAN User_Group_1 WLAN User Group amp WLAN User Group B FEBBREBBEBEBERBEBEEE i Pt 33 64 65 96 97 128 129 160 161 192 193 200 gt Next gt gt hy A mi l k h k ak k k k Eea ECR a a a a aa a a a a To set the user profile please click any index number link to open the following page Notice that profile 1 admin and profile 2 Dial In User are factory default settings Profile 2 is reserved for future use User Management gt gt User Profile Profile Index 3 Enable this account User Name Password Contirm Password I
229. e of VPN TRUNK VPN Backup mechanism profile Member Display the dial out profile selected from the Member drop down list below Active Yes means normal condition No means the state might be disabled or that profile currently is set with Dial in mode for call direction in LAN to LAN Type Display the connection type for that profile such as IPSec PPTP L2TP L2TP over IPSec NICE L2TP over IPSec MUST and so on Member Display the dial out profile selected from the Vigor2925 Series User s Guide 328 Dr ay Tek Member2 drop down list below Advanced This button is available only when LAN to LAN profile or more is created FPN Backup Advance Settings Windows Internet Explorer htt 192 168 1 1 Leal VPN Backup Advance Settings Profile Name Backup1 ERD Mode Normal Resume Member 1 first Detail Information Environment Recovers Detection ERD Status Normal Mode Detailed information for this dialog see later section Advanced Load Balance and Backup Load Balance Profile List Set to Factory Default Click to clear all VPN TRUNK VPN Load Balance mechanism profile No The order of VPN TRUNK VPN Load Balance mechanism profile Status v means such profile is enabled x means such profile is disabled Name Display the name of VPN TRUNK VPN Load Balance mechanism profile Member Display the dial out profile selected from the Membe
230. e problem of system Please open DrayTek Syslog Tool to capture the connection information WAN Log and send the page similar to the following graphic to the service center of DrayTek Vigor2925 Series User s Guide 430 Dr ay Tek Log Filter Syslog Utility Keyword Apply to All vw JS Firewall YPN System Time 2013 08 27 15 11 09 2013 08 27 15 11 09 2013 08 27 15 10 07 2013 08 27 15 10 06 2013 08 27 15 10 06 2013 08 27 15 10 06 2013 08 27 15 10 06 2013 08 27 15 10 06 2013 08 27 15 10 06 2013 08 27 15 10 06 2013 08 27 15 10 06 2013 08 27 15 10 06 2013 08 27 15 10 06 2013 08 27 15 10 06 2013 08 27 15 10 06 2013 08 27 15 10 06 2013 08 27 15 10 06 lt User Access Connection Router Time 4ug 27 07 10 53 4ug 27 07 10 53 4ug 27 07 09 51 4ug 27 07 09 51 4ug 27 07 09 51 4ug 27 07 09 51 4ug 27 07 09 51 4ug 27 07 09 51 4ug 27 07 09 51 4ug 27 07 09 51 4ug 27 07 09 51 ug 27 07 09 51 4ug 27 07 09 51 4ug 27 07 09 51 4ug 27 07 09 51 4ug 27 07 09 51 4ug 27 07 09 51 WAN Show Traffic Graph Hast Vigor router Vigor router Vigor router Vigor router Vigor router Vigor router Vigor router Vigor router Vigor router Vigor router Vigor router Vigor router Vigor router Vigor router Vigor router Vigor router Vigor router 172 16 3 130 J WAN Information TXRate RX Rate ae r LAN Information S TX Packets RX Packets WAN IP Goer Ss eS eee e
231. e used to connect with many types of external devices In order to control or manage the external devices conveniently open External Devices to make detailed configuration 4 19 1 All Devices External Device gt gt All Devices External Devices Connected Below shows available devices that connected externally For security reason If you have changed the administrator password on External Device please click the Account button to retype new username and password Otherwise the router will be unable to monitor the External Device device properly Click the Clear button to Clear the off line information and account information Available settings are explained as follows Item Description External Device Auto Check this box to detect the external device automatically Discovery and display on this page From this web page check the box of External Device Auto Discovery Later all the available devices will be displayed in this page with icons and corresponding information You can change the device name if required or remove the information for off line device whenever you want Vigor2925 Series User s Guide 418 Dr ay Tek External Device gt All Devices External Device Auto Discovery External Devices Connected Below shows available devices that connected externally Online Vigors900 Connection Uptime 00 00 16 IP Address 172 17 5 140 OnLine Vigor2960 Connection Uptine 00 00 16 IP Address 172 17 5 194 On
232. eacessaeeeesaneeesseages 184 4 4 2 DMZ HOSt cccccccssssseeeeecccceeaesseeceeececeeauseeceeeceseasaeeceeeceseaeausdeceeeeseeeeaaggeeeeeesesssaagessees 187 AAS OPen OS ernir asme a ee aE E E sintheneeerniniueneeimen tees 191 4 4 4 Port Triggering cccccceeecceeceeeeeeeeeeeaeeeeeeeeeaeeeeeeesaaaeeeeesaaaaeeeeesaaaeeessaaaeeesessaageeesesaaaaees 193 4 5 Hardware Acceleration cccccscccccssseeccsesececeesseeceusececsagececsaseecseseecssaseeessaueeeesegeeesssageeeess 196 A iT e P EEA EE E E ET O A AN I A E A O A E E E 196 AOF TOWA ena E E E N E EE EEE 198 4 6 1 Basics for Firewall ccccccccssescccceseeeeeeeeeeeceeseeesseeeeeeseuseeeseaeesssaeeeeseeeeesaeeeeeneeeesessages 198 I oar E Ee E E 0 a E er E E EE E ee A E E E T 200 AG FIE Oe U i E E EE E E A EA 205 Vigor2925 Series User s Guide viii Dr ay Tek 4 6 4 DoS Defense i sicceiiuicicavsiicwcusemandweuwenciecnverstewssleeddiuaventososdaxcidaa ted tewsnawetiaendeutoewevedsdeoswentiaan 213 4 7 User NAN ACC NC IA onsscnnnasarnsecnestancnnindaaed acenebusunoresantedsluupeiaataninansauiravataneadeavalpsuanteesiioesyineate 217 TY feed me a ho 0 Bare ee ee ne eee een eee en eee eee ET eee ee 218 Mi Sar POTG esse cers cts E eens E AE O 219 A S O a a E EE 223 4 7 4 User Online SUAtUS css ccccececvdadens sosdaddenosiessaesvseGsedasaaseds teed desasansedes oxeneedesvecddaeeraeosaeevenseaeet 224 ACODE SCUINGS sssececitesesccieeteuesanieanathessepancleta AEE EE
233. ec gt The web page is simple to understand and easy to configure gt The TCP Session transmitted by using VPN TRUNK VPN Load Balance mechanism will not be lost due to one of VPN Tunnels disconnected Users do not need to reconnect with setting TCP UDP Service Port again The VPN Load Balance function can keep the transmission for internal data on tunnel stably Dray Te k 327 Vigor2925 Series User s Guide VPN and Remote Access gt VPN TRUNK Management Backup Profile List Set to Factory Default Note Active NO The LAN to LAWN Profile is disabled or under Dial In Call Direction at present No Status Name Memberi Active Type Member Active Type Load Balance Profile List Setto Factory Default Note Active NO The LAN to LAN Profile is disabled or under Dial In Call Direction at present No Status Name Member Active Type Member Active Type Advanced General Setup Status Enable Disable Memberi Please select a LAN to LAN Dial Out profile Member Please select a LAN to LAN Dial Out profile Active Mode Backup Load Balance Add Available settings are explained as follows Item Description Backup Profile List Set to Factory Default Click to clear all VPN TRUNK VPN Backup mechanism profile No The order of VPN TRUNK VPN Backup mechanism profile Status v means such profile is enabled x means such profile is disabled Name Display the nam
234. ecify one set for call filter and one set for data filter to execute first Firewall gt General Setup General Setup Genaral Setup arian bt Hube Call Fili Enable D Tainio Data Filter Enable Start FibeN gnt Selle O Dpabie W Accopt Lage meiming fregmenterd UOP or IOMP pockets Nggonmu i Firewall gt Filter Setup F Enable Strict Secunby Firewall Fiker Setup etio Factory Default Comments Set Camments Default Call Filter L p Default Gata Filter i OK Gingil 3 4 4 10 a 11 i li Firewall Fiker Setup Edit Fiker Sen rior Sent Firewall gt gt Edit Filter Set gt gt Edit Filter Rule Commons Defauly sO Filter Active Communes Filter Set 1 Rule 1 el Block NetBios El Check to enable the Filter Rule Comments Block MetBios T J Index 1 15 m Schedule Sebup l i O Clear sessions when schedule ON Enable 3 J oO Orection LARRY 2 Wine w 5 El Sure iP Any Edit i J LI ra timate EP Any Edit semite TF TCPAUDP Port from 137 129 te any Em Fragments Doni Care oK Clear Cancel Applicadoen 4ctloniProflle Syslog Filter Page Immediately w o Branch te Other Filter Sef Sessions Control o arnon i MAC Bind IP hon rict LJ Quality of Servlee None aa Load Balamce policy Auto Select w o Uyar Monagenayi Nore L ABP Enforcement Nene oa C URL Content Filter None o Wolk Cambil Filter Mome LI Advance Setting Ea OK Clear Cancel
235. ects Setting gt gt IPv6 Object IPv6 Object Profiles Set to Factory Default Index Name Index Name ta jea foo imo mo mo ko mo Ro jha jha jra Ro je ja foo ho j S feo foo N foo fon fe feo ro fe Oo feo foo fw le la l l S S te ie im ie ie gt ie iy ie Next gt gt m4 k a Pa tod a y k wr M 7 Available settings are explained as follows Item Description Set to Factory Default Clear all profiles Index Display the profile number that you can configure Name Display the name of the object profile Dr ay Te k 229 Vigor2925 Series User s Guide To set a new profile please do the steps listed below 1 Click the number e g 1 under Index column for configuration in details 2 The configuration page will be shown as follows Objects Setting gt gt IPv6 Object Profile Index 1 Address Type Mac Address oo foo Hoo Hoo Hoo Hoo Start IP Address en End IP Address Po Prefix Len Invert Selection LJ Available settings are explained as follows Item Description Name Type a name for this profile Maximum 15 characters are allowed Address Type Determine the address type for the IPv6 address Select Single Address if this object contains one IPv6 address only Select Range Address if this object contains several IPv6s within a range Select Subnet Address if this object contains one subnet for IPv6 address Select Any Address if this object contains any IPv6
236. ed and expressed in black LAN to LAN Profiles View All Trunk Index Name Active Status 1 To A Place W offline 2 To B Site V offline a To C Place V offline 4 To D Site W offline How can you set a GRE over IPSec profile 1 Please go to LAN to LAN to set a profile with IPSec 2 If the router will be used as the VPN Server 1 e with virtual address 192 168 50 200 Please type 192 168 50 200 in the field of My GRE IP Type IP address 192 168 50 100 of the client in the field of Peer GRE IP See the following graphic for an example High ESP DES 3DES V AES 4 Gre over IPsec Settings LJ Enable IPsec Diae LJ Logical Traffic 5 TCPAP Network Settings My WAN IP RIP Direction Pemote Gateway IP 199 169 11 From first subnet to remote network you have to do Remote Wetwork IP 192 168 1 0 Remote Network Mask 255 255 2550 My GRE IP 192 168 20200 Peer GRE IP 192 168 50 100 Local Network IP 192 168 25 1 Change default route to this WPN tunnel Only single WWAN supports this Local Network Mask 255 255 255 0 3 Later on peer side as VPN Client please type 192 168 50 100 in the field of My GRE IP and type IP address of the server 192 168 50 200 in the field of Peer GRE IP mgn ESF WES JUCI AES 4 Gre over IPsec Settings E Enable IPsec Diath Cgtisypakmamn ar I Logical Trattic My GRE IF 192 168 50 100 Peer GRE IP 192 168 50 200 5 TCPAP Network Setti
237. ed as a DHCP server if you do not have a DHCP server for your network Enable Server Let the router assign IP address to every host in the LAN Disable Server Let you manually assign IP address to every host in the LAN Enable Relay Agent If you want to use another DHCP server in the network other than the Vigor Router s you can let Relay Agent help you to redirect the DHCP request to the specified location DHCP Server IP Address It is available when Enable Relay Agent is checked Set the IP address of the DHCP server you are going to use so the Relay Agent can help to forward the DHCP request to the DHCP server Start IP Address Enter a value of the IP address pool for 163 Vigor2925 Series User s Guide the DHCP server to start with when issuing IP addresses If the Ist IP address of your router is 192 168 1 1 the starting IP address must be 192 168 1 2 or greater but smaller than 192 168 1 254 IP Pool Counts Enter the maximum number of PCs that you want the DHCP server to assign IP addresses to The default is 50 and the maximum is 253 Gateway IP Address Enter a value of the gateway IP address for the DHCP server The value is usually as same as the Ist IP address of the router which means the router 1s the default gateway Lease Time Enter the time to determine how long the IP address assigned by DHCP server can be used DNS Server IP Address DNS stands for Domain Name System Every Internet h
238. ed as follows Item Description Profile Name List the load balance profile name Load Balance Algorithm Round Robin Based on packet base both tunnels will send the packet alternatively Such method can reach the balance of packet transmission with fixed rate Weighted Round Robin Such method can reach the balance of packet transmission with flexible rate It can be divided into Auto Weighted and According to Speed Ratio Auto Weighted can detect the device speed 1OMbps 100Mbps and switch with fixed value ratio 3 7 for packet transmission If the transmission rate for packets on both sides of the tunnels is the same the value of Auto Weighted should be 5 5 According to Speed Ratio allows Dray Te k 333 Vigor2925 Series User s Guide VPN Load Balance Policy Vigor2925 Series User s Guide user to adjust suitable rate manually There are 100 groups of rate ratio for Memberl Member2 range from 1 99 to 99 1 Below shows the algorithm for Load Balance Edit Click this radio button for assign a blank table for configuring Binding Tunnel Insert after Click this radio button to adding a new binding tunnel table Tunnel Bind Table Index 128 Binding tunnel tables are provided by this device Specify the number of the tunnel for such Load Balance profile Active In active Delete can delete this binding tunnel table Active can activate this binding tunnel table Binding Dial Out Index Specify c
239. een select Using DHCP from the drop down list of Configure IPv4 e680 Show All Network Displays Sound Network Startup Disk Location Automatic Show Built in Ethernet TCP IP PPPoE AppleTalk Proxies Ethernet IP Address Renew DHCP Lease Subnet Mask 255 255 255 0 DHCP Client ID If required Router 192 168 1 1 DNS Servers Optional Search Domains IPv6 Address fe80 0000 0000 0000 020a 95ff fe8d 72e4 Configure IPv6 Optional rr Click the lock to prevent further changes Assist me 7 428 _ Apply Now Dray Tek 5 3 Pinging the Router from Your Computer The default gateway IP address of the router is 192 168 1 1 For some reason you might need to use ping command to check the link status of the router The most important thing is that the computer will receive a reply from 192 168 1 1 If not please check the IP address of your computer We suggest you setting the network connection as get IP automatically Please refer to the section 5 2 Please follow the steps below to ping the router correctly For Windows L Ds 4 Open the Command Prompt window from Start menu gt Run Type command for Windows 95 98 ME or cmd for Windows NT 2000 XP Vista The DOS command dialog will appear ce Command Prompt Microsoft Windows HP Version 5 1 2688 lt C gt Copyright 1985 2001 Microsoft Corp D Documents and Settings
240. elect IP Address Virtual Network Computing VNC Port Idle Timeout Scaling Remote Desktop Protocol RDP Samba Application k o Clear Cancel Available settings are explained as follows Item Description Enable Application Check the box to enable such profile Server Application Name Type a name for such application The length of the name is limited to 23 characters Application Vigor2925 Series User s Guide There are three types offered for you to create an application profile Please Select kd Please Select Virtual Network Computing VNC Remote Desktop Protocol ROP Samba Application Virtual Network Computing VNC It allows you to access and control a remote PC through VNC protocol Remote Desktop Protocol RDP It allows you to access and control a remote PC through RDP protocol so DrayTek Samba Application It allows you to access and control a remote PC through Samba service IP Address If you choose VNC or RDP you have to type the IP address for this protocol Port If you choose VNC or RDP you have to specify the port used for this protocol The default setting is 5900 Idle Timeout If you choose VNC you have to specify the time for disconnecting the SSL VPN tunnel Scaling If you choose VNC you have to choose the percentage 100 80 60 for such application Screen Size If you choose RDP you have to choose the screen size for such applic
241. elnet Port Default 23 O Allow management from the Internet HTTP Port Default 80 FIP Server HTTPS Port Default 443 HTTP Server FTP Port Default 21 erver SSH Port Default 22 Telnet Server SSH Server Disable PING from the Internet Access List List IP Subnet Mask 4 4 2 DMZ Host As mentioned above Port Redirection can redirect incoming TCP UDP or other traffic on particular ports to the specific private IP address port of host in the LAN However other IP protocols for example Protocols 50 ESP and 51 AH do not travel on a fixed port Vigor router provides a facility DMZ Host that maps ALL unsolicited data on any protocol to a single host in the LAN Regular web surfing and other such Internet activities from other clients will continue to work without inappropriate interruption DMZ Host allows a defined internal user to be totally exposed to the Internet which usually helps some special applications such as Netmeeting or Internet Games etc Dr ay Tek 187 Vigor2925 Series User s Guide Destined to Internet 220 135 240 207 Protocol Any Port Any The security properties of NAT are somewhat bypassed if you set up DMZ host We suggest you to add additional filter rules or a secondary firewall Click DMZ Host to open the following page You can set different DMZ host for each WAN interface Click the WAN tab to switch into the configuration page for that WAN NAT gt gt DMZ Host Setup DMZ Host S
242. em Maintenance gt gt SysLog Mail Alert for detailed configuration gt Syslog support please refer to System Maintenance gt gt SysLog Mail Alert for detailed configuration gt Specific ERD Environment Recovery Detection mechanism which can be operated by using Telnet command VPN TRUNK VPN Backup mechanism profile will be activated when initial connection of single VPN tunnel is off line Before setting VPN TRUNK VPN Backup mechanism backup profile please configure at least two sets of LAN to LAN profiles with fully configured dial out settings first otherwise you will not have selections for grouping Member and Member2 Features of VPN TRUNK VPN Load Balance Mechanism VPN Load Balance Mechanism can set multiple VPN tunnels for using as traffic load balance tunnel It can assist users to do effective load sharing for multiple VPN tunnels according to real line bandwidth Moreover it offers three types of algorithms for load balancing and binding tunnel policy mechanism to let the administrator manage the network more flexibly gt Three types of load sharing algorithm offered Round Robin Weighted Round Robin and Fastest gt Binding Tunnel Policy mechanism allows users to encrypt the data in transmission or specified service function in transmission and define specified VPN Tunnel for having effective bandwidth management gt Dial out connection types contain IPSec PPTP L2TP L2TP over IPSec and GRE over IPS
243. emind you enabling it Bandwidth Management gt gt Sessions Limit Sessions Limit Default Max Sessions Limitation List Index Start IP End IP Click Diagnostics and click Data Flow Monitor to open the web page You can click IP Address TX rate RX rate or Session link for arranging the data display Diagnostics gt gt Data Flow Monitor Enable Data Flow Monitor Refresh Seconds Page 1 Refresh Index IP Address TX rate Kbps RX rate Kbps Sessions Action 192 168 1 10_CARRIE ae a OC7CB251 22 Block Current Peak Current Peak Current speed Speed Peak WANT oO 0 Auto 0 0 Auto 0 WAN Soe 0 0 Auto 0 0 Auto 0 WANS Oo 0 Auto 0 0 Auto 0 Total 0 0 Auto 0 0 Auto 22 f 110 Note 1 Click Block to prevent specified PC from surfing Internet for 5 minutes Available settings are explained as follows Item Description Vigor2925 Series User s Guide 412 Dr ay Te k Dray Tek Enable Data Flow Check this box to enable this function Monitor Refresh Seconds Use the drop down list to choose the time interval of refreshing data flow that will be done by the system automatically Refresh Seconds Refresh Click this link to refresh this page manually Index Display the number of the data flow IP Address Display the IP address of the monitored device TX rate kbps Display the transmission speed of the monitored device RX rate kbps Display the receiving speed of the monitore
244. en ports function The key difference between open port and port triggering 1s Once the OK button is clicked and the configuration has taken effect open port keeps the ports opened forever Once the OK button is clicked and the configuration has taken effect port triggering will only attempt to open the ports once the triggering conditions are met The duration that these ports are opened depends on the type of protocol used The default durations are shown below and these duration values can be modified via telnet commands TCP 86400 sec UDP 180 sec IGMP 10 sec TCP WWW 60 sec TCP SYN 60 sec NAT gt Port Triggering Port Triggering Setto Factory Default Index Comment Triggering Protocol Triggering Port Incoming Protocol Incoming Port Status 1 x 2 x a x 4 x 5 x G x x a x 9 x lt lt 1 10 11 20 Next Available settings are explained as follows Item Description Dr ay Tek 193 Vigor2925 Series User s Guide Comment Triggering Protocol Triggering Port Incoming Protocol Incoming Port Status Display the text which memorizes the application of this rule Display the protocol of the triggering packets Display the port of the triggering packets Display the protocol for the incoming data of such triggering profile Display the port for the incoming data of such triggering profile Display if the rule is active or de active Click the index numb
245. epair the router yourself Do not place the router in a damp or humid place e g a bathroom The router should be used in a sheltered area within a temperature range of 5 to 40 Celsius Do not expose the router to direct sunlight or other heat sources The housing and electronic components may be damaged by direct sunlight or heat sources Do not deploy the cable for LAN connection outdoor to prevent electronic shock hazards Keep the package out of reach of children When you want to dispose of the router please follow local regulations on conservation of the environment We warrant to the original end user purchaser that the router will be free from any defects in workmanship or materials for a period of two 2 years from the date of purchase from the dealer Please keep your purchase receipt in a safe place as it serves as proof of date of purchase During the warranty period and upon proof of purchase should the product have indications of failure due to faulty workmanship and or materials we will at our discretion repair or replace the defective products or components without charge for either parts or labor to whatever extent we deem necessary tore store the product to proper operating condition Any replacement will consist of a new or re manufactured functionally equivalent product of equal value and will be offered solely at our discretion This warranty will not apply if the product is modified
246. er Firmware Version Display the firmware version of the router Build Date Time Display the date and time of the current firmware build LAN MAC Address Display the MAC address of the LAN Interface IP Address Display the IP address of the LAN interface Subnet Mask Display the subnet mask address of the LAN interface DHCP Server Display the current status of DHCP server of the LAN interface DNS Display the assigned IP address of the primary DNS WAN Link Status Display current connection status MAC Address Display the MAC address of the WAN Interface Connection Display the connection type IP Address Display the IP address of the WAN interface Default Gateway Display the assigned IP address of the default gateway IP v6 Address Display the IPv6 address for LAN Scope Display the scope of IPv6 address For example IPv6 Link Local could only be used for direct IPv6 link It can t be used for IPv6 internet Internet Access Mode Display the connection mode chosen for accessing into Internet Vigor2925 Series User s Guide 384 Dr ay Tek 4 17 2 TR 069 This device supports TR 069 standard It is very convenient for an administrator to manage a TR 069 device through an Auto Configuration Server e g VigorACS System Maintenance gt TR 069 Setting ACS and CPE Settings ACS Server On ACS Server URL Username Password CPE Client Enable Disable URL Port Username Pas
247. er attached ta another computer Toset up 4 network printer that is not attached to a print server 1 use the Local printer option m 5 In this dialog choose Create a new port Type of port and use the drop down list to select Standard TCP IP Port Click Next Add Printer Wizard Select a Printer Port Computers communicate with printers through ports Select the port you want your printer to use If the port is not listed you can create a new port Use the following port LPT Recommended Printer Pot Note Mott computers Use the LATTI por to comrmunicate with a local printer abe tL gt ine 5 tans The onrect r tortie ocorbernoule loak something like his Create a new port Type of port Standard TCP IP Port Dr ay Tek 9 Vigor2925 Series User s Guide 6 In the following dialog type 192 168 1 1 router s LAN IP in the field of Printer Name or IP Address and type IP_192 168 1 1 as the port name Then click Next Add Standard TCP IP Printer Port Wizard Add Port For which device do you want to add a port Enter the Printer Name or IP address and a port name for the desired device Printer Name or IP Address 192 168 1 a Port Name IP_192 168 1 1 7 Click Standard and choose Generic Network Card Add Standard TCP IP Printer Port Wizard Additional Port Information Required The device could not be identified The detected device is of unknown
248. er link to open the configuration page NAT gt Port Triggering No 1 Enable Service Comment Triggering Protocol Triggering Port Incoming Protocol Incoming Port User Defined C JE ge k UDP w 1024 Note The Triggering Port and Incoming Port should be input like this 123 456 777 789 legal 123 456 789 legal but 123 456 789 illegal Available settings are explained as follows Item Enable Service Comment Triggering Protocol Vigor2925 Series User s Guide Description Check to enable this entry Choose the predefined service to apply for such trigger profile User Defined w User Defined Real Player Quick Time BitTorrent Type the text to memorize the application of this rule Select the protocol TCP UDP or TCP UDP for such triggering profile 9 Dray Tek Triggering Port Type the port or port range for such triggering profile Incoming Protocol When the triggering packets received it is expected the incoming packets will use the selected protocol Select the protocol TCP UDP or TCP UDP for the incoming data of such triggering profile Incoming Port Type the port or port range for the incoming packets After finishing all the settings here please click OK to save the configuration Dr ay Te k 195 Vigor2925 Series User s Guide 4 5 Hardware Acceleration Hardware Acceleration is also called PPA in DrayTek for it is based on Protocol Processing Engi
249. er s Guide 196 Dr ay Tek available in Auto Mode too But the UDP protocol is only supported in this sub item Apply the Class Rule in Quality of Service Users can apply the information provided by QoS in this sub item Note Please visit our website for referring the detailed configuration of QoS Bandwidth Management gt gt Quality of Service Rule Edit V ACT Hardware Acceleration Ethernet Type IPv4 O IPv6 Local Address Specific Hosts This sub item provides 5 hosts for adding NAT sessions into the PPA For the PPA only support s128 sessions these hosts will share these sessions Therefore the performance will be lower than only one host Choose this option to specify certain PCs on LAN to apply the hardware acceleration Enable Check the box to make PC s specified in the selected index entry to be applied Start port Type the starting port for the PC s in LAN End port Type the ending port for the PC s in LAN Private IP Choose PC Type the IP address as the selected host Or click the Choose PC button to specify one IP address from the pop up window Checking the PPA status For checking whether the rule of PPA is working or not a user can login toVigor2925 series by using telnet User can view how many sessions is transferring in each direction of PPA table after entering ppa v gt ppa y PPA mode is Auto mode is Manual traffics PPA time is 18
250. eries User s Guide 232 Dr ay Te k 2 The configuration page will be shown as follows Objects Setting gt Service Type Object Setup Profile Index 1 Protocol TCP w be o Source Port ft a Destination Port i ft e5535 Available settings are explained as follows Item Description Name Type a name for this profile Protocol Specify the protocol s which this profile will apply to Source Destination Source Port and the Destination Port column are available Port for TCP UDP protocol It can be ignored for other protocols The filter rule will filter out any port number when the first and last value are the same it indicates one port when the first and last values are different it indicates a range for the port and available for this profile when the first and last value are the same it indicates all the ports except the port defined here when the first and last values are different it indicates that all the ports except the range defined here are available for this service type gt the port number greater than this value is available lt the port number less than this value is available for this profile 3 After finishing all the settings please click OK to save the configuration Objects Setting gt Service Type Object Service Type Object Profiles Index Name Incl 1 WW Ww i FA SIP at 3 15 Dr ay Tek 233 Vigor2925 Series User s Guide 4 8 6 Service Type Group
251. erval o minute s WAN Connection Detection Mode ARP Detect TTL MTU 1442 Max 1500 RIP Protocol C Enable RIP PPTP L2TP IPvG WAN IP Network Settings WAN IP Alias Obtain an IP address automatically vigor Required for same ISPs DHCP Client Identifier for some ISP Router Name C Enable Specify an IP address IP Address 202 211 100 10 Subnet Mask 255 255 255 0 Gateway IF Address OoOo Default MAC Address Specify a MAC Address MAC Address 1D aa HAC ha Ica DNS Server IP Address Primary IP 4ddress 6 6 8 8 Secondary IP Address 8844 Click the WAN IP Alias button to configure the other P address which is 202 211 100 111 Make sure Join IP NAT Pool is not checked Click OK to save the settings VWAN1 IP Alias Multi NAT Index Enable Aux WAN IP Join NAT IP Pool ih 02 211 100 10 K L 02 211 100 11 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 C d d C 4 d DrayTek 0 Close Vigor2925 Series User s Guide 4 After finished configuration for WAN1 open Load Balance Route Policy Load Balance Route Policy Policy Route Setto Factory Default Indier Enable tras indented Interface orb IP SrcIP DestIP Dest IP RASS oe ae Move Address Start End Start End Start End Up Down CI any WANI Down O any WANI JP Down E any WANI Down O any WANI Down O any WANI Down O any WANI Down d any WANI Down P any WANI Down any WA
252. es IPPBX Others C Pause Message statistic Session Usage 123 5 min average statistic WAN1 Tx 81 Kbps Rx 12 Kbps 5 min average USB Host Controller Driver OTG USB JEndpointAddress 82 in Attributes 02 Bulk USB EndpointAddress 01 out Attributes 02 Bulk USB Mass Storage device class USB Interface Class SubClass Protocol 08 06 50 USB InterFace 0 USB Per interface classes USB Device Class SubClass Protocol 00 00 00 USB SerialNumber 3 ED96E018 USB Product 2 Mass Storage USB Manufacturer 1 Generic USB Usb new device Yendor ID 0568F Product ID 6387 USB nurm of interfaces 1 USBJusb_set_configuration configuration 1 USB Usb Device Connected at Port 0 Transmission Rate is not fast enough Please connect your Notebook with 3G USB Modem to test the connection speed to verify if the problem is caused by Vigor2925 In addition please refer to the manual of 3G USB Modem for LED Status to make sure if the modem connects to Internet via HSDPA mode If you want to use the modem indoors please put it on the place near the window to obtain better signal receiving 5 6 Backing to Factory Default Setting If Necessary Sometimes a wrong connection can be improved by returning to the default settings Try to reset the router by software or hardware Such function is available in Admin Mode only Warning After pressing factory default setting you will loose all setti
253. espectively That means when 50 packets per second received they will be regarded as attack event and the session will be paused for 10 seconds Port Scan attacks the Vigor router by sending lots of packets to many ports in an attempt to find ignorant services would respond Check the box to activate the Port Scan detection Whenever detecting this malicious exploration behavior by monitoring the port scanning Threshold rate the Vigor router will send out a warning By default the Vigor router sets the threshold as 150 packets per second That means when 150 packets per second received they will be regarded as attack event Check the box to activate the Block IP options function The Vigor router will ignore any IP packets with IP option field in the datagram header The reason for limitation is IP option appears to be a vulnerability of the security for the LAN because it will carry significant information such as security TCC closed user group parameters a series of Internet addresses routing messages etc An eavesdropper outside might learn the details of your private networks Check the box to enforce the Vigor router to defense the Land attacks The Land attack combines the SYN attack technology with IP spoofing A Land attack occurs when an attacker sends spoofed SYN packets with the identical source and destination addresses as well as the port number to victims Check the box to activate the Block Smurf f
254. ess for limit bandwidth Each Shared Select Each to make each IP within the range of Start IP and End IP having the same speed defined in TX limit and RX limit fields select Shared to make all the IPs within the range of Start IP and End IP share the speed defined in TX limit and RX limit fields TX limit Define the limitation for the speed of the upstream If you do not set the limit in this field the system will use the default speed for the specific limitation you set for each index RX limit Define the limitation for the speed of the downstream If you do not set the limit in this field the system will use the default speed for the specific limitation you set for each index Add Add the specific speed limitation onto the list above Edit Allow you to edit the settings for the selected limitation Delete Remove the selected settings existing on the limitation list Smart Bandwidth Limit Check this box to have the bandwidth limit determined by the system automatically TX limit Define the limitation for the speed of the upstream If you do not set the limit in this field the system will use the default speed for the specific limitation you set for each index RX limit Define the limitation for the speed of the downstream If you do not set the limit in this field the system will use the default speed for the specific limitation you set for each index Time Schedule Index 1 15 in Schedule Setup You ca
255. etails Page for 3G 4G USB Modem PPP mode in WAN3 To use 3G 4G USB Modem PPP mode as the accessing protocol of the internet please choose Internet Access from WAN menu Then select 3G 4G USB Modem PPP mode for WANS The following web page will be shown WAN gt Internet Access WAN 3 3G 4G USB Modem PPP mode O Enable Disable AT amp FEOVIA1 amp D2801350 0 Modem Initial String Default ATRFEOV1X1 amp D2 amp C150 0 Modem Initial String2 Modem Dial String ATDT 99 Default ATDT 99 CDMA ATDT 777 TD SCDMA ATDT 98 1 PPP Username Pf 0p tion PPP Authentication PAP or CHAP Indexf1 15 in Schedule Setup LL tL JL WAN Connection Detection Mode ARP Detect TTL Available settings are explained as follows Item Description 3G 4G USB Modem PPP Click Enable for activating this function If you click mode Disable this function will be closed and all the settings that you adjusted in this page will be invalid SIM PIN code Type PIN code of the SIM card that will be used to access Internet The maximum length of the PIN code you can set is 15 characters Dr ay Tek 139 Vigor2925 Series User s Guide Modem Initial String APN Name Modem Initial String2 Modem Dial String PPP Username PPP Password PPP Authentication Index 1 15 in Schedule Setup WAN Connection Detection Such value is used to initialize USB modem Please use the default value If you have any ques
256. etup VPN IKE IPsec General Setup Dial in Set up for Remote Dial in users and Dynamic IP Client LAN to LAN IKE Authentication Method Certificate for Dial in Pre Shared Key Pre Shared Key Po Confirm Pre Shared Key PO IPsec Security Method Medium AH Data will be authentic but will not be encrypted High ESP DES 3DE5 MJ AES Data will be encrypted and authentic Available settings are explained as follows Item Description IKE Authentication This usually applies to those are remote dial in user or node Method LAN to LAN which uses dynamic IP address and IPSec related VPN connections such as L2TP over IPSec Vigor2925 Series User s Guide 308 Dr ay Te k and IPSec tunnel There are two methods offered by Vigor router for you to authenticate the incoming data coming from remote dial in user Certificate X 509 and Pre Shared Key Certificate for Dial in Choose one of the local certificates from the drop down list Pre Shared Key Specify a key for IKE authentication Confirm Pre Shared Key Retype the characters to confirm the pre shared key Note Any packets from the remote dial in user which does not match the rule defined in VPN and Remote Access gt gt Remote Dial In User will be applied with the method specified here IPSec Security Method Medium Authentication Header AH means data will be authenticated but not be encrypted By default this option is active High ESP Encapsulating Security
257. etup This page determines the general configuration for SSL VPN Server and SSL Tunnel SSL VPN gt General Setup SSL VPN General Setup Port Default 443 Server Certificate Encryption Key Algorithm High AES 128 bits and 3DES Default RC4 128 bits OLow DES Note The settings will act on all SSL applications Available settings are explained as follows Item Description Port Such port is set for SSL VPN server It will not affect the HTTPS Port configuration set in System Maintenance gt gt Management In general the default setting is 443 Server Certificate When the client does not set any certificate default certificate will be used for HTTPS and SSL VPN server Choose any one of the user defined certificates from the drop down list if users set several certificates previously Otherwise choose Self signed to use the router s built in default certificate The default certificate can be used in SSL VPN server and HTTPS Web Proxy Dray Te k 363 Vigor2925 Series User s Guide Encryption Key Algorithm Choose the encryption level for the data connection in SSL VPN server After finishing all the settings here please click OK to save the configuration 4 15 2 SSL Web Proxy SSL Web Proxy will allow the remote users to access the internal web sites over SSL SSL VPN gt SSL Web Proxy SSL Web Proxy Servers Profiles Setto Factory Default Index Name URL Active x 2 x 3 X 4 x 5
258. etup WAN1 WAN WANS WAN 1 Private IP MAC Address of the True IP DMZ Host Note When a True IP DMZ host is turned on it will force the router s WAN connection to be always on Available settings are explained as follows Item Description WAN 1 Choose Private IP or Active True IP first None v Active True IP selection is available for WAN only Private IP Active True IP Private IP Enter the private IP address of the DMZ host or click Choose PC to select one Vigor2925 Series User s Guide 188 Dr ay Te k Choose PC Click this button and then a window will automatically pop up as depicted below The window consists of a list of private IP addresses of all hosts in your LAN network Select one private IP address in the list to be the DMZ host T htip 19 Saks 132 168 110 13168118 When you have selected one private IP from the above dialog the IP address will be shown on the following screen Click OK to save the setting NAT gt gt DMZ Host Setup DMZ Host Setup WAN1 WAN2 WAN3 WAN 1 Private IP Private IP 192 168 1 49 F Choose P MAC Address of the True IP DMZ Host o0 oo foo foo Note When a True IP DMZ host is turned on it will force the router s WAN connection to be always on DMZ Host for WAN2 and WAN3 is slightly different with WAN Active True IP selection is available for WAN only See the following figure NAT gt DMZ Host Setup DMZ Ho
259. ew Web Content Filter If you can t read the AuthCode click here license key e Activation of DT Anti Virus license key e Activation of Kaspersky Anti Virus license key e Activation of Commtouch Anti Spam license key and membership Forget password Not registered yet Click here Vigor routers for models that support Commtouch e Activation of Commtouch Giobalview Web Content Filter license key The MyVigor website contains a trail version of Commtouch GlobalView Web Content Filter which allows the users fo set filters to block out undesirable web pages in the Internet jungle Please use IE 5 0 or above resolution 1024 788 for best More customer oriented services are planned for MyVigor site for the display DrayTek Corp near future Vigor2925 Series User s Guide 88 Dr ay Te k 2 Check to confirm that you accept the Agreement and click Accept Create an account Please enter personal profile Grersonal Information E Preferences completion 1 Agreement Draytek provides Myvigor myvigor draytek com service according to this agreement When you use MyVigor service it means that you have read understand and agree to accept the items listed in this agreement Draytek can modify or change the content of the tems without any reasons tt is suggested for you to notice the medications or changes at any time If you still use MyVigor service after knowing the modifications and change
260. exf 1 15 in Schedule Setup Clear sessions when schedule Op Direction Source IP Destination IP Service Type Fragments Application Action Profile Syslog Filter Block Immediately vw C Oo Vigor2925 Series User s Guide Dray Tek i 6 A dialog box will be popped up Choose Range Address as Address Type by using the drop down list Type 192 168 1 10 in the field of Start IP and type 192 168 1 20 in the field of End IP Then click OK to save the settings The computers within the range can access into the Internet IP Address Edit Address Type Start IP Address End IP Address Subnet Mask Invert Selection IP Group or IP Object or IP Object or IP Object IPvo Group or Pv Object or IPv Object or IP v Object Range Address t 168 1 10 192 168 1 20 7 Now check the content of Source IP is correct or not The action for Filter shall be set with Pass Immediately Then click OK to save the settings Firewall gt Edit Fiter Set gt gt Edit Filter Rule Fiter Set 2 Rule 3 Check to enable the Filter Rule Comments Index 1 15 in Schedule Setup Clear sessions when schedule OM Direction source IP Destination IP Service Type Fragments Application Filter Branch to other Filter Set Vigor2925 Series User s Guide I co C Enable LANIRTVPN WAN y 92 168 1 10 192 168 1 20 carini Acti on Profile Pass Immediately ww C
261. filtering conditions Specify one of the WCF profiles as Service None None WCF 1 Default Choose the WCF profiles to apply DNS filter Cache Time hour Set the time for DNS query After finishing all the settings please click OK to save the configuration Vigor2925 Series User s Guide 260 Dr ay Tek 4 9 5 APPE Support List This page offers the software versions for each applications managed by APP Enforcement Profiles by Vigor router Click the IM P2P PROTOCOL MISC tab to open the information page for different APP type CSM gt gt APPE Support List This charts lists out the APP Enforcement supported by Vigor routers Last update on 2013 05 06 IM P2P PROTOCOL OTHERS Only block Login If users have already logged in AIM services can not be blocked GaduGadu Protocol Google Chat In IcO6 if Videos are blacked voices will be blacked at Ica the same time In ICOS or former versions Videos and Voices can be blacked separately Protocol Google Talk Dray Te k 261 Vigor2925 Series User s Guide 4 10 Bandwidth Management Below shows the menu items for Bandwidth Management 4 10 1 Sessions Limit A PC with private IP address can access to the Internet via NAT router The router will generate the records of NAT sessions for such connection The P2P Peer to Peer applications e g BitTorrent always need many sessions for procession and also they will occup
262. following actions to perform when the traffic has exceeded the budget limit Shutdown WAN interface All the outgoing traffic through such WAN interface will be terminated Send Mail Alert to Administrator The system will send out a warning message to the administrator However the connection charges will be calculated continuously 4 2 LAN Local Area Network LAN is a group of subnets regulated and ruled by router The design of network structure is related to what type of public IP addresses coming from your ISP 4 2 1 Basics of LAN The most generic function of Vigor router is NAT It creates a private subnet of your own As mentioned previously the router will talk to other public hosts on the Internet by using public IP address and talking to local hosts by using its private IP address What NAT does is to translate the packets from public IP address to private IP address to forward the right packets to the right host and vice versa Besides Vigor router has a built in DHCP server that assigns private IP address to each local host See the following diagram for a briefly understanding Internet DHCP Server Public IP Address Private Subnet Router IP Addre In some special case you may have a public IP subnet from your ISP such as 220 135 240 0 24 This means that you can set up a public subnet or call second subnet that each host is equipped with a public IP address As a part of the public subnet the Vigo
263. g 2 6 7 Logout Click the Logout icon to exit the web user interface Dr ay Tek 39 Vigor2925 Series User s Guide 2 Online Status Connection al WAN 2 7 1 Physical Connection Such page displays the physical connection status such as LAN connection status WAN connection status ADSL information and so on Physical Connection for IPv4 Protocol Online Status Physical Connection System Uptime Oday 0 29 52 IPv4 IPv6 LAN Status Primary DNS 8 8 8 8 Secondary DNS 8 8 4 4 IP Address TX Packets RX Packets 192 168 1 1 10806 T522 WAN 1 Status Enable Line Name Mode Up Time Yes Ethernet s 00 00 00 IP GW IP TX Bytes TX Rate Bps RX Bytes RX Rate Bps o eae 0 B 0 0 B 0 WAN 2 Status Enable Line Name Mode Up Time Yes Ethernet 00 00 00 IP GW IP TX Bytes TX Rate Bps RX Bytes RX Rate Bps ee aoe 0 B 0 0 B 0 WAN 3 Status Enable Line Name Mode Up Time Signal Wes USB 25 00 00 00 IP GW IP TX Bytes TX Rate Bps RX Bytes RX Rate Bps 0 B 0 0 E 0 Physical Connection for IPv6 Protocol Online Status Physical Connection IPw4 System Uptime O 1 18 LAN Status IP Address 2001 4000 FFO0 83E4 210 44FF FE46 2568 64 Global FE80 21D AAFF FEA6 2568 64 Link TX Packets RX Packets 147 187 WAN IPv6 Status Enable TX Bytes 34205 Moile ATCC Up Time 0 00 48 001 4000 FF00 3E4 2 64 Global FESO 4C 00 FFO0 3E4 2 64 Link RX Packets
264. ge disk The uploaded file in the USB diskette can be shared for other user through FTP 4 16 4 USB Disk Status This page is to monitor the status for the users who accessing into FTP or Samba server USB storage disk via the Vigor router In addition the status of the USB modem or USB printer connecting to Vigor router can be checked from such page If you want to remove the storage disk from USB port in router please click Disconnect USB Disk first And then remove the USB storage disk later Dr ay Tek 379 Vigor2925 Series User s Guide USB Application gt USB Disk Status USB Mass Storage Device Status Connection Status No Disk Connected Disk Capacity 0 MB Free Capacity OMB Refresh USB Disk Users Connected Refresh Index Service IP Address Port Username Note If the write protect switch of USB disk is turned on the USB disk is in READ ONLY mode No data can be written to it Available settings are explained as follows Item Description Connection Status If there is no USB storage disk connected to Vigor router No Disk Connected will be shown here Disk Capacity It displays the total capacity of the USB storage disk Free Capacity It displays the free space of the USB storage disk Click Refresh at any time to get new status for free capacity Index It displays the number of the client which connecting to FTP server IP Address It displays the IP address of the user s host which connecting to t
265. get the IP address for IPv4 and IPv6 at the same time Online Status Physical Connection System Uptime O 1 17 IPvG LAN Status Primary DNS 166 95 192 1 SecondarnyONs 168 95 1 1 IP Address TX Packets RX Packets 192 168 1 1 O 3085 WAN 1 Status gt gt Dial PPPoE Enable Line Name Mode Up Time Yes ADSL PPPoE 00 00 00 IP GV IP TX Packets TX Rate Bps RX Packets RX Rate Bps 0 g J F WAN 2 Status gt gt Drop PPPoE Enable Line Name Mode Up Time Ethernet PPPoE 0 00 54 GVW IP TX Packets TX Rate Bps FX Packets RX Rate Bps 166 95 96 254 api 4761 azl BEIF WAN 3 Status Enable Line Name Mode Up Time Signal Yes LUSE 00 0000 IF GVW IP TX Packets TX Rate Bps Rx Packets RX Rate Bps Pa 0 o 0 0 ADSL Information ADSL Firmware Version 05 04 04 04 00 01 ATM Statistics TX Cells RX Cells TX CRC errs RX CRC errs E E 0 E ADSL Status Mode State Up Speed Down Speed SAR Margin Loop Att READY F E 0 T Online Status Physical Connection System Uptime 0 24 32 IPv4 IPvo LAN Status 2001 B010 7300 201 21D AAFF FEA6 2568 64 Global SOn i FEAD 2ooe o4 TX Packets RX Packets TX Bytes RX Bytes Fi 4 6490 326 WAN IPvo Status gt Drop PPP Enable Mode Gateway IP e001 B000 168 1 e001 BOO0 168 2 TX Packets RX Packets F J Dr ay Tek 49 Vigor2925 Series User s Guide TSPC Tunnel application both IPv6 hosts communicate through IPv4 network Choose TSPC and type the information for
266. gnostic Information Interface Name Type Domain Service Info 2 DS1010Plus _http _tcp local Select a service on the left to view further details 2 DS51010Plus WebDAy _http _tcp local 2 HP LaserJet 1300 _ipp _tcp local 2 Vigor Router _ftp _tcp 2 Vigor Router _http _tcp 2 Vigor Router _printer _tcp 2 Vigor Router _ssh _tcp 2 Vigor Router _telnet _tcp 2 tetseng virtual machine i _udisks ssh _tcp local 2 tetseng virtual machine 00 0c 29 76 be 24 _workstation _tcp local 2 tomkao desktop 00 0c 29 26 09 5d _workstation _tcp local 6 Now any page or document can be printed out through Vigor router installed with a printer Printer Mame Status Auto HP Auto Microsoft SPS Document Writer on RD KC Type Auto Microsoft SPS Document Writer an TIM PC Location Vigor Router Comment Print to file Print range Copies All pages Number of copies Selection Dr ay Tek 293 Vigor2925 Series User s Guide 4 12 VPN and Remote Access A Virtual Private Network VPN is the extension of a private network that encompasses links across shared or public networks like the Internet In short by VPN technology you can send data between two computers across a shared or public network in a manner that emulates the properties of a point to point private link Below shows the menu items for VPN and Remote Access NK Management on Management 4 12 1 VPN Client Wizard Such wizard is used to configure VPN settings
267. gorPro Alert Notice Tool Authentication via Web or Telnet is convenient for users however it has some limitations The most advantage with VigorPro Alert Notice Tool to operate the authentication is the ability to do auto login If the timeout value set on the router for the user account has been reached the router will stop the client computer from accessing the Internet until it does an authentication again Authentication via VigorPro Alert Notice Tool allows user to setup the re authentication interval so that the utility will send authentication requests periodically This will keep the client hosts from having to manually authenticate again and again The configuration of the VigorPro Alert Notice Tool is as follows 1 Click Authenticate Now to start the authentication immediately Authentication account info Settings Authentication lv Enable User Name juser rd 1 User Password Serer ee Z Save Passuord Authentication sre C emaa D Gatew Ly IP address l Enable Auto Login Syne Interval 1 9999 qin leo Status Authentication Success Time Remaining Auto Login allows the Alter Tool to Logout _ Authentication Now authenticate the account automatically OK Cancel The Time Quota left Click Logout to keep the Time Quota 2 You may get the VigorPro Alert Notice Tool from the following link http www draytek com user SupportDLUtility php Note E Any modification to
268. gorithm Certificate Authentication If certificate authentication is required for OpenVPN simply check the box to apply the trusted CA certificate and local certificate for OpenVPN tunnel Certificate authentication can offer more secure VPN tunnel between the client and the router After finishing all the settings here please click OK to save the configuration Vigor2925 Series User s Guide 312 Dr ay Tek 4 12 8 Remote Dial in User You can manage remote access by maintaining a table of remote user profile so that users can be authenticated to dial in via VPN connection You may set parameters including specified connection peer ID connection type VPN connection including PPTP IPSec Tunnel and L2TP by itself or over IPSec and corresponding security methods etc The router provides 64 access accounts for dial in users Besides you can extend the user accounts to the RADIUS server through the built in RADIUS client function The following figure shows the summary table VPH and Remote Access gt gt Remote Dial in User Remote Access User Accounts View Index a la ls l 8 is i eee eR is Qant Oonline Offline User vee T7 vr a 1 32 33 64 gt gt Note User Accounts need to be added into User Group to enable SSL Portal Login Active m m iN m a a N a o a N a N a Set to Factory Default ooo i Status Index User Active Status 417 777 C 418 77 C 19 777 F 20
269. h other Member Check this box to make the wireless clients stations with the same SSID not accessing for each other It controls the data transmission rate through wireless connection Upload Check Enable and type the transmitting rate for data upload Default value is 30 000 kbps Download Type the transmitting rate for data download Default value is 30 000 kbps 7 DrayTek Schedule Set the wireless LAN to work at certain time interval only You may choose up to 4 schedules out of the 15 schedules pre defined in Applications gt gt Schedule setup The default setting of this field is blank and the function will always work After finishing all the settings here please click OK to save the configuration 4 14 3 Security This page allows you to set security with different modes for SSID 1 2 3 and 4 respectively After configuring the correct settings please click OK to save and invoke it The password PSK of default security mode is provided and stated on the label pasted on the bottom of the router For the wireless client who wants to access into Internet through such router please input the default PSK value for connection By clicking the Security Settings a new web page will appear so that you could configure the settings of WPA and WEP Dray Tek 347 Vigor2925 Series User s Guide Wireless LAN gt gt Security Settings SSID 1 SSID 2 Mode WPA Encryption Mode Pre Shared Key PSE
270. he FTP server Username It displays the username that user uses to login to the FTP server When you insert USB storage disk into the Vigor router the system will start to find out such device within several seconds Vigor2925 Series User s Guide 380 Dr ay Tek 4 16 5 Temperature Sensor A USB Thermometer can be attached to Vigor router to monitor the environmental temperature If the temperature is higher the upper limit or lower than the lower limit an alert would be sent out for notification Temperature Sensor Settings USB Application gt gt Temperature Sensor Setting Temperature Sensor Settings Temperature Chart Display Settings Temperature Calibration Temperature Unit Celsius Fahrenheit Alarm Settings C Enable Syslog Alarm Upper temperature limit 30 00 Lower temperature limit 18 00 OK Available settings are explained as follows Item Description Display Settings Temperature Calibration Type a value used for correcting the temperature error Temperature Unit Choose the display unit of the temperature There are two types for you to choose Alarm Settings Enable Syslog Alarm Check this box to enable the function Upper temperature limit Lower temperature limit Type the upper limit and lower limit for the system to send out temperature alert After finishing all the settings here please click OK to save the configuration Dr ay Tek 381 Vigor2925 Series User s Guide Temperature Ch
271. he configuration 4 16 2 USB User Management This page allows you to set profiles for FTP Samba users Any user who wants to access into the USB storage disk must type the same username and password configured in this page Before adding or modifying settings in this page please insert a USB storage disk first Otherwise an error message will appear to warn you USB Application gt USB User Management USB User Management Index Username pe ee i a Setto Factory Default Home Folder Index Username Home Folder ok k oak k ok k oak Ta gt ls e Is 8 r Click index number to access into configuration page Vigor2925 Series User s Guide 376 Dray Tek USB Application gt gt USB User Management Profile Index 6 FTP Samba User Username Password Confirm Password Home Folder Access Rule O Enable Disable Cl Mairi 11 Characters File LJRead Liwrite Delete Directory CJvist create U Remove Note The folder name can only contain the following characters A z a z 0 9 _ m lf 4 and space Available settings are explained as follows Dray Tek Item FTP Samba User Username Password Confirm Password Home Folder Description Enable Click this button to activate this profile account for FTP service or Samba User service Later the user can use the username specified in this page to login into FTP server Disable Click this button to disable such pr
272. he origin network layer to let the host own the communication capability of IPv4 and IPv6 Tunnel Both IPv6 hosts can communication for each other via existing IPv4 network environment The IPv6 packets will be encapsulated with the header of IPv4 first Later the packets will be transformed and judged by IPv4 router Once the packets arrive the border between IPv4 and IPv6 the header of IPv4 on the packets will be removed Then the packets with IPv6 address will be forwarded to the destination of IPv6 network Translation Such feature is active only for the user who uses IPv4 to communicate with other user using IPv4 service Before configuring the settings on Vigor2925 you need to know which connection type that your IPv6 service used I Configuring the WAN Settings For the IPv6 WAN settings for Vigor2925 there are five connection types to be chosen PPP TSPC AICCU DHCPv6 Client and Static IPv6 1 Access into the web user interface of Viogr2925 Open WAN gt gt Internet Access Choose one of the WAN interfaces as the one supporting IPv6 service Then click the IPv6 button of the selected WAN WAN gt gt Internet Access Internet Access Index Display Name Physical Mode Access Mode WAN1 Ethernet None WAN2 USB z Pv Note Only one WAN can support IPv6 Dr ay Tek 47 Vigor2925 Series User s Guide Note Only one WAN interface support IPv6 service at one time In this example WAN2 is ch
273. ic Vigor2925 Series User s Guide 206 Dr ay Te k Dray Tek Source Destination IP Service Type LAN DMZ RT VPN gt WAN LAN DMZ RT VPN gt WAN WAN gt LAN DMZ RTAVPN LAN DMZ RT VPN gt LAN DMZ RT VPN Note RT means routing domain for 2nd subnet or other LAN Click Edit to access into the following dialog to choose the source destination IP or IP ranges gt IP Address Edit Windows Internet Explorer el 192 168 1 1 IP Address Edit Any Address Address Type Start IP Address End IP Address Subnet Mask Invert Selection IP Group or IP Object or IP Object or IP Object IPv6 Group or IPv6 Object or IPv6 Object or IPv6 Object To set the IP address manually please choose Any Address Single Address Range Address Subnet Address as the Address Type and type them in this dialog In addition if you want to use the IP range from defined groups or objects please choose Group and Objects as the Address Type Group and Objects Any Address single Address Range Address subnet Address Group and Objects From the IP Group drop down list choose the one that you want to apply Or use the IP Object drop down list to choose the object that you want Click Edit to access into the following dialog to choose a suitable service type 207 Vigor2925 Series User s Guide Fragments Filter Vigor2925 Series User s Guide Service Type Edit Windows
274. icate Management gt gt Trusted CA Certificate Import X509 Trusted CA Certificate Select a trusted CA certificate file a Click Import to upload the certification For viewing each trusted CA certificate click View to open the certificate detail information window If you want to delete a CA certificate choose the one and click Delete to remove all the certificate information gt Certificate Information Windows Internet Explorer Seles Je mipsit92 16 A AedooktCaCevit htm O OA Certificate Detail Information Certificate Name Trusted CA 1 Valid From Valid To E Clee k iili gt Ir Dr ay Tek 341 Vigor2925 Series User s Guide 4 13 3 Certificate Backup Local certificate and Trusted CA certificate for this router can be saved within one file Please click Backup on the following screen to save them If you want to set encryption password for these certificates please type characters in both fields of Encrypt password and Retype password Also you can use Restore to retrieve these two settings to the router whenever you want Certificate Management gt Certificate Backup Certificate Backup Restoration Encrypt password O Confirm password Click to download certificates to your local PC as a file Backup Restoration Select a backup file to restore A Decrypt password Click to upload the file 4 14 Wireless LAN This function is used for n models only 4 14 1 Ba
275. icolon In addition the maximal length of each frame is 32 character long After specifying keywords the Vigor router will decline the connection request to the website whose URL string matched to any user defined keyword It should be noticed that the more simplified the blocking keyword list is the more efficiently the Vigor router performs Object Group Edit Keyword Object None or Keyword Object None or Keyword Object None or Keyword Object None or Keyword Object None or Keyword Object None or Keyword Object None or Keyword Object None or Keyword Group None or Keyword Group None or Keyword Group or Keyword Group or Keyword Group or Keyword Group or Keyword Group or Keyword Group Sa joa a yaya yy Sa mM eo oo em oo eo IENEI DEREI ea Glose Enable Restrict Web Feature Check this box to make the keyword being blocked or passed Action This setting is available only when Either URL Access Control First or Either Web Feature Firs is selected Pass allows accessing into the corresponding webpage with the keywords listed on the box below Pass Allow accessing into the corresponding webpage with the keywords listed on the box below Block Restrict accessing into the corresponding webpage with the keywords listed on the box below If the web pages do not match with the specified feature set here it will be processed with reverse action Cookie Check the box to filter ou
276. ict occurred between the hosts on both sides of VPN Tunnel in connecting such function can block data transmission of Netbios Naming Packet inside the tunnel Multicast via VPN Some programs might send multicast packets via VPN connection Pass Click this button to let multicast packets pass through the router Block This is default setting Click this button to let multicast packets be blocked by the router Call Direction Specify the allowed call direction of this LAN to LAN profile Both initiator responder Dial Out initiator only Dial In responder only Always On Check to enable router always keep VPN connection Idle Timeout The default value is 300 seconds If the connection has been idled over the value the router will drop the connection 319 Vigor2925 Series User s Guide Dial Out Settings Vigor2925 Series User s Guide Enable PING to keep alive This function is to help the router to determine the status of IPSec VPN connection especially useful in the case of abnormal VPN IPSec tunnel disruption For details please refer to the note below Check to enable the transmission of PING packets to a specified IP address Enable PING to keep alive is used to handle abnormal IPSec VPN connection disruption It will help to provide the state of a VPN connection for router s judgment of redial Normally if any one of VPN peers wants to disconnect the connection it sh
277. icy Route Index Enable Protocol Interface any any any any any any any any any w a a any WAN WANT WANI WANI WANI WANT WANI WANI WANI1 WANI Setto Factory Default Interface Address Src IP End IP Start End Start End 192 168 1 16 192 168 1 31 Any Any Any Any 202 211 100 11 192 168 1 100 192 168 1 100 Any Any Any Any Src IP Start Dest Dest Dest Dest IP Port Port Move Move Down Down Down Next gt gt 7 Now you bind some specific computers to some WAN IP alias for outgoing traffic Dray Tek 105 Vigor2925 Series User s Guide 3 13 How to Setup Load Balance for Packets The following figure shows a simple application of load balance WAN1 and WAN2 can be used to access into Internet The PC in LANI can send the data to the remote PC through the specified WANI Remote PC 139 75 244 8 ka S Remote PC 203 65 1 35 WAN1 Gateway 168 95 98 254 WAN2 Gateway 27 244 84 241 LAN1 Any IP address 22 1 Access into web user interface of Vigor2925series Open Load Balance Route Policy NAT WAN AN Load Balance Route Policy HAT Hardware Acceleration Firewall lajadili 2 From the following web page simply click index number 1 Load Balance Route Policy Policy Route Set to Factory Default Interface Src IP SrcIP DestIP Dest IP Dest Dest Move Move Port Port Address Start End Start End Start End p Down Inde
278. icy will still valid Landing Page Max 255 characters Preview Setto Factory Default lt body stats ls gt lt script lanquage jJavascript gt window lacation http am draytek com lt scripte lt hody gt With the default setup lt body stats 1 gt lt script language javascript gt window location http www draytek com lt script gt lt body gt you will be redirected to http www draytek com You may change it if you want For example you will get the following welcome message if you enter Login Successful in the Welcome Message table E https 192 168 1 DA _migt_redir htm Windows inteme A Explorer a gt wie ae a ere GEL 3K ere JF Se bites 1922681 uoc yt Certif ie sal pe we Favorites qig E Suggested Sitesv jB Web Slice Gallery A https 192 168 11 doc u to GE ge Pager Safetye Toos Q El Pop up blocked To see this pop up or additional options click here ey Internet Protected Mode On Also you will get a Tracking Window if you don t block the pop up window Vigor2925 Series User s Guide 112 Dr ay Te k Dray Tek Don t setup a user profile in User Management and a VPN Remote Dial in user profile with the same Username Otherwise you may get unexpected result It is because the VPN Remote Dial in User profiles can be extended to the User profiles in User Management for authentic
279. identify its location on the network To avoid address conflicts IP addresses are publicly registered with the Network Information Centre NIC Having a unique IP address is mandatory for those devices participated in the public network but not in the private TCP IP local area networks LANs such as host PCs under the management of a router since they do not need to be accessed by the public Hence the NIC has reserved certain addresses that will never be registered publicly These are known as private IP addresses and are listed in the following ranges Dr ay Te k 125 Vigor2925 Series User s Guide From 10 0 0 0 to 10 255 255 255 From 172 16 0 0 to 172 31 255 255 From 192 168 0 0 to 192 168 255 255 What are Public IP Address and Private IP Address As the router plays a role to manage and further protect its LAN it interconnects groups of host PCs Each of them has a private IP address assigned by the built in DHCP server of the Vigor router The router itself will also use the default private IP address 192 168 1 1 to communicate with the local hosts Meanwhile Vigor router will communicate with other network devices through a public IP address When the data flow passing through the Network Address Translation NAT function of the router will dedicate to translate public private addresses and the packets will be delivered to the correct host PC in the local area network Thus all the host PCs can share a common Internet connection
280. ied interfaced of the profile Open a preview window according to the configured settings To configure the profile click any index number link to open the following page LAN gt gt Web Portal Setup Profile Index 4 Disable CURL Redirect O Message Applied Interfaces 2 46 SSID 10 SSID Dray Tek httg e g http www draytek com Mote If the User Management application is enabled it will override the Web Portal settings seen here lt hl lt font color red gt Vigor lt fConte lt hl gt lt he gt Reliable connectivity ha gt lt he gt Robust firewall protection lt he gt h gt Multi site secure commmications hi gt Max 511 characters LAN1 LAN LAN3 LAN4 LANS SSID1 SSID 2 SSID SSID4 S SID1 SSID2 SSID SSID4 179 Vigor2925 Series User s Guide Available settings are explained as follows Item Description Disable URL Redirect Message Applied Interfaces Click this button to close this function Any user who wants to access into Internet through this router will be redirected to the URL specified here first It is a useful method for the purpose of advertisement For example force the wireless user s in hotel to access into the web page that the hotel wants the user s to visit Type words or sentences here The message will be displayed on the screen for several seconds when the wireless users access into the web page through the router Check the box es represe
281. igor2925n and enjoy the powerful firewall bandwidth management VPN features of Vigor2925n series Internet VoIP Web Surfing aN lt VPN seuss Modem Router After connecting into the router 3G USB Modem will be regarded as the third WAN port However the original WANI and WAN2 still can be used and Load Balance can be done in the router Besides 3G USB Modem in WAN3 also can be used as backup device Therefore when WANI and WAN2 are not available the router will use 3 5G for supporting Vigor2925 Series User s Guide 126 Dr ay Tek automatically The supported 3G USB Modem will be listed on DrayTek web site Please visit www draytek com for more detailed information Below shows the menu items for WAN 4 1 2 General Setup This section will introduce some general settings of Internet and explain the connection modes for WAN1 WAN and WAN3 in details This router supports multiple WAN function It allows users to access Internet and combine the bandwidth of the multiple WANs to speed up the transmission through the network Each WAN port can connect to different ISPs Even if the ISPs use different technology to provide telecommunication service such as DSL Cable modem etc If any connection problem occurred on one of the ISP connections all the traffic will be guided and switched to the normal communication port for proper operation Please configure WAN1 WAN2 and WAN3 settings This webpage allows you
282. ilter choose Block as the Syslog choose WCE 1 Default CSM gt gt DNS Filter DNS Filter DNS Filter Enable Syslog Service VWCF 1 Default Cache Time hour 1 6 Click OK to save the DNS filter configuration Now all settings about blocking search engine and social website are complete Please try to access into www google com the search engine to see the result D www google com The requested Web page from 192 168 1 11 to www google com that is categorized with Search engines amp Portals has been blocked by DHS Filter Please contact your system administrator for further information Powered by DrayTek Dr ay Tek 119 Vigor2925 Series User s Guide From the Syslog we can find out google is blocked vif x Dray Tek Syslog Utility 7 WAN Information 132 158 1 1 DiRi RYR t vigor 260n WAN2 w me a7 LAN Information __4 v TX Packets RX Packets WAN IP Dynamic Gateway IP Dynamic r 215507 239950 192 168 15 11 192 168 15 1 Firewall VPN User Access Connection WAN IPPBX Others E Show Syslog List Show Defense Alert TOP 10 IF Fiter Log CSMLOQ Defense Log Message CSM _ONSF Block Service_Provider CommiTicaach Cache Match Category Search engines amp Portals http clents4 google com 53 DNS H A CSM _DNSF Block Service Provider CommTouch Cache Match Category Search engines amp Portals http www google com 53 DNS HLe
283. ilter Rule setup page Dr ay Tek 205 Vigor2925 Series User s Guide Firewall gt Edit Filter Set gt Edit Filter Rule Filter Set 1 Rule 1 Check to enable the Filter Rule Comments Block NetBios Indexf 1 15 in Schedule Setup iz Clear sessions when schedule ON C Enable Direction LAN DMZ RTAVPN gt WAN Source IP Any Edit Destination IP Any Edit Service Type TCP UDP Port from 137 139 to any Edit Fragments Application Action Profile Syslog Branch to Other Filter Set Sessions Control 0 MAC Bind IP o Quality of Service Load Balance policy Fl APP Enforcement URL Content Filter Fi Web Content Filter P Advance Setting Available settings are explained as follows Item Description Check to enable the Filter Check this box to enable the filter rule Rule Comments Enter filter set comments description Maximum length is 14 character long Index 1 15 Set PCs on LAN to work at certain time interval only You may choose up to 4 schedules out of the 15 schedules pre defined in Applications gt gt Schedule setup The default setting of this field is blank and the function will always work Clear sessions when Check this box to clear the sessions when the above schedule ON schedule profiles are applied Direction Set the direction of packet flow It is for Data Filter only For the Call Filter this setting is not available since Call Filter is only applied to outgoing traff
284. ilter Set Fitter Sat 2 Comments Fitek Rule Active Comments Move Up Move Down A sMetBios gt DNS Down d UP Down LI uP Down ES F UP Down Vigor2925 Series User s Guide 92 Dr ay Te k 3 Check the box of Check to enable the Filter Rule Type the comments e g block_all Choose Block If No Further Match for the Filter setting Then click OK Firewall gt gt Edit Filter Set gt Edit Filter Rule Fitter Set 2 Rule 2 Check to enable the Filter Rule Comments block_all Index 1 15 in Schedule Setup Clear sessions when schedule Direction source IP Destination IP Service Type Fragments Application Action Profile Filter Block Ifo Further Match Branch to Other Filter Set a Cesecine Cortes m fleono ac Note In default the router will check the packets starting with Set 2 Filter Rule 2 to Filter Rule 7 If Block If No Further Match for is selected for Filter the firewall of the router would check the packets with the rules starting from Rule 3 to Rule 7 The packets not matching with the rules will be processed according to Rule 2 4 Next set another rule Just open Firewall gt gt Filter Setup Click the Set 2 link and choose the Filter Rule 3 button 5 Check the box of Check to enable the Filter Rule Type the comments e g open_ip Click the Edit button for Source IP Firewall gt Edit Filter Set gt Edit Filter Rule Check to enable the Filter Rule Lomments Ind
285. index number link to open the following page User Management gt User Group Profile Index 1 Available User Objects Selected User Objects Max 32 Objects 1 admin 2 Dial In User S LAN User Group 1 4 VWLAN User Group A S WLAN User Group B Available settings are explained as follows Item Description Name Type a name for this user group Available User Objects You can gather user profiles objects from User Profile page within one user group All the available user objects that you have created will be shown in this box Notice that user object Admin and Dial In User are factory settings User defined profiles will be numbered with 3 4 5 and so Dr ay Tek 223 Vigor2925 Series User s Guide On DER ete e o Click button to add the selected user objects in this box After finishing all the settings here please click OK to save the configuration 4 7 4 User Online Status This page displays the user s connected to the router and refreshes the connection status in an interval of several seconds User Management gt gt User Online Status Current Time 01 03 17 15 41 Refresh Seconds Page Refresh Index Profile IP Address User Last Login Time Expired Time Idle Time Action 1 admin 192 168 1 49 admin 01 03 16 46 59 Unlimited Unlimited Block Logout Total Number 1 Available settings are explained as follows Item Description Refresh Seconds Use the drop down list to choose the time in
286. ine Trunk sd Search Status Name Status offline f 777 offline 777 offline 777 wee TEF wee wee 77 TEF 77 7T 77 TEF 77 7r 77 2 33 64 gt gt Next gt gt w Ea w Ea a Ea n Ea a Ea a e e oh a a a a a a a a a a a a a a a a ia a i Raana This Dial out profile has already joined for YPN Load Balance Mechanism Axe THIS Dial out profile has already joined for VPN Backup Mechanism ae THIS Dial out profile does not join for YPN TRUNE The following shows profiles joined into VPN Load Balance and VPN Backup mechanism VPH and Remote Access gt gt LAH to LAN LAN to LAN Profiles View Oan ontine omine aren Name Loadbalat Waaa This Dial out profile has already joined for YPN Load Balance Mechanism eee eee TAS Dial out profile has already joined for VPN Backup Mechanism Available settings are explained as follows Item Description View All Click it to display the LAN to LAN profiles Online Click it to display the online profiles Offline Click it to display the offline profiles Trunk Click it to display the Trunk profiles Set to Factory Default Click to clear all indexes Name Indicate the name of the LAN to LAN profile The symbol represents that the profile is empty Active V means the profile has been enabled X mans the profile has not been enabled Dray Te k 317 Vigor2925 Series User s Guide Status
287. ing the bridge connection Moreover WAN link for Channel 5 6 and 7 are provided for router borne application such as TR 069 The settings must be applied and obtained from your ISP For your special request Dray Te k 151 Vigor2925 Series User s Guide please contact with your ISP and then click WAN link of Channel 5 6 or 7 to configure your router WAN gt Multi VLAN gt Channel 5 Multi vLAN Channel 5 Enable Disable WAN Type Etherneta AMT General Settings VLAN Header VLAN Tag bo Priority Note Tag value must be set between 1 4095 and unique for each channel Only one channel can be untagged fequal to 0 at a time d Open Port based Bridge Connection for this Channel Physical Members lpi ope P3 jp4 CPS Note Pil is reserved for NAT use and cannot be configured for bridge mode Open WAN Interface for this Channel WAN Application WAN Setup Static orDynamiclP ISP Access Setup WAN IP Network Settings ISP Name Obtain an IP address automatically Username Router Name igor i Password Domain Name as PPE Authentication Required for same ISPs Specify an IP address Always On Specity IP Address Idle Timeout second s IP Address From ISP Subnet Mask Fixed IP Yes Mo Dynamic IF Gateway IP Address Loo Fixed IP Address f f DNS Server IP Address Primary IP Address 6 8 8 8 Secondary IP Address 9 8 4 4 Available settings are explained as follows Item Descrip
288. inistrator Password Note Password can contain only a z A Z0 9 lt gt 4 F 3 4 Enter the login password the default is admin on the field of Old Password Type New Password Then click OK to continue Note The maximum length of the password you can set is 23 characters 5 Now the password has been changed Next time use the new password to access the Web user interface for this router Dray Tek Password Group W Vigor2925 Series Login Note Even the password has been changed the Username for logging to the web user interface is still admin Dr ay Tek 15 Vigor2925 Series User s Guide 2 3 Quick Start Wizard If your router can be under an environment with high speed NAT the configuration provide here can help you to deploy and use the router quickly The first screen of Quick Start Wizard is entering login password After typing the password please click Next Quick Start Wizard Enter login password Please enter an alpha numeric string as your Password Max 23 characters Old Password New Password Confirm Password Rees Fn a On the next page as shown below please select the WAN interface that you use If Ethernet interface is used please choose WAN1 WAN2 if 3G USB modem is used please choose WANS Then click Next for next step Quick Start Wizard WAH Interface WAN Interface WANI Display Name Loo ttCizC Physical Mode Ethernet Ph
289. ink to remove the result on the window Such page provides real time syslog and displays the information on the screen For Web Syslog This page displays the time and message for User Firewall call W AN VPN settings You can check Enable Web Syslog specify the type of Syslog and choose the display mode you want Later the event of Syslog with specified type will be shown for your reference USB Application gt gt Syslog Explorer Web Syslog O Enable Web Syslog USB Syslog Export Refresh Clear Syslog Type User w Display Mode Stop record when fulls w Message Available settings are explained as follows Item Enable Web Syslog Syslog Type Export Refresh Clear Display Mode Vigor2925 Series User s Guide Description Check this box to enable the function of Web Syslog Use the drop down list to specify a type of Syslog to be displayed User Click this link to save the data as a file Click this link to refresh this page manually Click this link to clear information on this page There are two modes for you to choose T DrayTek Stoo record when full z Always record the new event Stop record when fulls when the capacity of syslog is full the system will stop recording Always record the new event only the newest events will be recorded by the system Time Display the time of the event occurred Message Display the information for each event For USB Syslog This p
290. inside the LAN the network well protected by NAT of the router and identified by its private IP address port the goal of Port Redirection function is to forward all access request with public IP address from external users to the mapping private IP address port of the server internet Destined to 220 135 240 207 Port 213 The port redirection can only apply to incoming traffic To use this function please go to NAT page and choose Port Redirection web page The Port Redirection Table provides 20 port mapping entries for the internal hosts Vigor2925 Series User s Guide 184 Dray Tek NAT gt gt Port Redirection Port Redirection Setto Factory Default Index Service Name Protocol Public Port Private IP Status Interface 1 All x 2 All x 3 All x A All X j All x 6 All x F All x a All x 9 All X 10 All x lt lt 1 10 11 20 Next Each item is explained as follows Item Description Index Display the number of the profile Service Name Display the description of the specific network service WAN Interface Display the WAN IP address used by the profile Protocol Display the transport layer protocol TCP or UDP Public Port Display the port number which will be redirected to the specified Private IP and Port of the internal host Private IP Display the IP address of the internal host providing the Service Status Display if the profile is enabled v or not x Press any number under Index to acces
291. ion methods listed below as the authentication algorithm Auth Password Type a password for authentication The maximum length of the text is limited to 23 characters Privacy Algorithm Choose one of the methods listed below as the privacy algorithm No Priv Privacy Password Type a password for privacy The maximum length of the text is limited to 23 characters Click OK to save these settings Dray Te k 399 Vigor2925 Series User s Guide 4 17 10 Management This page allows you to manage the settings for access control access list and port setup For example as to management access control the port number is used to send receive SIP message for building a session The management pages for IPv4 and IPv6 protocols are different For IPv4 System Maintenance gt gt Management IPv4 Management Setup IPv6 Management Setup User Define Ports Default Ports Management Access Control Telnet Port Default 23 LJ Allow management from the Internet HTTP Port Default 80 FTP Server HTTPS Port Default 443 HTTP Server FTP Port 21 Default 21 HTTPS Server Telnet Server SSH Port Default 22 SSH Server Disable PING from the Internet Access List List IP Subnet Mask Available settings are explained as follows Item Description Router Name Type in the router name provided by ISP Management Access Allow management from the Internet Enable the Control checkbox to allow system administrators to
292. ive 2006 95 EC by complying with the requirements set forth in EN60950 1 Regulatory Information Federal Communication Commission Interference Statement This equipment has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference in a residential installation This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instructions may cause harmful interference to radio communications However there is no guarantee that interference will not occur in a particular installation If this equipment does cause harmful interference to radio or television reception which can be determined by turning the equipment off and on the user is encouraged to try to correct the interference by one of the following measures Reorient or relocate the receiving antenna Increase the separation between the equipment and receiver Connect the equipment into an outlet on a circuit different from that to which the receiver is connected Consult the dealer or an experienced radio TV technician for help This device complies with Part 15 of the FCC Rules Operation is subject to the following two conditions 1 This device may not cause harmful interference and 2 This device may accept any interference received including interference that m
293. k Item Description Enable Schedule Check to enable the schedule Setup Start Date Specify the starting date of the schedule yyyy mm_ dd Start Time hh mm Specify the starting time of the schedule Duration Time Specify the duration or period for the schedule hh mm Action Specify which action Call Schedule should apply during the period of the schedule Force On Force the connection to be always on Force Down Force the connection to be always down Enable Dial On Demand Specify the connection to be dial on demand and the value of idle timeout should be specified in Idle Timeout field Disable Dial On Demand Specify the connection to be up when it has traffic on the line Once there is no traffic over idle timeout the connection will be down and never up again during the schedule Idle Timeout Specify the duration or period for the schedule How often Specify how often the schedule will be applied Once The schedule will be applied just once Weekdays Specify which days in one week should perform the schedule 3 Click OK button to save the settings Example Suppose you want to control the PPPoE Internet access connection to be always on Force On from 9 00 to 18 00 for whole week Other time the Internet access connection should be disconnected Force Down Office a 2 gu i2 1 Hour E f i Force On i 7 sj 7 7 sj Mon Sun 9 00 am to 6 00 pm Make sure the PPPoE connection and
294. l Multi VLAN General Channel Enable WAN Type VLAN Tag Port based Bridge Yes Etherneti AMN None Yes Etherneti Wah Mone Ko Etherneti WANI Hone Ko Ethernett Wan 1 None Etherneti WANI None Enable Etherneti Wah 14 None Enable Ethernett WANI None Enable Ethermeti WAMI None Enable Etherneti WANI None Enable Ethermeti Wan 14 None Enable 1 2 3 4 5 f a J Available settings are explained as follows Item Description Channel Display the number of each channel Channels 1 and 2 are used by the Internet Access web user interface and can not be configured here Channels 3 8 are configurable Enable Display whether the settings in this channel are enabled Yes or not No WAN Type Displays the physical medium that the channel will use VLAN Tag Displays the VLAN tag value that will be used for the packets traveling on this channel Port based Bridge The network traffic flowing on each channel will be identified by the system via their VLAN Tags Channels using the same WAN type may not configure the same VLAN tag value Enable Check this box to enable the port based bridge function on this channel P1 P5 Check the box es to build bridge connection on LAN Click any index 8 9 and 10 to get the following web page Vigor2925 Series User s Guide 150 Dr ay Tek WAN gt Multi VLAN gt Channel Multi vLAN Channel 8 Enable Disable WAN Type Ethemet WAN1 w Ethe
295. l English Search Ceo a Products Support Solutions Contact Us 2830Vn plus Premium ADSL2 2 Firewall Router gt More modi 123Es5 ITEXPO East Jan 31 to Feb 3 2012 SMB Productivity Enhancement solution Product Quick Finder Miami FL USA _ Please Select gt gt more P l Dranio D PRY enhitian E kl m aa 79 Vigor2925 Series User s Guide 3 8 How to Send a Notification to Specified Phone Number via SMS Service in WAN Disconnection Follow the steps listed below 1 Log into the web user interface of Vigor router 2 Configure relational objects first Open Object Settings gt gt SMS Mail Server Object to get the following page Object Settings gt SMS Mail Service Object SMS Provider Mail Server Setto Factory Default Index Profile Name SMS Provider 1 kotsms com tw TW Z kotsms com tw TW os kotsms com tw TW 4 kotsms com tw TW D kotsms com tw TW G kotsms com tw TW i kotsms com tw TW a kotsms com tw TW 9 Custom 1 10 Custom 2 Index 1 to Index 8 allows you to choose the built in SMS service provider If the SMS service provider is not on the list you can configure Index 9 and Index 10 to add the new service provider to Vigor router 3 Choose any index number e g Index 1 in this case to configure the SMS Provider setting In the following page type the username and password and set the quota that the router can send the
296. l Alert Setup Check Enable to activate function of mail alert Send a test e mail Make a simple test for the e mail address specified in this page Please assign the mail address first and click this button to execute a test for verify the mail address is available or not SMTP Server SMTP Port The IP address Port number of the SMTP server Mail To Assign a mail address for sending mails out Return Path Assign a path for receiving the mail from outside Use SSL Check this box to use port 465 for SMTP server for some e mail server uses https as the transmission method Authentication Check this box to activate this function while using e mail application User Name Type the user name for authentication Password Type the password for authentication Enable E mail Alert Check the box to send alert message to the e mail box while the router detecting the item s you specify here Click OK to save these settings For viewing the Syslog please do the following i 2 Dray Tek Just set your monitor PC s IP address in the field of Server IP Address Install the Router Tools in the Utility within provided CD After installation click on the Router Tools gt gt Syslog from program menu 2 About Router Tools ER Firmware Uperade Utility fg Router Tools 3 5 1 i gt Uninstall Router Tools 3 5 1 Visit DrayTek Web Site From the Syslog screen select the router you want to moni
297. l appear Simply click OK System Maintenance gt User Password Active Configuration Password ae 4 Log out Vigor router web user interface by clicking the Logout button au to 5 The following window will be open to ask for username and password Type the new user password in the filed of Password and click Login Dray Tek Username o O Password Group w Login Copyright 2012 DrayTek Corp All Rights Reserved Vigor2925 Series User s Guide 388 Dray Tek 6 The main screen with User Mode will be shown as follows DrayTek ee IRG Dashboard Quick Start Wizard E Online Status DITS h VA Wed a Vigor2925n plus ACT WAN1 QoS atl ra SU aa teas aiis Dual WAN Security Router WAN ME Sworrwes 1 eee n LAN USB WAN2 WCF kam Load Balance Route Policy 2 mn NAT Reset 24G 5G DMZ FF WAN2 LAN 1 Applications Wireless LAN 2 4 GHz Wireless LAN 5 GHz System Information eanont a4 115 7 2 Router Name sd CurentTime 2000 Jan 5 Wed 19 6 59 Oct 9 2013 16 02 43 C LAN MAC Address 00 1D AA B3 85 E8 IP v4 Internet Access tL ftine Mode IP Address MAC Address UpTime I WANI ethernet Disconnected 00 1D AA B3 85 E9 00 00 00 gt WAN2 ethernet Disconnected 00 10 AA B3 85 EA 00 00 00 I OO OWwANn3 use Disconnected 00 1D AA B3 85 EB 00 00 00 _ IPv6 I
298. l be displayed Next the user can access Internet through any browser on Windows Note that Alert Tool can be downloaded from DrayTek web site Telnet If it is selected the user can use Telnet command to perform the authentication job When a user tries to access into the web user interface of Vigor router series with the user name and password specified in this profile he she will be lead into the web page configured in 221 Vigor2925 Series User s Guide Landing Page field in User Management gt gt General Setup Check this box to enable such function Index 1 15 in Schedule Setup Enable Time Quota Enable Data Quota Reset quota to default when scheduling time expired Vigor2925 Series User s Guide You can type in four sets of time schedule for your request All the schedules can be set previously in Application gt gt Schedule web page and you can use the number that you have set in that web page Time quota means the total connection time allowed by the router for the user with such profile Check the box to enable the function of time quota The first box displays the remaining time of the network connection The second box allows to type the number of time unit is minute which is available for the user using such profile to access Internet Click this box to set and increase the time quota for such profile saad Click this box to decrease the time quota for such profile Note A dialog
299. l block the accessing ability of some network ports Security Considerations Activating the UPnP function on your network may incur some security threats You should consider carefully these risks before activating the UPnP function Vigor2925 Series User s Guide 286 Dr ay Te k gt Some Microsoft operating systems have found out the UPnP weaknesses and hence you need to ensure that you have applied the latest service packs and patches gt Non privileged users can control some router functions including removing and adding port mappings The UPnP function dynamically adds port mappings on behalf of some UPnP aware applications When the applications terminate abnormally these mappings may not be removed 4 11 7 IGMP IGMP is the abbreviation of Internet Group Management Protocol It is a communication protocol which is mainly used for managing the membership of Internet Protocol multicast groups Applications gt gt IGMP IGMP L Enable IGMP Proxy WAN IGMP Proxy is to act as a multicast proxy for hosts on the LAN side Enable IGMP Proxy if you will access any multicast group But this function take no effect when Bridge Mode is enabled L Enable IGMP Snooping Enable IGMP Snooping multicast traffic is only forwarded to ports that have members of that group Disable IGMP snooping multicast traffic is treated in the same manner as broadcast traffic Refresh Working Multicast Groups Index Group ID P1
300. l edass ia a eR 306 de FF Ge Mel al OUI on E E E E E EA 306 A12 0 IP SOC Gener Al SC UU eee EEE E E E E 308 4 12 6 IPSec Peer Identity cccccccsceseeeeeccceseeeeescessneeesecuseeeeessceseeceessceseeeeesecssaeessouseeees 310 4 12 7 OpenVPN General Setup cccccccccssesseeceeeeeeeeeeeeeeeeeseeaeeeeeeeeeeeessaeeaeeeeeeessaaaeeseeeees 312 4 12 8 Remote Dial in User 00 0 cecccccscccccesseecceeseeecseueeeceaeeeeseaseeessaeessaeeeetsuseeessagsesssageees 313 Me LANTO EAN cererea E R E E E E E 316 4 12 10 VPN TRUNK Manageme i cccccccccccssseeeceeeeeeseeeeeeeeaseeessegeeseeaeeeeesaaeeessueeessageees 327 4 12 11 Connection Management cccccceseeseeeeceeeccaeeeeseeceeeeeesaeeeeeeeesesauaaseeeeeeeesssaaaaeeeeess 336 4 13 Certificate MAnageMe nt essri a E E aa 337 Bs Eo ec E E i E E AA A A E A 337 D ra y T e k ix Vigor2925 Series User s Guide 4 13 2 Trusted CA Certificate ccccccccccccccccccecccceccccccuccccucccecuececuuaecueaecucueausueaeaucauaeceuaeeeuaeees 341 4 13 3 Certificate BACKUP ccccccccseeeecceeeeceeeeseeeceeeeeseeeeeeseceeeeseeeaseeeeeesssseaaaeeeeeeeessaaaaeeeees 342 TA VOSS CAN ae R T A sacs sake nih aves peacaseuantotentedecese 342 AAAA BISCO CONCEP kc Ree ene ee ne ne ee ee eee ee eee ee eee 342 A Nees AST Cl all SC WD EE EE E E E E T E EE 345 GWG eE E E E EN A AA E A E E RA 347 4 14 4 Access GOMUO lois acatstesadsesasccedecnesagy tzasieadatiadandeatans doueavocasndsrasdu
301. l to set up the IPSec session However the Aggressive mode is faster The default value in Vigor router is Main mode IKE phase 1 proposal To propose the local available authentication schemes and encryption algorithms to the VPN peers and get its feedback to find a match Two combinations are available for Aggressive mode and nine for Main mode We suggest you select the combination that covers the most schemes IKE phase 2 proposal To propose the local available algorithms to the VPN peers and get its feedback to find a match Three combinations are available for both modes We suggest you select the combination that covers the most algorithms IKE phase 1 key lifetime For security reason the lifetime of key should be defined The default value is 28800 seconds You may specify a value in between 900 and 86400 seconds IKE phase 2 key lifetime For security reason the lifetime of key should be defined The default value is 3600 seconds You may specify a value in between 600 and 86400 seconds Perfect Forward Secret PFS The IKE Phase 1 key will be reused to avoid the computation complexity in phase 2 The default value is inactive this function Local ID In Aggressive mode Local ID is on behalf of the IP address while identity authenticating with remote VPN server The length of the ID is limited to 47 characters Index 1 15 Set the wireless LAN to work at certain time interval only You may choose up to 4 sched
302. lays the IPv6 address of the LAN interface TX Packets Displays the total transmitted packets at the LAN interface RX Packets Displays the total received packets at the LAN interface TX Bytes Displays the speed of transmitted octets at the LAN interface RX Bytes Displays the speed of received octets at the LAN interface WAN IPv6 Status Enable No in red means such interface is available but not enabled Yes in green means such interface is enabled No in red means such interface 1s not available Dr ay Te k 41 Vigor2925 Series User s Guide Item Description Mode Displays the type of WAN connection e g TSPC Up Time Displays the total uptime of the interface IP Displays the IP address of the WAN interface Gateway IP Displays the IP address of the default gateway Note The words in green mean that the WAN connection of that interface is ready for accessing Internet the words in red mean that the WAN connection of that interface 1s not ready for accessing Internet 2 2 Virtual WAN Such page displays the virtual WAN connection information Virtual WAN are used by TR 069 management VoIP service and so on The field of Application will list the purpose of such WAN connection Online Status Virtual WAN System Uptime 3 15 25 WAN 5 Status Enable Line Name Mode Up Time Application Yes Ethernet sas 00 00 00 Management IP GW IF TX Packets TX Rate Bps RX Packets RX Rate Bps D D 0 D
303. le will be seen aM MMM 73 32 p me _ The KAME project Windows Internet Explorer GO emme HE SHD HAO BHEEH Tan HAH KH oe G Ga 7 4 iy Ge The KAME project The KAME project 1998 4 2006 3 Dancing kame by atelier momonge If you can see a turtle dancing on the screen that means IPv6 service is ready for you to access and utilize Vigor2925 Series User s Guide 56 Dr ay Te k 3 2 How to establish OpenVPN host to LAN tunnels authenticated without CA via SmartVPN Client OpenVPN is an open source software application that implements virtual private network VPN techniques for creating secure point to point or site to site connections in routed or bridged configurations and remote access facilities OpenVPN uses a custom security protocol that utilizes SSL TLS for key exchange It is capable of traversing network address translators NATs and firewalls OpenVPN allows remote users to authenticate for each other using a pre shared secret key certificate or username password When OpenVPN is used in a multi client server configuration it allows the server to release an authentication certificate for every client via signature and Certificate authority Below shows an illustration for successful OpenVPN tunnel established between Vigor router Main Office and notebook Remote User The OpenVPN settings for both ends shall be the s
304. led as a DHCP server if you do not have a DHCP server for your network If you want to use another DHCP server in the network other than the Vigor Router s you can let Relay Agent help you to redirect the DHCP request to the specified location Start IP Address Enter a value of the IP address pool for the DHCP server to start with when issuing IP addresses If the Ist IP address of your router is 192 168 1 1 the starting IP address must be 192 168 1 2 or greater but smaller than Dr ay Tek 165 Vigor2925 Series User s Guide 192 168 1 254 IP Pool Counts Enter the maximum number of PCs that you want the DHCP server to assign IP addresses to The default is 50 and the maximum is 253 Lease Time Enter the time to determine how long the IP address assigned by DHCP server can be used Use LAN Port Specify an IP for IP Route Subnet If it is enabled DHCP server will assign IP address automatically for the clients coming from P1 and or P2 Please check the box of P1 and P2 Use MAC Address Check such box to specify MAC address MAC Address Enter the MAC Address of the host one by one and click Add to create a list of hosts to be assigned deleted or edited IP address from above pool Set a list of MAC Address for 2 DHCP server will help router to assign the correct IP address of the correct subnet to the correct host So those hosts in 2 subnet won t get an IP address belonging to 1 subnet Add Type the MAC
305. lick it to reload the page Dr ay Tek 407 Vigor2925 Series User s Guide 4 18 3 ARP Cache Table Click Diagnostics and click ARP Cache Table to view the content of the ARP Address Resolution Protocol cache held in the router The table shows a mapping between an Ethernet hardware address MAC Address and an IP address Diagnostics gt gt View ARP Cache Table Ethernet ARP Cache Table IP Address MAC Address Netbios Name Interface 1927 166 1 5 197 168 1495 00 50 7F CD 07 46 LANI CARRIE 0C7CR251 LANI FO CB 4E DA 46 79 Available settings are explained as follows Item Description Refresh Click it to reload the page 4 18 4 IPv6 Neighbour Table Clear Refresh The table shows a mapping between an Ethernet hardware address MAC Address and an IPv6 address This information is helpful in diagnosing network problems such as IP address conflicts etc Click Diagnostics and click IPv6 Neighbour Table to open the web page Diagnostics gt gt View IPv6 Neighbour Table IPv6 Neighbour Table Mac Address 1 g r a a a a pa _ 4597 N aT g E aT g N g FE Wc n ii Tm mi ai Li F F P Lu F b ah lop yo et s es a To ee EEU A e oe sa Po boma Po boad F A C ba T a A E a E a ERR yes SRS 7 PTC ft Depan ee E MA FEGU 44DE E titrok ASE eg Ya a o 7 6 2 Deyo ew De Pwo zRAAD S3 33 ff 5 oa Ce ee oe Pe ee ae el E aa a eas eee Os ae penpe ACA ood ee ee py oy teary oop ERLT FEA 12301
306. limited to 11 characters This field is used to authenticate for connection when you select PPTP or L2TP with or without IPSec policy above The length of the password is limited to 11 characters Please type one LAN IP address according to the real location of the remote host for building VPN connection Please type the network mask according to the real location of the remote host for building VPN connection 299 Vigor2925 Series User s Guide 3 After finishing the configuration please click Next The confirmation page will be shown as follows If there is no problem you can click one of the radio buttons listed on the page and click Finish to execute the next action VPN and Remote Access gt gt VPN Client Wizard Please confirm your settings LAN to LAN Index Profile Name VPN Connection Type VPN Dial Out Through Always on Server IP Host Name IKE Authentication Method IPsec Security Method Remote Network IP Remote Network Mask 20 VPN 2 L2TP over IPsec Nice to Have WAN First No 172 16 3 8 Pre Shared Key AH SHAI1 0 0 0 0 255 255 255 0 Click Back to modify changes if necessary Otherwise click Finish to save the current settings and proceed to the following action Go to the VPN Connection Management Do another VPN Client Wizard setup view more detailed configurations lt Back J Available settings are explained as follows Item Go to the VPN Connection
307. lin Enable Daylight Saving O Automatically Update Interval Available settings are explained as follows Item Description Current System Time Click Inquire Time to get the current time Use Browser Time Select this option to use the browser time from the remote administrator PC host as router s system time Use Internet Time Select to inquire time information from Time Server on the Internet using assigned protocol Time Server Type the IP address of the time server Priority Choose Auto or IPv6 First as the priority IPv6 First Time Zone Select the time zone where the router is located Enable Daylight Saving Check the box to enable the daylight saving Such feature is available for certain area Automatically Update Select a time interval for updating from the NTP server Interval Click OK to save these settings Dray Te k 397 Vigor2925 Series User s Guide 4 17 9 SNMP This page allows you to configure settings for SNMP and SNMPV3 services The SNMPv3 is more secure than SNMP through the encryption method support AES and DES and authentication method support MD5 and SHA for the management needs Applications gt gt SNMP SNMP Setup Get Community Set Community Manager Host IP IPW4 Manager Host IP IPV6 Trap Community Notification Host IP IP 4 Notification Host IP IPw6 Trap Timeout C Enable SNMPV3 Agent USM User Auth Algorithm Auth Password Privacy Algorithm Privacy Password
308. llow users to divide groups into different subnets LAN1 LANS In addition different subnets can link for each other by configuring Inter LAN Routing At present LAN setting is fixed with NAT mode only LAN2 LANS5 can be operated under NAT or Route mode IP Routed Subnet can be operated under Route mode LAN gt General Setup General Setup Index LAM 1 LAN 2 LAN 3 LAN 4 LAN 3 DMZ IP Routed Subnet Status W LI L DHCP IP Address 192 168 1 1 192 168 2 1 192 168 3 1 192 168 4 1 192 168 5 1 192 168 6 1 192 168 0 1 Advanced vou can configure DHCP options here Force router to use DNS server IP address settings specified in LAN w Inter LAN Routing Subnet LAN 1 LAN 2 LAN 3 LAN 4 LAN 3 Note LAN 2737475 are available when LAWN is enabled DM subnet is default bound to Fi and will overwrite the settings of P1 at LAN gt VLAN page Available settings are explained as follows Item General Setup Dray Tek Description Allow to configure settings for each subnet respectively Index Display all of the LAN items Status Basically LAN1 status is enabled in default LAN2 LAN6 and IP Routed Subnet can be observed by checking the box of Status DHCP LAN 1 is configured with DHCP in default If required please check the DHCP box for each LAN IP Address Display the IP address for each LAN item Such information is set in default and you can not modify i
309. llows Item Description Enable UPNP Service Accordingly you can enable either the Connection Control Service or Connection Status Service Default WAN It is used to specify the WAN interface for applying such function ult WAN w Deta Default WAN WANA WAN WANS Dr ay Tek 285 Vigor2925 Series User s Guide After setting Enable UPNP Service setting an icon of IP Broadband Connection on Router on Windows XP Network Connections will appear The connection status and control status will be able to be activated The NAT Traversal of UPnP enables the multimedia features of your applications to operate This has to manually set up port mappings or use other similar methods The screenshots below show examples of this facility Address Network Connections IP Broadband Connection on Router Status AE Broadband Network Tasks Ma i General AH hiet E Create a new connection W Disconnected 3 Setup a home or small ka WAN Minipart PPPOE Internet Gateway office network Status Connected _Diat up Duration 00 19 06 see A SI test Speed 100 0 Mbps P 3 isconnectegd i Network Troubleshoote b 1 Disconnected sha AN ga al i DrayTek ISDN PRP eine Internet Internet Gateway My Computer Other Places Internet Gateway wh w bg G Control Panel Je Ip Broadband Connection on 3 i Router a My Network Places i Mira Pickels iL My Documents Sent 404 fad My Computer i Received 1 115 BBE _
310. lt Clear all of the settings and return to factory default settings Index Display the profile number that you can configure Profile Display the name for such mail server profile Dr ay Te k 243 Vigor2925 Series User s Guide To set a new profile please do the steps listed below 1 Click the Mail Server tab and click the number e g 1 under Index column for configuration in details Object Settings gt SMS Mail Service Object SMS Provider Index i N Mail Server 2 The configuration page will be shown as follows Object Settings gt gt SMS Mail Service Object Profile Index 1 Profile Name SMTP Server SMTP Port Sender Address Authentication Username Password Sending Interval Mail_ Notify 192 168 1 98 465 carmeni draytek com OK Clear Cancel Available settings are explained as follows Item Profile Name SMTP Server SMTP Port Sender Address Use SSL Vigor2925 Series User s Guide Description Type a name for such mail service profile The maximum length of the name you can set is 31 characters Type the IP address of the mail server The maximum length of the name you can set is 63 characters Type the port number for SMTP server Type the e mail address of the sender Check this box to use port 465 for SMTP server for some e mail server uses https as the transmission method us Dray Tek Authentication Sending Interval The mail server mu
311. lti NAT Index Enable Aux WAN IP Join NAT IF Pool d L d L d ad C Fixed IP Click Yes to use this function and type in a fixed IP address in the box of Fixed IP Address Default MAC Address You can use Default MAC Address or specify another MAC address by typing on the boxes of MAC Address for the router Specify a MAC Address Type the MAC address for the router manually After finishing all the settings here please click OK to activate them Details Page for Static or Dynamic IP in WAN1 WAN2 For static IP mode you usually receive a fixed public IP address or a public subnet namely multiple public IP addresses from your DSL or Cable ISP service providers In most cases a Cable service provider will offer a fixed public IP while a DSL service provider will offer a public subnet If you have a public subnet you could assign an IP address or many IP address to the WAN interface To use Static or Dynamic IP as the accessing protocol of the internet please click the Static or Dynamic IP tab The following web page will be shown Vigor2925 Series User s Guide 134 Dr ay Tek WAN gt Internet Access Static or Dynamic IP PPTP L2TP IPvo WAN 1 PPPoE Enable Disable Keep WAN Connection C Enable PING to keep alive o minutefs PING to the IP PING Interval WAN IP Network Settings Obtain an IP address automatically Viger Domain Name O t Required for some ISPs DHC
312. m 1s explained as follows Item Description Set to Factory Default Clear all profiles Profile Display the number of the profile which allows you to click to set different policy Name Display the name of the URL Content Filter Profile Vigor2925 Series User s Guide 252 Dr ay Te k Administration Message You can type the message manually for your necessity Default Message You can type the message manually for your necessity or click this button to get the default message which will be displayed on the field of Administration Message You can set eight profiles as URL content filter Simply click the index number under Profile to open the following web page CSM gt gt URL Content Filter Profile Profile Index 1 Priority Both Pass Log 1 URL Access Control Cl Enable URL Access Control CL Prevent web access from IP address Action Group Object Selections et 2 Web Feature C Enable Restrict Web Feature Action L cookie LIProxy LJ Upload File Extension Profile Available settings are explained as follows Item Description Profile Name Type a name for the CSM profile The maximum length of the name you can set is 15 characters Priority It determines the action that this router will apply Both Pass The router will let all the packages that match with the conditions specified in URL Access Control and Web Feature below passing through When you choose this setting both configuration set i
313. matically from 6rd service provider The IPv4 WAN must be set as DHCP Static 6rd Set 6rd options manually IPv4 Border Relay Type the IPv4 addresses of the 6rd Border Relay for a given 6rd domain IPv4 Mask Length Type a number of high order bits that are identical across all CE IPv4 addresses within a given 6rd domain It may be any value between 0 and 32 Vigor2925 Series User s Guide 148 Dr ay Te k 6rd Prefix Type the 6rd IPv6 address 6rd Prefix Length Type the IPv6 prefix length for the 6rd IPv6 prefix in number of bits After finished the above settings click OK to save the settings Below shows an example for successful IPv6 connection based on 6rd mode Online Status Physical Connection System Uptime Oday 0 9 15 IPv4 IPv6 LAN Status IP Address 2001 E41 A865 1D00 21D AAFF FE83 1164 64 Global FESO 21D AM4AFF FE83 1164 64 Link TX Packets RX Packets TX Bytes 115 1354 WAN1 IPv6 Status Enable Mode Up Time 6rd 0 09 06 Gateway IP 2001 41 4865 1D01 21D AAFF FEB3 1165 128 Global FE80 COA8 651D 128 Link TX Packets RX Packets TX Bytes 13 29 967 Dr ay Tek 149 Vigor2925 Series User s Guide 4 1 4 Multi VLAN Multi VLAN allows users to create profiles for specific WAN interface and bridge connections for user applications that require very high network throughput Simply go to WAN and select Multi VLAN General This page shows the basic configurations used by every channe
314. me provided by the ISP Note The maximum length of the user name you can set is 63 characters Password Assign a valid password provided by the ISP Note The maximum length of the password you can set is 62 characters Confirm Password Retype the password Back Click it to return to previous setting page Next Click it to get into the next setting page Cancel Click it to give up the quick start wizard 3 Please manually enter the Username Password provided by your ISP Click Next for viewing summary of such connection Vigor2925 Series User s Guide 18 Dr ay Tek Quick Start Wizard Please confirm your settings WAN Interface WAN Physical Mode Ethernet Physical Type Auto negotiation Internet Access PPPoE Click Back to modify changes if necessary Otherwise click Finish to save the current settings and restart the Vigor router 4 Click Finish A page of Quick Start Wizard Setup OK will appear Then the system status of this protocol will be shown Quick Start Wizard Setup OK 5 Now you can enjoy surfing on the Internet PPTP L2TP 1 Choose WAN2 as the WAN Interface and click the Next button The following page will be open for you to specify Internet Access Type Quick Start Wizard Select one of the following Internet Access types provided by your ISP PPPoE Static IP DHCP seek ee Dr ay Tek 19 Vigor2925 Series User s Guide Click PPTP L2TP as the Internet Access Type
315. meanings For WANI WAN2 WAN3 Bandwidth chart the numbers displayed on vertical axis represent the numbers of the transmitted and received packets in the past For Sessions chart the numbers displayed on vertical axis represent the numbers of the NAT sessions during the past Vigor2925 Series User s Guide 414 Dr ay Tek 4 18 10 Trace Route Click Diagnostics and click Trace Route to open the web page This page allows you to trace the routes from router to the host Simply type the IP address of the host in the box and click Run The result of route trace will be shown on the screen Diagnostics gt gt Trace Route Trace Route IPV4 OIPV6 Trace through Unspecified Protocol ICMP Host IP Address i Result Clear Or Diagnostics gt Trace Route Trace Route Trace Host IPAddress 000 O Run Result Clear Available settings are explained as follows Item Description IPv4 IPv6 Click one of them to display corresponding information for it Trace through Use the drop down list to choose the interface that you want to ping through Dr ay Tek 415 Vigor2925 Series User s Guide Protocol Host IP Address Trace Host IP Address Run Clear 4 18 11 Syslog Explorer Use the drop down list to choose the protocol that you want to ping through It indicates the IP address of the host It indicates the IPv6 address of the host Click this button to start route tracing work Click this l
316. ments Settings B Control Panel ere E Network Connections earc Printers and Faxes of Taskbar and Start Menu Help and Support Run Log OFF coco lee Turn OFF Computer Internet Explorer Vigor2925 Series User s Guide Dray Tek 3 Open File gt Add Printer A welcome dialog will appear Please click Next Add Printer Wizard Welcome to the Add Printer Q Wizard This wizard helps you install a printer or make printer connections If you have a Plug and Play printer that connects 1 through a USB port or any other hot pluggable port such as IEEE 1394 infrared and so on you S Printers and Faxes do not need to use this wizard Click Cancel to close the wizard and then plug the printer s cable Edit View Favorites Tools into your computer or point the printer toward your computer s infrared port and turn the printer on Server Properties S P Sea Windows will automatically install the printer for you Set Up Faxing To continue click Next reate Shortcut Delete Rename Properties Close Cancel 4 Click Local printer attached to this computer and click Next Add Printer Wizard Local or Network Printer The wizard needs to know which type of printer to set up Select the option that describes the printer you want to use Local Automatically detect and install my Plug and Play printer OA network printer or a print
317. misused tampered with damaged by an act of God or subjected to abnormal working conditions The warranty does not cover the bundled or licensed software of other vendors Defects which do not significantly affect the usability of the product will not be covered by the warranty We reserve the right to revise the manual and online documentation and to make changes from time to time in the contents hereof without obligation to notify any person of such revision or changes Web registration is preferred You can register your Vigor router via http www dayTek com Due to the continuous evolution of DrayTek technology all routers will be regularly upgraded Please consult the DrayTek web site for more information on newest firmware tools and documents http www drayTek com iv Dray Tek European Community Declarations Manufacturer DrayTek Corp Address No 26 Fu Shing Road Hukou Township Hsinchu Industrial Park Hsinchu County Taiwan 303 Product Vigor2925 Series Router DrayTek Corp declares that Vigor2925 Series of routers are in compliance with the following essential requirements and other relevant provisions of R amp TTE 1999 5 EC ErP 2009 125 EC and RoHS 2011 65 EU The product conforms to the requirements of Electro Magnetic Compatibility EMC Directive 2004 108 EC by complying with the requirements set forth in EN55022 Class B and EN55024 Class B The product conforms to the requirements of Low Voltage LVD Direct
318. n 2 0 Tlen 60 Vigor2925 Series User s Guide 120 Dr ay Te k 3 16 How to use AP Management function in Vigor2925 to check AP status and deploy WLAN profile The administrator can manage the access points linked to Vigor2925 l 3 Dray Tek Open External Devices gt gt Access Point Devices Vigor2925 will detect the AP connecting to the router automatically and display as below External Device gt Access Point Devices Status WLAN Profile Note Green Online Red Offline Grey Hidden SSID Maximum support 20 APs In this case a device named with APSO0_00507F6EE4980 has been detected by Vigor router Click the WLAN Profile tab to get the following page Check the box of the default profile to make the Edit button being available Then click the Edit button External Device gt gt Access Point Devices Status WLAN Profile Setto Factory Default Profile Name Main SSID Multi SSID WLAN ACL Rate Control Default DrayTek LAN A WPA WPA2 PSEK Enable None None dit Apply To Device When the following configuration page appears make the changes you want and check Apply to All APs Then click Next to access into the next page External Device gt gt Access Point Devices WLAN Profile Edit Device Settings 2nd Subnet Enable Disable 2 46 WLAN General Settings 2 46 Mode Mixedfiib iig iinh 2 46 Channel 2462MHz Channel 11 wamo OoOO O OEnable Disable 5G WLAN General
319. n Method such as draytek com or 123 45 67 89 Pre Shared Key Digital Signature x 509 Peer ID Local ID Alternative Subject Name First Subject Name First IPsec Security Method Medium AH High EsP 3DES with Authentication Index 1 15 in Schedule Setup 5 Continue to navigate to the TCP IP Network Settings for setting the LAN IP for the remote side 4 Gre over IPsec Settings C Enable IPsec Dial Out function GRE over IPsec O Logical Traffic My GRE P Peer GREIP 5 TCP IP Network Settings My WAN IP 0 0 0 0 RIP Direction Remote Gateway IP 0000 From first subnet to remote network you have to do Remote Network IP 172 17 1 0 Remote Network Mask 255 255 255 0 Local Network IP 19 1681 9 L Change default route to this VPN tunnel Only single WAN supports this Local Network Mask 255 255 255 0 6 Click OK to save the settings Dr ay Tek 67 Vigor2925 Series User s Guide 7 Open VPN and Remote Access gt gt Connection Management to check the dial in connection status from head office VPN and Remote Access gt gt Connection Management Dial out Tool Refresh Seconds V2920 172 16 2 145 v VPN Connection Status Current Page 1 Page Nol 69 Tx Tx Rate Rx Rx Rate VPN Type Remote IP Virtual Network Pkts Bps Pkts Bps UpTime 1 IPSec Tunnel Drop i VPN Clen DES SHAL Auth See ee les ale abel poal Oly eel 5 3 se 36 O 6 41 Drop
320. n be specified for general management Web configuration telnet TRO069 If you choose Management the configuration for this VLAN will be effective for Web configuration telnet TRO69 IPTV The IPTV configuration will allow the WAN interface to send IGMP packets to IPTV servers WAN Setup Choose PPPoE PPPOA or Static or Dynamic IP to determine what WAN settings must be configured PPPoE PPPoA PPPoE PPPoA Static or Dynamic IP ISP Access Setup IP For other settings refer to Details Page for PPPoE in Address From ISP WAN WANI IP Network Settings DNS Server IP Address After finished the above settings click OK to save the settings Dr ay Te k 153 Vigor2925 Series User s Guide 4 1 5 WAN Budget This function is used to determine the data traffic volume for each WAN interface respectively to prevent from overcharges for data transmission by the ISP Please note that the Time and Date settings will need to be configured correctly first in order for some period calculations to be performed correctly WAN gt WAN Budget Index Enable Budget Status Budgeting Period Budget Action WAN1 OMB OMB WAN OMB OMB WANS OMB OMB Note The WAN Budget application provided here will allow users to define the limit of network traffic entering and leaving each WAN interface and select the action that shall be performed when the limit is reached The supported actions are listed below AWAN interface willbe shut
321. n this page for URL Access Control and Web Feature will be inactive Both Block The router will block all the packages that match with the conditions specified in URL Access Control and Web Feature below When you choose this setting both configuration set in this page for URL Access Control and Web Feature will be inactive Either URL Access Control First When all the packages matching with the conditions specified in URL Access Control and Web Feature below such function can determine the priority for the actions executed For this one the router will process the packages with the conditions set below for URL first then Web feature second Either Web Feature First When all the packages Dr ay Tek 253 Vigor2925 Series User s Guide Log URL Access Control Vigor2925 Series User s Guide matching with the conditions specified in URL Access Control and Web Feature below such function can determine the priority for the actions executed For this one the router will process the packages with the conditions set below for web feature first then URL second Both Pass Both Pass Both Black Either URL Access Control First Either Web Feature First None There is no log file will be recorded for this profile Pass Only the log about Pass will be recorded in Syslog Block Only the log about Block will be recorded in Syslog All All the actions Pass and Block will be recorded in Sy
322. n type in four sets of time schedule for your request All the schedules can be set previously in Application gt gt Schedule web page and you can use the number that you have set in that web page 4 10 3 Quality of Service Deploying QoS Quality of Service management to guarantee that all applications receive the service levels required and sufficient bandwidth to meet performance expectations is indeed one important aspect of modern enterprise network One reason for QoS is that numerous TCP based applications tend to continually increase their transmission rate and consume all available bandwidth which is called TCP slow start If other applications are not protected by QoS it will detract much from their performance in the Dr ay Te k 265 Vigor2925 Series User s Guide overcrowded network This is especially essential to those are low tolerant of loss delay or jitter delay variation Another reason is due to congestions at network intersections where speeds of interconnected circuits mismatch or traffic aggregates packets will queue up and traffic can be throttled back to a lower speed If there s no defined priority to specify which packets should be discarded or in another term dropped from an overflowing queue packets of sensitive applications mentioned above might be the ones to drop off How this will affect application performance There are two components within Primary configuration of QoS deployment
323. name Add Click it to open a dialog to type the host s IP address gt Host s IP Address Windows Internet Explorer AU ee te Host s IP Address 192 1368 1 85 Only responds to the DNS request when the sender is in the same subnet Only responds to the DNS Different LAN PCs can share the same domain name However you have to check this box to make the router identify amp respond the IP address for the DNS query coming from different LAN PC Delete Click it to remove an existed IP address on the list 3 Click OK button to save the settings 4 Anew LAN DNS profile has been created Applications gt LAN DNS LAN DNS Resolution Setto Factory Default Enable Index Profile Domain Name q sales_i www draytek com o 2 L 3 o 4 d 5 o 6 o T O 8 o 9 d 10 lt lt 1 10 11 20 gt gt 4 11 3 Schedule The Vigor router has a built in real time clock which can update itself manually or automatically by means of Network Time Protocols NTP As a result you can not only schedule the router to dialup to the Internet at a specified time but also restrict Internet access to certain hours so that users can connect to the Internet only during certain hours say business hours The schedule is also applicable to other functions Dr ay Tek 279 Vigor2925 Series User s Guide You have to set your time before set schedule In System Maintenance gt gt Time and Date menu press Inquire
324. nceal in the executable objects such as ActiveX Java Applet compressed files and other executable files Once downloading these types of files from websites you may risk bringing threat to your system For example an ActiveX control object is usually used for providing interactive web feature If malicious code hides inside it may occupy user s system Web Content Filter We all know that the content on the Internet just like other types of media may be inappropriate sometimes As a responsible parent or employer you should protect those in your trust against the hazards With Web filtering service of the Vigor router you can protect your business from common primary threats such as productivity legal liability network and security threats For parents you can protect your children from viewing adult websites or chat rooms Once you have activated your Web Filtering service in Vigor router and chosen the categories of website you wish to restrict each URL address requested e g www bbc co uk will be checked against our server database This database is updated as frequent as daily by a global team of Internet researchers The server will look up the URL and return a category to your router Your Vigor router will then decide whether to allow access to this site according to the categories you have selected Please note that this action will not introduce any delay in your Web surfing because each of multiple load balanced database serve
325. nd L2TP with IPSec Policy when you specify the remote node Check the Medium DES 3DES or AES box as the security method Medium Authentication Header AH means data will be authenticated but not be encrypted By default this option is invoked You can uncheck it to disable it High Encapsulating Security Payload ESP means payload data will be encrypted and authenticated You may select encryption algorithm from Data Encryption Standard DES Triple DES 3DES and AES Local ID Optional Specify a local ID to be used for Dial in setting in the LAN to LAN Profile setup This item is optional and can be used only in IKE aggressive mode After finishing all the settings here please click OK to save the configuration 4 12 9 LAN to LAN Here you can manage LAN to LAN connections by maintaining a table of connection profiles You may set parameters including specified connection direction dial in or dial out connection peer ID connection type VPN connection including PPTP IPSec Tunnel and L2TP by itself or over IPSec and corresponding security methods etc The router supports up to 32 VPN tunnels simultaneously The following figure shows the summary table The following figure shows the summary table according to the item All Trunk selected for View Vigor2925 Series User s Guide 316 Dr ay Tek WPH and Remote Access gt gt LAN to LAN LAN to LAN Profiles Set to Factory Default View An Online Offl
326. ne PPE of Infinion It can only support 128 sessions for network traffic IN amp OUT with implementing three kinds of modes Disable Auto and Manual 4 5 1 Setup When the data traffic is heavy and data transmission is getting slowly and slowly you can configure this page to accelerate the data streaming by hardware itself Open Hardware Acceleration gt gt Setup to access into the following page Hardware Acceleration gt gt Setup Protocol Tcp C UDP Option Accelerate most heavy traffic sessions Apply the Class Rule in Quality of Service Specific Hosts Index Enable Start port End port Private IP 1 a a Note Bandwidth Management will not work if Hardware Acceleration was enabled OK af HULL Available settings are explained as follows Item Description Mode Auto Mode When the hardware acceleration is configured with the Auto mode the sessions with the most heavy loading sessions and the lower latency traffic will be added into PPA However the Auto mode does not support UDP protocol by designed Manual Mode The Manual mode implements three sub items Accelerate most heavy traffic sessions Apply the Class Rule in Quality of Service and Specific Hosts Each of these sub items can support TCP and UDP protocol Protocol There are two types supported by this function TCP and UDP Option Accelerate most heavy traffic sessions Such option is Vigor2925 Series Us
327. need bi directional authentication in order to provide stronger security for example Cisco routers So you should enable this function when your peer router requires mutual authentication You should further specify the User Name and Password of the mutual authentication peer The length of the name password 1s limited to 23 19 characters Enter a start IP address for the dial in PPP connection You should choose an IP address from the local private network For example if the local private network is 192 168 1 0 255 255 255 0 you could choose 192 168 1 200 as the Start IP Address You can configure up to four start IP addresses for LAN1 LANS Configured LDAP profiles will be listed under such item Simply check the one you want to enable the PPP authentication by LDAP server profiles However if there is no profile listed simply click the link of PPTP LDAP Profile to create add some new LDAP profiles you want For detailed information about LDAP application refer to section 4 7 How to Implement the AD LDAP Authentication for User Management 307 Vigor2925 Series User s Guide 4 12 5 IPSec General Setup In IPSec General Setup there are two major parts of configuration There are two phases of IPSec gt Phase 1 negotiation of IKE parameters including encryption hash Diffie Hellman parameter values and lifetime to protect the following IKE exchange authentication of both peers using either a Pre Shared Key or Digit
328. net mask Gateway Type the IP address of gateway Primary DNS Type in the primary IP address for the router Secondary DNS Type in secondary IP address for necessity in the future Back Click it to return to previous setting page Next Click it to get into the next setting page Cancel Click it to give up the quick start wizard 3 Please type in the IP address information originally provided by your ISP Then click Next for next step Quick Start Wizard Please confirm your settings WAN Interface WAN Physical Mode Ethernet Physical Type Auto negotiation Internet Access Static IP Click Back to modify changes if necessary Otherwise click Finish to save the current settings and restart the Vigor router Vigor2925 Series User s Guide 22 Dr ay Tek 4 Click Finish A page of Quick Start Wizard Setup OK will appear Then the system status of this protocol will be shown Quick Start Wizard Setup OK 5 Now you can enjoy surfing on the Internet DHCP 1 Choose WAN2 as WAN Interface and click the Next button The following page will be open for you to specify Internet Access Type Quick Start Wizard Connect to Internet WAN 2 Select one of the following Internet Access types provided by your ISP PPPoE PPTP L2TP Static IP DHCP 2 Click DHCP as the Internet Access type Simply click Next to continue Quick Start Wizard DHCP Client Mode WAN 2 If your ISP requires you to enter a
329. ng TTL Time to Live Displays value for your reference TTL value is set by telnet command It means Max Transmit Unit for packet The default setting 135 Vigor2925 Series User s Guide is 1492 RIP Protocol Routing Information Protocol is abbreviated as RIP RFC1058 specifying how routers exchange routing tables information Click Enable RIP for activating this function WAN IP Network This group allows you to obtain an IP address automatically Settings and allows you type in IP address manually WAN IP Alias If you have multiple public IP addresses and would like to utilize them on the WAN interface please use WAN IP Alias You can set up to 8 public IP addresses other than the current one you are using WAMNIIP Alias Windows Internet Explorer E hittp 192 168 1 1 WAN1 IP Alias Multi NAT Index Enable Aux WAN IP Join NAT IP Pool d adl d ad d L ad Obtain an IP address automatically Click this button to obtain the IP address automatically if you want to use Dynamic IP mode Router Name Type in the router name provided by ISP Domain Name Type in the domain name that you have assigned DHCP Client Identifier for some ISP Enable Check the box to specify username and password as the DHCP client identifier for some ISP Username Type a name as username The maximum length of the user name you can set is 63 characters Password Type a password The maximum
330. ng Dst IP Binding Dst Port ANY Protocol 192 168 10 24 255 255 255 255 192 168 1 20 255 255 255 255 l 65535 Note To configure a successful binding tunnel you have to Type Binding Src IP range Start and End and Binding Des IP range Start and End Choose TCP UDP IGMP ICMP or Other as Binding Protocol Detailed Settings for Advanced Backup gt YER Backup Advance Settings Windows Internet Explorer E VPN Backup Advance Settings Pa Profile Name Backupi ERD Mode Normal Resume Member 1 first Detail Information Environment Recovers Detection ERD Status elNmsaicariicovmmteehn OOO OOOO OA Normal Mode MH Available settings are explained as follows Dray Tek 335 Vigor2925 Series User s Guide Item Description Profile Name List the backup profile name ERD Mode ERD means Environment Recovers Detection Normal choose this mode to make all dial out VPN TRUNK backup profiles being activated alternatively Resume when VPN connection breaks down or disconnects Member 1 will be the top priority for the system to do VPN connection This field will display detailed information for Environment Recovers Detection Detail Information 4 12 11 Connection Management You can find the summary table of all VPN connections You may disconnect any VPN connection by clicking Drop button You may also aggressively Dial out by
331. ng Windows platform for demonstrating examples The Mac or Linux platform will appear different windows but the backup function is still available Note Backup for Certification must be done independently The Configuration Backup does not include information of Certificate Restore Configuration 1 Goto System Maintenance gt gt Configuration Backup The following windows will be popped up as shown below System Maintenance gt gt Configuration Backup Configuration Backup Restoration Restoration Select a configuration file rw Click Restore to upload the file Backup Click Backup to download current running configurations as a file 2 Click Browse button to choose the correct configuration file for uploading to the router 3 Click Restore button and wait for few seconds the following picture will tell you that the restoration procedure is successful 393 Vigor2925 Series User s Guide 4 17 7 Syslog Mail Alert SysLog function is provided for users to monitor router There is no bother to directly get into the Web user interface of the router or borrow debug equipments System Maintenance gt SysLog Mail Alert Setup SysLog Mail Alert Setup SysLog Access Setup Syslog Save to wW Syslog Server C USB Disk Mail Alert Setup C Enable Router Name rd MT sd Server IP Address Return Path Destination Port Use SSL Mail Syslog LJ Enable Enable syslog message Firewall Log VPN Log
332. ngs My WAN IF 0 0 0 0 RIP Direction Disable wt Remote Gateway IP 197 169 25 1 From first subnet to remote network you have to do Remote Network IP 192 168 25 0 Remote Network Mask 255 255 2550 Local Network IP 192 168 1 1 Local Network Mask 298 255 2550 Change default route to this WPN tunnel Only single WAN supports this Vigor2925 Series User s Guide 332 Dr ay Tek Advanced Load Balance and Backup After setting profiles for load balance you can choose any one of them and click Advance for more detailed configuration The windows for advanced load balance and backup are different Refer to the following explanation Advanced Load Balance YEN Load Balance Advance settings Windows Internet Explorer E hitp192 168 1 1 Eom z S VPN Load Balance Advance Settings Profile Name Loadbalanl Load Balance Algorithm Round Robin Weighted Round Robin Auto Weighted According to Speed Ratio Member1 Member2 50 50 VPN Load Balance Policy Edit Insert after 1 64 i Tunnel Bind Table Index Cap EF T l Active ctive Binding Dial Out Profile ho oo 4 silo B silo Src IP Start End 255 755 755 255 Dest IP Start End 255 255 255 255 Dest Port Start Protocol ANY ka lo Detail Information VPN Load Balance Profile name Loadbalani Algorithm Round Robin Available settings are explain
333. ngs you did before Make sure you have recorded all useful settings before you pressing Software Reset You can reset the router to factory default via Web page Such function is available in Admin Mode only Go to System Maintenance and choose Reboot System on the web page The following screen will appear Choose Using factory default configuration and click Reboot Now After few seconds the router will return all the settings to the factory settings Dray Tek 431 Vigor2925 Series User s Guide System Maintenance gt gt Reboot System Reboot System Do you want to reboot your router Using current configuration Using factory default configuration Reboot Now Auto Reboot Time Schedule Indexf1 15 in Schedule Setup Et Note Action and Idle Timeout settings will be ignored Hardware Reset While the router is running ACT LED blinking press the Factory Reset button and hold for more than 5 seconds When you see the ACT LED blinks rapidly please release the button Then the router will restart with the default configuration Wireles ON OFF Factory Reset WLAN VPN DMZ After restore the factory default setting you can configure the settings for the router again to fit your personal request 5 7 Contacting Your Dealer If the router still cannot work correctly after trying many efforts please contact your dealer for further help right away For any questions
334. nnection Denial of Service DoS Defense The DoS Defense functionality helps you to detect and mitigate the DoS attack The attacks are usually categorized into two types the flooding type attacks and the vulnerability attacks The flooding type attacks will attempt to exhaust all your system s resource while the vulnerability attacks will try to paralyze the system by offending the vulnerabilities of the protocol or operation system The DoS Defense function enables the Vigor router to inspect every incoming packet based on the attack signature database Any malicious packet that might duplicate itself to paralyze the host in the secure LAN will be strictly blocked and a Syslog message will be sent as warning if you Set up Syslog server Also the Vigor router monitors the traffic Any abnormal traffic flow violating the pre defined parameter such as the number of thresholds is identified as an attack and the Vigor router will activate its defense mechanism to mitigate in a real time manner The below shows the attack types that DoS DDoS defense function can detect 1 SYN flood attack 9 SYN fragment 2 UDP flood attack 10 Fraggle attack 3 ICMP flood attack 11 TCP flag scan 4 Port Scan attack 12 Tear drop attack 5 IP options 13 Ping of Death attack 6 Land attack 14 ICMP fragment 7 Smurf attack 15 Unknown protocol 8 Trace route Below shows the menu items for Firewall Dr ay Tek 199 Vigor2925 Series User s Guid
335. nnel Allow the remote dial in user to trigger an IPSec VPN connection through Internet L2TP with IPSec Policy Allow the remote dial in user to make a L2TP VPN connection through the Internet You can select to use L2TP alone or with IPSec Select from below E None Do not apply the IPSec policy Accordingly the VPN connection employed the L2TP without IPSec policy can be viewed as one pure L2TP connection m Nice to Have Apply the IPSec policy first if it is applicable during negotiation Otherwise the Dray Te k 323 Vigor2925 Series User s Guide Vigor2925 Series User s Guide dial in VPN connection becomes one pure L2TP connection E Must Specify the IPSec policy to be definitely applied on the L2TP connection Specify Remote VPN Gateway You can specify the IP address of the remote dial in user or peer ID should be the same with the ID setting in dial in type by checking the box Also you should further specify the corresponding security methods on the right side If you uncheck the checkbox the connection type you select above will apply the authentication methods and security methods in the general settings User Name This field is applicable when you select PPTP or L2TP with or without IPSec policy above The length of the named is limited to 11 characters Password This field is applicable when you select PPTP or L2TP with or without PSec policy above The length of the password is limited
336. ns Common application of Open Ports includes P2P application e g BT KaZaA Gnutella WinMX eMule and others Internet Camera etc Ensure that you keep the application involved up to date to avoid falling victim to any security exploits Click Open Ports to open the following page NAT gt gt Open Ports Open Ports Setup Setto Factory Default Index Comment WAN Interface Local IP Address Status 1 x 2 x 3 x 4 x J x 6 x x a x J x 10 x lt lt 1 10 11 20 Next Available settings are explained as follows Item Description Index Indicate the relative number for the particular entry that you want to offer service in a local host You should click the appropriate index number to edit or clear the corresponding entry Comment Specify the name for the defined network service WAN Interface Display the WAN interface used by such index Local IP Address Display the private IP address of the local host offering the Service Status Display the state for the corresponding entry X or V is to represent the Inactive or Active state To add or edit port settings click one index number on the page The index entry setup page will pop up In each index entry you can specify 10 port ranges for diverse services Dray Te k 191 Vigor2925 Series User s Guide NAT gt gt Open Ports gt gt Edit Open Ports Index No 1 Enable Open Ports Comment WAN Interface Local Computer Protocol Start Port 3
337. nsmission automatically among all of the WAN interfaces in connection status After finished the above settings click OK to save the settings 129 Vigor2925 Series User s Guide WANS with USB To use 3G network connection through 3G USB Modem please configure WANS interface WAN gt General Setup WAN 3 Enable Display Name Physical Mode Line Speed Kbps DownLink UpLink Active Mode Backup Type Only if acting as backup for multiple WAN Yes li USB Load Balance Owan i Owan 2 WAN 3 when any of selected WAN disconnect When all of selected WAN disconnect Note 1 The line speed setting of WAN interface is avaialbe only when According to Line Speed is selected as the Load Balance Mode Available settings are explained as follows Item Enable Display Name Physical Mode Line Speed Active Mode Backup Type Vigor2925 Series User s Guide Description Choose Yes to invoke the settings for this WAN interface Choose No to disable the settings for this WAN interface Type the description for such WAN interface Display the physical mode of such WAN interface If your choose According to Line Speed as the Load Balance Mode please type the line speed for downloading and uploading for such WAN interface The unit is kbps Choose Always On to make the WAN3 connection being activated always ae Aly pi T D n Backup If you choose Backup as the Active Mode
338. nstall it into your PC for matching with Packet OVERDRIVE refer to the following picture of Vigor N61 wireless utility window choose Enable for TxBURST on the tab of Option Yigor N61 802 11n Wireless USB Adapter Utility Configuration Status Option About General Setting Advance Setting Auto launch when Windows start up C Disable Radio C Remember mini status position Fragmentation Threshold C Auto hide mini status RTS Threshold C Set mini status always on top Frequency C Enable IP Setting and Proxy Setting in Profile Ad hoc Channel C Group Roaming ERE Power Save Mode Tx Burst WLAN type to connect Infrastructure and Ad hoc network Infrastructure network only adhoc network only C Automatically connect to non preferred networks Te Bust Enable Note means the real transmission rate depends on the environment of the network After finishing all the settings here please click OK to save the configuration Vigor2925 Series User s Guide 358 Dr ay Te k 4 14 8 WMM Configuration WMM is an abbreviation of Wi Fi Multimedia It defines the priority levels for four access categories derived from 802 1d prioritization tabs The categories are designed with specific types of traffic voice video best effort and low priority data There are four accessing categories AC_BE AC_BK AC_VI and AC_VO for WMM APSD automatic power save supported by Wi Fi networks
339. nt configurations based on the selection you made Here we take the examples of choosing Site to Site VPN as the VPN Server Mode Vigor2925 Series User s Guide 302 Dr ay Tek When you check PPTP you will see the following graphic VPN and Remote Access gt gt VPN Server Wizard VPN Authentication Setting Profile Name PPTP L2TP L2TP over IPsec Authentication Username Password Peer IP VPN Client IP Site to Site Information Remote Network IP Remote Network Mask When you check PPTP amp IPSec amp L2TP three types or PPTP amp IPSec two types or L2TP with Policy Nice to Have Must you will see the following graphic VPN and Remote Access gt gt VPN Server Wizard VPN Authentication Setting Profile Name PPTP L2TP L2TP over IPsec Authentication Username Password IPsec L2TP over IPsec Authentication Pre Shared Key Confirm Pre Shared Key C Digital Signature 509 Peer ID Local ID Alternative Subject Name First Subject Name First Peer IP VPN Client IP Peer ID Site to Site Information Remote Network IP Remote Network Mask 255 255 255 0 Dray Te k 303 Vigor2925 Series User s Guide When you check IPSec you will see the following graphic VPN and Remote Access gt gt VPN Server Wizard VPN Authentication Setting Profile Mame IPsec LETP over IPsec Authentication Pre Shared Key Confirm Pre Shared Key C Digital Signature 5095 Peer ID Local ID Alternative Su
340. nternet Access T o Mode Address Scope UpTime All RIGHTS Reserved aa 2g RADVD DHCPv6 FE80 21D AAFF FEB3 85E8 64 Link Interface WAN Connected 0 OWANI QWAN2 QWAN3 User mode 3 i I LAN Connected 0 WLAN LANZ _ LANS _ LAN4 LANS Status Settings Saved PRELEZ See Settings to be configured in User Mode will be less than settings in Admin Mode Only basic configuration settings will be available in User Mode Note Setting in User Mode can be configured as same as in Admin Mode Dray Tek 389 Vigor2925 Series User s Guide 4 17 5 Login Page Greeting When you want to access into the web user interface of Vigor router the system will ask you to offer username and password first At that moment the background of the web page is blank and no heading will be displayed on the Login window This page allows you to specify login URL and the heading on the Login window if you have such requirement System Maintenance gt Login Page Greeting Login Page Greeting C Enable Login Page Title Router Login 31 char max Welcome Message and Bulletin Max 511 characters Preview Setto Factory Default lt hi gt lt b gt lt font color red gt Welcome Message lt font gt lt b gt lt hi gt lt p gt This welcome message is displayed in the Login page of the router Replace this text With your own message lt p gt lt ol gt lt li gt The welcome message can be written in HTML so lists such as this
341. nting different interfaces to be applied by such profile The advantage is that each LAN 1 2 3 4 interface and or each SSID 1 2 3 4 for wireless network can be applied with different web portal separately After finishing all the settings here please click OK to save the configuration 4 3 Load Balance Route Policy Load Balance Route Policy Cisco called it policy based routing is a feature where a set of rules or policies are defined first Then if there comes a packet that matches any one of the policies it will be directed to the specified interface Load Balance Route Policy wv Policy Route Setto Factory Default Index Enable Protocol Interface E pia T P ah baa Move lia End Start Start End 1 F Ary WAMI Down 2 d Any WANI Down 3 C Any WAMI Down 4 F Any WANI Down 5 d Any WANT Down 6 d Any WANT Down ri d Any WANI Down 8 F Any WANI Down 9 d Any WANI Down 10 C Any WAMI Down lt 1 10 11 20 21 30 31 40 41 50 gt gt Next gt gt Available settings are explained as follows Item Index Vigor2925 Series User s Guide Description Click the number of index to access into the configuration web page 80 Dray Tek Enable Protocol Interface Interface Address Src IP Start Src IP End Dest IP Start Dest IP End Dest Port Start Dest Port End Move UP Move Down Check this box to enable this policy Display the protocol used for this policy Display the interface to send
342. nvolves the perpetrator sending overlapping packets to the target hosts so that those target hosts will hang once they re construct the packets The Vigor routers will block any packets realizing this attacking activity Check the box to activate the Block ICMP fragment function Any ICMP packets with more fragment bit set are dropped Check the box to activate the function Individual IP packet has a protocol field in the datagram header to indicate the protocol type running over the upper layer However the protocol types greater than 100 are reserved and undefined at this time Therefore the router should have ability to detect and reject this kind of packets We provide Syslog function for user to retrieve message from Vigor router The user as a Syslog Server shall receive the report sending from Vigor router which is a Syslog Client All the warning messages related to DoS Defense will be sent to user and user can review it through Syslog daemon Look for the keyword DoS in the message followed by a name to indicate what kind of attacks is detected 215 Vigor2925 Series User s Guide System Maintenance gt gt SysLog Mail Alert Setup SysLog Mail Alert Setup SysLog Access Setup M Enable Syslog Save to Syslog Server EUSB Disk Router Name Server IP Address Destination Port Mail Syslog Firewall Log Mail Alert Setup SMTP Server SMTP Port Mail To Return Path
343. of Service None m O Load Balance policy Auto Select 4 O O O URL Content Filter 4Facebook o Web Content Filter None o Advance Setting B Disallow users to play games on Facebook 1 Open Object Settings gt gt Keyword Object Click an index number to open the setting page 2 Inthe field of Contents please type apps facebook Configure the settings as the following figure Dr ay Tek 99 Vigor2925 Series User s Guide Objects Setting gt gt Keyword Object Setup Profile Index 2 Name facebook apps Contents apps facebook Limit of Contents Max 3 Words and 63 Characters Each word should be separated by a single space You can replace a character with HEX Example Contents backdoo 72 virus keep 200ut Result 1 backdoor 2 virus 3 keep out 3 Open CSM gt gt URL Content Filter Profile Click an index number to open the setting page 4 Configure the settings as the following figure CSM gt URL Content Filter Profile Profile Index 2 Profile Name Priority Either URL Access Control First 1 URL Access Control Enable URL Access Control Prevent web access from IP address Action Group Object Selections 2 Web Feature JEnable Restrict Web Feature Action L cookie L Proxy upload File Extension Profile None Cancel 5 When you finished the above steps please open Firewall gt gt General Setup Vigor2925 Series User s Guide 100 Dr ay Te k Dray Tek Click the
344. ofile Type the username for FTP Samba users for accessing into FTP server USB storage disk Be aware that users cannot access into USB storage disk in anonymity Later you can open FTP client software and type the username specified here for accessing into USB storage disk The length of the name is limited to 11 characters Note Admin could not be typed here as username for the word is specified for accessing into web pages of Vigor router only Also it is reserved for FTP firmware upgrade usage Note FTP Passive mode is not supported by Vigor Router Please disable the mode on the FTP client Type the password for FTP Samba users for accessing FTP server Later you can open FTP client software and type the password specified here for accessing into USB storage disk The length of the password is limited to 11 characters Type the password again to make confirmation It determines the folder for the client to access into The user can enter a directory name in this field Then after clicking OK the router will create the specific new folder in the USB storage disk In addition if the user types here he she can access into all of the disk folders and files in USB storage disk Note When write protect status for the USB storage disk is ON you cannot type any new folder name in this field 377 Vigor2925 Series User s Guide Only can be used in such case You can click to open the follo
345. ol to connect with their customers some industry may take reserve attitude in order to reduce employee misusage during office hour or prevent unknown security leak It is similar situation for corporation towards peer to peer applications since file sharing can be convenient but insecure at the same time To address these needs we provide CSM functionality URL Content Filter To provide an appropriate cyberspace to users Vigor router equips with URL Content Filter not only to limit illegal traffic from to the inappropriate web sites but also prohibit other web feature where malicious code may conceal Once a user type in or click on an URL with objectionable keywords URL keyword blocking facility will decline the HTTP request to that web page thus can limit user s access to the website You may imagine URL Content Filter as a well trained convenience store clerk who won t sell adult magazines to teenagers At office URL Content Filter can also provide a job related only environment hence to increase the employee work efficiency How can URL Content Filter work better than traditional firewall in the field of filtering Because it checks the URL strings or some of HTTP data hiding in the payload of TCP packets while legacy firewall inspects packets based on the fields of TCP IP headers only On the other hand Vigor router can prevent user from accidentally downloading malicious codes from web pages It s very common that malicious codes co
346. on Notes find out the link of USB gt gt Printer Server and click it D Ti k MyVigor Register E newsletter DrayTek HQ Media Center About DrayTek Global English v Products Solutions Multi Media Demo Contact Us FAQ Application You are here Home Supports FAQ Application Notes Printer Server USB 4G Interne Connection Then click the What types of printers are compatible with Vigor router link FAQ Application You are here Home Supports FAQ Application Notes Printer Server Latest FAQ Application Basic Printer Server Firmware Upgrade What types of printers are compatible with Vigor router WAN yp p p g IPv6 How do configure LPR printing on Windows7 Tapie Finy How do I configure LPR printing on My Windows Vista Dual WAN Note 2 Vigor router supports printing request from computers via LAN ports but not WAN port Vigor2925 Series User s Guide 12 Dray Tek Basic Settings For using the router properly it is necessary for you to change the password of web configuration for security and adjust primary basic settings This chapter explains how to setup a password for accessing into the web user interface of Vigor router and how to adjust settings for accessing Internet successfully 2 1 Accessing Web Page 1 Make sure your PC connects to the router correctly You may either simply set up your computer to get IP dynamically from the route
347. on mode and type any long encryption passphrase to setup a wireless client every time He she only needs to press a button on wireless client and WPS will connect for client and router automatically There are two methods to do network connection through WPS between AP and Stations pressing the Start PBC button or using PIN Code Dr ay Tek 351 Vigor2925 Series User s Guide On the side of Vigor 2850 series which served as an AP press WPS button once on the front panel of the router or click Start PBC on web configuration interface On the side of a station with network card installed press Start PBC button of network card WLAN Card If you want to use PIN code you have to know the PIN code specified in wireless client Then provide the PIN code of the wireless client you wish to connect to the vigor router PINCode _ WLAN Card Lp Sat N M Define a PIN Code of Station PIN Code For WPS is supported in WPA PSK or WPA2 PSK mode if you do not choose such mode in Wireless LAN gt gt Security you will see the following message box Microsoft Internet Explorer A WPS only supports in WFEAMPEALZ FPSE Mode Please click OK and go back Wireless LAN gt gt Security to choose WPA PSK or WPA2 PSK mode and access WPS again Vigor2925 Series User s Guide 352 Dr ay Te k Below shows Wireless LAN gt gt WPS web page Wireless LAN gt WPS Wi Fi Protected Setup Enable WPS Wi Fi Protected Setup Inform
348. on the configuration on Firewall settings 3 After finishing all the settings please click OK to save the configuration Vigor2925 Series User s Guide 236 Dr ay Tek 4 8 8 Keyword Group This page allows you to bind several keyword objects into one group The keyword groups set here will be chosen as black white list in CSM gt gt URL Web Content Filter Profile Objects Setting gt Keyword Group Keyword Group Table Set to Factory Default Index Name Index Name wa foo Joo po Po Ro Jeo po po eo jea ao j oe j IS S S B le S l le e e e S E e le B l la e B le l is e m S ie e e IS je Available settings are explained as follows Item Description Set to Factory Default Clear all profiles Index Display the profile number that you can configure Name Display the name of the group profile To set a new profile please do the steps listed below 1 Click the number e g 1 under Index column for configuration in details 2 The configuration page will be shown as follows Objects Setting gt Keyword Group Setup Profile Index 1 Name y Available Keyword Objects Selected Keyword Objects Max 16 Objects 1 Key 1 2 Key 2 OK Clear Cancel Dr ay Tek 237 Vigor2925 Series User s Guide Available settings are explained as follows Item Description Name Type a name for this group Maximum 15 characters are allowed Available Keyword You can gather keyword objects from Keywo
349. one can be created lt 1i gt lt 1i gt 0ther markup tags such as p font or img can be used lt 1i gt lt ol gt Examples of Welcome Message and Bulletin lt hi gt lt b gt lt font color red gt Welcome Message lt font gt lt b gt lt h1 gt lt p gt Message lt p gt Available settings are explained as follows Item Description Enable Check this box to enable the login customization function Login Page Title Type a brief description e g Welcome to DrayTek which will be shown on the heading of the login dialog Welcome Message and Type words or sentences here It will be displayed for Bulletin bulletin message In addition it can be displayed on the login dialog at the bottom Note that do not type URL redirect link here Preview Click it to display the preview of the login window based on the settings on this web page Set to Factory Default Click to return to the factory default setting Vigor2925 Series User s Guide 390 Dr ay Te k Below shows an example of login customization with the information typed in Login Description and Bulletin Yigor Login Page Windows Internet Explorer Just for Carrie Username Password Group Copyright DrayTek Corp All Rights Reserved Dray Tek Welcome Message This welcome message is displayed in the Login page of the router Replace this text with vour own message 1 The welcome message can be written in HTML so lists such as this one can be created 2 O
350. onnection type for transmission by choosing the index LAN to LAN Profile Index for such binding tunnel table Scr IP Start End Specify source IP addresses as starting point and ending point Dest IP Start End Specify destination IP addresses as starting point and ending point Dest Port Start End Specify destination service port as starting point and ending point Protocol Any means when the source IP destination IP destination port and fragment conditions match with the settings specified here such binding tunnel table can be established for TCP Service Port UDP Service Port ICMP IGMP specified here TCP means when the source IP destination IP destination port and fragment conditions match with the settings specified here and TCP Service Port also fits the number here such binding tunnel table can be established UDP means when the source IP destination IP destination port and fragment conditions match with the settings specified here and UDP Service Port also fits the number here such binding tunnel table can be established TCP UPD means when the source IP destination IP destination port and fragment conditions match with the settings specified here and TCP UDP Service Port also fits the number here such binding tunnel table can be established ICMP means when the source IP destination IP destination port and fragment conditions match with the settings specified here and ICMP Service Port also fits the num
351. ook Configure the settings as the following figure Objects Setting gt Keyword Object Setup Profile Index 1 Contents facebook Limit of Contents Max 3 Words and 63 Characters Each word should be separated by a single space You can replace a character with HEX Example Contents backdoo 7 virus keep o2 0o0ut Result 1 backdoor 2 virus 3 keep out 3 Open CSM gt gt URL Content Filter Profile Click an index number to open the setting page 4 Configure the settings as the following figure Vigor2925 Series User s Guide 98 Dr ay Tek CSM gt URL Content Filter Profile Profile Index 1 Profile Name Priority Either URL Access Control First Log 1 URL Access Control Enable URL Access Control Prevent web access from IP address Action Group Object Selections Facebook 2 Web Feature Enable Restrict Web Feature Action L cookie LJProxy Clupload File Extension Profile 5 When you finished the above steps click OK Then open Firewall gt gt General Setup 6 Click the Default Rule tab Choose the profile just configured from the drop down list in the field of URL Content Filter Now users cannot open any web page with the word facebook inside Firewall gt gt General Setup General Setup General Setup Default Rule Actions for default rule Application Action Profile Syslog Filter Pass E Sessions Control o s 60000 E Quality
352. ording to Line Speed as the Load Balance Mode please type the line speed for downloading and uploading for such WAN interface The unit is kbps Enable Enable the function of VLAN with tag The router will add specific VLAN number to all packets on the WAN while sending them out Please type the tag value and specify the priority for the packets sending by WANI1 Disable Disable the function of VLAN with tag Tag value Type the value as the VLAN ID number The range is form 0 to 4095 Priority Type the packet priority number for such VLAN The range is from 0 to 7 Choose Always On to make the WAN2 connection being activated always Always On Aly a i T D n Backup If you choose Backup as the Active Mode Backup Type will appear Please specify which WAN will be treated as the Backup WAN Active Mode Load Balance wan 1 Owan 20O wan 3 Backup Type Only if acting as backup for When any of selected WAN disconnect multiple WAMI OwWhen all of selected WAN disconnect When any of selected WAN disconnect Such backup WAN will be activated when any master WAN interface disconnects When all of selected WAN disconnect Such backup WAN will be activated only when all master WAN interfaces disconnect Load Balance Check this box to enable auto load balance function for such WAN interface When the data traffic 1s large the WAN interface with the function enabled will balance the data tra
353. osen as the one supporting IPv6 service 2 In the following figure use the drop down list to choose a proper connection type WAN gt gt Internet Access WAN 2 PPPoE Static or Dynamic IP PPTP L2TP IPvG Internet Access Mode Connection Type OK static IPv6 Different connection types will bring out different configuration page Refer to the following PPP Dual Stack application IPv4 and IPv6 services can be utilized at the same time Choose PPP and type the information for PPPoE of IPv4 WAN gt Internet Access Static or Dynamic IP PPTPIL2TP IPv6 Disable PPP MP Setup PPP Authentication PAP or CHAP Idle Timeout second s Username fs fbebso hinetnet IP Address Assignment Method IPCP ISP Access Setup WAN IP Alias Password Index 1 15 in Schedule Setup Fixed IP Yes No Dynamic IP Jb Jb ILo Fixed IP Address C i WAN Connection Detection Default MAC Address ida Specify a MAC Address dicted MAC Address loo 10 Jaa Has 57 Jea TIL MTU 1442 Max 1492 OK Cancel Access into the setting page for IPv6 service it is not necessary for you to configure anything WAN gt Internet Access WAN 2 PPPoE Static or Dynamic IF PPTP L2TP Internet Access Mode Connection Type Note IPv4 WAN setting should be PPPoE client Vigor2925 Series User s Guide 48 Dr ay Tek Click OK and open Online Status If the connection is successful you will
354. osis Ping Diagnosis IPV4 OIPV6 Note If you want to ping a LAN PC or you don t want to specify which WAN to ping through please select Unspecified Ping through Unspecified Host IP_ v IP Address Run Ping to Gateway 1 Gateway 2 Gateway 3 Result Diagnostics gt Ping Diagnosis Ping Diagnosis OPV4 IPV6 PingIPv6Address o Run Result Clear Available settings are explained as follows Item Description IPV4 IPV6 Choose the interface for such function Ping through Use the drop down list to choose the WAN interface that you want to ping through or choose Unspecified to be determined by the router automatically Ping to Use the drop down list to choose the destination that you want to ping IP Address Type the IP address of the Host IP that you want to ping Ping IPv6 Address Type the IPv6 address that you want to ping Dray Te k 411 Vigor2925 Series User s Guide Run Click this button to start the ping work The result will be displayed on the screen Clear Click this link to remove the result on the window 4 18 8 Data Flow Monitor This page displays the running procedure for the IP address monitored and refreshes the data in an interval of several seconds The IP address listed here is configured in Bandwidth Management You have to enable IP bandwidth limit and IP session limit before invoke Data Flow Monitor If not a notification dialog box will appear to r
355. ost must have a unique IP address also they may have a human friendly easy to remember name such as www yahoo com The DNS server converts the user friendly name into its equivalent IP address Primary IP Address You must specify a DNS server IP address here because your ISP should provide you with usually more than one DNS Server If your ISP does not provide it the router will automatically apply default DNS Server IP address 194 109 6 66 to this field Secondary IP Address You can specify secondary DNS server IP address here because your ISP often provides you more than one DNS Server If your ISP does not provide it the router will automatically apply default secondary DNS Server IP address 194 98 0 1 to this field The default DNS Server IP address can be found via Online Status Online Status Physical Connection System Uptime 22 22 45 IPv4 IPv6 LAN Status Primary DNS 8 8 8 8 Secondary DNS 8 8 4 4 IP Address TX Packets RX Packets 192 168 1 1 0 41533 If both the Primary IP and Secondary IP Address fields are left empty the router will assign its own IP address to local users as a DNS proxy server and maintain a DNS cache If the IP address of a domain name is already in the DNS cache the router will resolve the domain name immediately Otherwise the router forwards the DNS query packet to the external DNS server by establishing a WAN e g DSL Cable connection When you finish the configuration please click O
356. otected Modei g 100 Note if you block the web browser to pop up any window you will not see such window If the authentication is failed you will get the error message The username or password you entered is incorrect Please login again Username Password l The username or password you entered is incorrect Copyright DrayTek Corp All Rights Reserved Dray Tek Dray Te k 111 Vigor2925 Series User s Guide E In above description you access an external web site to trigger the authentication You may also directly access the router s Web UI for authentication Both HTTP and HTTPS are supported for example http 192 168 1 1 or https 192 168 1 1 Replace 192 168 1 1 with your router s real IP address and add the port number if the default management port has been modified If the authentication is successful you will get the Welcome Message that is set in the User Management gt gt General Setup page User Management gt General Setup General Setup Riule Based LIser Based Web Authentication HTTPS Notice User Management will refer to active rules in Data Filter as whitelists and blacklists In User based firewall mode Users match the above lists will not be required for authentication The firewall rules policy will still valid Otherwise authentication required for users not matched the above lists The firewall rules designated in the user profile s pol
357. ou need Cancel Free trial edition it offers a period of trial for you to get acquainted with WCF function Formal edition with license key you can extend the license valid time manually Note If you activate Formal edition with license key first the free trial edition will be invalid Dr ay Tek 27 Vigor2925 Series User s Guide 3 In the following page you can activate the Web content filter services at the same time or individually When you finish the selection please click Next Service Activation Wizard Select the service type that you want to activate This product provides 30 days of free trial please choose the item s you want to use WCF service Web Content Filter BPjM BPjM is the web content filter based on service operated in Germany We recommend only users live in Germany to try the BPjM WCF service This is a free service without guarantee Activation Date Web Content Filter Commtouch License Agreement Commtouch is the web content filter based on Commtouch operated in the worldwide There is a 30 day trial period After trial you can purchase DrayTek s prepared Commtouch GlobalView WCF package from retailing outlets Activation Date 13 02 18 Web Content Filter fragFINN License Activation Agreement Date I have read and accept the above Agreement Please check this box Note The activation date is brought out by the server automatically
358. ould follow a serial of packet exchange procedure to inform each other However if the remote peer disconnect without notice Vigor router will by no where to know this situation To resolve this dilemma by continuously sending PING packets to the remote host the Vigor router can know the true existence of this VPN connection and react accordingly This is independent of DPD dead peer detection PING to the IP Enter the IP address of the remote host that located at the other end of the VPN tunnel Type of Server I am calling PPTP Build a PPTP VPN connection to the server through the Internet You should set the identity like User Name and Password below for the authentication of remote server IPSec Tunnel Build an IPSec VPN connection to the server through Internet L2TP with IPSec Policy Build a L2TP VPN connection through the Internet You can select to use L2TP alone or with IPSec Select from below None Do not apply the IPSec policy Accordingly the VPN connection employed the L2TP without IPSec policy can be viewed as one pure L2TP connection Nice to Have Apply the IPSec policy first if it is applicable during negotiation Otherwise the dial out VPN connection becomes one pure L2TP connection Must Specify the IPSec policy to be definitely applied on the L2TP connection User Name This field is applicable when you select PPTP or L2TP with or without IPSec policy above The length of the name is
359. our driver install they can utilize the service offered by the router by clicking the router name icon In short what the Clients users need to know is the name of the router only To enable the Bonjour service click Application gt gt Bonjour to open the following page Check the box es of the server service s that you want to share to the LAN clients Applications gt gt Bonjour Bonjour Setup HTTP Server Telnet Server FIP Server SSH Server LPR Printer Server m i i Below shows an example for applying the bonjour feature that Vigor router can be used as the FTP server 1 Here we use Firefox and DNSSD to discover the service in such case Therefore just ensure the Bonjour client program and DNSSD for Firefox have been installed on the computer Browser Mozilla Firefox File Edit View History Bookmarks Tools Help Mozilla Firefox Start Page 3 Browser Browser 3 Browser chrome dnssd content browser htm Dray Te k 291 Vigor2925 Series User s Guide 2 Open the web browse Firefox If Bonjour and DNSSD have been installed you can open the web page DNSSD and see the following results Google chrome dnssd content browser html e DNSSD for Firefox Browser Configuration Options Diagnostic Information Interface Name Type Domain Service Info 2 D51010Plus _http _tcp local Select a service on the left to view further details 2 DS1010Plus WebDAy
360. p down menu to choose a proper protocol for the WAN interface Any Any IP can be treated as the source IP Src IP Start Type the source IP start for the specified WAN interface Src IP End Type the source IP end for the specified WAN interface If this field is blank it means that all the source IPs inside the LAN will be passed through the WAN interface Any Any IP can be treated as the destination IP Dest IP Start Type the destination IP start for the specified WAN interface Dest IP End Type the destination IP end for the specified WAN interface If this field is blank it means that all the destination IPs will be passed through the WAN interface Any Any port number can be treated as the destination port Dest Port Start Type the destination port start for the destination IP Dest Port End Type the destination port end for the destination IP If this field is blank it means that all the destination ports will be passed through the WAN interface Interface Use the drop down list to choose a WAN or LAN interface or VPN profile Packets match with the above criteria will be transferred to the interface chosen here Gateway IP Specific gateway is used only when you want to forward the packets to the desired gateway Usually Default Gateway is selected in default Auto Failover To The Other WAN Check this button to lead the data passing through other WAN automatically when the sele
361. p static route Destination Address Displays the destination address of the static route Status Displays the status of the static route Dr ay Te k 167 Vigor2925 Series User s Guide Click any underline of index number to get the following page LAN gt Static Route Setup Index Noa 1 Enable Destination IP Address oF Subnet Mask Gateway IP Address Network Interface Available settings are explained as follows Item Description Enable Check it to enable this profile Destination IP Address Type an IP address as the destination of such static route Subnet Mask Type the subnet mask for such static route Network Interface Use the drop down list to specify an interface for such static route LANI LANZ LANS E LAN4 LANS WANT WAN WANS fu After finishing all the settings here please click OK to save the configuration Vigor2925 Series User s Guide 168 Dr ay Tek Static Route for IPv6 You can set up to 40 profiles for IPv6 static route Click the IPv6 tab to open the following page LAN gt gt Static Route Setup IPv4 IPv6 setto Factory Default View IPv6 Routing Table Index Destination Address Status Index Destination Address Status 1 0 x 11 0 x 2 2 0 x 12 2 0 x 3 2 0 x 13 2 0 x 4 0 x 14 0 x j no x 15 0 x 6 2 0 x 16 0 x E 0 x ii 0 x a 2 0 x 16 2 0 x 9 2 0 x 19 2 0 X 10 z0 x 20 2 0 x lt lt 1 20 271 40 Nex
362. plays value for your reference TTL value is set by telnet command After finishing all the settings here please click OK to activate them Vigor2925 Series User s Guide 140 Dray Tek Details Page for IPv6 Offline in WAN1 WAN2 WAN3 When Offline is selected the IPv6 connection will be disabled WAN gt gt Internet Access WAN 1 PPPoE Static or Dynamic IP PPTP IPv6 Internet Access Mode Connection Type Details Page for IPv6 PPP in WAN1 WAN2 During the procedure of IPv4 PPPoE connection we can get the IPv6 Link Local Address between the gateway and Vigor router through IPv6CP Later use DHCPv6 or Accept RA to acquire the IPv6 prefix address such as 2001 B010 7300 200 64 offered by the ISP In addition PCs under LAN also can have the public IPv6 address for Internet access by means of the generated prefix No need to type any other information for PPP mode WAN gt gt Internet Access WAN 1 PPPoE Static or Dynamic IP PPTP IPv6 Internet Access Mode Connection Type PPP ha Note IPv4 WAN setting should be PPPoE client Below shows an example for successful IPv6 connection based on PPP mode Dray Te k 141 Vigor2925 Series User s Guide Online Status Physical Connection System Uptime 0 2 327 IPv4 IPvG LAN Status IP Address 2001 B8010 7300 201 210 44FF FE46 2568 64 Global FESO 210 44FF FE46 2568 64 Link TX Packets RX Packets TX Bytes RX Bytes tg 4 690 328 WAN IPv6
363. pt the items listed in this agreement Draytek can modify or change the content of the items without any reasons tt is E Preferences suggested for you to notice the medications or changes at any time If you still use MyVvigor service after knowing the modifications and changes of this service it means you have read understand and agree to accept the modifications and changes If you do not agree the content of this agreement A please stop using My igor service completion 2 Registration To use this service you have to agree the following conditions a Provide your complete and correct information according to the registration steps of this service Dray Tek 85 Vigor2925 Series User s Guide 5 Type your personal information in this page and then click Continue Register Create an account Please enter personal profile Fiek s marked by are required Account Information Gs UserName Mary Check Account 3 20 characters oo Password a a ee El CSRi 4 20 characters Do notset the same as the usetname Confirm Password PT yt Personal Information E Preterences First Name Mary Last Name Ted E completion Company Name Tech Ltd Email Address mary_ted tech corn F Please note thata valid E mail address is tequired to receive the Subseription Code You will need this code to activate your account Tel o i Country SWITZERLAND Career S
364. pter Test Line 5 Connectinon specific DNS Suffix TP padre y a 192 168571 e TEEGEE rC Ty Ba eet ON S Coe oe k leh Gateway o o sc oe we m a a De beds fe60 250 74ff if eea feels Ethernet adapter DrayTek Virtual Interface Media State a wiere 6 ee a ps a Media ttieconnected From the above figure we can see IPv6 IP address has been captured by the system Use the Ping command to ping any IPv6 address indicating an IPv6 website For example www kame net is a website supporting IPv4 IP and IPv6 IP services Its IPv6 address is seen with a format of 2001 200 dff fff1 216 3eff feb1 44d7 a CAWINDOWS system32 emd exe ox teply from 2001 200 febl 44d7 time 43me teply from 2001 200 dff fff1 216 3eff febl 44d7 time 623mg teply fron 2001 2040 i eff febl 44d7 tine 626ma feply fron 2001 20 gt Aetfi febl 447 tine 6 7ms PEST IRP 2l6 3eff febl 44d7 Packets Sent 4 Received 4 Lost 0 0 loss Approximate round trip tines in willi secends Hinimun 61 mne Maximum 74ans Average 652me C Documents and Settings Owner gt After getting the above message it means the IPv6 service has been activated successfully 55 Vigor2925 Series User s Guide 3 Connect to the website for IPv6 Open a web browser and type an URL of IPv6 e g www kame net If your computer accesses into the website by using IPv6 address you may see a turtle dancing on the screen If not only a steady turt
365. public 0 Available settings are explained as follows Item Enable SNMP Agent Get Community Set Community Manager Host IP IPv4 Manager Host IP IPv6 Trap Community Notification Host IP IPv4 Vigor2925 Series User s Guide Description Check it to enable this function Set the name for getting community by typing a proper character The default setting is public The maximum length of the text is limited to 23 characters Set community by typing a proper name The default setting is private The maximum length of the text is limited to 23 characters Set one host as the manager to execute SNMP function Please type in IPv4 address to specify certain host Set one host as the manager to execute SNMP function Please type in IPv6 address to specify certain host Set trap community by typing a proper name The default setting is public The maximum length of the text is limited to 23 characters Set the IPv4 address of the host that will receive the trap community 98 Dray Tek Notification Host IP Set the IPv6 address of the host that will receive the trap IPv6 community Trap Timeout The default setting is 10 seconds Enable SNMPV3 Agent Check it to enable this function USM User USM means user based security mode Type a username which will be used for authentication The maximum length of the text is limited to 23 characters Auth Algorithm Choose one of the encrypt
366. r drop down list below Active Yes means normal condition No means the state might be disabled or that profile currently is set with Dial in mode for call direction in LAN to LAN Type Display the connection type for that profile such as IPSec PPTP L2TP L2TP over IPSec NICE L2TP over IPSec MUST and so on Memberz2 Display the dial out profile selected from the Member2 drop down list below Advanced This button is only available when there is one or more profiles created in this page Dray Te k 329 Vigor2925 Series User s Guide General Setup Vigor2925 Series User s Guide FPN Load Balance Advance Settings Windows Internet Explorer a a l hitp 192 168 1 1 VPN Load Balance Advance Settings Profile Name Loadbalan1 Load Balance Algorithm Round Robin Weighted Round Robin Auto Weighted Se According to Speed Ratio Member1 Member2 50 50 VPN Load Balance Policy Edit O Insert after Tunnel Bind Table Index 1 64 Active Active v Binding Dial Out Profile 20 i Src IP Start 0 0 0 0 End 255 255 255 255 Dest IP Start 0 0 0 0 End 255 255 255 255 Dest Port Start End Protocol ANY Detail Information VPN Load Balance Profile name Loadbalani A Algorithm Round Robin Detailed information for this dialog see later section Advanced Load Balance and Backup Status After choosing one of the profile listed above ple
367. r Profile Objects Setting gt gt Keyword Object Keyword Object Profiles Index Name Index Name 1 17 2 18 3 19 4 20 5 21 6 22 f 23 8 24 3 25 10 26 ii aT 12 28 13 29 14 30 15 a1 16 32 lt lt 1 32 33 64 65 96 97 128 129 160 161 192 193 200 gt gt Next gt gt Available settings are explained as follows Item Description Set to Factory Default Clear all profiles Index Display the profile number that you can configure Name Display the name of the object profile Dr ay Te k 235 Vigor2925 Series User s Guide To set a new profile please do the steps listed below 1 Click the number e g 1 under Index column for configuration in details 2 The configuration page will be shown as follows Objects Setting Keyword Object Setup Profile Index 1 Name tt y y Contents DLO ef Limit of Contents Max 3 Words and 63 Characters Each word should be separated by a single space You can replace a character with HEX Example Contents backdoo 7 virus keep 200ut Result 1 backdoor 2 virus 3 keep out Available settings are explained as follows Item Description Name Type a name for this profile e g game Type a name for this profile e g game Contents Type the content for such profile For example type gambling as Contents When you browse the webpage the page with gambling information will be watched out and be passed blocked based
368. r data transmission and receiving according to the station capability Such channel can increase the performance for data transit Guard Interval It is to assure the safety of propagation delays and reflections for the sensitive digital data If you choose auto as guard interval the AP router will choose short guard interval increasing the wireless performance or long guard interval for data transmit based on the station capability Aggregation MSDU Aggregation MSDU can combine frames with different Dray Te k 357 Vigor2925 Series User s Guide sizes It is used for improving MAC layer s performance for some brand s clients The default setting is Enable Long Preamble This option is to define the length of the sync field in an 802 11 packet Most modern wireless network uses short preamble with 56 bit sync field instead of long preamble with 128 bit sync field However some original 11b wireless network devices only support long preamble Click Enable to use Long Preamble if needed to communicate with this kind of devices Packet OVERDRIVE This feature can enhance the performance in data transmission about 40 more by checking Tx Burst It is active only when both sides of Access Point and Station in wireless client invoke this function at the same time That is the wireless client must support this feature and invoke the function too Note Vigor N61 wireless adapter supports this function Therefore you can use and i
369. r or set up the IP address of the computer to be the same subnet as the default IP address of Vigor router 192 168 1 1 For the detailed information please refer to the later section Trouble Shooting of the guide 2 Open a web browser on your PC and type http 192 168 1 1 The following window will be open to ask for username and password DrayTek METZA password Login 3 Please type admin admin as the Username Password and click Login Notice If you fail to access to the web configuration please go to Trouble Shooting for detecting and solving your problem Dr ay Tek 13 Vigor2925 Series User s Guide 4 Now the Main Screen will appear DrayTek METTEZ E E j A Dashboard Dashboard ay Rees Tol Vigor2925n Quick Start Wizard a ACT WAN1 QoS SS SS ES DuolWAN Security Route Service Activation Wizard 1 Wireless LAN 7 r VOFFIWPS ms O M gt te Wireless Wizard USB WAN2 WCF k T x N Online Status Eo 2i ainat Reset WLAN VPN DMZ gt ia A WAN WAN2 LAN 1 2 3 4 5 WAN gi uss LAN Load BalanceRoute Policy System Information NAT 9 Model Name 0 0 41 Hoberman RouterName Current Time 2000 Jan 1 Sat 0 0 39 User Management E Oct 9 2013 16 02 43 Objects Setting k 00 1D 4A AC 19 C8 E ser Management CSM Eo IMP2P Block Bandwidth Management IPv4 Internet Access Schedule Applications Linermode IP Address Syslog Malan LEE wan
370. r request However some important and common used menu items which can be accessed in a quick way just for convenience Look at the right side of the Dashboard You will find a group of common used functions grouped under Quick Access System Status ynamic DNS TR 069 User Management IM P2F Block Schedule sysLog Mail Alert RADIUS Firewall Object Setting Data Flow Monitor The function links of System Status Dynamic DDNS TR 069 User Management IM P2P Block Schedule Syslog Mail Alert LDAP RADIUS Firewall Object Setting and Data Flow Monitor are displayed here Move your mouse cursor on any one of the links and click on it The corresponding setting page will be open immediately In addition quick access for VPN security settings such as Remote Dial in User and LAN to LAN are located on the bottom of this page Scroll down the page to find them and use them if required Interface east Cannected 1 Q WwaANi WAND WANG Connected 0 LANL Lan LANS 9LAN4 LANS aoe Connected 0 USB 1 ia 0 OUSE 2 e curity E a Connected 1 Remote Dial in User LAN to LAN Note that there is a plus J icon located on the left side of VPN LAN Click it to review the VPN connection s used presently VPN Connected 1 Remote Dial in User LAN to LAN Current Page 1 Page No Name User Type Security Host IP Up Time V2920 IPsec 3DES 1 72 16 2 145 0 0 20
371. r router Dr ay Te k 155 Vigor2925 Series User s Guide will serve for IP routing to help hosts in the public subnet to communicate with other public hosts or servers outside Therefore the router should be set as the gateway for public hosts Internet Public IP Address cz 220 135 240 207 Private Subn Router IP Wy What is Routing Information Protocol RIP Vigor router will exchange routing information with neighboring routers using the RIP to accomplish IP routing This allows users to change the information of the router such as IP address and the routers will automatically inform for each other What is Static Route When you have several subnets in your LAN sometimes a more effective and quicker way for connection is the Static routes function rather than other method You may simply set rules to forward data from one specified subnet to another specified subnet without the presence of RIP What are Virtual LANs and Rate Control You can group local hosts by physical ports and create up to 4 virtual LANs To manage the communication between different groups please set up rules in Virtual LAN VLAN function and the rate of each Internet i i Pi P2 P3 Pa Vigor2925 Series User s Guide 156 Dr ay Te k 4 2 2 General Setup This page provides you the general settings for LAN Click LAN to open the LAN settings page and choose General Setup There are four subnets provided by the router which a
372. rade Utility or other S3 party TFTP client software Check that the firmware filename is correct Click Upgrade on the Firmware Upgrade Utility ta start the upgrade After the upgrade is compelete the TFTP server will automaticaly stop running Do you want to upgrade firmware Choose the right firmware by clicking Browse Then click Upgrade The system will upgrade the firmware of the router automatically Or click OK The following screen will appear Then execute the firmware upgrade utility System Maintenance gt Firmware Upgrade A TFP server is running Please execute a Firmware Upgrade Utility software to upgrade router s firmware This server will be closed by itself when the firmware upgrading finished Dr ay Tek 403 Vigor2925 Series User s Guide 4 17 13 Activation There are three ways to activate WCF on vigor router using Service Activation Wizard by means of CSM gt gt Web Content Filter Profile or via System Maintenance gt gt Activation After you have finished the setting profiles for WCF refer to Web Content Filter Profile it is the time to activate the mechanism for your computer Click System Maintenance gt gt Activation to open the following page for accessing http myvigor draytek com System Maintenance gt gt Activation Activate via interface auto selected Web Filter License Activate Status Not Activated Authentication Message Note If you want to use email alert or sy
373. rations they can access into WEB interface through admin mode Dr ay Tek 1 Vigor2925 Series User s Guide 1 1 Web Configuration Buttons Explanation Several main buttons appeared on the web pages are defined as the following ots Save and apply current settings Cancel Cancel current settings and recover to the previous saved settings Teei Clear all the selections and parameters settings including selection from drop down list All the values must be reset with factory default settings Add Add new settings for specified item Edit Edit the settings for the selected item Delete Delete the selected item with the corresponding settings Note For the other buttons shown on the web pages please refer to Chapter 3 4 for detailed explanation Vigor2925 Series User s Guide 2 Dr ay Tek 1 2 LED Indicators and Connectors Before you use the Vigor router please get acquainted with the LED indicators and connectors first 1 2 1 For Vigor2925 Mreswr Tol Vigor2925 i e F a amp 8 Buol WAN Security Router p WANI S oman F d i uaa WAN WCF oy i 7 i it USB2 VPN DMZ kaiii awe a USS WANI WAN2 tan T 2 3 3 5 Status Explanation ACT Activity The router is powered on and running normally The router is powered off USB1 USB2 USB device is connected and ready for use Blinking The data is transmitting WANI WAN2 Internet connection is ready Internet connection is not ready The data is transmitting
374. rcuz CJ BaiduHi O Lava Lava O MobileMmSN eMessenger ICQ Jawa IMUnitive O webIM URLs MessengerF Vigor2925 Series User s Guide O Poco PP365 CliChat O Jabber GoogleTalk O GaduGadu O Paltalk O AresChat O aAliww Hispo Ovuc O Fetion Web IM more than one address WebM SH meebo eBuddy ILovwelM ICQ Flash goowy IMhaha getMessenger Wablet mabber MSN2G0 KeollM MessengerAdictos WebYahoo ll 250 COlskype Okubao OcGizmo OSIFRRTE DOTelTel TeamSpeak Dray Tek The items categorized under P2P CSM gt gt APP Enforcement Profile Profile Index 1 Profile Name O O Protocol Misc IM EZE Clear Al Protocol Applications Cl SoulSeek SoulSeek Cl eDonkey eDonkey eMule Shareaza Cl FastTrack KazaA BearShare iMesh Cl OpenFT KCeasy FilePipe Cl Gnutella BearShare Limewire Shareaza Foxy KCeasy oo ees e y y Cl OpenNap Lopster XNap WinLop BitTorrent BitSpirit BitComet Other P2P Applications O xunlei Ovagaa C PP365 O Poco O clubbox Cl Ares ClezPeer Cl Pando Cl Huntmine Cl Kuwo C BitTorrent The items categorized under Misc CSM gt gt APP Enforcement Profile Profile Index 1 Profile Name IM P2P Protocol Misc Select Al ClearAl Tunneling Cisocks4 5 O FGFPNet CIHTTP Proxy OTer Owun Cl SoftEther OMS TEREDO O Wujie UltraSurf Cl Hamachi CI HTTF Tunnel O Fing Tunnel CTinyveN O RealTunnel O oynaPass O ultrawPN Cl Freeu O Skyfire
375. rd Object Objects page within one keyword group All the available Keyword objects that you have created will be shown in this box l K l A wong Click button to add the selected Keyword objects in this box 3 After finishing all the settings please click OK to save the configuration 4 8 9 File Extension Object This page allows you to set eight profiles which will be applied in CSM gt gt URL Content Filter All the files with the extension names specified in these profiles will be processed according to the chosen action Objects Setting gt File Extension Object File Extension Object Profiles Set to Factory Default Profile Name Profile Name ei a Fo m let Available settings are explained as follows Item Description Set to Factory Default Clear all profiles Index Display the profile number that you can configure Name Display the name of the object profile Vigor2925 Series User s Guide 238 Dr ay Tek To set a new profile please do the steps listed below 1 Click the number e g 1 under Profile column for configuration in details 2 The configuration page will be shown as follows Objects Setting gt File Extension Object Setup Profile Index 1 Profile Name Categories File Extensions Image Select All E bmp O dib T gif F Jpeg Jpg jJpg2 jp J pet LC pex CI pic E pict El png E t E tiff Clear All Video Select All O a O avi O mov O mpe O mpeg O
376. rding classes and three levels of drop precedence in each class Vigor routers as edge routers of DS domain shall check the marked DSCP value in the IP header of bypassing traffic thus to allocate certain amount of resource execute appropriate policing classification or scheduling The core routers in the backbone will do the same checking before executing treatments in order to ensure service level consistency throughout the whole QoS enabled network Private Network DS domain 1 DS domain 2 However each node may take different attitude toward packets with high priority marking since it may bind with the business deal of SLA among different DS domain owners It s not easy to achieve deterministic and consistent high priority QoS traffic throughout the whole network with merely Vigor router s effort In the Bandwidth Management menu click Quality of Service to open the web page Vigor2925 Series User s Guide 266 Dr ay Tek Bandwidth Management gt gt Quality of Service General Setup Setto Factory Default 5 n UDP lin Index Status Bandwidth Direction Others Bandwidth Online 2 Control Statistics WAN Disable 100000Kbps 100000Kbps Outbound 25 25 25 25 Inactive Status Setup WAN Disable 100000Kbps 100000Kbps Outbound 25 25 25 25 Inactive Status Setup WANS Disable 100000Kbps 100000Kbps 25 259 25 2556 Inactive Status Setup Class Rule Index Name Rule Service Type Class 1 Edit Class 2 Edit Edit Class
377. ress Destination Port Wise SSL Regular DN Regular Password Note After finishing the configuration of the LDAP profiles they will be listed in the page of VPN and Remote Access gt gt PPP General Setup If you want to use the profiles for VPN authentication check the boxes under PPTP LOAP Profiles in VPN and Remote Access gt gt PPP General Setup first Available settings are explained as follows Dray Tek Item Description Enable Check to enable such function Bind Type There are three types of bind type supported simple Mode Simple Mode Anonymous Regular Mode Simple Mode Just simply do the bind authentication without any search action Anonymous Perform a search action first with Anonymous account then do the bind authentication Regular Mode Mostly it is the same with anonymous mode The different is that the server will firstly check if you have the search authority For the regular mode you ll need to type in the Regular DN and Regular Password Server IP Address Enter the IP address of LDAP server Destination Port Type a port number as the destination port for LDAP server Use SSL Check the box to use the port number specified for SSL 283 Vigor2925 Series User s Guide Regular DN Type this setting if Regular Mode is selected as Bind Type Regular Password Specify a password if Regular Mode is selected as Bind Type After finished the above settings click OK button to save the se
378. rnethv ar General Settings Ethernetival 2 VLAN Header VLAN Tag boo Priority Note Tag value must be set between 14095 and unique for each channel Only one channel can be untagged fequal ta 0 at a time Bridge mode Enable Physical Members lpi pe jp3 ip4 ips Note Pl is reserved for NAT use and cannot be configured for bridge mode Available settings are explained as follows Item Description Multi VLAN Channel Enable Click it to enable the configuration of this 8 9 10 channel Disable Click it to disable the configuration of this channel WAN Type The connections and interfaces created in every channel may select a specific WAN type to be built upon In the Multi VLAN application only the Ethernet WAN type is available The user will be able to select the physical WAN interface the channel shall use here WAN Type General Setting General Settings VLAN Tag Type the value as the VLAN ID number Valid settings are in the range from 1 to 4095 The network traffic flowing on each channel will be identified by the system via their VLAN Tags Channels using the same WAN type may not configure the same VLAN tag value Priority Choose the number to determine the packet priority for such VLAN The range is from 0 to 7 Bridge mode Enable Click it to enable Bridge mode for such channel Physical Members Group the physical ports by checking the corresponding check box es for apply
379. rofile selection please click Next to open the following Dray Tek page VPN and Remote Access gt gt VPN Client Wizard VPN Connection Setting Security ranking 1 is the highest 5 is the lowest L2TP over IPsec IPsec PPTP Encryption L2TP PPTP None Encryption Select VPN Type 295 Throughput ranking 1 is the highest 5 is the lowest L TP IPsec tn fe tu BJ Ht PPTP Encryption LTP over IPsec Nice to Have L TP over IPsec Must L2TP over Psec PPTP Encryption a PPTP None Encryption o a Vigor2925 Series User s Guide In this page you have to select suitable VPN type for the VPN client profile There are six types provided here Different type will lead to different configuration page After making the choices for the client profile please click Next You will see different configurations based on the selection s you made Note The following descriptions for VPN Type are based on the Route Mode specified in LAN to LAN Client Mode Selection When you choose PPTP None Encryption or PPTP Encryption you will see the following graphic VPN and Remote Access gt gt VPN Client Wizard VPN Client PPTP Encryption Settings Profile Name VPN Dial OQut Through WAN First TTT O Always on Server IP Host Name for VPN e g draytek com or 123 45 67 89 Username marketing Password Remote Network IP 192 168 1 6 Remote Network Mask Vigor2925 Series
380. rouped under SSID 1 and SSID 2 at the same time if you check SSID 1 and SSID 2 MAC Address Filter Display all MAC addresses that are edited before Client s MAC Address Manually enter the MAC address of wireless client Apply SSID After entering the client s MAC address check the box of the SSIDs desired to insert this MAC address into their access control list Attribute s Isolate the station from LAN select to isolate the wireless connection of the wireless client of the MAC address from LAN Add Add a new MAC address into the list Delete Delete the selected MAC address in the list Edit Edit the selected MAC address in the list Cancel Give up the access control set up OK Click it to save the access control list Clear All Clean all entries in the MAC address list After finishing all the settings here please click OK to save the configuration Vigor2925 Series User s Guide 350 Dray Tek 4 14 5 WPS WPS Wi Fi Protected Setup provides easy procedure to make network connection between wireless station and wireless access point vigor router with the encryption of WPA and WPA2 Wireless Card Installed Connection viaWPS AD Set SSID and lt gt Encryption WPA WPA2 lt u gt PIN Code Note Such function is available for the wireless station with WPS supported It is the simplest way to build connection between wireless network clients and vigor router Users do not need to select any encrypti
381. rs can handle millions of requests for categorization Note The priority of URL Content Filter is higher than Web Content Filter Dr ay Te k 247 Vigor2925 Series User s Guide 4 9 1 APP Enforcement Profile You can define policy profiles for IM Instant Messenger P2P Peer to Peer Protocol Misc application This page allows you to set 32 profiles for different requirements The APP Enforcement Profile will be applied in Default Rule of Firewall gt gt General Setup for filtering CSM gt gt APP Enforcement Profile APP Enforcement Profile Table Profile k gt k ak k e 4 i I gt la B S S B is is iN ie Ie e e IM l gt Hame Profile Available settings are explained as follows Item Set to Factory Default Profile Name Click the number under Index column for settings in detail Description Clear all profiles le le S gt S e e R ia Jea oa Jha Po Ro IS S S S Display the number of the profile which allows you to click to set different policy Display the name of the APP Enforcement Profile There are four tabs IM P2P Protocol and Misc displayed on this page Each tab will bring out different items that you can choose to disallow people using Vigor2925 Series User s Guide 248 Dray Tek Below shows the items which are categorized under Protocol CSM gt gt APP Enforcement Profile Profile Index 1 Profile
382. rvices is one month Service Activation Wizard Server Enabled DrayTek Service Activation Service Name Start Date Expire Date Status Web Content filter 2013 02 18 2013 03 21 Commtouch Please check if the license fits with the service provider of your signature To ensure normal operation for your router update your signature again is recommended Copyright DrayTek Corp all Rights Reserved Later if you need to extend the license valid time for the same service you can also use the Service Activation Wizard again to reach your goal by clicking the radio button of Formal edition with license key and clicking Next Dr ay Tek 29 Vigor2925 Series User s Guide Service Activation Wizard Select the service type that you want to activate This wizard is used for activating Web Content Filter Please choose the edition you need Finish Cancel Service Activation Wizard Select the service type that you want to activate Please choose the item you want to use WCF service Web Content Filter Commtouch License Agreement Commtouch is the web content filter based on Commtouch operated in the worldwide Enter your License key fo Activation Date 2013 03 22 select Web Content Filter fragFINN License Agreement Enter your License key OoOo O O Activation Date 2013 02 18 select CI have read and accept the above Agreement Please check this box Note The activation date i
383. s 56 SSID1 5G SSID2 56 SSID3 5G SSID4 3G SSID Enable Disable SSID DrayTek 4G C Hide 551D 0 untag Cl From Member Security Settings Set up RADIUS Server if 802 12 is enabled WPA WPA Algorithms TEIP AES TEIPJAES Encryption Key Renewal Interval Seconds PMK Cache Period Miniutes Pre 4uthentication Enable Disable WEP Setup WEP Key if WEP is enabled a02 18 WEP Enable Disable Access Control tee ee Client s MAC Address zt E jsf jf Bandwidth Limit OcEnable Disable Auto Adjustment O Enable Disable Now the AP represented with APSOO_O0507F6EE4980 detected by Vigor router will be applied with the settings modified by Vigor router Dray Tek 123 Vigor2925 Series User s Guide This page is left blank Vigor2925 Series User s Guide 124 Dr ay Te k Advanced Configuration This chapter will guide users to execute advanced full configuration through admin mode operation 1 Open a web browser on your PC and type http 192 168 1 1 The window will ask for typing username and password 2 Please type admin admin on Username Password for administration operation Now the Main Screen will appear Be aware that Admin mode will be displayed on the bottom left side DrayTek ype tee Auto Logout RE Dashboard Dashboard 3 lp Ye LV ad By Pa Quick Start Wizard a ACT WAN1 QoS a ver Duo Service Activation Wizare rons s Wireless Wizard be USB WAN2 WCF Online Status i s j
384. s 192 168 10 1Mocfuser losin w F 3 CI DravTek Group O MRTA O ER mE Login success Dr ay Tek 77 Vigor2925 Series User s Guide Example 2 The system will connect to http www draytek com automatically after logging into Internet successfully 1 In the field of Landing Page please type the words as below lt body stats 1 gt lt script language javascript gt window location http www draytek com lt script gt lt body gt User Management gt General Setup General Setup Mode Notice 1 User Management will refer to active rules in Data Filter as whitelists and blacklists in user based firewall mode 2 Users match the above lists will not be required for authentication The firewall rules policy will still valid 3 Otherwise authentication required for users not matched the above lists The firewall rules designated in the user profile s policy will still valid Landing Page Max 255 characters Preview Setto Factory Default lt body stats li gt lt script langquage javascript gt window location http www draytek com lt script gt lt body gt Clear Cancel 2 Next enable the Landing Page function Open User Management gt User Profile and click one of the index number e g index number 3 links User Management gt gt User Profile User Profile Table Profile Name admin Dial In User efe gt 3 In the following page check the box of Landing page and click
385. s 32 time lt ims time lt ims time lt ims time lt ims time lt ims time lt ims time lt ims time lt ims time lt ims 60 TTL 255 TTL 255 TTL 255 TTL 255 TTL 255 TTL 255 TTL 255 TTL 255 TTL 255 Dray Tek 3 3 How can I get the files from USB storage device connecting to Vigor router Files on USB storage device can be reviewed by opening USB Applicaiton gt gt File Explorer If it is necessary for you to delete copy files on the device or write paste files to the devcie it must be done through SAMBA server or FTP server Samba service is based on the original USB FTP service You will need to setup USB FTP first We would like to give brief instructions on USB FTP setup here 1 Plug the USB device to the USB port on the router Make sure Disk Connected appears on the Connection Status as the figure shown below USB Application gt gt USB Disk Status USB Mass Storage Device Status Connection Status Disk Connected Disconnect USB Disk Write Protect Status Wo Disk Capacity 2009 MB USB Disk Users Connected Refresh Index Service IP Address Port Username Note If the write protect switch of USB disk is turned on the USB disk is in READ ONLY mode No data can be written to it 2 Then please open USB Application gt gt USB General Settings to enable Samba service USB Application gt gt USB General Settings USB General Settings General Settings Simultaneous FTP Connections 5 Maximum 6
386. s Bandwidth ape 1 2 3 Control Statistics WAN Enable 101060 00Kbps 98180 00Kbps Outbound 30 50 15 5 Inactive Status WAN Enable 100000Kbps 100000Kbps Both 25 25 25 255 Inactive Status WAN3 Disable 100000Kbps 100000Kbps 25 259 25 25 Status Inactive Class Rule Index Name Rul Service Type Class 1 E mail Class 2 HTTPS Edi Edit Class 3 x 8 Check Enable UDP Bandwidth Control on the bottom to prevent enormous UDP traffic influent other application Click OK Bandwidth Management gt Quality of Service WAN General Setup Enable the QoS Control BOTH WAN Inbound Bandwidth 100000 Kbps WAN Outbound Bandwidth 100000 Kbps Class Name Reserved bandwidth Ratio E mail 25 le HTTPS 25 ow 5 Others J25 o Limited_bandwidth Ratio 9 Ifthe worker has connected to the headquarter using host to host VPN tunnel Please refer to Chapter 3 VPN for detail instruction he may set up an index for it Enter the Class Name of Index 3 In this index he will set reserved bandwidth for 1 VPN tunnel VPN Tunnel Private Network Cooperate Network 192 168 1 0 192 168 2 0 Vigor2925 Series User s Guide 74 Dr ay Te k Dray Tek 10 Click Edit for Class 3 to open a new window In this index the user will set reserved bandwidth for VPN Bandwidth Management gt gt Quality of Service Class Index 3 Name VPN C Tag packets as Default w NO Status Local Address Remote Address a Service Type CodePoin
387. s brought out by the server automatically and cannot be changed Vigor2925 Series User s Guide 30 Dr ay Te k 2 5 Wireless Wizard Dray Tek The wireless wizard allows you to configure settings specified for a host AP for home use or internal use for a company and specified for a guest AP for any wireless clients accessing into Internet Follow the steps listed below 1 Open Wireless Wizard Dashboard Quick Start Wizard Service Activation Wizard O Wireless Wizard Online Status 2 The screen of wireless wizard will be shown as follows This page will be used for internal users in a company or your home Wireless Wizard Host AP Configuration Name Mode Mixed 11b 11g 11n Channel Channel 6 2437MHz Note The hast AP configured here will be used for home or internal company use Available settings are explained as follows Item Description Name Type the SSID name of this router SSID1 The default name is defined with DratTek Mode At present the router can connect to 11n Only 11g Only Mixed 11b 11g Mixed 1la 11n Mixed 11g 11n and Mixed 11b 11g 11n stations simultaneously Simply choose Mix 11b 11g 11n mode 31 Vigor2925 Series User s Guide Mixed 11b 11g 11n 11g Only 11n Only 2 4 GHz Mixed 11b 11q Mixed 11g 11n i Mixed 11b 11g 41n Channel Means the channel of frequency of the wireless LAN The default channel is 6 You may switch channel if
388. s into next page for configuring port redirection NAT gt gt Port Redirection Index No 1 C Enable Mode Service Name Protocol WAN IP Public Port Private IP Private Port Note In Range Mode the End IP will be calculated automatically once the Public Port and Start IP have been entered Available settings are explained as follows Dr ay Tek 185 Vigor2925 Series User s Guide Item Enable Mode Service Name Protocol WAN IP Public Port Private IP Private Port Description Check this box to enable such port redirection setting Two options Single and Range are provided here for you to choose To set a range for the specific service select Range In Range mode if the public port start port and end port and the starting IP of private IP had been entered the system will calculate and display the ending IP of private IP automatically Enter the description of the specific network service Select the transport layer protocol TCP or UDP Select the WAN IP used for port redirection There are eight WAN IP alias that can be selected and used for port redirection The default setting is All which means all the incoming data from any port will be redirected to specified range of IP address and port Specify which port can be redirected to the specified Private IP and Port of the internal host If you choose Range as the port redirection mode you will see two boxes on this field Simply type the req
389. s of this service it means you have read understand and agree to accept the modifications and changes If you do not agree the content of this agreement please stop using Myvigor service 2 Registration To use this service you have to agree the following conditions a Provide your complete and correct information according to the registration steps of this service 3 Type your personal information in this page and then click Continue Register Create an account Please enter personal profile Fields marked by are required Account Information UserName May sd Check Account acen ES occo Password aa 4 20 characters Do not set the same as the username Confirm Password sooo Personal Information First Name Mary Last Name Ted Company Name Tech Ltd E Please note that a valid E mail address is required to receive the Subscription Code You will need this code to activate your account Tel 0 Country SWITZERLAND v Career Supervisor v 4 Choose proper selection for your computer and click Continue Create an account Please enter personal profile Dray Tek Gasreement Personal Information Sdcomptetion How did you find out about this website Internet e What kind of anti virus do you use Antivir vv would like to subscribe to the MyVigor e letter would like to receive DrayTek product news
390. same Internet connection via Vigor wireless router The General Settings will set up the information of this wireless network including its SSID as identification located channel etc Vigor2925 Series User s Guide 342 Dr ay Tek Internet SSID Draytek Channel 6 Mode WEP only 192 168 1 1 Multiple SSIDs Vigor router supports four SSID settings for wireless connections Each SSID can be defined with different name and download upload rate for selecting by stations connected to the router wirelessly Security Overview Real time Hardware Encryption Vigor Router is equipped with a hardware AES encryption engine so it can apply the highest protection to your data without influencing user experience Complete Security Standard Selection To ensure the security and privacy of your wireless communication we provide several prevailing standards on market WEP Wired Equivalent Privacy is a legacy method to encrypt each frame transmitted via radio using either a 64 bit or 128 bit key Usually access point will preset a set of four keys and it will communicate with each station using only one out of the four keys WPA Wi Fi Protected Access the most dominating security mechanism in industry is separated into two categories WPA personal or called WPA Pre Share Key WPA PSK and WPA Enterprise or called WPA 802 1x Dray Te k 343 Vigor2925 Series User s Guide In WPA Personal a pre defined key is used for encryption during
391. ser s Guide 7 After finished the settings click OK to return to previous page You have finished the configuration of the notification object profile setting Object Settings gt gt Notification Object Setto Factory Default Index Profile Name Settings 1 WAN_Notify WAN Pi iP Pe eS 8 Now open Application gt gt SMS Mail Alert Service Use the drop down list to choose SMS Provider and the Notify Profile specify the time of sending SMS Then type the phone number in the field of Recipient the one who will receive the SMS Application gt gt SMS Mail Alert Service SMS Provider Mail Server Setto Factory Default Index SMS Provider Recipient Notify Profile schedule 1 15 1 1 Local number 0912345678 1 WAN_Notify J 20 it 30 ot 40 O o 5 O o 6 O O o 70 O o 8 OO o 20 O I 1 O O o 9 Click OK to save the settings Later if one of the WAN connections fails in your router the system will send out SMS to the phone number specified If the router has only one WAN interface the system will send out SMS to the phone number while reconnecting the WAN interface successfully Vigor2925 Series User s Guide 82 Dr ay Tek Remark How the customize the SMS Provider Choose one of the Index numbers 9 or 10 allowing you to customize the SMS Provider In the web page type the URL string of the SMS provider and type the username and password After clicking OK the new added SMS provider
392. server binding client Index IPv6 Address MAC Address Leased Time Refresh Available settings are explained as follows Item Description Index It displays the connection item number IP Address It displays the IP address assigned by this router for specified PC MAC Address It displays the MAC address for the specified PC that DHCP assigned IP address for it Leased Time It displays the leased time of the specified PC HOST ID It displays the host ID name of the specified PC Refresh Click it to reload the page Dr ay Te k 409 Vigor2925 Series User s Guide 4 18 6 NAT Sessions Table Click Diagnostics and click NAT Sessions Table to open the list page Diagnostics gt NAT Sessions Table NAT Active Sessions Table Refresh Private IP Port Pseudo Port 192 10Geiei1 2431 24 939 93 189 192 160 1 11 2493 20T 46 25 2 192 1656 1 10 3079 207 46 5 10 Available settings are explained as follows Item Description Private IP Port It indicates the source IP address and port of local PC Pseudo Port It indicates the temporary port of the router used for NAT Peer IP Port It indicates the destination IP address and port of remote host Interface It displays the representing number for different interface Refresh Click it to reload the page Vigor2925 Series User s Guide 410 Dr ay Tek 4 18 7 Ping Diagnosis Click Diagnostics and click Ping Diagnosis to pen the web page Diagnostics gt gt Ping Diagn
393. sh Seconds Choose the time for refresh the dial information among 5 10 and 30 Refresh Click this button to refresh the whole connection Status 4 13 Certificate Management A digital certificate works as an electronic ID which is issued by a certification authority CA It contains information such as your name a serial number expiration dates etc and the digital signature of the certificate issuing authority so that a recipient can verify that the certificate is real Here Vigor router support digital certificates conforming to standard X 509 Any entity wants to utilize digital certificates should first request a certificate issued by a CA server It should also retrieve certificates of other trusted CA servers so it can authenticate the peer with certificates issued by those trusted CA servers Here you can manage generate and manage the local digital certificates and set trusted CA certificates Remember to adjust the time of Vigor router before using the certificate so that you can get the correct valid period of certificate Below shows the menu items for Certificate Management ocal Certificate Trt ted CA Certificate 4 13 1 Local Certificate Certificate Management gt Local Certificate X309 Local Certificate Configuration Name Subject Status Modify GENERATE IMPORT REFRESH Available settings are explained as follows Item Description Generate Click this button to open Generate Certificate Request
394. sic Concepts Over recent years the market for wireless communications has enjoyed tremendous growth Wireless technology now reaches or is capable of reaching virtually every location on the surface of the earth Hundreds of millions of people exchange information every day via wireless communication products The Vigor n model a k a Vigor wireless router is designed for maximum flexibility and efficiency of a small office home Any authorized staff can bring a built in WLAN client PDA or notebook into a meeting room for conference without laying a clot of LAN cable or drilling holes everywhere Wireless LAN enables high mobility so WLAN users can simultaneously access all LAN facilities just like on a wired LAN as well as Internet access The Vigor wireless routers are equipped with a wireless LAN interface compliant with the standard IEEE 802 11n draft 2 protocol To boost its performance further the Vigor Router is also loaded with advanced wireless technology to lift up data rate up to 300 Mbps Hence you can finally smoothly enjoy stream music and video Note The actual data throughput will vary according to the network conditions and environmental factors including volume of network traffic network overhead and building materials In an Infrastructure Mode of wireless network Vigor wireless router plays a role as an Access Point AP connecting to lots of wireless clients or Stations STA All the STAs will share the
395. simplest form each of the Gigabit LAN ports can be isolated from each other for example to feed different companies or departments but keeping their local traffic completely separated To add or remove a VLAN please refer to the following example 1 If VLAN 0 is consisted of hosts linked to P1 and P2 and VLAN 1 is consisted of hosts linked to P3 and P4 VLANO and VLAN are configured with different subnets g E HO SOE 0 00 203060 Vigor2925 Series User s Guide 174 Dr ay Tek 2 After checking the box to enable VLAN function you will check the table according to the needs as shown below Click OK to save the settings LAN gt gt VLAN Configuration VLAN Configuration Enable m D Wireless LAN P5 SSID1 SSID2 SSID3 SSID4 Subnet Enable A d d d O k 3 a OS bfe E k i N Emi t T 2 2 4 m gmi mN gnm e lt oooaqqadg 000000 oooaa 00000 0000 aB a el el le l l ae e l l e be 4 Permit untagged device in Pl ta access router 1 Tag based LAN only applied for LAN Ports 2 The checked Wireless LAN SSID will not has YLAN tagging function but regarded as joining VLAN group 3 The set VLAN ID YID must be unique and not duplicate The Vigor router also supports up to six private IP subnets on the LAN Each can be independent isolated or common able to communicate with each other This is ideal for departmental or multi oc
396. slog Enable URL Access Control Check the box to activate URL Access Control Note that the priority for URL Access Control is higher than Restrict Web Feature If the web content match the setting set in URL Access Control the router will execute the action specified in this field and ignore the action specified under Restrict Web Feature Prevent web access from IP address Check the box to deny any web surfing activity using IP address such as http 202 6 3 2 The reason for this is to prevent someone dodges the URL Access Control You must clear your browser cache first so that the URL content filtering facility operates properly on a web page that you visited before Action This setting is available only when Either URL Access Control First or Either Web Feature First is selected Pass Allow accessing into the corresponding webpage with the keywords listed on the box below Block Restrict accessing into the corresponding webpage with the keywords listed on the box below If the web pages do not match with the keyword set here it will be processed with reverse action Action ass Block Group Object Selections The Vigor router provides several frames for users to define keywords and each frame a Dray Tek Dray Tek Web Feature supports multiple keywords The keyword could be a noun a partial noun or a complete URL string Multiple keywords within a frame are separated by space comma or sem
397. slog please configure the SysLoq Mail Alert Setup page If you change the service provider the configuration of the function will be reset OK Cancel Available settings are explained as follows Item Description Activate via Interface Choose WAN interface used by such device for activating Web Content Filter Activate via interface auto selected auto selected WAN 1 WAN 2 WAN 3 Activate The Activate link brings you accessing into www vigorpro com to finish the activation of the account and the router Authentication Message As for authentication information of web filter the process of authenticating will be displayed on this field for your reference Vigor2925 Series User s Guide 404 Dr ay Tek Below shows the successful activation of Web Content Filter System Maintenance gt gt Activation Activate via interface auto selected ha Web Filter License Activate Status Commtouch Start Date 2013 02 25 Expire Date 2013 03 27 Authentication Message Note If you want to use email alert or syslog please configure the SysLog Mail Alert Setup page If you change the service provider the configuration of the function will be reset 4 18 Diagnostics Diagnostic Tools provide a useful way to view or diagnose the status of your Vigor router Below shows the menu items for Diagnostics Diagnostics Dray Tek 405 Vigor2925 Series User s Guide 4 18 1 Dial out Triggering Click Diagno
398. specific host name or specific MAC address please enter it in Host Name optional MAC 10 aa as B7 6A optional Available settings are explained as follows Item Description Host Name Type the name of the host Note The maximum length of the host name you can set is Dr ay Tek 23 Vigor2925 Series User s Guide 39 characters MAC Some Cable service providers specify a specific MAC address for access authentication In such cases you need to enter the MAC address Back Click it to return to previous setting page Next Click it to get into the next setting page Cancel Click it to give up the quick start wizard 3 After finished the settings above click Next for viewing summary of such connection Quick Start Wizard Please confirm your settings WAN Interface WAN Physical Mode Ethernet Physical Type Auto negotiation Internet Access DHCP Click Back to modify changes if necessary Otherwise click Finish to save the current settings and restart the Vigor router 4 Click Finish A page of Quick Start Wizard Setup OK will appear Then the system status of this protocol will be shown Quick Start Wizard Setup OK 5 Now you can enjoy surfing on the Internet Vigor2925 Series User s Guide 24 Dr ay Tek 2 3 2 For WANS USB WANS is dedicated to physical mode in USB If WAN3 is selected it is not necessary for you to type any information for such connection 1 Choose WAN3
399. st Subject Name First Local Certificate IPsec Security Method Medium AH High ESP Username Password Remote Network IP Remote Network Mask Available settings are explained as follows VPN 2 WANT First v i 77 Item Description Profile Name Type a name for such profile The length of the file is limited to 10 characters VPN Dial Out Through WAN Only WAN First WAN Only WANT Only WAN2 Only WANS First WANS Only Backup WAN Backup WANT Use the drop down menu to choose a proper WAN interface for this profile This setting is useful for dial out only a WANI First WAN2 First WANS First While connecting the router will use WAN1 WAN2 WANS3 as the first channel for VPN connection If WANI WAN2 WANS3 fails the router will use another WAN interface instead WANI Only WAN2 Only WAN 3 Only While Vigor2925 Series User s Guide 298 Dray Tek Dray Tek Always On Server IP Host Name for VPN IKE Authentication Method Digital Signature X 509 IPSec Security Method User Name Password Remote Network IP Remote Network Mask connecting the router will use WAN1 WAN2 WANS3 as the only channel for VPN connection WAN I Only Backup WAN2 While connecting the router will use WAN2 for VPN connection If WAN2 fails the router will use backup WAN 1 interface instead WAN2 Only Backup WANI While connecting the router will use WANI for
400. st Station List provides the knowledge of connecting wireless clients now along with its status code There is a code summary below for explanation For convenient Access Control you can select a WLAN station and click Add to Access Control below Wireless LAN gt gt Station List Station List Status MAC Address Associated with Status Codes Connected No encryption Connected WEP Connected WPA Connected WPA 2 Blocked by Access Control Connecting Fail to pass WPA PSK authentication T ZOPUMS Note After a station connects to the router successfully it may be turned off without notice In that case it will still be on the list until the connection expires Addto Access Control Client s MAC address yeh Jef deh deh Ee Add Available settings are explained as follows Item Description Refresh Click this button to refresh the status of station list Add Click this button to add current typed MAC address into Access Control Vigor2925 Series User s Guide 362 Dr ay Tek 4 15 SSL VPN An SSL VPN Secure Sockets Layer virtual private network is a form of VPN that can be used with a standard Web browser There are two benefits that SSL VPN provides gt Itis not necessary for users to preinstall VPN client software for executing SSL VPN connection gt There are less restrictions for the data encrypted through SSL VPN in comparing with traditional VPN 4 15 1 General S
401. st is used as the name of Class Index 1 Bandwidth Management gt Quality of Service Class Index 1 Name Cl Tag packets as Default v Status Local Address Remote Address DiffServ CodePoint Service Type Empty z 3 For adding a new rule click Add to open the following page Bandwidth Management gt Quality of Service Rule Edit ACT C Hardware Acceleration Ethernet Type 1Pv4 IPv6 Local Address Remote Address DiffServ CodePoaint ANY Service Type Predefined w Note Please choose setup the Service Type first Vigor2925 Series User s Guide 270 Dr ay Te k Available settings are explained as follows Item Description ACT Check this box to invoke these settings Hardware Check this box to enable the hardware acceleration when Acceleration such rule is applied Ethernet Type Please specify which protocol IPv4 or IPv6 will be used for this rule Local Address Click the Edit button to set the local IP address on LAN for the rule Remote Address Click the Edit button to set the remote IP address on LAN WAN for the rule E hitp 192_168_1_1 doc QosIpEdt htm Microsoft Internet Explorer Address Type subnet Address i Start IP Address 0 0 0 0 End IP Address Subnet Mask 0 0 0 0 ee Address Type Determine the address type for the source address For Single Address you have to fill in Start IP address For Range Address you have to fill in Star
402. st Setup WAN WAN 2 Enable OTETA Dray Tek WAN WANS Private IP 0 0 0 0 Choose PC 189 Vigor2925 Series User s Guide If you previously have set up WAN Alias for PPPoE or Static or Dynamic IP mode in WAN2 interface you will find them in Aux WAN IP for your selection NAT gt DMZ Host Setup DMZ Host Setup WANT WAN WANS WAN 2 Index Enable Aux WAN IP Private IP 2 19 168 1 45 0 0 0 0 Choose PC Available settings are explained as follows Item Description Enable Check to enable the DMZ Host function Private IP Enter the private IP address of the DMZ host or click Choose PC to select one Choose PC Click this button and then a window will automatically pop up as depicted below The window consists of a list of private IP addresses of all hosts in your LAN network Select one private IP address in the list to be the DMZ host E http DER 132 168 110 132 168 118 When you have selected one private IP from the above dialog the IP address will be shown on the following screen Click OK to save the setting NAT gt gt DMZ Host Setup DMZ Host Setup WAN1 WAN2 WAN3 WAN 2 Index Enable Aux WAN IP Private IP 1 O 2 192 168 1 45 192 168 1 10 After finishing all the settings here please click OK to save the configuration Vigor2925 Series User s Guide 190 Dr ay Tek 4 4 3 Open Ports Open Ports allows you to open a range of ports for the traffic of special applicatio
403. st be authenticated with the correct username and password to have the right of sending message out Check the box to enable the function Username Type a name for authentication The maximum length of the name you can set is 31 characters Password Type a password for authentication The maximum length of the password you can set is 31 characters Define the interval for the system to send the SMS out 3 After finishing all the settings here please click OK to save the configuration 4 8 11 Notification Object Object Settings gt SMS Mail Service Object SMS Provider Index ay ie Mail Server Set to Factory Default Profile Name Mail Notify This page allows you to set ten profiles which will be applied in Application gt gt SMS Mail Alert Service You can set an object with different monitoring situation Object Settings gt Notification Object Index Joo e I IN a Set to Factory Default Profile Name Settings Each item is explained as follows Dray Tek Item Set to Factory Default Index Profile Settings Description Clear all of the settings and return to factory default settings Display the profile number that you can configure Display the name for such mail server profile Display the category selected for such profile 245 Vigor2925 Series User s Guide To set a new profile please do the steps listed below 1 Open Object Setting gt gt Notific
404. stics and click Dial out Triggering to open the web page The internet connection e g PPPoE is triggered by a package sending from the source IP address Diagnostics gt Dial out Triggering Dial out Triggered Packet Header Refresh HEX Format 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Decoded Format 0 0 0 0 gt 0 0 0 0 Pr 0 len 0 0 Available settings are explained as follows Item Description Decoded Format It shows the source IP address local destination IP remote address the protocol and length of the package Refresh Click it to reload the page Vigor2925 Series User s Guide 406 Dr ay Tek 4 18 2 Routing Table Click Diagnostics and click Routing Table to open the web page Diagnostics gt gt View Routing Table Current Running Routing Table IPv6 Routing Table C connected 5 static R RIP default private 197 166 1 0 255 255 2455 0 directly connected LANI Refresh Diagnostics gt gt View Routing Table Current Running Routing Table IPv Routing Table Refresh Destination Interface Flags Metric Next Hop FEGO 64 LAN U 256 FFOO 6 LAN U 256 Available settings are explained as follows Item Description Refresh C
405. sword Periodic Inform Settings Disable Enable Interval Time STUN Settings Disable Enable Server Address Server Port Internet PO PO pos i Moor ooo eesseese 300 second s a Bars Minimum Keep Alive Period bo o second s Maximum Keep Alive Period I seconds Available settings are explained as follows Item ACS Server On ACS Server CPE Client Periodic Inform Settings Dray Tek Description Choose the interface for the router connecting to ACS server URL Username Password Such data must be typed according to the ACS Auto Configuration Server you want to link Please refer to Auto Configuration Server user s manual for detailed information Such information is useful for Auto Configuration Server Enable Disable Allow Deny the CPE Client to connect with Auto Configuration Server Port Sometimes port conflict might be occurred To solve such problem you might change port number for CPE The default setting is Enable Please set interval time or schedule time for the router to send notification to CPE Or 385 Vigor2925 Series User s Guide click Disable to close the mechanism of notification STUN Settings The default is Disable If you click Enable please type the relational settings listed below Server IP Type the IP address of the STUN server Server Port Type the port number of the STUN server Minimum Keep Alive Period If STUN
406. t Details Page Click it to access into the setting page Each LAN will have different LAN configuration page Each LAN must be configured in different subnet IP v6 Click it to access into the settings page of IPv6 157 Vigor2925 Series User s Guide Advanced DHCP packets can be processed by adding option number and data information when such function is enabled LAN gt gt General Setup DHCP Options Status Enable Disable Options List Index Option Number Ascii Hex Data Option Number DataType Ascii Hex Example of Hex Data Type Input Format Oxff 0x00 OxcO Oxa8 Data Aaa Note Maximum number of custom DHCP option is five Enable Disable Enable Disable the function of DHCP Option Each DHCP option is composed by an option number with data For example Option number 100 Data abcd When such function is enabled the specified values for DHCP option will be seen in DHCP reply packets Option Number Type a number for such function DataType Choose the type ASCII or Hex for the data to be stored Data Type the content of the data to be processed by the function of DHCP option Force router to use DNS Force Vigor router to use DNS servers configured in server IP address LAN1 LAN2 LAN3 LAN4 LANS instead of DNS servers given by the Internet Access server PPPoE PPTP L2TP or DHCP server Inter LAN Routing Check the box to link two or more different subnets L
407. t gt Quality of Service Class Index 1 Name Eo DiffServ NO Status Local Address Remote Address CodePoint Service Type 172 16 1 240 i ct F 5 i aT i Active 17 16 1 241 Any ANY ANY 8 Do the same steps to add class rules for IPTV and Data Email with IP addresses as shown below Bandwidth Management gt Quality of Service Class Index 2 Name Tag packets as DiffServ NO Status Local Address Remote Address CodePoint Service Type 10 Active ies ea cacao Any ANY ANY 172 16 1 249 Bandwidth Management gt gt Quality of Service Class Index 3 DiffServ CodePoint 10 Active Any Any IP precedence 2 ANY NO Status Local Address Remote Address Service Type Vigor2925 Series User s Guide 70 Dr ay Te k 9 Assuming you get 2MB 512Kb Internet line You can click the Setup link of WANI to set up the bandwidth for different groups among VoIP IPTV and Data Email Bandwidth Management gt Quality of Service General Setup Index Status Bandwidth WAN Disable 101060 00Kbps 98180 00Kbps WAN Disable 100000Kbps 100000Kbps WANS Disable 100000Kbps 100000Kbps Class Rule Index Name Class 1 VoIP Class 2 IPTV Class 3 Data Email Direction Setto Factory Default UDP Class Class rig Others Ban dwi dth Pace Control 25 25 25 25 Inactive Status 25 25 25 25 Inactive Status Seter 25 25 25 25 Inactive Status Setup Rule Service Typ
408. t 1 Empty 11 Click Add to open the following window Check the ACT box first Bandwidth Management gt Quality of Service Rule Edit ama iaae H ACT Ethernet Type IPv4 OIPv6 Local Address Remote Address DiffServ CodePaint Service Type 12 Then click Edit of Local Address to set a worker s subnet address Click Edit of Remote Address to set headquarter s IP address Leave other fields and click OK 73 Vigor2925 Series User s Guide 3 7 How to use Landing Page Feature Landing Page is a special feature configured under User Management It can specify the message content to be seen or specify which website to be accessed into when users try to access into the Internet by passing the authentication Here we take Vigor2925 series router as an example Example 1 Users can see the message for landing page after logging into Internet successfully 1 Open the web user interface of Vigor2925 2 Open User Management gt General Setup to get the following page In the field of Landing Page please type the words of Login Success Please note that the maximum number of characters to be typed here is 255 User Management gt gt General Setup General Setup Mode Notice 1 User Management will refer to active rules in Data Filter as whitelists and blacklists in user based firewall mode 2 Users match the above lists will not be required for authentication The firewall rules poli
409. t MIGTMA0GCS gGs Ibs DORR AGUALAGNADCBICRBgGoChobgdDLIFEUwooucgHYPuqila Ra uaSChd 4 hmwJ VohmkeFRYRUZSPTulltayyPEH61M2 cHDLRUJhOnENAGH luvsen3u k 2rU0MNp2 IF pbnd fom bue2 61011 Evi trv xIgk CMhdpsql0rGcikenssoyr uz THogY Ek 7Gadw6fOIDAgabosawDOYIKos lhycNiOEFBOADGYEABLiNMne zHeRdu EZOT EtPJakhyo2VEooYTYOxdxublrhVadhyT SWqht yai DLAVSIOVIPssTze94Ddcen yOlrbh Zos6lsxcuck TOG IMByYOLubchHHRYRaxi2 RTNOYOICRscyvIMExx 4 pnb IaNeOlwGz 1Z BhlnYkz2F Q8uzZ1IsXxyY J Note You have to copy the certificate request information from above window Next access your CA server and enter the page of certificate request copy the information into Vigor2925 Series User s Guide 340 Dr ay Tek it and submit a request A new certificate will be issued to you by the CA server You can save it Delete Click this button to remove the selected certificate 4 13 2 Trusted CA Certificate Trusted CA certificate lists three sets of trusted CA certificate Cerificate Management gt Trusted CA Certificate X309 Trusted CA Certificate Configuration Name Subject Status Modify Trusted CA 1 nan Trusted CA 2 pas rom Trusted CA 3 che nee IMPORT REFRESH To import a pre saved trusted CA certificate please click IMPORT to open the following window Use Browse to find out the saved text file Then click Import The one you imported will be listed on the Trusted CA Certificate window Then click Import to use the pre saved file Certif
410. t Status v Active x Inactive Empty Each item 1s explained as follows Item Description Set to Factory Default Clear all of the settings and return to factory default settings Viewing IPv6 Routing Displays the routing table for your reference Table Index The number 1 to 40 under Index allows you to open next page to set up static route Destination Address Displays the destination address of the static route Status Displays the status of the static route Click any underline of index number to get the following page LAN gt Static Route Setup Index Na 1 Enable Network Interface LAN we Available settings are explained as follows Item Description Enable Check it to enable this profile Dr ay Te k 169 Vigor2925 Series User s Guide Destination IPv6 Address Type the IP address with the prefix length for this entry Prefix Len Gateway IPv6 Address Type the gateway address for this entry Network Interface Use the drop down list to specify an interface for this static route LAN i JWAN1T H WAN2 WAN pas After finishing all the settings here please click OK to save the configuration Add Static Routes to Private and Public Networks based on IPv4 Here is an example based on Pv4 of setting Static Route in Main Router so that user A and B locating in different subnet can talk to each other via the router Assuming the Internet access has been configured and the rou
411. t for building VPN connection Remote Network Mask Please type the network mask according to the real location of the remote host for building VPN connection 3 After finishing the configuration please click Next The confirmation page will be shown as follows If there is no problem you can click one of the radio buttons listed on the page and click Finish to execute the next action VPN and Remote Access gt gt VPN Server Wizard Please Confirm Your Settings VPN Environment Remote Access VPN Host to LAN Index 2 Username ae Authentication Type Local User Database Allowed Service IPsec Peer IP VPN Client IP 192 168 1 100 Peer ID David Click Back to modify changes if necessary Otherwise click Finish to save the current settings and proceed to the following action Go to the VPN Connection Management Do another VPN Server Wizard setup View more detailed configurations Available settings are explained as follows Item Description Go to the VPN Click this radio button to access VPN and Remote Connection Access gt gt Connection Management for viewing VPN Management Connection status Do another VPN Click this radio button to set another profile of VPN Server Server Wizard Setup through VPN Server Wizard View more detailed Click this radio button to access VPN and Remote configuration Access gt gt LAN to LAN for viewing detailed configuration Dray Te k 305 Vigor2925 Series User s
412. t IP address and End IP address For Subnet Address you have to fill in Start IP address and Subnet Mask DiffServ CodePoint All the packets of data will be divided with different levels and will be processed according to the level type by the system Please assign one of the levels of the data for processing with QoS control Service Type It determines the service type of the data for processing with QoS control It can also be edited You can choose the predefined service type from the Service Type drop down list Those types are predefined in factory Simply choose the one that you want for using by current QoS 4 After finishing all the settings here please click OK to save the configuration Dray Te k 271 Vigor2925 Series User s Guide By the way you can set up to 20 rules for one Class If you want to edit an existed rule please select the radio button of that one and click Edit to open the rule edit page for modification Bandwidth Management gt Quality of Service Class Index 1 Name CI Tag packets as NO Status Local Address Remote Address DiffServ Code Point Service Type 10 Active Any Any ANY ANY 20 Active 192 168 1 12 192 168 1 56 ANY ANY Edit the Service Type for Class Rule 1 To add a new service type edit or delete an existed service type please click the Edit link under Service Type field Bandwidth Management gt gt Quality of Service General Setup Set to Factory Default pis pa ee UD
413. t is connected with 10 100Mbps The port is connected The port is disconnected The data is transmitting The port is connected with 1000Mbps The port is connected with 10 100Mbps 5 Vigor2925 Series User s Guide Mre Tol Vigor2925n i Ee he Del ttt Soctitp Frou Wirotees LAH 4 OWOFFWPS ct wani Gos aam i a joe e u 3B WANI WCF WLAN VPH DMZ USB Interface Description Wireless LAN Press Wireless LAN ON OFF WPS button once to wait for client ON OFF WPS device making network connection through WPS Press Wireless LAN ON OFF WPS button twice to enable WLAN LED on or disable WLAN LED off wireless connection Factory Reset Restore the default settings Usage Turn on the router ACT LED is blinking Press the hole and keep for more than 5 seconds When you see the ACT LED begins to blink rapidly than usual release the button Then the router will restart with the factory default configuration USB1 USB2 Connecter for a USB device for 3G USB Modem or printer WANI WAN2 Connecter for local network devices or modem for accessing Internet LAN1I LAN5 Connecters for local network devices PWR Connecter for a power adapter ON OFF Power Switch Vigor2925 Series User s Guide 6 Dr ay Tek 1 3 Hardware Installation Before starting to configure the router you have to connect your devices correctly 1 Connect the cable Modem DSL Modem Media Converter to any WAN port of router with Ethernet cable RJ 45
414. t the cookie transmission from inside to outside world to protect the local user s privacy Proxy Check the box to reject any proxy transmission To control efficiently the limited bandwidth usage it will be of great value to provide the blocking mechanism that filters out the multimedia files downloading from web pages Upload Check the box to block the file upload by way of web page File Extension Profile Choose one of the profiles that you configured in Object Setting gt gt File Extension 255 Vigor2925 Series User s Guide Objects previously for passing or blocking the file downloading File Extension Profile None After finishing all the settings please click OK to save the configuration 4 9 3 Web Content Filter Profile There are three ways to activate WCF on vigor router using Service Activation Wizard by means of CSM gt gt Web Content Filter Profile or via System Maintenance gt gt Activation Service Activation Wizard allows you to use trial version or update the license of WCF directly without accessing into the server My Vigor located on http myvigor draytek com However if you use the Web Content Filter Profile page to activate WCF feature it is necessary for you to access into the server My Vigor located on http myvigor draytek com Therefore you need to register an account on http myvigor draytek com for using corresponding service Please refer to section of creating My Vigor
415. tal signature authentication Fill each necessary field to authenticate the remote peer The following explanation will guide you to fill all the necessary fields Vigor2925 Series User s Guide 310 Dr ay Tek VPN and Remote Access gt gt Psec Peer Identity Profile Index 4 Profile Name ere Enable this account Accept Any Peer ID Accept Subject Alternative Name Accept Subject Name Country C State ST Po Location L PT Orginization 0 Po Orginization Unit OU Po Common Name CN Po Email E E Available settings are explained as follows Item Description Profile Name Type the name of the profile The maximum length of the name you can set is 32 characters Enable this account Check it to enable such account profile Accept Any Peer ID Click to accept any peer regardless of its identity Accept Subject Click to check one specific field of digital signature to Alternative Name accept the peer with matching value The field can be IP Address Domain or E mail Address The box under the Type will appear according to the type you select and ask you to fill in corresponding setting Accept Subject Name Click to check the specific fields of digital signature to accept the peer with matching value The field includes Country C State ST Location L Organization O Organization Unit OU Common Name CN and Email E After finishing all the settings here please click OK to s
416. ted in CSM gt gt URL Content Filter for applying with this router Please set at least one profile for choosing in CSM gt gt URL Content Filter web page first Or choose Create New from the drop down list in this page to create a new profile For troubleshooting needs you can specify to record information for URL Content Filter by checking the Log box It will be sent to Syslog server Please refer to section Syslog Mail Alert for more detailed information Select one of the URL Content Filter profile settings created in CSM gt gt URL Content Filter for applying with this router Please set at least one profile for choosing in CSM gt gt URL Content Filter web page first Or choose Create New from the drop down list in this page to create a new profile For troubleshooting needs you can specify to record information for URL Content Filter by checking the Log box It will be sent to Syslog server Please refer to section Syslog Mail Alert for more detailed information Select one of the Web Content Filter profile settings created in CSM gt gt Web Content Filter for applying with this router Please set at least one profile for anti virus in CSM gt gt Web Content Filter web page first Or choose Create New from the drop down list in this page to create a new profile For troubleshooting needs you can specify to record information for Web Content Filter by checking the Log box It will be sent to Syslog server Please refer to
417. tem Information IPv4 Internet Access IPv6 Internet Access Interface physical connection Security and Quick Access Click Dashboard from the main menu on the left side of the main page Dashboard Quick Start Wizard Service Activation Wizard Wireless Wizard Online Status A web page with default selections will be displayed on the screen Refer to the following figure Dashboard ACT WANT QoS ee ee ee Dual WAN Security Router F s oo USB WAN2 WCF ME i Factory a l j achary 2 4 d 4 Reset WLAN VPN DMZ Wiralasse LAN OMAR WPS USE WAMI WAN LAN System Information Quick Access 0 38 33 System Status fRouterName SSS S Curent Time PO Jan A Sat Oa Dynamic DNS Oct 9 2013 16 02 43 00 1D A4 AC 19 CB SSS gement IPv4 Internet Access Schedule sid WANT Ethemet Disconnected 00 1D AA AC 19 C9 wanz Ethernet Disconnected 00 1D AA AC 19 CA rRADWS WANS USB OU 1D 44 AC 15 CB 00 00 00 Firewall Object Setting Data Flow Monitor IPv6 Internet Access Mode Address C d Scope UpTime _ RADWD DHCPy FE80 21D 44FF FESC 19c8 64 Link f Interface Connected O WANI WAN WANG 3 LAN Connected 0 LANI LANZ LANZ LAN4 LANS 3 WLAN Connected 0 Connected 0 JSE 1 Vigor2925 Series User s Guide 34 Dr ay Te k 2 6 1 Virtual Panel On the top of the Dashboard a virtual panel simulating the physical panel of the router displays the physical
418. ter In addition users must execute Connect manually in SSL Client Portal page SSL if you choose such selection web proxy over SSL will be applied for VPN After finishing all the settings here please click OK to save the configuration 4 15 3 SSL Application It provides a secure and flexible solution for network resources including VNC Virtual Network Computer RDP Remote Desktop Protocol SAMBA to any remote user with access to Internet and a web browser SSL VPN gt SSL Application SSL Applications Profiles Setto Factory Default Index Name Host Address Service Active 4 x Z x 3 X 4 x j x 6 x T X x g x 10 x Each item is explained as follows Item Description Name Display the application name of the profile that you create Host Address Display the IP address for VNC RDP or SAMBA path Service Display the type of the service selected e g VNC RDP SAMBA Active Display current status active or inactive of the selected profile Dray Te k 365 Vigor2925 Series User s Guide To create a new SSL application profile 1 Click number link under Index filed to set detailed configuration SSLVPN gt gt SSL Application SSL Applications Profiles Index Name Ho e Te i 2 The following page will appear SSL VPN gt SSL Application Profile Index 1 LJ Enable Application Service Application Name Application Virtual Network Computing VNC co Please S
419. ter works properly use the Main Router to surf the Internet create a private subnet 192 168 10 0 using an internal Router A 192 168 1 2 create a public subnet 211 100 88 0 via an internal Router B 192 168 1 3 have set Main Router 192 168 1 1 as the default gateway for the Router A 192 168 1 2 Before setting Static Route user A cannot talk to user B for Router A can only forward recognized packets to its default gateway Main Router Internet Set Static Route Router C Router 192 158 1 2 Gateway 192 168 1 1 E Vigor2925 Series User s Guide 170 Dr ay Te k 1 Goto LAN page and click General Setup select Ist Subnet as the RIP Protocol Control Then click the OK button Note There are two reasons that we have to apply RIP Protocol Control on Ist Subnet The first is that the LAN interface can exchange RIP packets with the neighboring routers via the Ist subnet 192 168 1 0 24 The second is that those hosts on the internal private subnets ex 192 168 10 0 24 can access the Internet via the router and continuously exchange of IP routing information with different subnets 2 Click the LAN gt gt Static Route and click on the Index Number 1 Check the Enable box Please add a static route as shown below which regulates all packets destined to 192 168 10 0 will be forwarded to 192 168 1 2 Click OK LAN gt Static Route Setup Index No 1 Enable Destination IP Address Subnet Mask
420. ternet via your ISP It means that the public IP address assigned to your router changes each time you access the Internet The Dynamic DNS feature lets you assign a domain name to a dynamic WAN IP address It allows the router to update its online WAN IP address mappings on the specified Dynamic DNS server Once the router is online you will be able to use the registered domain name to access the router or internal virtual servers from the Internet It is particularly helpful if you host a web server FTP server or other server behind the router Before you use the Dynamic DNS feature you have to apply for free DDNS service to the DDNS service providers The router provides up to three accounts from three different DDNS service providers Basically Vigor routers are compatible with the DDNS services supplied by most popular DDNS service providers such as www dyndns org www no ip com www dtdns com www changeip com www dynamic nameserver com You should visit their websites to register your own domain name for the router Enable the Function and Add a Dynamic DNS Account 1 Assume you have a registered domain name from the DDNS provider say hostname dyndns org and an account with username test and password test Vigor2925 Series User s Guide 274 Dr ay Te k 2 Inthe DDNS setup menu check Enable Dynamic DNS Setup Applications gt gt Dynamic DNS Setup Dynamic DNS Setup Setto Factory Default Auto Update interval Minfs 1 14
421. terval of refreshing data flow that will be done by the system automatically Pefresh Seconds Refresh Click this link to refresh this page manually Index Display the number of the data flow Profile Display the users which connect to Vigor router currently You can click the link under the username to open the user profile setting page for that user IP Address Display the IP address of the device Last Login Time Display the login time that such user connects to the router last time Expired Time Display the expired time of the network connection for the user Vigor2925 Series User s Guide 224 Dr ay Te k Data Quota Display the quota for data transmission Idle Time Display the idle timeout setting for such profile Action Block can prevent specified user accessing into Internet Unblock the user will be blocked Logout the user will be logged out forcefully 4 8 Objects Settings For IPs in a range and service ports in a limited range usually will be applied in configuring router s settings therefore we can define them with objects and bind them with groups for using conveniently Later we can select that object group that can apply it For example all the IPs in the same department can be defined with an IP object a range of IP address lail Service Object 4 8 1 IP Object You can set up to 192 sets of IP Objects with different conditions Objects Setting gt IP Object IP O
422. th different passwords However we recommend you to use different usernames for different user profiles in User Management and VPN profiles 113 Vigor2925 Series User s Guide Authentication via Telnet The LAN clients can also authenticate their accounts via telnet 1 Telnet to the router s LAN IP address and input the account name for the authentication Telnet 192 16811 5 xl Account user e E 2 Type the password for authentication and press Enter The message User login successful will be displayed with the expired time if configured becountiuaer faoomea rea KER EE Jger login successful expired time ig Unlimited Note Here expired time is Unlimited means the Time Quota function is not enabled for this account After login this account will not be expired until it is logout 3 In the Web interface of router the configuration page of Time Quota is shown as below User Management gt gt User Profile Profile Index 3 Enable this account User Name Password Confirm Password Idle Timeout mints O Unlimited Max User Login O Unlimited Policy Default The selection of items could be created as rules and which not set to active External Server Authentication Pop Browser Tracking Window Authentication Web Alert Tool Telnet Landing Page Index 1 15 in Schedule Setup Reset quota to default when scheduling time expired C Enable Default
423. the Firewall policy will break down the connections of all current users They all have to authenticate again for Internet access E The administrator may check the current users from User Online Status page Vigor2925 Series User s Guide 116 Dr ay Tek User Management gt gt User Online Status Current Time 01 01 00 44 08 Refresh Seconds Page Refresh Index Profile IP Address User Last Login Time Expired Time Data Quota Idle Time Action 1 admin 192 168 1 10 admin 01 01 00 28 10 Unlimited Unlimited Unlimited Block Logout 2 user 192 168 1 10 useri 02 22 01 59 14 01 59 47 Unlimited 00 00 13 BlockLogout Total Number 1 Dr ay Tek 117 Vigor2925 Series User s Guide 3 15 How to use DNS Filter The DNS Filter monitors DNS queries on UDP port 53 and will pass the DNS query information to the WCF web content filter to help with categorizing HTTPS URL s Note For DNS filter must use the WCF service profile to filter the packets therefore WCF license must be activated first Otherwise DNS filter does not have any effect on packets In the following example we will block search engine e g www google com and social networking website e g https facebook com 1 Open CSM gt gt Web Content Filter Profile to set the categories Make sure WCE License has already been activated CSM gt Web Content Filter Profile oO Web Filter License Activate Status Commtouch Start Date 2013 10 26 Expire Date 2013 11
424. the selected channel is under serious interference If you have no idea of choosing the frequency please select Auto to let system determine for you Password The wireless mode offered by this wizard is WPA2 PSK The WPA encrypts each frame transmitted from the radio using the key which either PSK Pre Shared Key entered manually in this field below or automatically negotiated via 802 1x authentication Either 8 63 ASCII characters such as 012345678 or 64 Hexadecimal digits leading by Ox such as 0x321253abcde Next Click it to get into the next setting page Cancel Exit the wireless wizard without saving any changes 3 After typing the required information click Next The settings in the page limit the wireless station guest accessing into Internet but not being allowed to share the LAN network and VPN connection Wireless Wizard Guest AP Configuration Enable Disable Name DrayTek_Guest_carrie Password carie12345 Rate Control H Enable Upload 30000 kbps Download 30000 kbps Note The configured guest AP will not be able to access the LAN network VPN connections or communicate with wireless devices connecting to the router s other APs This AP interface shall be used for Internet access only Available settings are explained as follows Item Description Enable Disable Click it to enable or disable settings in this page Name Type the SSID name of this router SSID2 Vigor2925 Series
425. ther markup tags such as p font or img can be used Dr ay Tek 391 Vigor2925 Series User s Guide 4 17 6 Configuration Backup Backup the Configuration Follow the steps below to backup your configuration 1 Goto System Maintenance gt gt Configuration Backup The following windows will be popped up as shown below System Maintenance gt Configuration Backup Configuration Backup Restoration Restoration Select a configuration file Oooo cl Click Restore to upload the file Backup Click Backup to download current running configurations as a file 2 Click Backup button to get into the following dialog Click Save button to open another dialog for saving configuration as a file File Download 1P You are downloading the file config chg From 192 168 1 1 Would you like to open the file or save it toa your computer Always ask before opening this type of file 3 In Save As dialog the default filename is config cfg You could give it another name by yourself my Documents id My Computer My Recent Emy Network Places Documents i Ry5 COM Lite v2k2_232_ config 1 M Documents y v2ke_250_config_1 My Computer File name config Bd My Network Save as type Configuration file j Vigor2925 Series User s Guide 392 Dr ay Te k Dray Tek 4 Click Save button the configuration will download automatically to your computer as a file named config cfg The above example is usi
426. tidaadmmaMaguesininennsledunnsundweednanaeeanas 17 PSL FO WAN U E a E E 25 24 S6rvic Activation WV ZAC sae sdearastcuassanveneavasumcnsevtetiasaensearesnandarovsedearareaaravasnaisatrsnemaiamene 27 BO NV E VV IZ AN arcades tee exces E EE S E A EE ede E E S 31 2 6 Introducing DASNDOAIC ccccseeecceeeceeeeeceaeeeeeeeeeeeeseeeeesaeeeeeeeeeeaeeeeessaeeeeeessaaeeeeeessaeeeeeeneas 34 26 1 Vinya Pane ennnen rE NE EEEE N ai 35 2 6 2 Name with a LINK ccc ecccceccccceeceeceeeeeeececeeeeeseeeeeseueeeseucessaseeseaeeeseaeeseeeesaueessueeessneeeees 35 2 6 3 Quick Access for COMMON Used MENu cccccccccccceccssssssseeecececeeecceeeeeeeaaaaeeseeeeceeseeeeeess 36 Oe ON IV aia seen esrigadwoosicrengesd E A A ETSA EE E densi 37 VV SDC ONS ONS A E E E atta E E A EE fonnn A AE E seater osbeoss 38 200 Conid BACKUP eee eee ce eee ee eee ee eee eee eee 39 2 OS Ola WG p E e E E EEA 40 ZF l Physical CONNECCION aescgness asta ciestons dasavceacen nsen aianei ienien Raie iTia 40 PRE NTT NAN oaa ET E sdicanstannases 42 PA Se RST ELEELE AE E E EEE E E ENE EE O E T 42 2 9 Registering Vigor Router esacers nearer csachtatsntatcindeanbeod sada ceantantsadndeeetintapeeietncuetaatantsinied elainetseteais 43 Tutorials and Applications wiccecs cect scccenetcecceantcangecsicesteesiee cueuisecesweceacesmaseadens 47 3 1 How to configure settings for IPV6 Service in ViQOr2925 ceeeeeeeeeeeceeeeeeeeeeeeeeeeeaaaneeeeeeees 47 3 2 How to establish OpenVPN host to
427. tings Index 1 15 in Schedule Setup Obtain an IP address automatically bf b L 4 Specify an IP address IP Address MTU 1492 Max 1460 Subnet Mask Available settings are explained as follows Dray Tek Item Description PPTP L2TP Enable PPTP Click this radio button to enable a PPTP client to establish a tunnel to a DSL modem on the WAN interface Enable L2TP Click this radio button to enable a L2TP client to establish a tunnel to a DSL modem on the WAN interface Disable Click this radio button to close the connection through PPTP or L2TP Server Address Specify the IP address of the PPTP L2TP server if you enable PPTP L2TP client mode Specify Gateway IP Address Specify the gateway IP 137 Vigor2925 Series User s Guide ISP Access Setup MTU PPP Setup IP Address Assignment Method IPCP WAN IP Network Settings Vigor2925 Series User s Guide address for DHCP server Username Type in the username provided by ISP in this field The maximum length of the user name you can set is 63 characters Password Type in the password provided by ISP in this field The maximum length of the password you can set is 62 characters Index 1 15 in Schedule Setup You can type in four sets of time schedule for your request All the schedules can be set previously in Application gt gt Schedule web page and you can use the number that you have set in that web page It means
428. tings are explained as follows Item Description User account and Enable this account Check the box to enable this function Authentication Idle Timeout If the dial in user is idle over the limitation of the timer the router will drop this connection By default the Idle Timeout is set to 300 seconds Allowed Dial In Type PPTP Allow the remote dial in user to make a PPTP VPN connection through the Internet You should set the User Name and Password of remote dial in user below IPSec Tunnel Allow the remote dial in user to make an IPSec VPN connection through Internet L2TP with IPSec Policy Allow the remote dial in user to make a L2TP VPN connection through the Internet You can select to use L2TP alone or with IPSec Select from below None Do not apply the IPSec policy Accordingly the VPN connection employed the L2TP without IPSec policy can be viewed as one pure L2TP connection Nice to Have Apply the IPSec policy first if it is applicable during negotiation Otherwise the dial in VPN connection becomes one pure L2TP connection Dray Te k 369 Vigor2925 Series User s Guide Item Subnet User Name Password Enable Mobile One Time Passwords Vigor2925 Series User s Guide Description Must Specify the IPSec policy to be definitely applied on the L2TP connection SSL Tunnel It allows the remote dial in user to make an SSL VPN Tunnel connection through Internet suitable for the applic
429. tion Multi VLAN Channel Enable Click it to enable the configuration of this 5 6 7 channel Disable Click it to disable the configuration of this channel WAN Type The connections and interfaces created in every channel may select a specific WAN type to be built upon In the Multi VLAN application only the Ethernet WAN type is available The user will be able to select the physical WAN interface the channel shall use here WAN Type Ethernet VWWANZ be Etherneti at AN2 General Setting Vigor2925 Series User s Guide 152 Dr ay Tek General Settings VLAN Tag Type the value as the VLAN ID number Valid settings are in the range from 1 to 4095 The network traffic flowing on each channel will be identified by the system via their VLAN Tags Channels using the same WAN type may not configure the same VLAN tag value Priority Choose the number to determine the packet priority for such VLAN The range is from 0 to 7 Open Port based Bridge The settings here will create a bridge between the LAN Connection for this ports selected and the WAN The WAN interface of the Channel bridge connection will be built upon the WAN type selected using the VLAN tag configured Physical Members Group the physical ports by checking the corresponding check box es for applying the port based bridge connection Open WAN Interface for Check the box to enable relating function this Channel WAN Application Management ca
430. tion please contact to your ISP The maximum length of the string you can set is 47 characters APN means Access Point Name which is provided and required by some ISPs Type the name and click Apply The maximum length of the name you can set 1s 43 characters The initial string is shared with APN In some cases user may need another initial AT command to restrict 3G band or do any special settings The maximum length of the string you can set is 47 characters Such value is used to dial through USB mode Please use the default value If you have any question please contact to your ISP The maximum length of the string you can set is 31 characters Type the PPP username optional The maximum length of the name you can set is 63 characters Type the PPP password optional The maximum length of the password you can set is 62 characters Select PAP only or PAP or CHAP for PPP You can type in four sets of time schedule for your request All the schedules can be set previously in Application gt gt Schedule web page and you can use the number that you have set in that web page Such function allows you to verify whether network connection is alive or not through ARP Detect or Ping Detect Mode Choose ARP Detect or Ping Detect for the system to execute for WAN detection Ping IP If you choose Ping Detect as detection mode you have to type IP address in this field for pinging TTL Time to Live Dis
431. tion algorithm from Data Encryption Standard DES Triple DES 3DES and AES Local ID Specify a local ID to be used for Dial in setting in the LAN to LAN Profile setup This item is optional and can be used only in IKE aggressive mode After finishing all the settings here please click OK to save the configuration Dr ay Te k 371 Vigor2925 Series User s Guide 4 15 5 User Group There are 10 user group profiles which can be created for authentication by LDAP server Such profiles will be used by applications such as User Management VPN and etc SSL VPN gt User Group SSL User Group Profiles Set to Factory Default Index Name Status x k i es e m re PP ee e AO Fe A Re A A FO MA A Each item is explained as follows Item Description Set to Factory Default Click to clear all indexes Index Display the number of the client which connecting to FTP server Name Display the name of the group profile Click any index number link to open the following page for detailed configuration SSL VPN gt User Group Index No 1 Enable Group Name 3SL_group1 Access Authority L SSL Web Proxy L SSL Application Authentication Methods C Local User DataBase Available User Accounts Selected User Accounts L J CO RADIUS L LDAP Active Directory Vigor2925 Series User s Guide 372 Dr ay Tek Available settings are explained as follows Item Description Enable Check this bo
432. tion setting in Edit Filter Rule then all the IP addresses specified with LAN DMZ RT VPN interface will be opened for you to choose in Edit Filter Rule page Determine the address type for the IP address Select Single Address if this object contains one IP address only Select Range Address if this object contains several IPs within a range Select Subnet Address if this object contains one subnet 26 Dray Tek Dray Tek for IP address Select Any Address if this object contains any IP address Select Mac Address if this object contains Mac address Range Address Any Address single Address Range Address oubnet Address Mac Address MAC Address Type the MAC address of the network card which will be controlled Start IP Address Type the start IP address for Single Address type End IP Address Type the end IP address if the Range Address type is selected Subnet Mask Type the subnet mask if the Subnet Address type is selected Invert Selection If it is checked all the IP addresses except the ones listed above will be applied later while it is chosen After finishing all the settings here please click OK to save the configuration Below is an example of IP objects settings Objects Setting gt IP Object IP Object Profiles Index Name Index 1 RD Department 1r 2 Financial Dept 18 a HR Department 19 4 20 5 21 227 Vigor2925 Series User s Guide 4 8 2 IP Group This page allows you to
433. to 11 characters VJ Compression VJ Compression is used for TCP IP protocol header compression This field is applicable when you select PPTP or L2TP with or without IPSec policy above IKE Authentication Method This group of fields is applicable for IPSec Tunnels and L2TP with IPSec Policy when you specify the IP address of the remote node The only exception is Digital Signature X 509 can be set when you select IPSec tunnel either with or without specify the IP address of the remote node Pre Shared Key Check the box of Pre Shared Key to invoke this function and type in the required characters 1 63 as the pre shared key Digital Signature X 509 Check the box of Digital Signature to invoke this function and select one predefined Profiles set in the VPN and Remote Access gt gt IPSec Peer Identity Local ID Specify which one will be inspected first Alternative Subject Name First The alternative subject name configured in Certificate Management gt gt Local Certificate will be inspected first E Subject Name First The subject name configured in Certificate Management gt gt Local Certificate will be inspected first IPSec Security Method This group of fields is a must for IPSec Tunnels and L2TP with IPSec Policy when you specify the remote node Medium Authentication Header AH means data will be authenticated but not be encrypted By default this option is active z DrayTek
434. to connect to the access point 2 Subnet Click Enable to enable the second subnet Mode Specify a connection mode for wireless network Channel Specify a channel for the wirelss connection WMM To apply WMM parameters for wireless data transmission please click the Enable radio button Tx Power The default setting is the maximum 100 m DrayTek Lower down the value may degrade range and throughput of wireless Cancel Cancel the setting configured on this page Next Access into the next setting page 3 Type the required information and click Next to open next page You can configure the settings for SSID1 SSID2 SSID3 and SSID4 respectively External Device gt gt Access Point Devices SSID1 SSID2 SSID3 SSID4 Active Enable Disable DrayTek C Hide SSID VLAN o O untag Isolate From LAN From member Security Setting Set up RADIUS Server if 802 1 is enabled WPA WPA Algorithms TKIP SES TEIP AES Pass Phrase Encryption Key Renewal Interval o Seconds PRE Cache Period bo Miniutes Pre 4uthenticatian Enable Disable WEP Setup WEP Key if WEP is enabled 802 1 WEP Enable Disable Access Control Mode Mone yt eee ee Client s MAC Address fl ie m isle Bandwidth Limit Status OQ Enable Disable Auto Adjustment Enable Disable Available settings are explained as follows Item Description SSID Active Click Enable to activate such SSID setting
435. to get into the next setting page Click it to give up the quick start wizard 20 Dray Tek 3 Please type in the IP address mask gateway information originally provided by your ISP Then click Next for viewing summary of such connection Quick Start Wizard Please confirm your settings WAN Interface WAN Physical Mode Ethernet Physical Type Auto negotiation Internet Access PPTP Click Back to modify changes if necessary Otherwise click Finish to save the current settings and restart the Vigor router 4 Click Finish A page of Quick Start Wizard Setup OK will appear Then the system status of this protocol will be shown Quick Start Wizard Setup OK 5 Now you can enjoy surfing on the Internet Static IP 1 Choose WAN2 as the WAN Interface and click the Next button The following page will be open for you to specify Internet Access Type Quick Start Wizard Connect to Internet WAN 2 Select one of the following Internet Access types provided by your ISP PPPoE PPTP L2TP Static IP DHCP Dr ay Tek 21 Vigor2925 Series User s Guide 2 Click Static IP as the Internet Access type Simply click Next to continue Quick Start Wizard Static IP Client Mode WAN 2 Enter the Static IP configuration provided by your ISP WAN 1P Subnet Mask 255 255 7550 Primary DNS fs Available settings are explained as follows Item Description WAN IP Type the IP address Subnet Mask Type the sub
436. tor Be reminded that in Network Information select the network adapter used to connect to the router Otherwise you won t succeed in retrieving information from the router 395 Vigor2925 Series User s Guide Dray Tek Syslog Utility 172 16 3 130 J WAN Information TX Rate RX Rate eem Edf r Log Filter Keyword Apply to FS eee Tool Setup Telnet Read out Setup Codepage Information Recovery Network Information Net State Firewall Host Name carrie 0c7cb251 NIC Description Atheros 4R8121 4R6113 4R8114 PCI E Ethernet Controller Packet Scheduh v System NIC Information On Line Routers MAC Address E0 CB 4E DA 48 79 IP Address Mask MAC 192 168 1 5 255 255 25 O0 50 7F CD 0 IP Address 192 168 1 10 v Subnet Mask 255 255 255 0 DNS Servers 88 44 88 8 8 Default Geteway 192 168 1 5 DHCP Server 192 168 1 5 Lease Obtained Tue Aug 27 00 04 10 2013 Lease Expires Fri 4ug 30 00 04 10 2013 Refresh lw til A Vigor2925 Series User s Guide 396 Dray Tek 4 17 8 Time and Date It allows you to specify where the time of the router should be inquired from System Maintenance gt Time and Date Time Information Current System Time 2000 Jan 2 Sun 19 12 4 Time Setup Use Browser Time Use Internet Time Time Server pool ntp org Time Zone GMT Greenwich Mean Time Dub
437. ttings Profiles You can configure eight AD LDAP profiles These profiles would be used with User Management for different purposes in management Applications gt gt Active Directory LDAP Active Directory LDAP Setto Factory Default Active Directory General Setup LDAP Profiles Index Name Distinguished Name 1 2 3 4 J 6 i 8 Note After finishing the configuration of the LDAP profiles they will be listed in the page of VPN and Remote Access gt gt PPP General Setup If you want to use the profiles for VPN authentication check the boxes under PPTP LDAP Profiles in VPN and Remote Access gt gt PPP General Setup first Click any index number link to open the following page Applications gt gt Active Directory LDAP gt gt Server Profiles Index No 1 Name RD1 Common Name Identifier Base Distinguished Name Po A Additional Filter Po Note Please type in your additional filter for BaseDN search request For example 1 For OpenLDAP gidNumber 500 2 For AD msNPAllowDialin TRUE Available settings are explained as follows Vigor2925 Series User s Guide 284 Dr ay Tek Item Description Name Type a name for such profile Common Name Type or edit the common name identifier for the LDAP server Identifier The common name identifier for most LDAP server is cn Base Distinguished Type or edit the distinguished name used to look up entries on Name Group the LDAP server
438. ttings are explained as follows Dray Tek Item Description Enable Click it to enable VLAN configuration LAN P1 P5 Check the LAN port s to be grouped under the selected VLAN Wireless LAN SSID1 SSID4 Check the SSID boxes to group them under the selected VLAN Subnet Choose one of them to make the selected VLAN mapping to the specified subnet only For example LAN1 is specified for VLANO It means that PCs grouped under VLANO can get the IP address es that specified by the subnet Subnet VLAN Tag Enable Check the box to enable the function of VLAN with tag The router will add specific VLAN number to all packets on the LAN while sending them out 173 Vigor2925 Series User s Guide Please type the tag value and specify the priority for the packets sending by LAN VID Type the value as the VLAN ID number The range is form 0 to 4095 Priority Type the packet priority number for such VLAN The range is from 0 to 7 Permit untagged device in It can help users to communicate with the router still even P1 to access router though configuring wrong VLAN tag setting For Vigor router has one LAN physical port only it is recommended to enable the management port LAN 1 to ensure the data transmission is unimpeded Note Leave one VLAN untagged at least to prevent from not connecting to Vigor router due to unexpected error Vigor2925 series features a hugely flexible VLAN system In its
439. u can enable disable one of direction here Herein we provide four options TX RX Both TX Only RX Only and Disable From first subnet to remote network you have to do If the remote network only allows you to dial in with single IP please choose NAT otherwise choose Route Change default route to this VPN tunnel Check this box to change the default route with this VPN tunnel 2 After finishing all the settings here please click OK to save the configuration Vigor2925 Series User s Guide 326 Dray Tek 4 12 10 VPN TRUNK Management VPN trunk includes four features VPN Backup VPN load balance GRE over IPSec and Binding tunnel policy Features of VPN TRUNK VPN Backup Mechanism VPN TRUNK Management is a backup mechanism which can set multiple VPN tunnels as backup tunnel It can assure the network connection not to be cut off due to network environment blocked by any reason gt VPN TRUNK VPN Backup mechanism can judge abnormal situation for the environment of VPN server and correct it to complete the backup of VPN Tunnel in real time gt VPN TRUNK VPN Backup mechanism is compliant with all WAN modes single multi gt Dial out connection types contain IPSec PPTP L2TP L2TP over IPSec and ISDN depends on hardware specification gt The web page is simple to understand and easy to configure gt Filly compliant with VPN Server LAN Sit Single Multi Network gt Mail Alert support please refer to Syst
440. u to upgrade firmware for your purchased product and receive news about upcoming products and services Usertlame james fae Auth Code t xxhdd Ifyou cannot read the word click here Forgotten password Dont have a MyVYigeor Account Y Create an account now lf you are having difficulty logging in contact aur customer service Customer Senmice 88613 507 2727 or Dr ay Tek 43 Vigor2925 Series User s Guide 4 The following page will be displayed after you logging in MyVigor From this page please click Add or Product Registration D My Information Sarar SE Welcome james_fae Product Last Login Time 2011 08 24 09 39 13 Last Login From 123 110 144 220 O My Information Current Login Time 2011 08 24 23 01 15 re VigorACS SI Current Login From 114 37 142 164 i RowNo 5 w PageNo a Vigor Series Your Device List Q Management serial Number D N Product Host ID evice Name Mar Sia 104001703857 Vigor2710 Vigor2710 i Customer survey 200807100001 VigorPro5300 VigorPro5300 200911030001 ryan YigorPro5300 5 When the following page appears please type in Nickname for the router and choose the right registration date from the popup calendar it appears when you click on the box of Registration Date After adding the basic information for the router please click Submit DrayTek D about Us Product G My Information VigorACS SI Vigor Series Q Management Prod
441. uct Registration d Customer Survey Vigor2925 Series User s Guide Serial number Nickname vigor2925 Registration Date 08 24 2011 Usage Select 4 Select Your opinion so far Select In total within your company Product Rating No of Employees Supplier Le Where you bought it from Date of Purchase Ji mmedd yyyy Internet Connection O Cable O ADSL O VDSL O Fiber O 3G CO WiMAX O LTE 44 Dray Tek 6 When the following page appears your router information has been added to the database Your device has been successtully added to the database 7 Now you have finished the product registration 8 After clicking OK you will see the following page Your router has been registered to myvigor website successfully If you have not activated web content filter service by using Service Activation Wizard you can activate the service from this step Please click the serial number link Dray Tek My latormmation D About Us Welcome draytekiac Product Last Login Time 2011 08 24 09 39 13 Last Login From 123 110 144 220 J My Information Current Login Time 2011 08 24 23 01 15 Current Login From 114 377 142 184 aaia RowNo 5 PageNo 2 Y Vigor Series Your Device List Q Management Serial Number HostiO Device Name Model 2 Customer Survey 3 Neto 20100707 4480 Vigor300V Vigor3300 2010070810530 Vigor2620 Vigor2620
442. uired number on the first box The second one will be assigned automatically later Specify the private IP address of the internal host providing the service If you choose Range as the port redirection mode you will see two boxes on this field Type a complete IP address in the first box as the starting point and the fourth digits in the second box as the end point Specify the private port number of the service offered by the internal host After finishing all the settings here please click OK to save the configuration Note that the router has its own built in services servers such as Telnet HTTP and FTP etc Since the common port numbers of these services servers are all the same you may need to reset the router in order to avoid confliction For example the built in web user interface in the router is with default port 80 which may conflict with the web server in the local network http 192 168 1 13 80 Therefore you need to change the router s http port to any one other than the default port 80 to avoid conflict such as 8080 This can be set in the System Maintenance gt gt Management Setup You then will access the admin screen of by suffixing the IP address with 8080 e g http 192 168 1 1 8080 instead of port 80 Vigor2925 Series User s Guide 8 Dray Tek System Maintenance gt Management IPv4 Management Setup IPv6 Management Setup User Define Ports Default Ports Management Access Control T
443. ules out of the 15 schedules pre defined in Applications gt gt Schedule setup The default setting of this field is blank and the function will always work Vigor2925 Series User s Guide 322 Dr ay Tek 3 Dial In Settings Allowed Dial In Type Username TT PPTP Password Doo tCisdC IPsec Tunnel VJ Compression on off L2TP with IPsec Policy IKE Authentication Method L Specify Remote VPN Gateway Pre Shared Key Peer VPN Server IP vared Key fs fe LI Digital Signature x 509 orPeerID o Local ID Alternative Subject Name First Subject Name First IPsec Security Method Medium AH High ESP DES 3DES AES 4 Gre over IPsec Settings Cl Enable IPsec Dial Out function GRE over IPsec O Logical Traffic My GRE P PeercREmP 9 TCPAP Network Settings My WAN IP 0 0 0 0 RIP Direction Remote Gateway IP ooon From first subnet to remote network youhawe to do Route Remote Network IP 0 0 0 0 EEE ETNE Mas EA Change default route to this VPN tunrel Only Local Network IP 192 168 1 1 single WAN supports this Local Network Mask 255 255 25560 More Available settings are explained as follows Item Description Dial In Settings Allowed Dial In Type Determine the dial in connection with different types PPTP Allow the remote dial in user to make a PPTP VPN connection through the Internet You should set the User Name and Password of remote dial in user below IPSec Tu
444. unction The Vigor router will ignore any broadcasting ICMP echo request Check the box to enforce the Vigor router not to forward any trace route packets Check the box to activate the Block SYN fragment function The Vigor router will drop any packets having SYN flag and more fragment bit set Check the box to activate the Block fraggle Attack function 24 Dray Tek Block TCP flag scan Block Tear Drop Block Ping of Death Block ICMP Fragment Block Unassigned Numbers Warning Messages Dray Tek Any broadcast UDP packets received from the Internet is blocked Activating the DoS DDoS defense functionality might block some legal packets For example when you activate the fraggle attack defense all broadcast UDP packets coming from the Internet are blocked Therefore the RIP packets from the Internet might be dropped Check the box to activate the Block TCP flag scan function Any TCP packet with anomaly flag setting is dropped Those scanning activities include no flag scan FIN without ACK scan SYN FINscan Xmas scan and full Xmas scan Check the box to activate the Block Tear Drop function Many machines may crash when receiving ICMP datagrams packets that exceed the maximum length To avoid this type of attack the Vigor router is designed to be capable of discarding any fragmented ICMP packets with a length greater than 1024 octets Check the box to activate the Block Ping of Death function This attack i
445. upervisor vl 6 Choose proper selection for your computer and click Continue Create an account Please enter personal profile How did you find out about this website Internet v Gaareement What kind of anti virus do you use Antivir v would like to subscribe to the MyVigor e letter v Personal yeg Information would like to receive DrayTek product news Please select the mail server for receiving the Global Server YW Scompierion Vigor2925 Series User s Guide 86 Dr ay Te k 7 Now you have created an account successfully Click START Create an account Please enter personal profile Completion Gs reement A confirmation email has been sent to mary_ted tech com Please click on the activation link in the email Personal Information to activate your account E Preferences START 8 Check to see the confirmation email with the title of New Account Confirmation Letter from myvigor draytek com wkk This is an automated message trom myvigor draytek com Thank you Mary for creating an account Please click on the activation link below to actrvate your account Link Activate my Account 9 Click the Activate my Account link to enable the account that you created The following screen will be shown to verify the register process is finished Please click Login Register Search for this site YY Register Confirm Thank for your register in VigerPro Web Site The Register process is
446. user1 to login Log On As oe Either the server does not allow anonymous logins or the e mail address was not accepted FTF server 192 168 1 1 User name Password After vou log on you can add this server to vaur Favorites and return to it easily FTF does not encrypt or encode passwords or data before sending them to the server To protect the security of your passwords and data use Web Folders CW eboa instead Learn more about using Web Folders Log on anonymously Save password Vigor2925 Series User s Guide 62 Dr ay Tek When the following screen appears it means the FTP service is running properly File Edit View Favorites Tools Help pack sz gt a gp Search gt Folders EBk b B tempstorage iTunesSetu wlc 1 1 5 wi Other Places FinalDataEn opkg install 2 Internet Explorer My Documents cy Shared Documents a My Network Places EN EN EN a r a a 115 bmp 12 Always Air supply lost Crystal Open mp3 inlove mpS Flower mp3 Return to USB Application gt gt USB Disk Status The information for FTP server will be shown as below USB Application gt USB Disk Status USB Mass Storage Device Status Disconnect USB Disk Connection Status Disk Connected Write Protect Status No Disk Capacity 2009 MB USB Disk Users Connected Refresh Service IP Address Port Username FTP 192 168 1 10 1963 useri Now users in LAN of
447. using Dial out Tool and clicking Dial button VPN and Remote Access gt gt Connection Management Dial out Tool Refresh Seconds General Mode Cal Backup Mode Load Balance Mode Loadbalan1 172 16 3 8 VPN Connection Status Current Page 1 Page No Go Tx Rate Rx Rx Rate VPN Type Remote IP Virtual Network Tx Pkts Bps Pkts Bps UpTime XXKXXX XX i Data is encrypted XXXXXX XX Data isn t encrypted Available settings are explained as follows Item Description Dial out Tool General Mode This filed displays the profile configured in LAN to LAN with Index number and VPN Server IP address The VPN connection built by General Mode does not support VPN backup function Refresh Seconds i Alfa 192 168 0 26 Alfa 192 168 0 26 f Bentley 192 168 0 27 Audi 192 168 0289 BMW 192 168 0 29 Buick 192 168 0 30 Cadillac 192 168 0 31 Chrysler 192 163 0 32 Citroen 192 166 0 33 Daihatsu 192 166 0 34 Ferrari 192 168 0 35 Fiat 192 168 0 36 Backup Mode Load Balance Mode Page no l Backup Mode This filed displays the profile name saved in VPN TRUNK Management with Index number and Vigor2925 Series User s Guide 336 Dr ay Te k VPN Server IP address The VPN connection built by Backup Mode supports VPN backup function General Made Alfa 192 168 0 26 Dial MCE Se ee Load Balance Mode Wae Dial Click this button to execute dial out function Refre
448. v There is a problem with this website s security certificate The security certificate presented by this website was not issued by a trusted certificate authority The security certificate presented by this website was issued for a different website s address Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server We recommend that you close this webpage and do not continue to this website Click here to close this webpage x Continue to this website not recommended More information Internet Protected Mode On With Mozilla Firefox you may get the following warning message Select I Understand the Risks Firefox 2 Untrusted Connection i e ibe httes 197 168 01 cqi bin userloginvagifid 101 amp erc_ip 192 16 L This Connection is Untrusted You have asked Firefox to connect securely to 192 168 1 1 but we can t confirm that your connection is secure Normally when you try to connect securely sites will present trusted identification to prove that you are going to the right place However this site s identity cant be verified What Should I Do If you usually connect to this site without problems this error could mean that someone is trying te impersonate the site and you shouldn t continue Get me out of here Technical Details Understand the Risks Dr ay Tek 109 Vigor2925 Series User s Guide
449. vance Setting Codepage ANSI 1252 Latin Session timeout 1440 Minute Codepage This function is used to compare the characters among different languages Choose correct codepage can help the system obtaining correct ASCII after decoding data from URL and enhance the correctness of URL Content Filter The default value for this setting is ANSI 1252 Latin I If you do not choose any codepage no decoding job of URL will be processed Please use the drop down list to choose a codepage If you do not have any idea of choosing suitable codepage please open Syslog From Codepage Information of Setup dialog you will see the recommended codepage listed on the dialog box Dr ay Te k 203 Vigor2925 Series User s Guide Dray Tek P Syslog Utility Tol Zetun Tele Remon deio Codepage infoemaies Recovery Hetecak lnfannabon Heitini Coad page To Select Windia Vernon 50 2 RECOMMENDED CODE AGE Se ANSDOGH Tredisenal Shanes Bagh Dia G Pap Des SC Len Dd Mae Ty eh ea Oe Oe Oe 7 013 ove CoMepages mH 2013 aD A Sal 2013 ath Window size It determines the size of TCP protocol O 65535 The more the value is the better the performance will be However if the network is not stable small value will be proper Session timeout Setting timeout for sessions can make the best utilization of network resources After finishing all the settings here please click OK to save the configuration
450. vely as a secure firewall Vigor router will reject these fragmented packets to prevent attack unless you enable Accept large incoming fragmented UDP or ICMP Packets By checking this box you can play these kinds of on line games If security concern is in higher priority you cannot enable Accept large incoming fragmented UDP or ICMP Packets 200 Dray Tek Enable Strict Security Firewall For the sake of security the router will execute strict security checking for data transmission Such feature is enabled in default All the packets while transmitting through Vigor router will be filtered by firewall If the firewall system e g content filter server does not make any response pass or block for these packets then the router s firewall will block the packets directly Default Rule Page Such page allows you to choose filtering profiles including QoS Policy Route WCF APP Enforcement URL Content Filter for data transmission via Vigor router Firewall gt gt General Setup General Setup General Setup Default Rule Actions for default rule Application Action Profile Syslog Filter L Sessions Control 2 Quality of Service None Load Balance policy Auto Select User Management None APP Enforcement None URL Content Filter Mone Web Content Filter None m NNN lt Advance Setting Edit OK Dray Te k 201 Vigor2925 Series User s Guide Available settings are explained as follows
451. ver fC TWYST Hsinchu L Hsinchy o Requesting Be eee ue View GENERATE IMPORT REFRESH IMPORT Vigor router allows you to generate a certificate request and submit it the CA server then import it as Local Certificate If you have already gotten a certificate from a third party you may import it directly The supported types are PKCS12 Certificate and Certificate with a private key Click this button to import a saved file as the certification information There are three types of local certificate supported by Vigor router Certificate Management gt Local Certificate Import X509 Local Certificate Upload Local Certificate Select a local certificate file Click Import to upload the local certificate Upload PACS12 Certificate Select a PKCS1 file Click Import to upload the PKCS12 file Upload Certificate and Private Key Select a certificate file and a matchable Private Key Click Import to upload the local certificate and private key Available settings are explained as follows Item Description Upload Local Certificate It allows users to import the certificate which is generated by vigor router and signed by CA server If you have done well in certificate generation the Status of the certificate will be shown as OK Dray Te k 339 Vigor2925 Series User s Guide Import X509 Local Certificate Congratulation Local Certificate has been imported successfully Please click Back to
452. vlapply hin ee eae 1 AP800_00507FCCO8BC 2 AP800_00507FC91E78 Existing Device This field will display the access point connected to Vigor2925 and worked well Selected Device This field will display the access point which will be applied with the WLAN profile Choose one of the devices from the Existing Device and Dray Te k 421 Vigor2925 Series User s Guide click to move it to the right field of Selected Device Then click Apply The selected device now will be applied with the selected WLAN profile To edit a WALN profile follow the step listed below 1 Check the box of the entry that you want to edit Then click the Edit button OOOUBO Default DrayTek Lah 4 WAP Al BA clone J edit J E 2 The following page will appear All the wireless connection related to Vigor Access Point e g AP800 will be shown as follows External Device gt gt Access Point Devices WLAN Profile Edit evi setting a or LL ree oo D 3417MHz Channel D w WMM Enable bDisable Available settings are explained as follows Item Device Setting WLAN General Setting Vigor2925 Series User s Guide Description Profile Name Type a name for such profile Administrator Type the username for such profile It will be used for the clients trying to connect to the access point Password Type a password for such profile It will be used for the clients trying
453. w which channel is clean for usage Also it can be used to facilitate finding an AP for a WDS link Notice that during the scanning process about 5 seconds no client is allowed to connect to Vigor This page is used to scan the existence of the APs on the wireless LAN Yet only the AP which is in the same channel of this router can be found Please click Sean to discover all the connected APs Wireless LAN gt Access Point Discovery Access Point List BSSID Channel SSID See Statistics Note During the scanning process 5 seconds no station is allowed to connect with the router Add to WDS Settings AP s MAC address _ Bridge Repeater Available settings are explained as follows Item Description Scan It is used to discover all the connected AP The results will be shown on the box above this button Statistics It displays the statistics for the channels used by APs Wireless LAN gt gt Site Survey Statistics Recommended channels for usage 123456789 101112 13 AP number v s Channel 1 2 3 4 5 6 7 8 9 10 11 12 13 14 Channel Cancel Add to If you want the found AP applying the WDS settings please type in the AP s MAC address on the bottom of the page and click Bridge or Repeater Next click Add to Later the MAC address of the AP will be added to Bridge or Repeater field of WDS settings page Dr ay Tek 361 Vigor2925 Series User s Guide 4 14 10 Station Li
454. when you select PPTP or L2TP with or without PSec policy above The length of the name password is limited to 23 characters Password This field is applicable when you select PPTP or L2TP with or without IPSec policy above The length of the name password is limited to 19 characters Enable Mobile One Time Passwords mOTP Check this box to make the authentication with mOTP function PIN Code Type the code for authentication e g 1234 Secret Use the 32 digit secret number generated by mOTP in the mobile phone e g e759bb6f0e94c7ab4fe6 Chose one of the subnet selections for such VPN profile Assign Static IP Address Please type a static IP address 315 Vigor2925 Series User s Guide for the subnet you specified IKE Authentication This group of fields is applicable for IPSec Tunnels and Method L2TP with IPSec Policy when you specify the IP address of the remote node The only exception is Digital Signature X 509 can be set when you select IPSec tunnel either with or without specify the IP address of the remote node Pre Shared Key Check the box of Pre Shared Key to invoke this function and type in the required characters 1 63 as the pre shared key Digital Signature X 509 Check the box of Digital Signature to invoke this function and Select one predefined Profiles set in the VPN and Remote Access gt gt IPSec Peer Identity IPSec Security Method This group of fields is a must for IPSec Tunnels a
455. wing dialog to add any new folder which can be specified as the Home Folder USB User lanagement hows Poldlier Folder Name Note The folder name can ony contain the folowing characters A 2 a r O O tgi ipate Only Li characters are allowed Access Rule It determines the authority for such profile Any user who uses such profile for accessing into USB storage disk must follow the rule specified here File Check the items Read Write and Delete for such profile Directory Check the items List Create and Remove for such profile Before you click OK you have to insert a USB storage disk into the USB interface of the Vigor router Otherwise you cannot save the configuration Vigor2925 Series User s Guide 378 Dray Tek 4 16 3 File Explorer File Explorer offers an easy way for users to view and manage the content of USB storage disk connected on Vigor router USB Application gt File Explorer File Explorer o Curent Path i Size Delete Rename Upload File Select a file ES Upload Note The folder can not be deleted when it is not empty Available settings are explained as follows Item Description Click this icon to refresh files list Refresh Click this icon to return to the upper directory Back p Click this icon to add a new folder Create Current Path Display current folder Upload Click this button to upload the selected file to the USB stora
456. work Detection connection is alive or not through ARP Detect or Ping Detect Mode Choose ARP Detect or Ping Detect for the system to execute for WAN detection Ping IP If you choose Ping Detect as detection mode you have to type IP address in this field for pinging TTL Time to Live Displays value for your reference TTL value is set by telnet command MTU It means Max Transmit Unit for packet The default setting is 1442 PPP MP Setup PPP Authentication Select PAP only or PAP or CHAP for PPP Idle Timeout Set the timeout for breaking down the Internet after passing through the time without any action IP Address Assignment Usually ISP dynamically assigns IP address to you each Method IPCP time you connect to it and request In some case your ISP provides service to always assign you the same IP address whenever you request In this case you can fill in this IP address in the Fixed IP field Please contact your ISP before you want to use this function WAN IP Alias If you have multiple public IP addresses and would like to utilize them on the WAN interface please use WAN IP Alias You can set up to 8 public IP addresses other than the current one you are using Type the additional WAN IP address and check the Enable box Then click OK to exit the dialog Dr ay Te k 133 Vigor2925 Series User s Guide gt WANIIP Alias Windows Internet Explorer E fl x E hittp 192 168 1 1 WAN1 IP Alias Mu
457. x Enable Protocol Interface O Down Down Ino Down Down Down 4 5 6 Down Down Ico IN Down pe pg p ko Down 2 O Down lt lt 1 10 11 20 21 30 31 40 41 50 gt gt Next gt gt Vigor2925 Series User s Guide 106 Dr ay Te k 3 4 Dray Tek In the following page check Enable set Dest IP Start and Dest IP End with 203 65 1 35 and 203 65 1 35 choose WAN as the Interface click default gateway do not check Auto Failover To The Other WAN Load Balance Route Policy Index 1 Enable criteria Protocol Source IF Destination IP Destination Port send to if criteria matched Interface Interface Address Gateway IP more options any any Src IFP Start Src IP End Pea Can Dest IP Start Dest IF End 203 65 1 35 e 203 65 1 35 Dest Port Start Dest Port End rt WANA we fe default gateway O specific gateway Ol Auto Failover To The Other WAN Packet Forwarding to WAM via Load Balance Route Policy Policy Route Index Enable Protocol Interface any WAN 1 any WAN 1 any WAN 1 any WAN 1 any WAN 1 any WANI any WANI any WANI any WANI any WANI OOOOOOOO08 1 2 3 4 5 6 Z 8 9 10 force WAT force Routing After finished the above settings click OK to save the configuration Interface Address 203 69 175 31 Set to Factory Default Dest Dest Dest IP End Port Port Start End P 203
458. x to enable such profile Group Name Type a name for such profile The length of the name is limited to 23 characters Access Authority Specify the authority for such profile At present Vigor router allows you to create SSL Web Proxy and SSL Application profiles used for SSL VPN The available profiles will be displayed here for you to select Access Authority SSL Web Proxy SSL Application LISSL_wP_1 O Game_APP Authentication Methods It can determine the authentication method used for such profile Local User DataBase The system will do the authentication by using the user defined account profiles in VPN and Remote Access gt gt Remote Dial In User The enabled profiles will be listed in the Available User Account on the left box To add a profile into a group simply choose the one from the left box and click the gt gt button It will be displayed in the Selected User Account on the right box For detailed information about configuring the profile setting refer to Objects Setting gt gt IP Group RADIUS The RADIUS server will do the authentication by using the username and password LDAP Active Directory If it is checked the LDAP AD server will do the authentication by using the username password information stated on the selected profiles If the above three options are enabled the system will do the authentication based on them in sequence After finishing all the settings here please click OK to s
459. y clicking Edit link Type the name E mail for Class 1 Click OK to save the settings Bandwidth Management gt Quality of Service Class Index 1 Name Tag packets as Default v NO Status Local Address Remote Address eines Service Type CodePoint 10 Active Any Any ANY ANY 5 Click the Setup link for WAN2 The user can set reserved bandwidth e g 25 for E mail using protocol POP3 and SMTP Click OK to save the settings Bandwidth Management gt Quality of Service WAN General Setup Enable the QoS Control BOTH WAN Inbound Bandwidth Kbps WAN Outbound Bandwidth Kbps Index Class Name Reserved bandwidth Ratio Class 1 E mail 125 doy Class 2 25 lee Class 3 25 l Others 25 ae C Enable UDP Bandwidth Control Limited_bandwidth Ratio J C Outbound TCP ACK Prioritize Return to previous page Enter the Name of Index Class 2 by clicking Edit link In this index the user will set reserved bandwidth for HTTPS And click OK Bandwidth Management gt gt Quality of Service Class Index 2 Name HTTPS C Tag packets as Default v NO Status Local Address Remote Address misery Service Type CodePoint vt E 172 16 1 242 B 1 Active 17 16 1 249 Any ANY ANY Dray Tek Me Vigor2925 Series User s Guide 7 Click Setup link for WAN2 Bandwidth Management gt Quality of Service General Setup Setto Factory Default Class Class Class Online Index Status Bandwidth Direction Other
460. y over resources which might result in important accesses impacted To solve the problem you can use limit session to limit the session procession for specified Hosts In the Bandwidth Management menu click Sessions Limit to open the web page Bandwidth Management gt Sessions Limit Sessions Limit Enable Disable Default Max Sessions Limitation List Index Start IF End IF Hax Sessions Specific Limitation startme end Maximum Sessions e Administration Message Max 256 characters Default Message Time Schedule Index 1 15 in Schedule Setup Note Action and Idle Timeout settings will be ignored To activate the function of limit session simply click Enable and set the default session limit Available settings are explained as follows Item Description Session Limit Enable Click this button to activate the function of limit session Disable Click this button to close the function of limit session Vigor2925 Series User s Guide 262 Dr ay Tek Default session limit Defines the default session number used for each computer in LAN Limitation List Displays a list of specific limitations that you set on this web page Specific Limitation Start IP Defines the start IP address for limit session End IP Defines the end IP address for limit session Maximum Sessions Defines the available session number for each host in the specific range of IP addresses If you do
461. you can configure Profile Display the name for such SMS profile SMS Provider Display the service provider which offers SMS service To set a new profile please do the steps listed below 1 Click the SMS Provider tab and click the number e g 1 under Index column for configuration in details Object Settings gt gt SMS Mail Service Object SMS Provider Mail Server Index Profile Name 4 2 ahs 4 Vigor2925 Series User s Guide 240 Dr ay Tek 2 The configuration page will be shown as follows Object Settings gt SMS Mail Service Object Profile Index 1 Profile Name Service Provider kotsms com tw THY Username Password lesse OOOO O O Quota Sending Interval seconds Available settings are explained as follows Item Description Profile Name Type a name for such SMS profile The maximum length of the name you can set is 31 characters Service Provider Use the drop down list to specify the service provider which offers SMS service Username Type a user name that the sender can use to register to selected SMS provider The maximum length of the name you can set is 31 characters Password Type a password that the sender can use to register to selected SMS provider The maximum length of the password you can set is 31 characters Quota Type the number of the credit that you purchase from the service provider chosen above Note that one credit equals to one SMS text message on the standard route
462. you can set is 19 characters 143 Vigor2925 Series User s Guide Confirm Password Type the password again to make the confirmation Tunnel Broker Type the address for the tunnel broker IP FQDN or an optional port number Subnet Prefix Type the subnet prefix address getting from service provider The maximum length of the prefix you can set is 128 characters After finished the above settings click OK to save the settings Vigor2925 Series User s Guide 144 Dr ay Te k Details Page for IPv6 DHCPv6 Client in WAN1 WAN2 DHCPv6 client mode would use DHCPV6 protocol to obtain IPv6 address from server WAN gt Internet Access WAN 1 PPPoE Static or Dynamic IP PPIP IPv6 Internet Access Mode Connection Type DHCP v6 Client DHCP v6 Client Configuration Identity Association Prefix Delegation Non temporary Address LAID Identity Association ID 4230640032 Available settings are explained as follows Item Description Identify Association Choose Prefix Delegation or Non temporary Address as the identify association IAID Type a number as IAID After finished the above settings click OK to save the settings Dray Tek 14s Vigor2925 Series User s Guide Details Page for IPv6 Static IPv6 in WAN1 WAN2 This type allows you to setup static IPv6 address for WAN interface WAN gt Internet Access WAN 1 PPPoE Static or Dynamic IP PPTP IPv6 Internet Access Mode Connection Type static
463. ysical Type Auto negotiation WANI WAN2 and WAN3 will bring up different configuration page Refer to the following for detailed information Vigor2925 Series User s Guide 16 Dr ay Tek 2 3 1 For WAN1 WAN2 Ethernet WANI WAN2 is dedicated to physical mode in Ethernet If you choose WAN 1 WAN2 please specify physical type Then click Next Quick Start Wizard WEAN Interface WAN Interface Display Name Physical Mode Ethernet Physical Type Auto negotiation lt Back _Net J On the next page as shown below please select the appropriate Internet access type according to the information from your ISP For example you should select PPPoE mode if the ISP provides you PPPoE interface Then click Next for next step PPPoE 1 Choose WAN2 as the WAN Interface and click the Next button The following page will be open for you to specify Internet Access Type Quick Start Wizard Connect to Internet WAN 2 Select one of the following Internet Access types provided by your ISP PPPoE PPTP L2TP Static IP DHCP Dr ay Tek 17 Vigor2925 Series User s Guide 2 Click PPPoE as the Internet Access Type Then click Next to continue Quick Start Wizard PPPoE Client Mode WAN 2 Enter the user name and password provided by your ISP User Name 9400565 hinet net Confirm Password Available settings are explained as follows Item Description User Name Assign a specific valid user na
464. ze and have the same key Four Keys can be entered here but only one key can be selected at a time The keys can be entered in ASCII or Hexadecimal Check the key you wish to use After finishing all the settings here please click OK to save the configuration 4 14 4 Access Control In the Access Control the router may restrict wireless access to certain wireless clients only by locking their MAC address into a black or white list The user may block wireless clients by inserting their MAC addresses into a black list or only let them be able to connect by inserting their MAC addresses into a white list In the Access Control web page users may configure the white black list modes used by each SSID and the MAC addresses applied to their lists Dray Te k 349 Vigor2925 Series User s Guide Wireless LAN gt gt Access Control Access Control Enable Mac Address Filter C SSID 1 SSID 2 L SSID 3 L SSID 4 MAC Address Filter Index Attribute MAC Address Apply SSID Client s MAC Address Apply SSID O ssipi O ssip2 O ssip3 O ssip4 Attribute C s Isolate the station from LAN Available settings are explained as follows Item Description Enable Mac Address Select to enable the MAC Address filter for wireless LAN Filter identified with SSID 1 to 4 respectively All the clients expressed by MAC addresses listed in the box can be grouped under different wireless LAN For example they can be g
Download Pdf Manuals
Related Search