Draytek Vigor2960F
Contents
1. Your reliable networking solutions partner User s Guide V1 0 Vigor2960 Dual WAN Security Firewall User s Guide Version 1 0 Firmware Version V1 0 5_RC7 For future update contact DrayTek Date 30 07 2012 Dray Te k ii Vigor2960 Series User s Guide Copyright Information Copyright Declarations Trademarks Copyright 2012 All rights reserved This publication contains information that is protected by copyright No part may be reproduced transmitted transcribed stored in a retrieval system or translated into any language without written permission from the copyright holders The following trademarks are used in this document Microsoft is a registered trademark of Microsoft Corp Windows Windows 95 98 Me NT 2000 XP Vista and Explorer are trademarks of Microsoft Corp Apple and Mac OS are registered trademarks of Apple Inc Other products may be trademarks or registered trademarks of their respective manufacturers Safety Instructions and Approval Safety Instructions Warranty Be a Registered Owner Firmware amp Tools Updates Vigor2960 Series User s Guide Read the installation guide thoroughly before you set up the router The router is a complicated electronic unit that may be repaired only be authorized and qualified personnel Do not try to open or repair the router yourself Do not p2. lt Routing Table Display the information for each route Vigor2960 Series User s Guide 259 Dr ay Tek Diagnostics gt gt Routing Table gt gt Routing Table i Refresh Destination Gateway Genmask Flags Metric lface 192 168 1 0 0 0 0 0 255 255 255 0 U 0 lan lan1 172 16 0 0 0 0 0 0 255 290 0 0 U 0 Wan wanz Each item will be explained as follows Dray Tek Item Refresh Destination Gateway Genmask Flags Metric Iface Description Renew the web page Display the destination IP address for various routings Display the default gateway Display the subnet mask for various routings Display the flag of the routing entry Possible flags include U route is up H target is a host G use gateway R reinstate route for dynamic routing D dynamically installed by daemon or redirect M modified from routing daemon or redirect A installed by addrconf C cache entry reject route Display the distance to the target usually counted in hops It may be needed by routing daemons Display the direction of such route represented with LAN WAN profile starting from LAN WAN profile to LAN WAN profile 260 Vigor2960 Series User s Guide IPv6 Routing Table Display the information for each route with IPv6 protocol Diagnostics gt gt Routing Table gt gt IPv6 Routing Table G Refresh Destination Next Hop Flags Metric face fedo 64 U 256 ethd E feg0 64 U 256 eth feo 64
3. General Setup Global PPTP Static Static v E a IPv6 Address IPv Prefix Length 64 E IPv6 Gateway Address Optional Add H Save IPv6 DNS Server Address No tems to show a IPv6 DNS Server Address El Apply Cancel Available parameters are listed as follows Item Description IPv6 Address Type the IP address for such protocol IPv6 Prefix Length Type your IPv6 address prefix length IPv6 Gateway Type your IPv6 gateway address Address IPv6 DNS Server Type your IPv6 primary DNS Server address Address Sp Add E Save IPvo DNS Server Address 192 168 1 8 mi IPv6 DNS Server Address Add Click this button to have a field for adding a new IP address Save Click this button to save the setting ll _ Click the icon to remove the selected entry Apply Click it to save the configuration and exit the dialog Cancel Click it to exit the dialog without saving the configuration Vigor2960 Series User s Guide 47 Dray Te k If you choose DHCP IA_NA as IPv6 protocol type click the DHCPV6 Tab to open the following page General Setup Global PPTP static DHCPYV6 Optional ic Add eI Save DHCPv6 IA_NA DNS Addres DHCPY6 IA_ NA Gateway Address Mo tems to show DHCPY6 IA_NA DNS Address a Apply Kd Cancel Available parameters are listed as follows Item Description DHCP IA_NA Type the gateway IP address for Pv6 DHCP IA_NA mode Gateway Addre
4. Enable Disable 300 10 Enable Disable 300 10 Enable Disable 300 O Enable Disable Enable Disable a ee oe 16 04 57 gt Login Admin gt Packets Second Packets Second Packets Second a Ej Apply 3 Cancel The DoS Defense Engine inspects each incoming packet against the attack signature database Any packet that may paralyze the host in the security zone is blocked The DoS Defense Engine also monitors traffic behavior Any anomalous situation violating the DoS configuration is reported and the attack is mitigated Available parameters are listed as follows Item Enable This Profile Block SYN Flood SYN Flood Threshold SYN Flood Timeout Block ICMP Flood ICMP Flood Threshold ICMP Flood Timeout Block UDP Flood Dray Tek Description Check the box to enable this profile Click Enable to activate the SYN flood defense function If the amount of TCP SYN packets from the Internet exceeds the user defined threshold value the router will be forced to randomly discard the subsequent TCP SYN packets within the user defined timeout period The default setting for threshold is 300 packets per second The default setting for timeout is 10 seconds Click Enable to activate the ICMP flood defense function If the amount of ICMP echo requests from the Internet exceeds the user defined threshold value the router will discard the subsequent echo requests within the user defin
5. Disable 19201681 46 ni Optional 132 158 1 56 fin Optional Auto Generate GRE Key Enable Disable m i Apply g Cancel Available parameters are listed as follows Item Enable GRE Function Local GRE IP Remote GRE IP Auto Generate GRE Key GRE In Key Description Click Enable to enable such function The virtual IP address of the router specified for this tunnel The virtual IP address of the remote client specified for this tunnel Click Enable to enable such function If you click Disable you have to type GRE In Key and GRE Out Key respectively Type the hexadecimal number as GRE In Key This value is used for the router to authenticate the source of the packet The length is 4 bytes 196 Vigor2960 Series User s Guide GRE Out Key Type the hexadecimal number as GRE Out Key This value is used for the remote client to authenticate the source of the packet The length is 4 bytes Apply Click it to save the configuration Cancel Click it to exit the page without saving the configuration 6 After filling the required information for GRE click the Proposal tab to open the following page IPSec Profile LA 1 a i l W Enable This Profile s Type IPSec PPTP Dial Out PPTP Dial In te 1 Basic Advanced GRE Proposal IKE Phased Proposal Dial Out DES_G1 r IKE Phase Authentication Dial Out 4LL v l IKE Phase Proposal Dial Out SDES_
6. Member Several P2P applications offered for you to choose Check the one s you want to add for such profile Member SoulSeek eDonkey Faw soulseek eDonkey FastTrack Gnutella BT penFT Openhlap AUN eee Apply Click it to save the configuration Cancel Click it to exit the dialog without saving the configuration 4 Enter all the settings and click Apply Dray Te k 142 Vigor2960 Series User s Guide 5 Anew P2P Object profile has been created Objects Setting gt P2P Object P P Object T Add De Edit ff Delete 6 Refresh Profile Member P2P Obj 1 SoulSeek eDonkey FastTrack 4 5 10 Protocol Object Network services e g DNS FTP HTTP POP3 for LAN users can be blocked by Vigor2960 Common services will be listed in this function and can be selected to be blocked by the router Dray Tek Vigor 2960 Series 15 24 58 Login Admin Objects Setting gt gt Protocol Object Auto Logout Off Add X Edit i Delete 6 Refresh Profile Number Limit 32 cts Settir Profile Member IP Object No items to show IP Group Service Type Object Service Type Group Keyword Object Keyword Group File Extension Object IM Object P2P Object Web Category Object Time Object Time Group Each item will be explained as follows Item Description Add Add a new profile Edit Modify the selected profile To edit a profile simply select the one you want to modify and click the Edit button The
7. Profile PR_1 Rename as PR_TEST E Apply Cancel Before using such function there is one profile existed at least Profile Display the name of the profile Enable The Profile Display the status of the profile False means disabled True means enabled WAN Profile Display the WAN profile that such DMZ host profile will be applied to Private IP Display the private IP used for this entry Use IP Alias Display the using status enabled or disabled for WAN IP alias IP Alias Display the selected WAN IP address How to add a new DMZ Host profile 1 Open NAT gt gt DMZ Host 2 Simply click the Add button HAT gt gt DMZ Host q Add X Erit ii Delete GS Refresh Profile Enable This Profile WAH Profile Mo te 3 The following dialog will appear Dray Te k 96 Vigor2960 Series User s Guide DMZ Host Profile DMZ 1 RD Enable This Profile WAN Profile want we PrivatelP 192 168 1 Use IP Alias Enable Disable H Apply 9 Cancel Available parameters are listed as follows Item Description Profile Type the name of the profile Enable This Profile Check the box to enable the DMZ Host profile WAN Profile Choose a WAN profile for such entry Private IP Type the private IP used for this entry Use IP Alias Click Enable to invoke IP Alias function IP Alias IP alias that can be selected and used for port redirection Before using it please go to WAN gt gt General Setu
8. 5 SFP 2 CONSOLE usei usr2 Reset After restore the factory default setting you can configure the settings for the router again to fit your personal request 5 6 Contacting Your Dealer If the router settings are correct at all and the router still does not connect to internet please contact your ISP technical support representative to help you for configuration Also if the router still cannot work correctly please contact your dealer for help For any further questions please send e mail to support draytek com Vigor2960 Series User s Guide 279 Dr ay Tek
9. Clear Delete the selected profile IPv6 Neighbor Table Diagnostics gt gt ARP Cache Table gt gt IPvo Neighbor Table Pg Refresh P Addresa Profile MAC Address Status No tems to show Each item will be explained as follows Item Description Refresh Renew the web page IP Address Display the IPv6 address of the neighbor Profile Display the interface to which this neighbor is attached Vigor2960 Series User s Guide 263 Dr ay Te k Item Description MAC Address Display the MAC address of the neighbor Status Display the status for such neighbor INCOMPLETE Address resolution is in progress and the link layer address of the neighbor has not yet been determined REACHABLE The neighbor is reachable recently within tens of seconds ago STALE The neighbor is no longer to be reachable Yet until traffic is sent to the neighbor no attempt should be made to verify its reachability DELAY The neighbor is no longer to be reachable and the traffic has recently been sent to the neighbor Rather than probe the neighbor immediately however delay sending probes for a short while in order to give upper layer protocols a chance to provide reachability confirmation PROBE The neighbor is no longer to be reachable and unicast Neighbor Solicitation probes are being sent to verify reachability Dray Te k 264 Vigor2960 Series User s Guide 4 13 3 DHCP Table The facility provides information on IP address assignments
10. DMZ Host Address Mapping SIP ALG External Devices Product Registration Each item will be explained as follows Vigor2960 Series User s Guide 91 Dray Te k Item Description Add Add a new port redirect profile Edit Modify the selected profile To edit a profile simply select the one you want to modify and click the Edit button The edit window will appear for you to modify the corresponding settings for the selected rule Delete Remove the selected profile To delete a profile simply select the one you want to delete and click the Delete button Refresh Renew current web page Rename Allow to modify the selected profile name Pi ofile Profile PR_1 Rename as PRIEST i E apoy GQ Cancel Before using such function there is one profile existed at least Profile Display the name of the profile Enable The Profile Display the status of the profile False means disabled True means enabled Public IP Display the interface used for such profile Use IP Alias Display if IP Alias is enabled or not IP Alias Display the selected WAN IP address Private IP Display the private IP used for this entry Protocol Display the protocol used for the entry Port Redirection Mode Public Port Start Public Port End Private Port Display the setting mode for port redirection Display the starting number of the public port Display the ending number of the public port Display the number of the private port
11. Dray Tek Auto Logout SMin Quick Start Wizard Online Status el use F a geme X d Te a e aa gt VPN Client Wizard VPN Server Wizard PPP General Setup IPSec General Setup VPN Profiles VPN TRUNK Management Connection Management Vigor 2960 Series VPN and Remote Access gt gt Remote Access Control Remote Access Control V Enable PPTP VPN Service V Enable L2TP VPN Service F Enable DHCP over IPSec Service F Enable L2TP over IPSec Service gt 16 36 14 Login Admin Da Ol Apply Cancel Available parameters are listed as follows Dray Tek Item Enable PPTP VPN Service L2TP VPN Service DHCP over IPSec Service L2TP over IPSec Service Apply Cancel Description Check the box es to enable the service Click it to save the configuration Click it to discard the settings configured in this page 188 Vigor2960 Series User s Guide 4 8 4 PPP General Setup Remote users can connect to the site host server and etc via VPN connection built between the router and the users by authentication procedure This page display current status for VPN tunnel built with PPTP protocol Dray Tek Vigor 2960 Series 16 37 16 Login Admin gt 7 VPN and Remote Access gt gt PPP General Setup gt gt PPTP Auto Logout Shin v PPTP Lore Quick Start Wizard Online ine Authenticate Protocol CHAP User Authentication Type Local v VPN Client Wiza
12. Dray Tek Inter LAN Route To make the users in different LAN communicating with each other please check the box to enable Inter LAN route function LAN gt gt Static Route gt gt Inter LAN Route Static Route IPye Static Route Inter LAN Route Enable This Profile FS Apply 9 Cancel Vigor2960 Series User s Guide 81 Dray Te k 4 2 3 Switch This page allows you to configure Mirroring Port Mirrored Port enable disable LAN interface and configure 802 1Q VLAN ID for different LAN interfaces and so on 802 1Q VLAN Virtual LANs VLANs are logical independent workgroups within a network These workgroups communicate as if they had a physical connection to the network However VLAWNS are not limited by the hardware constraints that physically connect traditional LAN segments to a network As a result VLANs allow the network manager to segment the network with a logical hierarchical structure VLANs can define a network by application or department For instance in the enterprise a company might create one VLAN for multimedia users and another for e mail users or a company might have one VLAN for its Engineering Department another for its Marketing Department and another for its guest who can only use Internet not Intranet VLANs can also be set up according to the organization structure within a company For example the company president might have his own VLAN his executive staff might have a different VLAN and
13. Rate 0 Kbps Mbps Incoming Class Incoming Filter Outgoing Class Outgoing Filter Sessions Limit Bandwidth Limit UJ E Apply Cancel Dray Te k 232 Vigor2960 Series User s Guide Total Rate Control This page can set the total rate of outgoing data for the QoS policer Bandwidth Management gt gt Outgoing Class gt gt Total Rate Control Total Rate Control Class Rate Control Queue 1 5 Weight Status O Enable Disable Rate oO Kbps Mbps Fa Apply Cancel Available parameters are listed as follows Item Description Status Click Enable to enable such function Rate Type the rate for outgoing data The range can be set from 64000 to 10000000 Apply Click it to save the configuration and exit the page Cancel Click it to discard the settings configured in this page Vigor2960 Series User s Guide 233 Dr ay Te k Class Rate Control This page allows you to edit the outgoing class rate for different QoS policer Bandwidth Management gt gt Outgoing Class gt gt Class Rate Control Total Rate Control Class Rate Control Queue 1 5 eight Y Edit GS Refresh Profile Status Rate Description outgoing classo Disable 0 Control queue ffhightest outgoing class Disable 0 Control queue 6fhigher outgoing class Disable 0 Control queue 1 5flow 4 Wm j Each item will be explained as follows Item Description Edit Modify the selected policy To edit a profile
14. Time Group X Edit i Delete 9 Refresh Profile Number Limit 32 Member WebiM No items to show Each item will be explained as follows Item Add Edit Delete Refresh Profile Number Limit Profile Member WebIM Dray Tek Description Add a new profile Modify the selected profile To edit a profile simply select the one you want to modify and click the Edit button The edit window will appear for you to modify the corresponding settings for the selected rule Remove the selected profile To delete a rule simply select the one you want to delete and click the Delete button Renew current web page Display the total number 32 of the object profiles to be created Display the name of the IM object profile Display the IM application specified in such profile Display the status of IM object whether including the specified set of web IM or not 138 Vigor2960 Series User s Guide How to create a new IM Object Profile 1 Open Objects Setting gt gt IM Object 2 Simply click the Add button Objects Setting gt IM Object IM Object T Add DK Edit jf Delete gh Re Profile Membe 3 The following dialog will appear IM Object Profile Ii 1 Member MSN QG ICa CHAT w WebM eMessenger u Webhtshy hiookhn vWwebyahoolh E Apply G9 Cancel Available parameters are listed as follows Item Description Profile Type the name of the IM object group The number of the c
15. Lifetime The lifetime associated with the default router in units of minutes ranging from 10 150 It is used to control the lifetime of the prefix A lifetime of O indicates that the router is not a default router and should not appear on the default router list Apply Click it to save and exit the dialog Cancel Click it to exit the dialog without saving anything Vigor2960 Series User s Guide 69 Dr ay Te k 3 When you finish the above settings please click Apply to save the configuration and exit the dialog 4 The LAN profile has been edited LAH gt gt General Setup gt gt RADVD General Setup DHCP DHCP Relay RADVD DHCP Y6 DK Edt Refresh Profile Enable This Profile Advertisement Lifetime lan false 30 lantest true 30 DHCP6 DHCP6 Server could assign IPv6 address to PC according to the Start End IPv6 address configuration LAH gt gt General Setup gt gt DHCP v6 General Setup DHCP DHCP Relay RADYO DHCP v6 DE Edt Q Refresh Profile Enable This Profile Start IF Encl IP DHS lant false lantest false Each item will be explained as follows Item Description Edit Modify the selected LAN profile To edit a profile simply select the one you want to modify and click the Edit button The edit window will appear for you to modify the corresponding settings for the selected rule Refresh Renew current web page Profile Display the name of the LAN profile Dray Te k 70 Vigor2960 Series User
16. Objects Group Hame IP_Group_1 SOURCE Description Group for Sales Qptional IP_object_1 iv a Apply z Cancel Available parameters are listed as follows Item Group Name Interface Description Objects Apply Cancel Description Type the name of the object group The number of the characters allowed to be typed here is 20 Determine the category any source or destination of this IP object If an IP object is set to Source it will only appear in the field of Source IP on Firewall gt gt IP Filter Rule SOURCE m Ary SOUFCE Destination Make a brief explanation for such profile if the group name is set not clearly Use the drop down list to check the IP object profiles under such group All the available IP objects that you have added on Objects Setting gt gt IP Object will be seen here Click it to save the configuration Click it to exit the dialog without saving anything 4 Enter all the settings and click Apply Vigor2960 Series User s Guide i25 Dray Tek 5 Anew IP Group profile has been created IP Group Ta add De Edt ff Delete G Refresh Profile Group Hame Interface Description Objects IP_Group_1 Source Group for Sales IP_object_1 4 5 3 Service Type Object TCP and UDP service with specified port range can be saved with different service type object profiles Later it can be applied to Firewall as a filter rule In default common used serv
17. SMTP Port 25 SMTP Server User Login Enable Disable enable or disable state Apply Q Cancel Available parameters are listed as follows Item Description Dray Tek 252 Vigor2960 Series User s Guide Enable This Profile Check the box to enable such profile Mail From Type a mail address for the mail sender Mail To Assign a mail address for the mail receiver SMTP Port Type the port number for SMTP server SMTP Server Type the IP address for SMTP server User Login Click Enable to make any user logging into the mail server User Name Type the user name for authentication User Password Type the password for authentication Apply Click this button to save the configuration and exit the web page Cancel Click it to discard the settings configured in this page Vigor2960 Series User s Guide 253 Dr ay Te k 4 12 5 Time and Date This page allows you to specify where the time of the router should be inquired from As an NTP Network Time Protocol client the router gets standard time from the time server Some time based functions cannot work properly until the system time functions run successfully Typically NTP achieves high accuracy and reliability with multiple redundant servers and diverse network paths Vigor 2960 Series 10 20 09 System Maintenance gt gt Time and Date Auto Logout Off v Time and Date Quick Start Wizard Online Status Tiga NTP m Server pool ntp org Port 123 In
18. When a user tries to access Internet through this router an authentication step must be performed first The user has to type the password specified here to pass the authentication When the user passes the authentication he she can access Internet via this router with the limitation configured in this user profile If the user is idle over the limitation of the timer the network connection will be stopped for such user By default the Idle Timeout is set to 300 seconds It means the maximum usage duration for the user By default the Usage Time is 480 minutes Choose True to allow the user accessing into WUI of Vigor2960 via the username and password above If you choose False you can set SSL for such profile Choose the level for such profile from the drop down list User r ser Operator Admin User the user that accessing into the web configurator of Vigor2960 can see limited settings Operator the user that accessing into the web configurator of Vigor2960 can see most of the settings Admin the user that accessing into the web configurator of Vigor2960 can see all of the settings Such level owns the highest authority Click Enable to make network connection through PPTP L2TP protocol for users who access into Internet via such profile Choose a LAN profile for DHCP server Type an IP address for such user profile which accesses Internet with PPTP L2TP connection Click Enable to make the authenti
19. i fits ALL a ELL ids Li PiePie fete ft PE Le SLI File Extension Object 8 Profile File Ext 1 Image mp dib r Video mow mpe peg mg w Audio au imps mda nye Java class jad ka ActiveX als apb ans s Compression ace ap Execution xe inf pif w Apply 9 Cancel 136 Vigor2960 Series User s Guide Available parameters are listed as follows Item Description Profile Type the name of the File Extension Object group The number of the characters allowed to be typed here is 10 Image Several file extensions for Image offered for you to choose Use the drop down list to check the box es to select the file extension you need Video Several file extensions for Video offered for you to choose Use the drop down list to check the box es to select the file extension you need Audio Several file extensions for Audio offered for you to choose Use the drop down list to check the box es to select the file extension you need Java Several file extensions for Java offered for you to choose Use the drop down list to check the box es to select the file extension you need ActiveX Several file extensions for ActiveX offered for you to choose Use the drop down list to check the box es to select the file extension you need Compression Several file extensions for compression offered for you to choose Use the drop down list to check the box es to select the file extension you need Execution Several
20. s Guide Enable This Profile Display the status of the profile False means disabled True means enabled Start IP Display the starting IP address of the IP address pool for DHCP server End IP Display the ending IP address of the IP address pool for DHCP server DNS Display the private IP address for DNS server How to edit a LAN profile for DHCPv6 1 Open LAN gt gt General Setup and click the DHCPv6 tab LAN gt General Setup gt gt DHCPw6 General Setup DHCP DHCP Relay RAD YD DHCPy6 YE Edit G9 Refresh Profile Enable This P Start IP End IP lant falss want false lantest false 2 Choose one of the LAN profiles by clicking on it and click the Edit button to open the following dialog DHC Py6 mm 8 Profile lant J Enable This Profile Start IP 2000 10 EmndiIP 2000 ff K Add E Save DNS 2000 2 DNS E Apply Ga Cancel Vigor2960 Series User s Guide 71 Dray Te k Available parameters are listed as follows Item Description Profile Display the name of the LAN profile Enable This Profile Check this box to enable this profile Start IP Set the starting IP address of the IP address pool for DHCP server The format the IP address shall be similar to the following example 2000 0000 0000 0000 0000 0000 0000 10 or 2000 10 End IP Set the ending IP address of the IP address pool for DHCP server The format the IP address shall be similar to the following example 20
21. 4 11 4 Outgoing Filter There are 30 filter rules for outgoing data that can be configured in such page A e e gt Dray Tek Vigor 2960 Series 11 33 24 Login Admin gt Bandwidth Management gt gt Outgoing Filter Off oeccesececceccecececcccccccccecececcccccccece a i Outgoing Filter i Ss S S Cy Add Edit Delet Refresh R rome Number Online Status 9 X I Delete G Refresh GB Rename Profile Enable This Profile Source IP Destination IP Service Type Queue Number No items to show Incoming Class Incoming Filter Outgoing Class Sessions Limit Bandwidth Limit External Devices J Each item will be explained as follows Item Description Add Add a new filter profile Edit Modify the selected profile To edit a profile simply select the one you want to modify and click the Edit button The edit window will appear for you to modify the corresponding settings for the selected profile Delete Remove the selected profile To delete a profile simply select the one you want to delete and click the Delete button Refresh Renew current web page Rename Allow to modify the selected profile name Profile Display the name of the profile for the filter Enable This Profile Display the status of the profile False means disabled True means enabled Dray Te K 238 Vigor2960 Series User s Guide Source IP Display the source IP address for the filter Destination IP Display the destination
22. AEE H Apply Go Cancel Available parameters are listed as follows Item Profile Child Protection Leisure Business Chatting Computer Other Apply Cancel Description Type the name of the web category object profile The number of the characters allowed to be typed here is 10 The web pages which are not suitable for children will be classified into different categories Simply check the one s that you don t want the children to visit Child Protection AlcohalAnd Tobacco Alcohol And Tobacco Leisure oe eles iol 4 Criminal And Activity Business Gambling oo Hate And Intolerance Chatting legal Drug Simply check the one s that you don t want the user to visit Simply check the one s that you don t want the user to visit Simply check the one s that you don t want the user to use for gossip with remote people Simply check the one s that you don t want the user to visit Simply check the one s that you don t want the user to visit Click it to save the configuration Click it to exit the dialog without saving the configuration 4 Enter all the settings and click Apply Dray Tek 148 Vigor2960 Series User s Guide 5 Anew Web Category Object profile has been created Objects Setting gt Web Category Object gt Web Category Object Web Category Object Content Filter License Sp Add D Edit jj Delete 6 Refresh Profile Child Protectior Leis
23. DHCP Static specify the IP address DHCP obtain the IP address automatically 14 Vigor2960 Series User s Guide Server Address Username Password Previous IP Address Subnet Mask Gateway IP Address DNS Server IP Address Previous Finish Cancel Vigor2960 Series User s Guide Quick Start Wizard Step 2 PPTP Over DHCP y Server Address 0 0 0 0 Username Password Type a remote IP address of PPTP server Type in the username provided by ISP in this field Type in the password provided by ISP in this field Click it to return to previous setting page Type a public IP address for such WAN profile Choose the static mask from the drop down list Type a public gateway address for such WAN profile click it to remove the IP address if you are not satisfied with it To add a new IP address simply place the mouse cursor on this filed The following dialog will appear gt add E Save DNS Server IP Address INS Server IP Address j 2 95 1 1 Ti Add Click this button to display the IP address field for adding a new IP address Save After finished the IP address configuration click Save to save the setting onto the router E3 Add E Save DNS Server IP Address 168 95 1 1 h Ul _ Click the icon to remove the selected entry Click it to return to previous setting page Click it to finish the configuration Click it to discard the settings configured in this p
24. How to add a new Port Redirection profile 1 Open NAT gt gt Port Redirection 2 Simply click the Add button Vigor2960 Series User s Guide Dray Tek j NAT gt Port Redirection Port Redirection 3 Add YE Edt jjj Delete G4 Refresh Profile Enable Th Public IP Use IF Ali Alias 3 The following dialog will appear Port Redirection E Profile PR_1 Enable This Profile Public IP l we Use IP Alias No Private IP 192 l 168 1 56 must have value Protocol TCP UDP Port Redirection Mode One to One w Public Port Start 20 Private Port 50 a Apply E3 Cancel Available parameters are listed as follows Item Description Profile Type the name of the profile Enable This Profile Check the box to enable this profile Public IP Specify the WAN interface for such profile Public IP ka Use IP Alias Use the drop down menu to specify which type of IP Alias you want Vigor2960 Series User s Guide 93 Dr ay Te k Alias Private IP Protocol Port Redirection Mode Public Port Start Public Port End Private Port Apply Cancel Use IP Alias All r No Single Alias All Single_Alias You have to type one IP address used for IP Alias All All the IP address can be treated as IP Alias Type WAN IP address es Specify the private IP address of the internal host providing the service Simply type the private IP used for this entry Choose th
25. IP Certificated by IP address a Dray Tek Dray Tek ID Value Organization Unit Organization Locality City State Province Common Name Email Address Key Size Country Passphase Apply Cancel Email Certificated by email address None Do not enter an ID value Mone E Mone Domain Mame IP Email LIP AY rer The ID value is determined by the ID Type selected for such certificate For example if you choose Domain_Name as the ID Type please type the domain name in this field Type a description for the organization unit Type the name of the organization Type the name of the city for such certificate Type the name of the state province for such certificate Type the common name for such certificate Type the e mail address for such certificate Choose one of the key sizes for such certificate Type the name of the country that such certificate located Such string will be used for confirmation while signing remote CA It is similar to a password but generally it is longer for security Click it to create a new local certificate based on the configuration here Click it to exit the web page without saving the configuration Enter all the settings and click Apply A new generated Local Certificate has been created Local Certificate T Upload Select File Name Local_CA HT Delete gt Download Generate Browse Subject Issuer Status DT License Requesting 214 Vigor2
26. SE OT LDAP Active Directory Quick Start Wizard aidan Enable This Profile Server IP Address Port 389 Base DN General Setup User Profile User Group RADIUS LDAP Active Directory External Devices E Apply Cancel Drorduct Dani Available parameters are listed as follows Item Description Enable This Profile Check this box to enable such profile Server IP Address Enter the IP address of RADIUS server Port It means the port on TCP for establishing an LDAP session between clients and LDAP server The default value is 389 Base DN It means Base Distinguished Name Type or edit the distinguished name used to look up entries on the LDAP server Apply Click it to save the configuration Cancel Click it to discard the settings configured in this page Dray Te k 166 Vigor2960 Series User s Guide 4 7 Application Below shows the menu items for Applications Applications Dynamic DNS GVRP IGMP Proxy UPnP Wake on LAW 4 7 1 Dynamic DNS The ISP often provides you with a dynamic IP address when you connect to the Internet via your ISP It means that the public IP address assigned to your router changes each time you access the Internet The Dynamic DNS feature lets you assign a domain name to a dynamic WAN IP address It allows the router to update its online WAN IP address mappings on the specified Dynamic DNS server Once the router is online you will be able to use the registere
27. Server Port Type the port number for the Syslog server Router Name Type the name of the router The default name is Vigor Firewall Log Click Enable to make the firewall log recorded in the Syslog VPN Log Click Enable to make the VPN log recorded in the Syslog User Access Log Click Enable to make the user access log recorded in the Syslog WAN Log Click Enable to make the WAN log recorded in the Syslog Others Log Click Enable to make other logs recorded in the Syslog Apply Click this button to save the configuration and exit the web page Cancel Click it to discard the settings configured in this page Vigor2960 Series User s Guide 251 Dray Te k SysLog File This page displays all the operation logs for the router System Maintenance gt gt Syslog Mail Alert gt gt Syslog File Syslog Access Setup SyslogFile Mail Alert G Refresh Log Vigor ppip 2954 anon wam open_inetsockppip_callmgr c 340 connect Mo route to host E 76sdJan 4 06 16 28 Vigor popd 2954 anon fatallcallmar_mainpptp_callmar c 135 Could not open control connection to 1 e27 Jan 4 06 16 28 Vigor potp 1448 Call manager exited with error 256 lt 29 gt Jan 4 06 16 58 Vigor pptp 31 80 anon log callmgr_main ppip_callmar c 1 32 IP 192 168 1 69 78 Jan 4 06 17 01 Vigor pptp 3180 anon wamlopen_inetsockpptp_callmgr c 340 connect No route to host lt 26 gt Jan 4 06 17 01 Vigor pppd 31 80 anon fatal eallmgr_main pptp_callrmar c 1 35 Could not open control
28. The length of the ID is limited to 47 characters It is available for Aggressive Mode enabled only The rekey renegotiated period of the IKE Phasel keying channel of a connection The acceptable range is from 5 to 480 minutes 8 hours The rekey renegotiated period of the IKE Phase 2 keying channel of a connection The acceptable range is from 5 to 480 minutes 8 hours Enable the PFS function A new Diffie Hellman Key Exchange 1s included every time an encryption and or authentication key are computed on PFS Enable or disable the DPD function The keep alive timer A Hello message will be emitted a Dray Tek 5 Dray Tek DPD Timeout Apply periodically when a tunnel is idle Use the value O to disable this function The recommended value is 30 seconds if enabled The timeout timer The peer will be declared dead once no acknowledge message is received after timeout value Use the value O to disable this function The recommended value is 120 seconds Click it to save the configuration Cancel Click it to exit the page without saving the configuration After filling the required information for Advanced click the GRE tab to open the following page IPSec Profile Enable This Profile Type Basic Advanced Enable GRE Function Local GRE IP Remote GRE IP Pa ae ae eee a Poe os a eet ia ol LA 1 IPSec PPTP Dial Out PPTP Dial In k GRE Proposal Enable
29. To delete a profile simply select the one you want to delete and click the Delete button Refresh Renew current web page Profile Display the name of the profile Interface Display the name of the Load Balance profile grouped under such pool profile How to add a Load Balance Pool Profile 1 Open VPN and Remote Access gt gt VPN TRUNK Management and click the Load Balance Pool tab 2 Simply click the Add button Dray Te k 208 Vigor2960 Series User s Guide JPA and Remote ACCESS 4 VFN RONA Wanagelme Load Balance Rule Load Balance Fool Ty add YK Edit ff Delete G Ret Profile Mo 3 The following dialog will appear Type the name of the profile e g LB_Pool_1 within 10 characters including digit letter and underline under the Mode tab el a e Mi FE Oe Pee ee CO Hd _ Load Balance Pool Mode Load Balance Profile LB Pool_1 E Apply GQ Cancel 4 Click the Load Balance tab to open the following dialog Load Balance Pool X Mode Load Balance Interface YPN_CLI_1 Fi VPN_CLI_1 ei Apply 3 Cancel ma ro ata ana anr o mm qop r If there is no selection for Interface option please go to VPN and Remote Access gt gt LAN to LAN to create a new IPSec LAN to LAN profile with enabled GRE setting Then return to this page to specify the Interface option Vigor2960 Series User s Guide 209 Dray Te k 5 Enter all the settings and click Apply 6 Anew profile has been created L
30. To edit a profile simply select the one you want to modify and click the Edit button The edit window will appear for you to modify the corresponding settings for the selected profile Delete Remove the selected profile To delete a profile simply select the one you want to delete and click the Delete button Dray Te k 222 Vigor2960 Series User s Guide Refresh Renew current web page Profile Display the name of the profile that you create IP Address Display the IP address for this protocol Port Display the port used for this protocol Screen Size Display the screen size for such application How to create a new SSL Application with RDP protocol 1 Open SSL VPN gt gt SSL Application and click the RDP tab 2 Simply click the Add button SSL VPN gt gt SSL Applhcation gt ROF YME RDP fp add gt Edit ff Delete Refrest Profile IP Address F Mo items 3 The following dialog will appear ROP Profile ROP_ 1 IP Address 192 168 s Port 3309 Screen Size Fullscreen w H Apply G9 Cancel ro Available parameters are listed as follows Item Description Profile Type the name of the profile that you create IP Address Type the IP address for this protocol Port Specify the port used for this protocol Screen Size Chose the screen size for such application Apply Click it to save the configuration Cancel Click it to exit the page without saving the configuration 4 Enter all the sett
31. User Profile RADIUS LDAP Active Directory External Devices Product Registration r Each item will be explained as follows Item Description Add Add a new profile Edit Modify the selected profile To edit a profile simply select the one you want to modify and click the Edit button The edit window will appear for you to modify the corresponding settings for the selected rule Delete Remove the selected profile To delete a rule simply select the one you want to delete and click the Delete button Refresh Renew current web page Profile Number Limit Display the total number 200 of the object profiles to be created Usergroup Display the name of the user group Enable This Profile Display the status of the profile False means disabled True means enabled Member Display the user profiles under such group Vigor2960 Series User s Guide 163 Dray Te k How to create a new User Group Profile 1 Open User Management gt gt User Group 2 Simply click the Add button User Management gt gt User Group User Group a add Sf Edit W Delete GS Refresh Ta add gt i Usergroup Enable This Profile Mo items to show 3 The following dialog will appear User Group Usergroup LAN UGroup_1 J Enable This Profile a heer eases H Apply 9 Cancel Available parameters are listed as follows Item Description Usergroup Type the name of such profile Enable This Profile Check this box to
32. gt Address Mapping Login Admin Address Mapping Tp add DK Edt ff Delete GS Refresh GB Rename Profile Num Enable This P WAN Profile Private IP Private IP sub Protocol Use IP Alias IP Alias No items to show Each item will be explained as follows Item Add Edit Delete Refresh Rename Profile Enable The Profile Dray Tek Description Add a new DMZ host profile Modify the selected profile To edit a profile simply select the one you want to modify and click the Edit button The edit window will appear for you to modify the corresponding settings for the selected rule Remove the selected profile To delete a profile simply select the one you want to delete and click the Delete button Renew current web page Allow to modify the selected profile name Before using such function there is one profile existed at least Display the name of the profile Display the status of the profile False means disabled True 98 Vigor2960 Series User s Guide means enabled WAN Profile Display the WAN profile that such address mapping profile will be applied to Private IP Display the private IP used for this entry Private IP Subnet Mask Display the subnet mask used for this entry Protocol Display the protocol used for the entry Use IP Alias Display the using status enabled or disabled for WAN IP alias IP Alias Display the selected WAN IP address How to add a new Address Mapping profi
33. simply select the one you want to modify and click the Edit button The edit window will appear for you to modify the corresponding settings for the selected policy Refresh Renew current web page Profile Display the name of the outgoing class rate profile Status Display the status enable or disable of such profile Rate Display the limitation from 64000 to 10000000 for the rate of queue Description Display the description for such profile Dray Te k 234 Vigor2960 Series User s Guide How to edit the outgoing class rate for the QoS policer 1 Open Bandwidth Management gt gt Outgoing Class and click the Class Rate Control tab 2 Choose one of the profiles and click the Edit button Total Rate Control Class Rate Control Queue 1 5 Weight J Edit GS Refresh Profile Status Rate outgoing class Disable U outgoing classi Disable T outgoing class Disable U 3 The following dialog will appear Class Rate Control 2 Profile outgoing class Status Enable Disable Rate 64 Kbps Mbps Description Control queue bfhigher E Apply GQ Cancel Available parameters are listed as follows Item Description Profile Display the name of the QoS Shaper profile Status Click Enable to enable such function Rate Type the limitation for the rate of queue Click the unit for such rate Description Such information is offered by the system automatically It is not necessary to change it Apply Click it
34. 0 0 0 0 255 255 255 0 w 4 mi i i Apply Cat Cancel Available parameters are listed as follows Item Description Profile Display the name of the profile Enable This Profile Check this box to enable this profile Type There are three types offered here for you to choose Please choose PPTP Dial In for this case Set PPTP Dial In Click it to create a new user profile or to modify an existing For User Profile profile User Profile x add DK Edt fff Delete 4 Refresh Profile Nut Username Enable Thi System Us Group PPTP L2TP DHCP from Static IP Ai Use mOTP No items to show 4 m See the explanation later PPTP User Name Choose a PPTP user profile for authentication in PPTP connection Such profile shall be created in User Management gt gt User Vigor2960 Series User s Guide 201 Dray Te K Dray Tek Profile previously You can click Set PPTP Dial In For User Profile in this page to configure a new one for choosing Local IP Subnet Type the IP address and subnet mask of local host Mask Remote IP Subnet Type the LAN IP address and LAN subnet mask for the Mask remote host Apply Click it to save the configuration Cancel Click it to exit the page without saving the configuration Enter all the settings and click Apply A new PPTP Dial In LAN to LAN profile has been created VPN and Remote Access gt gt LAN to LAN Profiles LAN to LAN Profiles K gt Add J Edt f Delete 9 G4 Refresh IPSec PPTP Dial
35. 192 l 168 l 11 WAN LAN Profile lantest y Metric 20 Optional H Apply G9 Cancel Available parameters are listed as follows Item Description Profile Type the name of the static route profile Enable This Profile Check this box to enable such profile Destination IP Type the IP address for such static route profile Address Subnet Mask Use the drop down list to choose the subnet mask for such Static route profile Gateway Type the gateway address for such static route profile WAN LAN Profile Choose one of the LAN WAN profiles of the gateway for such static route Vigor2960 Series User s Guide 77 Dray Te k Metric Type the distance to the target usually counted in hops Apply Click it to save and exit the dialog Cancel Click it to exit the dialog without saving anything 5 Enter all the settings and click Apply The new profile will be added on the screen LAN gt gt Static Route gt gt Static Route Static Route PVE Static Route Inter LAN Route Se Add DE Edt ff Delete GS Refresh G Rename Profile Enable This Pro Destination IP 4 Subnet Mask Gateway WAHLAH Prot Neve control true 192 168 1565 255 255 255 0 192 165 1 11 lantest IPv6 Static Route For IPv6 protocol click the IPv6 Static Route tab to configure detailed settings LAN gt gt Static Route gt gt IPv6 Static Route static Route Pv Static Route Inter L4h Route T gt Add Edt f Delete GS Refresh G Rename Profile
36. 2 Step 3 Type PPTP IPSec VPN Settings Via Select From Current Settings Create New VPN Profile Profile Name VPM_Ser_1 Dray Te k 182 Vigor2960 Series User s Guide Available parameters are listed as follows Item Description Type Specify which protocol PPTP or IPSec will be used for such VPN profile VPN Settings Via Select From Current Settings Current VPN LAN to LAN profiles will be listed below such setting Choose the one you need Create New VPN Profile It allows you to create a new VPN LAN to LAN profile Simply type the name in the field of Profile Name The field of Profile Name is available only when you click this setting Profile Name Type a new name for such profile Next Go to next page Cancel Cancel the configuration and return to the home page of such function 2 Fill in the required information on this page and click Next If you choose IPSec as the Type you will get the following screen YPN and Remote Access a aaa Step 3 Pe Profile VPN_Ser_1 F Enable This Profile Auth Type PSK s Certificate None s Preshared Key Security Protocol ESP Ww WAN Profile want Ww Local IP Subnet Mask 192 163 1 0 255 255 255 0 w Local Next Hop 0 0 0 0 Remote Host 0 0 0 0 Remote IP Subnet Mask 0 0 0 0 255 255 255 255 s Q Add H Save IP Subnet Mask More Remote Subnet a T Previous B el Finish R Cancel Available parameters are listed as follows Item
37. 3 3 How to Configure LAN to LAN IPSec Tunnel between Vigor2960 and Other Router 32 Chapter 4 Advanced Configuration cccccccsseecsseeceneeceneeceseeceneeceseecensecesseonseseneenes 35 AA PAIN a ne eum ah amcesbaenagee gs vaaetecbanttonee ma irssed ogseaehatnamiecssuaamartenanesue ann aactuseiae nae 35 AM el AS MO all 6 MUD A cise deca neemn tee aseceiedesiinotte ns Sesiva ocsins Ueda A E EA E 36 4 1 2 MVE ROUTE reas iee pete se Ses oe eises ee Soca ee ses stent aga pols mae alee eee toes eeeee eset ence i Ea Fai 49 Ws Load a MING eeano EEE O E 50 TLAN aria E A E a tien 58 aE E A E o EET E ET E A E A E E E E ET 58 A IP ROUNO eeo a E E E E E E E E S E E E canes 73 Ae 3 UAC AOE a anions quis veranedieatuaaui ans niet sencada veda esareueatamaaseieis augnsaanaeeneinuenaats 75 AZO N a E seats E A E E E 82 APTA Me OTA aa E E A E 85 ceo RIP Ong O e a E I T E E E 87 426 OSPF CONIOUATO N assy ni a EAER Eaa EERE aE EN 89 ANAT E 91 BOA POW ASOT CO ION sera 91 AD DNZ TOS Uric ninesuisnrcanenamaaw ena O sesasenniinesanesassaueetcamidesinimancuteneictentincines 95 4 3 3 Address MINING es ecesdaiseisesicsinnxsiecsinnancieadibeieeiiemandaeeadidewaxsiocupsnasedeuianedaeciddeuasiecsingadnsiducelsenannetseusemendctesucs 98 AE ae 2 a em ene ne ee eee eee 101 BA Se PANN AU Space AE E E E a pate afssa TE AEE A AE E ects shades eats 101 A Me EM O ea aarp E E EEE E EE E bean EE 102 442 DOS DEENS O cseng E a ae eee 116 J
38. ACT LED begins to blink rapidly than usual release the button Then the router will restart with the factory default configuration Connecters for remote networked devices Connecters for local networked devices Connecter for Mobile HDD 3G Modem or printer Connecter for a power cord ON OFF Power switch i Dray Tek 1 3 Hardware Installation 1 3 1 Network Connection Before starting to configure the router you have to connect your devices correctly 1 Connect one end of an Ethernet cable RJ 45 to one of the LAN ports of Vigor2960s 2 Connect the other end of the cable RJ 45 to the Ethernet port on your computer that device also can connect to other computers to form a small area network The LAN LED for that port on the front panel will light up 3 Connect the cable Modem DSL Modem Media Converter to any WAN port of router with Ethernet cable RJ 45 4 Connect the power cord to Vigor2960 s power port on the rear panel and the other side into a wall outlet 5 Power on the device by pressing down the power switch on the rear panel The PWR LED should be ON 6 The system starts to initiate After completing the system test the ACT LED will light up and start blinking Below shows an outline of the hardware installation for your reference Dray Tek 6 Vigor2960 Duol AAH Secunty Fria Dray Te k 4 Vigor2960 Series User s Guide 1 3 2 Wall Mounted Installation The Vigor2960 Series can be
39. Administrator Password Periodic Time Configuration Backup Syslog Mail Alert Time and Date CPE Username CPE Password Access Control SNMP Setup Reboot System Firmware Upgrade External Devices E Apply Cancel Product Registration Each item will be explained as follows Item Description Enable This Profile Check this box to enable such profile ACS Server Such data must be typed according to the ACS Auto URL Username Configuration Server you want to link Please refer to Auto Dray Te k 246 Vigor2960 Series User s Guide Password Configuration Server user s manual for detailed information WAN Profile Choose one of the WAN profiles which will be recognized by VigorACS Port Type the port number for Vigor2960 which will be recognized by VigorACS CPE URL Display the URL of such CPE Periodic Status The default setting is Enable Please set periodic time for VigorACS to send notification to CPE Or click Disable to close the mechanism of notification Periodic Time Set the time for VigorACS to send notification to CPE CPE Username Type the user name for the CPE which will be used by the administrator of VigorACS to log into the WUI of Vigor2960 CPE Password Type the password for the CPE which will be used by the administrator of VigorACS to log into the WUI of Vigor2960 Apply Click it to save the configuration Cancel Click it to discard the settings configured in this page 4 12 2 Administra
40. Certificate Management cccccccccesesseeceeeececaeeeeceeeeeeeaaeeseeeeeeeeesseeeseeceeeesesseaseeeeeesssuaaaeeeeseeeees 211 AT OCA 7 CUM aE n S E S E E eid auancs 212 492 Trusted CA CC MICAS ssoirssiisernseniine rinia aea i a aa ia a E 216 a cc FRR ad h re E E ge ce E P ee E E O 217 ATO TODE WDP 4 ene ee E E A E E T 217 410 2 SSL FAD MUO Fl oscense EEE E EEEE AE OEE AEE 219 4 10 37 Online User taS asee EEEE E NE Aa ie 224 4 11 Bandwidth Managemen cccccccccssseceeceeseeeceeeeeeeseseeeeeeseeessaueeeeseeseeeesaeeeessaneesesenseeessaeeesens 225 AM et MAG ONIN AS E T EE T E E T AET S E E T 225 Ae DECON E O eea E E E ES 229 71 fg rsa 0 elo 1a 0 KE e eee eee ee eee ee 232 ATTA Outgoing SHIGE assosiere EEN E Ega iaiaaeaia 238 BANOS St ONS LMN eenaa E EA Ei 241 411 6 Bandwidth Limit tee crete cacectirsacine nats nice dateeiastndro ietasarsomnaiaesimenngn EE N 243 4 12 System Maintenance cccccccccsesseeeecceesececcceeeececseaeeeeeeseueceeessausececessaaeeseessugeeeesssaagseeeess 246 AI A TR OGS ee Ree eee ee cee 246 4 V2 2 POMUMNSIAlOn P ASSW OMG nines hanetdanCeuansaideuncantenntiatonsd sy eauotsacacamiandanundaatnuuraaceiuneinieaauetians 247 4 12 3 Co ntig ration BACKUP sas ncaeseyasnwseceunas6 daeasancecnnvasd deca sand vennari iaraa dusaxes sue aveneasieaness docesoussiadess 248 4 124 Syslog Mail PA VE oe netics sscgecpesca cea eanessccucavensecpesayscqe suse secen vacesenatecoeceanssaaducee ainada 250 Dray Te k
41. Click this button to save the configuration and exit the web page Cancel Click it to discard the settings configured in this page 256 Vigor2960 Series User s Guide 4 12 8 Reboot System The Vigor router system can be restarted from a Web browser You have to reboot the router to invoke the configured settings that you made before If you want to reboot the router using the current configuration choose Reboot with Current Configurations and click Reboot To reset the router settings to default values click Reboot with Factory Default Configurations and click Reboot The router will take a period of time to reboot the system Open System Maintenance gt gt Reboot System Dray Tek Vigor 2960 Series Login Admin System Maintenance gt gt Reboot System gt gt Reboot System Off Auto Logout x Reboot System Reboot with Current Configurations Reboot Option O Reboot with Factory Default Configurations Reboot with Customized Configurations TR 069 Administrator Password Configuration Backup Syslog Mail Alert Time and Date Access Control SNMP Setup Reboot System Firmware Upgrade Reboot External Devices Available parameters are listed as follows Item Description Reboot with Current Click it to reboot the router using the current Configurations configuration Then click Reboot Reboot with Factory Click it to reset the router settings to default values Then Default Configur
42. Description Profile Display the name of the LAN profile Enable This Profile Check this box to enable this profile DHCP Server Specify a WAN profile as the server location Location DHCP Server IP Type the IP address of DHCP Server Apply Click it to save and exit the dialog Cancel Click it to exit the dialog without saving anything 3 When you finish the above settings please click Apply to save the configuration and exit the dialog 4 The LAN profile has been edited Vigor2960 Series User s Guide 67 Dr ay Te k LAN gt gt General Setup gt gt DHCP Relay General Setup DHCP DHCP Relay RADD DHCP Y6 J Edt GS Refresh Profile Enable This Profile DHCP Server Location DHCP Server IP land false lantest true lantest S 192 1681 90 The router advertisement daemon radvd sends Router Advertisement messages specified by RFC 2461 to a local Ethernet LAN periodically and when requested by a node sending a Router Solicitation message These messages are required for IPv6 stateless auto configuration LAH gt gt General Setup gt gt RADVD fone neeeeeeeeseseeeeeeeeeeseneeseneees General Setup DHCP DHCP Relay RADVD DHCP ye DE Edt Q Refresh Profile Enable This Profile Advertisement Lifetime lan falze 30 lantest falze 30 Each item will be explained as follows Item Description Edit Modify the selected LAN profile To edit a profile simply select the one you want to modify and click the Edit butt
43. Destination IP Address Subnet Mask Gateway WAN LAN Profile Description Add a new static route setting Modify the selected static route setting To edit static route setting simply select the one you want to modify and click the Edit button The edit window will appear for you to modify the corresponding settings for the selected rule Remove the selected static route setting To delete a static route setting simply select the one you want to delete and click the Delete button Renew current web page Allow to modify the selected profile name Display the name of such static route Display the status of the profile False means disabled True means enabled Display the IP address for such static route profile Display the subnet mask for such static route profile Display the gateway address for such static route profile Display the subnet LAN or WAN profile of the gateway 76 Vigor2960 Series User s Guide Metric Display the distance to the target How to add a new Static Route profile 1 Open LAN gt gt Static Routing and click the Static Route tab 2 Click the Add button Lira PLL ae ee ee Be He Add ye Ecitt ii Delete GM Refresh Ge Re Profile Enable This Pro Destination IP 4 Subnet M Mo term ti 3 The following dialog will appear Static Route ai Profile Mew control 4 Enable This Profile Destination IP Address 1492 168 1 56 Subnet Mask 255 255 255 0 w Optional bateway
44. Directory 4 6 1 General Setup General Setup can determine the standard rule based or user based for the users controlled by User Management The mode standard selected here will influence the contents of the filter rule s applied to every user Dray Te k 154 Vigor2960 Series User s Guide Auto Logout Off Quick Start Wizard Online Status General Setup User Profile User Group RADIUS LDAP Active Directory amp P 5 a fi a gt 5 3 1 5 5 Oa c E F A E a gt 5 x 5 y 2 ft External Devices Deaduct Daaictratiaon Vigor2960 Series 09 52 45 User Management gt gt General Setup gt gt General Setup General Setup User Based Firewall Status Mode User Based Authentication Type Local White IP List None Apply Cancel Available parameters will be explained as follows Item Mode Authentication Type White IP List Apply Vigor2960 Series User s Guide Description There are two modes offered here for you to choose Each mode will bring different filtering effect to the users involved User Based If you choose such mode the router will apply the filter rules configured in User Management gt gt User Profile to the users Rule Based If you choose such mode the router will apply the filter rules configured in Firewall gt gt General Setup and Filter Rule to the users Under User_Based mode please
45. Out PP Profile Enable This Profile PPTP User Name Local IP Subn VPN_Ser_1 false 0 0 0 0 24 PTP_In_1 true 0 0 0 0 24 202 Vigor2960 Series User s Guide Set PPTP Dial In For User Profile To set PPTP Dial In connection you have to create PPTP user profiles previously in User Management gt gt User Profile or click Set PPTP Dial In For User Profile in this page to configure a new one for choosing for authentication in PPTP connection Below shows the window of Set PPTP Dial In For User Profile For the configuration and detailed information simply refer to 4 6 2 User Profile User Profile 8 Add DK Edt Jf Delete G9 Refresh Profile Nur Username Enable Thi System Us Group PPTP L2TP DHCP from Static IP Ai Use mOTP No tems to show Vigor2960 Series User s Guide 203 Dray Te k 4 8 7 VPN Trunk Management VPN Load Balance Mechanism can set multiple VPN tunnels for using as traffic load balance tunnel It can assist users to do effective load sharing for multiple VPN tunnels according to real line bandwidth Moreover it offers three types of algorithms for load balancing and binding tunnel policy mechanism to let the administrator manage the network more flexibly gt Three types of load sharing algorithm offered Round Robin Weighted Round Robin and Fastest gt Binding Tunnel Policy mechanism allows users to encrypt the data in transmission or specified service function in transmission and define specified VPN Tunne
46. Pool Mode Load_ Balance a Add T Save Interface Weight Mo tems to show 1 i Interface 4 ol Apply 3 Cancel Click Add A new line for adding new entry will appear Use the drop down list of Interface to choose one of the WAN profiles Type the value e g 20 for Weight Pool Mode Load Balance T Add E Save Interface Weight Interface 5 Click Apply A new profile will be added on the page WAN gt gt Load Balance gt gt Pool Pool Rule C3 Add DK Edt ff Delete 9 Refresh Profile Mode Interface LB Load Balance wani 20 Dray Tek e Primary Profile Vigor2960 Series User s Guide How to add a Pool profile for Failover Such page allows you to set a backup profile which will be activated when the primary profile is invalid by any reason 1 Open WAN gt gt Load Balance and click the tab of Pool WAN gt gt Load Balance gt gt Pool Pool Rule T5 Add OK Edt ff Delete Q Refresh Profile Mode Interface No tems to show 2 Simply click the Add button to open the following dialog Type a name for such profile e g FL_1 Choose Failover as the Mode selection Pool tl ea Mode Failover Profile Mode Failover s Load_Balance Failower ol Apply G Cancel Vigor2960 Series User s Guide 53 Dray Te k 3 Click the Failover Tab In default the system will apply Primary Profile If Primary Profile cannot be used any more the Backup Profile will be
47. Profile Enable This Pri Time Profile Source IP Exception IP IM Block Me lM true Mone Any Mone Mone Vigor2960 Series User s Guide 111 Dray Te k URL Filter URL Filter can integrate URL Keyword File extension and WCF object profiles within one profile for restricting certain people accessing into Internet Firewall gt gt Filter Setup gt gt URL Filter IP Filter Application Filter URL Filter Gy Add SK Edit ff Delete G Refresh G Rename Profile Murnt Profile Enable This Pr Time Profile Source IP Keyword Pass Keyword Blocl File Extension Web Category Mo items to show Use Default Message Enable gt Disable 4 Mm i E Apply Cancel 4 m b Each item will be explained as follows Item Description Add Add a new group profile for URL filter Edit Modify the selected profile To edit a profile simply select the one you want to modify and click the Edit button The edit window will appear for you to modify the corresponding settings for the selected Dray Tek rule Delete Remove the selected profile To delete a rule simply select the one you want to delete and click the Delete button Refresh Renew current web page Rename Allow to modify the selected profile name Profile Display the name of the application filter profile Enable The Profile Display the status of the profile False means disabled True Time Profile Source IP Keyword Pass means enabled If no time schedule is set None
48. Seconds 30 Seconds 1 Minute Disable User Name Display the name information for the user who logs into the WUI of Vigor2960 Dray Te k 156 Vigor2960 Series User s Guide Item Description IP Display the IP address of the user who logs into the WUI of Vigor2960 Allow Time Display the total network connection time allowed for the log in user Start Time Display the starting time of the network connection End Time Display the ending time of the network connection Rest Time Display the rest time for the wireless station to browse the Internet Delete W _ Tt is available for the administrator to turn off a specific user s connection immediately tus ands Start Time End Time Rest Time Remove 2011 10 20 16 07 55 2011 10 21 00 07 55 07 59 32 Ti Vigor2960 Series User s Guide 157 Dr ay Te k 4 6 2 User Profile This function allows to configure all accounts user profiles in Vigor2960 including PPTP L2TP System user and so on Vigor 2960 Series 16 36 08 Login Admin User Management gt gt User Profile Auto Logout Off Quick Start Wizard Online Status General Setup User Group RADIUS LDAP Active Directory External Devices Product Registration Add X Edit i Delete GS Refresh Profile Number Limit 200 Username Enable This P System User PPTP L2TP DHCP from Static IP Addr Use mOTP No items to show Each item will be explained as follows Item Add Edit Delete Refresh Pro
49. Time End Date End Time Weekdays IP Object No items to show IP Group Service Type Object Service Type Group Keyword Object Keyword Group File Extension Object IM Object P2P Object Protocol Object Web Category Object Time Group Each item will be explained as follows Item Description Add Add a new profile Edit Modify the selected profile To edit a profile simply select the one you want to modify and click the Edit button The edit window will appear for you to modify the corresponding settings for the selected rule Delete Remove the selected profile To delete a rule simply select the one you want to delete and click the Delete button Refresh Renew current web page Dray Tek Profile Number Limit Profile Frequency Start Date Start Time End Date End Time Display the total number 16 of the object profiles to be created Display the name of the time object profile Display the duration or period of the time object profile Display the starting date of the time object profile Display the starting time of the time object profile Display the ending date of the time object profile Display the ending time of the time object profile 150 Vigor2960 Series User s Guide Item Weekdays Description Display the frequency of such time object profile How to create a new Time Object Profile 1 Open Objects Setting gt gt Time Object 2 Simply click the Add button Objects Setting
50. TraceRoute to invoke trace router function Host Type the IP address of the host Interface Choose one of the LAN or WAN profile to be applied by such function Start Click it to start the action of Ping or Trace Route Stop Click it to terminate the action of Ping or Trace Route Vigor2960 Series User s Guide 269 Dray Te k 4 13 8 Data Flow Monitor This page displays the running procedure such as IP address session number transmission rate receiving rate and duration of the time block by list or by chart for the IP address monitored and refreshes the data in an interval of several seconds Vigor 2960 Series 10 29 00 Diagnostics gt gt Data Flow Monitor Auto Logout OT Data Flow Monitor Enable Dataflow Monitor 5 Refresh Recent 5 Minutes Recent IP Address TX rate Kbps RX rate Kbps Sessions Block Time No items to show Routing Table ARP Cache Table DHCP Table NAT Session Table Traffic Graph Web Console Ping Trace Route Data Flow Monitor External Devices Product Registration Each item will be explained as follows Item Description Enable Dataflow Check this box to enable such function Monitor Refresh Click it to renew the web page Chart Click this button to illustrate data chart Refer to the following figure as an example Data Flow Monitor Bandwidth Chart for IP 224 0 0 5 m ech cai eM edie sil s Dm We Last Updated aoe 4446 16 Block Prevent the sp
51. U 256 lan lan1 fe30 654 U 256 wan wan fe30 654 U 255 lan lantest1 feo 64 U 255 wan wan fe30 30 fe80 250 1212 17 6666 UG 20 lan lan 11 128 U 0 lo fe80 128 U 0 lo fe80 128 U 0 lo fe80 128 U 0 lo fe80 128 U 0 lo fe80 128 U 0 lo fe80 128 U 0 lo fe80 250 7 fff feff3900 U 0 lo fe80 250 7 TTT feff 3900 U 0 lo fe80 250 7 fff feff3900 U 0 lo fe80 250 7 TTT feff 3900 U 0 lo Each item will be explained as follows Item Description Refresh Renew the web page Destination Display the destination IP address for various routings Next Hop Display the next hop address for such route Flags Display the flag of the routing entry Possible flags include U route is up H target is a host G use gateway R reinstate route for dynamic routing D dynamically installed by daemon or redirect M modified from routing daemon or redirect A installed by addrconf C cache entry reject route Metric Display the distance to the target usually counted in hops It may be needed by routing daemons Iface Display the direction of such route represented with LAN WAN profile starting from LAN WAN profile to Vigor2960 Series User s Guide 261 Dray Te k LAN WAN profile 4 13 2 ARP Cache Table Click Diagnostics and click ARP Cache Table to view the content of the ARP Address Resolution Protocol cache held in the router The table shows a mapping between an Ethernet hardware addr
52. a brief description for the profile Apply Click it to save and exit the dialog Cancel Click it to exit the dialog without saving anything 4 Enter all the settings and click Apply 5 Anew filter group has been added onto Address Mapping table Firewall gt gt Filter Setup gt gt IP Filter IP Fitter Application Fitter URL Fiter IP Fitter Rule Group Ta Add DE Edt fff Delete GS Retesh Q Rename Group Enable This Profile Comment IPF_Marketing true used for MKT Dept mW lantar ff 6 Choose the IP filter group first and then click the Add tab the lower one in this page Vigor2960 Series User s Guide 105 Dray Tek Firewall gt gt Filter Setup gt gt IP Filter IP Filter Application Filter URL Fitter IP Filter Rule Group Sp add DE Edt ff Delete GS Refresh G Rename Enable This Profile Comment Group IPF_Marketing used tor WMH 4 m IP Fiter Rules of Selected Group Ka Add Edt fj Delete GS Refresh Q Rename Frofile Number Limi Rule Enable This Time Profili Source IP Destination Service Typ Action Mo tems ta show 7 The following page for configuration will appear Rule Sea Rule Rule 1 Enable This Profile Time Profile None gt Any Fj Source IP E Any 7 Destination IP E c Any t E AUTH mje BGF E z Oo Apply R Cancel Available parameters are listed as follows Dray Te k 106 Vigor2960 Series User s Guide Item Rule Enable This Profile T
53. act of God or subjected to abnormal working conditions The warranty does not cover the bundled or licensed software of other vendors Defects which do not significantly affect the usability of the product will not be covered by the warranty We reserve the right to revise the manual and online documentation and to make changes from time to time in the contents hereof without obligation to notify any person of such revision or changes Web registration is preferred You can register your Vigor router via http www draytek com Due to the continuous evolution of DrayTek technology all routers will be regularly upgraded Please consult the DrayTek web site for more information on newest firmware tools and documents http www draytek com i Dray Tek European Community Declarations Manufacturer DrayTek Corp Address No 26 Fu Shing Road HuKou Township HsinChu Industrial Park Hsin Chu County Taiwan 303 Product Vigor2960 DrayTek Corp declares that Vigor2960 of routers are in compliance with the following essential requirements and other relevant provisions of EC Directive 2004 108 EC The product conforms to the requirements of Electro Magnetic Compatibility EMC Directive 2004 108 EC by complying with the requirements set forth in EN55022 Class A and EN55024 Class A The product conforms to the requirements of Low Voltage LVD Directive 2006 95 EC by complying with the requirements set forth in EN60950 1 Regulator
54. choose it in later web page settings e g NAT gt gt Port Redirection DMZ Host Add To add a new IP address click Add Type the IP address and use the drop down list to specify the subnet mask Next click Save The new one will be added and displayed on the field under the box ai Dray Tek Dray Tek MTU MRU Connection Detection Mode Connection Detection Host Connection Detection Interval Connection Detection Retry T Add B Save IP Subnet Mask 1927 166 1 86 255 255 255 0 m Save Click this button to save the setting m W _ Click the icon to remove the selected entry It means Max Transmit Unit for packet The default setting is 1500 Select a detecting mode for this WAN interface There are three ways ARP PING and HTTP supported in Vigor router for you to choose to send the request out FING y Mone ARP PING HTTP Add click this button to have a field for adding a new IP address Assign an IP address or Domain name as a destination to be detected whether the host is active sending reply to the router or not If not the connection of WAN interface will be regarded as breaking down This function is available when Connection Detection Mode is set with PING or HTTP T gt Add E Save Connection Detection Hos 192 168 1 28 im Connection Detection Host Save Click this button to save the setting _ ll _ Click the icon to remove the selected entry Assign an
55. configuration and return to the home page of such function Cancel the configuration and return to the home page of such function However if you choose PPTP as the Type then you will get the following screen 184 Vigor2960 Series User s Guide WPH and Remote Access Step 2 Enable This Profile Authenticate Protocol MPPE Encryption User Authentication Type LAN Profile MS CHAP w2 Disable Local land Previous M gt Next EE G9 Cancel Available parameters are listed as follows Item Enable This Profile Authentication Protocol MPPE Encryption User Authentication Type LAN Profile Vigor2960 Series User s Guide Description Check this box to enable such profile The router will authenticate the dial in user with the protocol selected here WS CHAP W2 s PAP CHAP MS CHAP NS CHAP v2 PAP It means the router will attempt to authenticate dial in users with the PAP protocol CHAP It means the router will attempt to authenticate dial in users with the CHAP protocol Specify one of the encryptions for such server 25 bit v 401 25 bit 25 bit Disable Set user authentication to Local server or RADIUS server Local v Local RADIUS Choose a LAN profile for PPTP Server if Local is selected as user authentication type i8 Dray Tek 3 Dray Tek Fill in the required information on this page and click Next to go to next page VPH and Remote Access Step 3 P
56. edit window will appear for you to modify the corresponding settings for the selected rule Delete Remove the selected profile To delete a rule simply select the one you want to delete and click the Delete button Refresh Renew current web page Vigor2960 Series User s Guide 143 Dray Te k Item Description Profile Number Limit Display the total number 32 of the object profiles to be created Profile Display the name of the IM object profile Member Display the protocol application specified in such profile How to create a new Protocol Object Profile 1 Open Objects Setting gt gt Protocol Object 2 Simply click the Add button Objects Setting gt gt Protocol Object Protocol Object fy add gt Edit fff Delete G4 Rete Profile 3 The following dialog will appear Protocol Object 2 Profile Proto Obj 1 Member PostgresaL Sybase H Apply 9 Cancel Available parameters are listed as follows Item Description Profile Type the name of the protocol object profile The number of the characters allowed to be typed here is 10 Dray Te k 144 Vigor2960 Series User s Guide Member Several protocols offered for you to choose Check the one s you want to add for such profile C Mssav DE se m m an D Oracle Protocol Objet FPostgreg L Sybase Profile W DBZ O informis Member Postgresuil Sybase D Apply Cli
57. gt Certificate Management gt gt Trusted CA Auto Logout Off v Quick Start Wizard Trusted CA Upload fil Delete Online Status P i Select File Browse Name Subject Issuer Status Valid from Valid to No items to show Local Certificate Trusted CA Certificate H i i s i es External Devices i Product Registration Each item will be explained as follows Item Description Upload Allow you to upload current configuration to the host as a CA certificate Delete Remove the selected item of trusted CA listed below Selected File Use the Browse button to specify a file to be used as trusted CA certificate Name Display the name of trusted certificate built Subject Display the subject of trusted certificate built Issuer Display the issuer of trusted certificate built Status Display the status of trusted certificate built Valid From Display the starting point of the valid time of trusted certificate Valid To Display the end point of the valid time of trusted certificate Dray Te k 216 Vigor2960 Series User s Guide 4 10 SSL VPN An SSL VPN Secure Sockets Layer virtual private network is a form of VPN that can be used with a standard Web browser There are two benefits that SSL VPN provides gt Itis not necessary for users to preinstall VPN client software for executing SSL VPN connection gt There are less restrictions for the data encrypted through SSL VPN in com
58. gt gt Time Object Time Object T Ada Profile gt E Edit M Delete amp Refre Frequency Start Date 3 The following dialog will appear Time Object Profile Frequency Start Time Timea 4 Weekdays af 08 00 00 End Time 3700 00 Weekdays Mon Tue Wer ba El Apply G3 Cancel Available parameters are listed as follows Item Profile Frequency Start Date Start Time End Date End Time Vigor2960 Series User s Guide Description Type the name of the time object profile The number of the characters allowed to be typed here is 10 Specify how often Weekdays or Once the schedule will be applied Specify the starting date of the time object profile Specify the starting time of the time object profile Specify the ending date of the time object profile Specify the ending time of the time object profile Dray Tek Weekdays schedule End bine 3 UWO UOU Weekdays Tue Yved hon Tue ved Thu Fri Sat Suri J0004an Apply Cancel 4 Enter all the settings and click Apply 5 A new Time Object profile has been created Objects Setting gt Time Object Time Object Tp Add gt Edit ff Delete 6 Refresh Profile Frequency Start Date Start Time Timed_1 Weekdays 2010 01 01 00 00 00 4 5 13 Time Group This page allows you to group several time object profiles _Draylek METTLE Objects Setting gt gt Time Group 15 30 23 Auto Logout Of
59. in networks using Microsoft Terminal Services An easy way is provided to establish connection between the router and the RDP Server via any browser Internet Vigor2960 114 44 53 194 192 168 2 1 24 RDP Server IP 192 168 2 10 24 Gateway 192 168 2 1 1 Open the web configurator of Vigor2960 2 Enable the HTTPS service from System Maintenance gt gt Access Control by clicking Enable for HTTPS Allow and type 443 as the value of HTTPS Port Dray Tek Auto Logout SMin v Administrator Password Configuration Backup Syslog Mail Alert Time and Date Access Control SNMP Setup Vigor2960 Series User s Guide rv P n s Vigor 2960 Series 11 05 26 Login Admin amp System Maintenance gt gt Access Control Access Control Web Allow Enable Disable Web Port 80 Telnet Allow Enable Disable Telnet Port 23 SSH Allow Enable Disable SSH Port 22 HTTPS Allow Enable Disable HTTPS Port 443 User Define Enable Disable 0 0 0 0 a gt G Refresh H Apply a Dray Tek 3 OpenSSL VPN gt gt SSL Application and click the RDP tab to create a profile named Win7 Type IP address Port number and Screen Size based on the actual RDP server information then click Apply to save the settings RDP Profile Win7 IP Address 192 Port 3389 Screen Size Fullscreen E Apply a Cancel 4 Open Us
60. in policy Display the name of LAN to LAN profile Display the status of the profile False means disabled True means enabled 192 Vigor2960 Series User s Guide Local IP Subnet Mask Display the LAN IP address with subnet mask of this profile Remote IP Subnet Display the WAN IP address with subnet mask of this Mask profile More Remote Subnet Display other LAN IP addresses with subnet mask which can be used of this profile How to create an IPSec VPN profile The IPSec services can provide access control connectionless integrity data origin authentication rejection of replayed packets that is a form of partial sequence integrity and confidentiality by encryption These objectives are met through the use of two traffic security protocols the Authentication Header AH and the Encapsulating Security Payload ESP and through the use of cryptographic key management procedures and protocols 1 Open VPN and Remote Access gt gt VPN Profiles 2 Simply click the Add button WPN and Remote Access gt gt VPN Profiles YPN Profiles y add J Edt ff Delete G Refresh Profile Enable This Profile Local VPH_ELI 1 true 192 16 3 The following dialog will appear Click the Basic tab to configure the settings IPSec Profile L2L_1 f 4 o f A V Enable This Profile 4 Type IPSec PPTP Dial Out PPTP Dial In le i Basic Advanced GRE Proposal Always On Enable Disable F
61. in this page 172 Vigor2960 Series User s Guide 4 7 3 IGMP Proxy IGMP is the abbreviation of Internet Group Management Protocol It is a communication protocol which is mainly used for managing the membership of Internet Protocol multicast groups Dr ay Tek i Vigor2960 Series 16 47 59 Login Admin Applications gt gt IGMP Proxy Off Auto Logout v IGMP Proxy Quick Start Wizard Online Status Enable This Profile IGMP Proxy Channel wan1 v Downstream lan v Dynamic DNS GVRP IGMP Proxy UPnP Wake on LAN H Apply 3 Cancel External Devices E Available parameters are listed as follows Item Description Enable This Profile Check this box to enable GVRP function Interface Choose a channel for IGMP Downstream Choose a profile for use while downloading data from Internet Apply Click it to save the configuration Cancel Click it to discard the settings configured in this page 4 7 4 UPnP The UPnP Universal Plug and Play protocol is supported to bring to network connected devices the ease of installation and configuration which is already available for directly connected PC peripherals with the existing Windows Plug and Play system For NAT routers the major feature of UPnP on the router is NAT Traversal This enables applications inside the firewall to automatically open the ports that they need to pass through a router It is more reliable than requiring a router to work out by it
62. information packet will be sent out by web server or router periodically and can be used to communicate with other routers It will calculate the number of network nodes on the route to ensure there is no obstruction on the network routine In addition it will choose a correct route based on the method of Distance Vector Routing and use the Bellman Ford algorithm to calculate the routing table Vigor2960 Series User s Guide 87 Dray Te k RIP can update the routing table automatically and find a route to send packet See the following figure as an example A Support RIP HET LETETI Ci B Support RIP HE T DrayTek l CILLEI OA C Support RIP Suppose A supports RIP on WAN1I WAN2 WAN3 WAN4 B supports RIP on WANI and WAN2 and C supports RIP on WAN I WAN2 WAN3 WAN4 B will tell A if you want to send packets to C please send it to me first then A will create a routing rule to forward packet that destination is C to B In another direction C will do the same thing gt Dray Tek Vigor 2960 Series 14 48 38 Login Admin o gt LAN gt gt RIP Configuration 5m peee eee x RIP Configuration Online Status Enable This Profile e Profile lan1 y LA General Setup IP Routing Static Route Switch Bind IP to MAC RIP Configuration OSPF Configuration et JDIECtS SeT i i 4 pan 4 i DTE ACCESS P i sia ic age iil H Apply 3 Cancel lt Available para
63. interval period of time for each detecting Assign detecting times to ensure the connection of the WAN interface After passing the times you set in this field and no reply received by the router the connection of WAN interface will be regarded as breaking down 42 Vigor2960 Series User s Guide Apply Click it to save the configuration and exit the dialog Cancel Click it to exit the dialog without saving the configuration If you choose PPPoE as IPv4 protocol type click the PPPoE Tab to open the following page General Setup i Giobal PPPoE Username Password MTUMRU 1492 Debug Enable Disable Always On Enable Disable Fixed IP Enable Disable Connection Detection Mode None y D Add m Save IF Subnet Mask IP Alias H Apply 3 Cancel Available parameters are listed as follows Item Description Username Type the user name offered by your ISP Password Type the password offered by your ISP MTU MRU Type the value of MTU MRU The default value is 1492 Debug Click Enable to display the PPPoE debug message in Syslog The default setting is Disable Always On Enable Click it to enable the function of Always On The router will keep network connection all the time Disable Click it to disable the function of Always On Fixed IP Enable Click it to enable the function of Always On The router will keep network connection all the time Disable Click it to disable the function of Alway
64. ms t bytes from 192 165 1 1 icmp_seg 2 ttl 255 times6 716 ms 64 bytes from 192 165 1 1 icmp_seg 3 ttl 255 timesh 731 ms 64 bytes from 192 168 1 1 tcmp_seq 4 ttl 255 timesh 72 ms AE 192 168 1 1 ping statistics EF packets transmitted 5 packets received 6 packet loss round trip minfgaygemax 0 697 6 7236 755 ms Vigoria draytekd fj 5 4 Checking If the ISP Settings are OK or Not Open Online Status to check current network status Be careful to check if the settings coming from your ISP have been typed correctly or not G Refresh Device Information System Information Model vigor 2360 CPU Usage oo o Hardware 1 0 Memory Usage 19 ees Firmware 1 O05RC System Up Time 0 days 1 77 32 Build Date 2011 12 07 16 56 33 Current System Time Sat Jan 1 09 07 30 UTC 2011 Reversion 2049 IPw4 PvE Profile Connect Uptime MAC Protocol IP Gateway DNS RX Pack TX Packs Operation lant up Odays OO SO static h 192 168 6550 b532 wani up Odays OO S0 static 172 16 172 16 183030 4197 p Vigor2960 Series User s Guide 277 Dray Te k If there is something wrong with the configuration please go to WAN page and choose General Setup again to modify the WAN connection Vigor 2960 Series 10 45 11 WAN gt gt General Setup Auto LOO Of x General Setup Quick Start Wizard J Edit 6 Refresh Online Status Profile Enable This Pt Description VLAN ID VLAN Tag Port IPv4 Proto
65. necessary If all above stages are done and the router still cannot run normally it is the time for you to contact your dealer for advanced help 5 1 Checking If the Hardware Status Is OK or Not Follow the steps below to verify the hardware status 1 Check if the power line and WLAN LAN cable connections is OK If not refer to 1 3 Hardware Installation for reconnection 2 Turn on the router Make sure the ACT LED blink once per second and the correspondent LAN LED is bright 1000 LNK 1000 1000 LNK 1000 LNK 1000 LNK 1000 Enk A A a A 1 GigaLAN gt 1 3 SFP 1 GigaWAN gt 1 aa ae 3 If not it means that there is something wrong with the hardware status Simply back to 1 3 Hardware Installation to execute the hardware installation again And then try again Vigor2960 Series User s Guide 273 Dr ay Te k 5 2 Checking If the Network Connection Settings on Your Computer Is OK or Not Sometimes the link failure occurs due to the wrong network connection settings After trying the above section if the link is stilled failed please do the steps listed below to make sure the network connection settings is OK For Windows The example is based on Windows XP As to the examples for other operation El systems please refer to the similar steps or find support notes in www draytek com 1 Goto Control Panel and then double click on Network Connections Webwork Connections 2 Right click on Local A
66. page Finish Click it to finish the configuration Cancel Click it to discard the settings configured in this page When you finished the above settings please click Finish Vigor2960 Series User s Guide 13 Dray Te k If PPTP is selected This mode lets user get the IP group information by a DSL modem with PPTP service from ISP Your service provider will give you user name password and authentication mode for a PPTP setting Click PPTP as the protocol Type in all the information that your ISP provides for this protocol If your ISP offers you PPTP Point to Point Tunneling Protocol mode please select PPTP for this router Next enter the settings provided by your ISP on the web page Reece Quick Start Wizard Step 2 PPTP Over Static s Server Address 0 0 0 0 Username Password IP Address 0 0 0 0 Subnet Mask 255 255 255 0 s Gateway IF Address Tint Optional Add H Save DNS Server IP Address DNS Server IP Address ee eee ee ee A Previous amp Finish lt Cancel Available parameters are listed as follows Item PPTP Over Dray Tek Description Usually ISP dynamically assigns IP address to you each time you connect to it and request In some case your ISP provides service to always assign you the same IP address whenever you request In this case you can fill in this IP address in the Fixed IP field Please contact your ISP before you want to use this function Static Static
67. red line which is created by OSPF Routing information for Vigor3900 A Diagnostics gt gt Routing Table gt gt Routing Table Routing Table Py Routing Table 45 Refresh Destination Gateway Genmask Flags hetric lface 192 168 4 0 192 168 3 3 755 255 255 0 lan lan 192 168 3 0 0 0 0 0 255 255 255 0 iJ 0 lan lan2 192 168 2 0 152 168 3 2 255 255 255 0 192 168 1 0 0 0 0 0 295 255 255 0 IJ 0 lan lant Routing information for Vigor3900 B Diagnostics gt gt Routing Table gt gt Routing Table Rowing Table IFv6 Routing Table gt Refresh Destination Gateway Genmask Flags Metric iface 192 166 4 0 192 168 3 3 255 255 255 0 lan lan2 192 168 3 0 0 0 0 0 255 295 255 0 U 0 lan lan2 192 166 2 0 0 0 0 0 255 255 255 0 U lan lant 192 168 1 0 192 168 3 1 255 255 255 0 lan lan2 Routing information for Vigor2960 Diagnostics gt gt Routing Table gt gt Routing Table Routing Table IPv6 Routing Table S Refresh Destination Gateway Genmask Flags Metric face 192 168 4 0 0 0 0 0 255 255 255 0 U 0 lan lan1 192 168 3 0 0 0 0 0 255 255 255 0 U 0 lan lan2 192 168 2 0 192 168 3 2 255 255 255 0 UG lan lan2 192 168 1 0 192 168 3 1 255 255 255 0 UG 20 lan lan2 g Vigor2960 Series User s Guide 31 Dray Te k 3 3 How to Configure LAN to LAN IPSec Tunnel between Vigor2960 and Other Router Here provides an example about LAN to LAN IPSec tunnel established between Vi
68. save the configuration and exit the dialog Click it to exit the dialog without saving the configuration 4 Enter all the settings and click Apply 5 A bandwidth limit profile has been created Bandwidth Management gt gt Bandwidth Limit Bandwidth Limit E35 Add Edt ff Delete GS Refresh GP Rename F Profile Enable This Profile Start IP End IP TX Limit RX Limit Band_limit_1 true 192 168 1 77 192 168 1 82 1024 1024 Vigor2960 Series User s Guide a Dray Tek 4 12 System Maintenance For the system setup there are several items that you have to know the way of configuration Status Administrator Password Configuration Backup Syslog Mail Alert Time and Date Access Control SNMP Setup Reboot System Firmware Upgrade and Upload Language File Below shows the menu items for System Maintenance System Maintenance TR 069 Administrator Password Configuration Backup Syslog Mail Alert Time and Date Access Control SNMP Setup Reboot System Firmware Upgrade 4 12 1 TR 069 This device supports TR 069 standard It is very convenient for an administrator to manage a TR 069 device through an Auto Configuration Server e g VigorACS Vigor2960 Series 09 36 26 System Maintenance gt gt TR 069 Auto Logout Off TR 069 F Enable This Profile ACS Server URL ACS Server Username ACS Server Password WAN Profile Port CPE URL httpursoeS cewmplcreg Periodic Status Disable Enable
69. the corresponding settings for the selected rule Remove the selected profile To delete a rule simply select the one you want to delete and click the Delete button Renew current web page Display the total number 16 of the object profiles to be created Display the name of the object profile Display the items under certain category that you choose to block for protecting the children Display the items under certain category that you choose to block Display the items under certain category that you choose to block Display the items under certain category that you choose to block Display the items under certain category that you choose to block Display the items under certain category that you choose to block How to create a new Web Category Object Profile l tab Open Objects Setting gt gt Web Category Object and click the Web Category Object Simply click the Add button Objects Setting gt gt Web Category Object gt Web Category Object Web Category Object yf Edit Child Protectior Leisure fp Add Profile Vigor2960 Series User s Guide Content Filter License M Delete 6S Refresh Business Chatti Mo items to show The following dialog will appear A Dray Tek Web Category Object Profile Chik Protection Leisure Business Chatting Computer Other WO 1 Alcohol And Tobacco 0w Spots Travel a Web Based Emaill s Chat w Botnets Hacking r
70. the remaining employees might have yet a different VLAN VLANs can also set up according to different company in the same building to save the money and reduce the device establishment User can select some ports to add into a VLAN group In one VLAN group the port number can be single one or more The purpose of VLAN is to isolate traffic between different users and it can provide better security application Dr ay Tek Vigor2960 Series 16 43 19 LAN gt gt 802 10 VLAN Auto Logout Off v 802 10 VLAN Quick Start Wizard onis Add DK Edit f Delete Refresh Profile Num VLAN ID Member Untag 10 LAN1 LAN2 LAN1 LAN2 General Setup IP Routing Static Route Bind IP to MAC RIP Configuration OSPF Configuration Each item will be explained as follows Item Description Add Add a new VLAN ID setting Edit Modify the selected VLAN ID setting To edit VALN ID setting simply select the one you want to modify and click the Edit button The edit window will appear for you to modify the corresponding settings for the Dray Te K 82 Vigor2960 Series User s Guide selected rule Delete Remove the selected VLAN ID setting To delete a VLAN ID setting simply select the one you want to delete and click the Delete button Refresh Renew current web page VLAN ID Display the VLAN ID number Member Display the LAN interface that is used to access into Internet for such LAN profile with the VLAN ID number Untag Display th
71. the selected profile To delete a rule simply select the one you want to delete and click the Delete button Refresh Renew current web page Profile Number Limit Display the total number 256 of the object profiles to be created Profile Display the name of the profile Interface Display the interface of the IP Object Address Type Display the address type single range or subnet for such profile Start IP Address Display the IP address of the starting point for such profile Vigor2960 Series User s Guide 121 Dray Te K Item End IP Address Subnet Mask Description Display the IP address of the ending point for such profile It will be joint with Start IP Address only when you choose Range as the Address Type Display the subnet mask for such profile How to create a new IP Object profile 1 Open Objects Setting gt gt IP Object 2 Simply click the Add button i Be IP Object fy add gt Edit f Delete Profile Interface fm EP Be ae G Refresh Address Type Start IP Addres Mo items to show 3 The following dialog will appear IP Object Profile Interface Address Type Start IP Address Subnet Mask IP_ object 1 SOUrCe Subnet w 192 168 10 255 255 255 0 y E Apply 9 Cancel Available parameters are listed as follows Item Profile Interface Dray Tek Description Type the name of such profile Determine the category any source or destin
72. 00 0000 0000 0000 0000 0000 0000 10 or 2000 10 DNS Set the private IP address for DNS server If this field is blank users on LAN will treat Vigor2960 as the DNS server Ta Add E Save DNS 2000 2 DNS Add Click it to add a new IP address for DNS server Save Click it to save the setting a W _ click the icon to remove the selected entry Apply Click it to save and exit the dialog Cancel Click it to exit the dialog without saving anything 3 When you finish the above settings please click Apply to save the configuration and exit the dialog 4 The LAN profile has been edited LAN gt General Setup gt gt DHCPy6 General Setup DHCP DHCP Relay RADVD DHCP y6 DE Edt Q Refresh Profile Enable This Profile Start IP End IP DNS lani true 2000 10 2000 ff 2000 2 Dray Te k 72 Vigor2960 Series User s Guide 4 2 2 IP Routing To make local device in LAN accessing into external network without passing NAT or let the remote device access into the local device without passing NAT behind the router please use IP routing function to complete the work Usually the local device might be assigned with a public IP address or an IP address with the same subnet as certain WAN When the local device tries to transmit the data packets out Vigor2960 will send it out through that certain WAN interface without passing through NAT Meanwhile remote device also can access the local device directly without any dif
73. 1 Bandwidth Management Below shows the menu items for Bandwidth Management aT anagement Incoming Class Incoming Filter Outgoing Class Outgoing Filter sessions Limit Bandwidth Limit The QoS Quality of Service guaranteed technology in the Vigor router allows the network administrator to monitor analyze and allocate bandwidth for various types of network traffic in real time and or for business critical traffic Thus timing sensitive applications will not be impacted by web surfing traffic or other non critical applications such as file transfer Without QoS guaranteed control there would be virtually no way to prioritize users services or guarantee allocation of finite bandwidth resources to network or servers for supporting timing sensitive and mission critical network applications such as VoIP Voice over IP and online gaming applications Differentiated quality of service is therefore one of the most important issues over the Internet infrastructure In Vigor router DSCP Differentiated Service Code Point support is also taken into consideration in the design of the QoS guaranteed control module The QoS function handles incoming and outgoing classes independently Users can configure incoming or outgoing separately without any impact on the other 4 11 1 Incoming Class Incoming Class Setup allows you to configure bandwidth percentage for data and voice signals transmission Click the Bandwidth Management option
74. 2 10 33689 fullecreen Tirneout ster 5 minuies Ettei Teo Vigor2960 Series User s Guide 23 Dray Te k 9 After that you can access into Windows 7 via a browser Note the message below the window In which TLS means Transport Layer Security Vigor SSL YEH RDP Application Google Chrome Pu Note If you are using Sun JRE 6 0 or newer versions Please go to the Java Control Panel and disable TLS 1 0 in Advanced gt gt Secunty option Windows mek Dray Tek 24 Vigor2960 Series User s Guide Troubleshooting If you have installed Java Runtime Environment edition 6 but still cannot establish the connection please make sure you have disabled Use TLS 1 0 in the Java Control Panel as figure shown below Then try to connect again Vigor2960 Series User s Guide Java Control Panel General Update Java Security Advanced EPDEsogaInig 1 4 Java console Java Plug in Shortcut Creation JNLF Filej MIME Association JRE Auto Download f h Security if Allow user bo grant permissions to signed content bee 4llow user bo grant permissions to content From an untrusted authority i Use certificates and keys in browser keystore bre Use personal certificate automatically if only one matches server reques e Warn if site certificate does not match hostname oi Show site certificate from server even if it is valid y Show sandbox warning banner iv Allow user bo acc
75. 3 ddns4 ddnss ddns6 dans ddnse ddnsg ddns10 Auto Refresh 10 Seconds e Status Domain Name Mot Connected Mot Connected Mot Connected Not Connected Mot Connected Mot Connected Mot Connected Mot Connected Mot Connected Mot Connected Wi i Each item will be explained as follows Item Refresh Auto Refresh Profile Status Domain Name Dray Tek Description Renew current web page Specify the interval of refresh time to obtain the latest status The information will update immediately when the Refresh button is clicked 10 Seconds r 10 Seconds 30 Seconds 1 Minute Disable Display the name of the DDNS Display the connection status of the DDNS server Display the domain name for the DDNS server 168 Vigor2960 Series User s Guide Setting This page allows you to configure DDNS server for your request Applications gt gt Dynamic DNS gt gt Setting Status Setting YE Edit GS Refresh Profile Enable This Prof WAN Profile Routing Policy Service Provider Service Type Domain Name ddns1 false want dyndns Dynamic ddns2 false want dyndns Dynamic ddns3 fakes want dyndns Dynamic ddna4 false want dyndns Dynamic ddns5 falze want dyndns Dynamic ddn false want dyndns Dynamic ddns false want dyndns Dynamic ddns false want dyndns Dynamic ddns9 false want dyndns Dynamic ddna10 false want dyndns Dynamic Each item will be explained as follows Item Edit Refresh Profile Enable Thi
76. 9 Cancel Available parameters are listed as follows Item Description Profile Use the drop down list to choose one of the WAN profiles for modifying want Fr want wanz IPv4 Protocol Use the drop down list to choose the type for the IPv4 protocol for such profile Static Static DHCP PPPOE PPTP Vigor2960 Series User s Guide 9 Dr ay Te k When you finish the above settings please click Next to go to next page 2 2 2 Step 2 Configuring the Selected Protocol This page will be changed according to the IPv4 Protocol Type selected on last page Pee rr rrr rr rere IP Address 0 0 0 Subnet Mask 255 255 255 0 e Gateway IP Address Ea Add E Save DNS Server IP Address If Static is selected If Static is selected the following screen will appear You can manually assign a static IP address to the WAN interface and complete the configuration by applying the settings and rebooting your router Please type in values for Static IP address Static Mask Static Gateway and Static DNS specified by your ISP and then click Next sae eesenseeneeeeneeeeseeneeeeneeenseees Step 2 IP Address 0 0 0 0 Subnet Mask 250 255 255 0 Gateway IP Address nant Optional C Add E Save DNS Server IP Address DNS Server IP Address a a ali T Previous LN E Finish Q Cancel Available parameters are listed as follows Item Description IP Address Type a public IP address for such WAN profile Subnet M
77. 960 Series User s Guide 2 Simply click the Add button SSL VPN gt SSL Application gt VNC VNC ROP fp add gt Edit jj Delete 6 Ref Profile IP Address Mo ite 3 The following dialog will appear VNC 2 Profile VAI 1 IP Address 192 168 1 Port 5900 Scaling 100 s Apply Cancel Available parameters are listed as follows Item Description Profile Type the name of the profile that you create IP Address Type the IP address for this protocol Port Specify the port used for this protocol The default setting is 5900 Scaling Chose the percentage 100 80 60 for such application Apply Click it to save the configuration Cancel Click it to exit the page without saving the configuration 4 Enter all the settings and click Apply Vigor2960 Series User s Guide 221 Dray Te k 5 Anew SSL Application profile has been created SSL VPN gt SSL Application gt gt VNC VNC ROP Sp Add 3 Edit fj Delete Refresh Profile IP Address Port Scaling VAC 1 192 168 1 36 5900 100 RDP RDP stands for Remote Desktop Protocol It allows you to access and control a remote PC through RDP protocol SSL VPN gt gt SSL Application gt gt RDP vic RDP ra Add EN Edit T Delete Gh Refresh Profile Number Limit 10 Profile IP Address Port Screen Size Mo tems to show Each item will be explained as follows Item Description Add Add a new profile Edit Modify the selected profile
78. 960 Series User s Guide How to download a local certificate into specified location Vigor router allows you to generate a certificate request and submit it the CA server After generating a local certificate you can download it as a file into any place you want If you have already gotten a certificate from a third party you may import it directly The supported types are PKCS12 Certificate and Certificate with a private key 1 Open Certificate Management gt gt Local Certificate 2 Click the Download button BERO Tr A Hea Tae AF KESE te Ae HM Foot C ae HELAS e25 FEM 8R pem a 3 Click Save The file will be stored under the folder you specified above How to upload a local certificate 1 Open Certificate Management gt gt Local Certificate 2 Click the Browse button to import a CA file stored on the computer as the certification information Hi GDovibts OM Root C pem B ew BON LASS SRU MERR v O Lie TRS 3 Click Open for the selected CA file 4 Click Upload The system will start to upload the selected file Vigor2960 Series User s Guide 215 Dr ay Tek 4 9 2 Trusted CA Certificate This page allows you to build a RootCA certificate for Vigor2960 RootCA can be deleted but not edited If you want to modify the settings for a RootCA please delete the one and create another one by clicking Build RootCA gt Dray Tek Vigor 2960 Series 15 34 19 Login Admin
79. AS MAC BIOCK a a nee E E a ee 118 A ODISE Sell es E E T A ean es scoe 120 Vigor2960 Series User s Guide v Dray Te k ABA IP ODjOCt ccesceccccesececsecsesecsecsesecsesecsececsucsesersucsesucsusecsusssatsucsesatsucetsasstsatsesetstsetsetstsstseestseees 121 ES 2A AOU o E T E ET E A E ENEE E sales E O ANE EEE E 124 4 5 3 Service Type ODJeCt cccccccssssssseceeeeccceeeesseeceeecceeeasseeeeeceeeeeaueeeeeeesssseaaageeeeeessseeaaseeeeeeess 126 4 5 4 Service TYPO Group ccccccccccssssssecceeeeeeeeeeeeeeceeeeeceaeeeeeeeeeeeseeeeeseeeeeeeesseeaeeeeeeesssaaaseseeesenees 128 4 5 5 Keyword ODjeCt ccccccssscceecccceeessseececceeeeusseeceeeceeeeaauseeeeeeceseeaaaseeeeeeessaaageceeeesssssauseeeseeeeess 131 4 5 6 Keyword 100 0 eee 133 4 5 7 File Extension ODJ Ct ccccccccssssssccceeeecseeeeeceeeeeeeaeessseeeeeeeseeeeeseeeeeeeeseeaseeeeeeeessseaageeeessenes 135 4 5 8 IM Object 138 Ao OP OG eae cece sees scape adernce seen E E E RER 141 4 5 10 Protocol 6 eee 143 4 5 11 Web Category Object ccccccccceeeeeeeeeeeeeeseeeeeeeeeeeeeeeeeseseeaeeeeessesseaseeeeeeessssaaeeeeeeeeess 145 aale TINED E ee en eee ee ee ee 150 ANS VWI CAP OUD sie cere vectra eter ace sat ta taro ett ore E acinar ate eine E E E 152 4 6 User Manageme nt ccccccssssececccessececcceeeeecceeeeceeeseeuseeeecseauseceeeseaasececessaaeecessssaeeeessnsaaeeeess 154 40 STC Tel o eUD esnea E noconcisneaasauendeaucuies ssaucleseeceeeupesew
80. Address Mask 0 l U U Source Port Enable Source Port Start Source Port End Destination IP Address Destination IP Address Destination port Enable Destination Port Start Destination Port End Enable Disable T T T T Mask 0 T 0 0 0 Enable Disable H Apply J Cancel 230 Vigor2960 Series User s Guide Available parameters are listed as follows Item Description Filter Rule Policer Drop Reserved IP Protocol Source IP Address Source IP Address Mask Source Port Enable Source Port Start Source Port End Destination IP Address Destination IP Address Mask Destination port Enable Destination Port Start Destination Port End Apply Vigor2960 Series User s Guide Display the profile name of the filter rule Choose the QoS Policer profile to apply to such filter rule no rate_contral no rate control Incoming classu incoming class Choose Enable to discard the packets which satisfy the condition of the filter rule Choose Enable to keep the packets which satisfy the condition of the filter rule even the system is busy When both Drop and Reserved are set to Enable the priority of Drop is higher than Reserved Choose a protocol for such filter rule Mone me Mone MP la MF TOF UDF Type the source IP address for such incoming filter rule Type the mask address for the source IP address Choose Enable to res
81. Category Object Content Filter License Q Add X Edit im Delete G9 Refresh Profile Number Limit 16 Profile Child Protectior Leisure Business Chatting Computer Other IP Object No items to show IP Group Service Type Object Service Type Group Keyword Object Keyword Group Lilt File Extension Object IM Object P2P Object Protocol Object Web Category Object Time Object m Time Group Note Web Content Filter WCF is not a built in service of Vigor router but a service powered by Commtouch If you want to use such service trial or formal edition you have to perform the procedure of activation first For the service of formal edition please contact with your dealer distributor for detailed information Web Category Object Objects Setting gt gt Web Category Object gt Web Category Object Web Category Object Content Filter License Sy Add Sf Edit f Delete GS Refresh Profile Chill Protectior Leisure Business Chatting Computer Other Mo items ta show E m liw Each item will be explained as follows Dray Te k 146 Vigor2960 Series User s Guide Item Add Edit Delete Refresh Profile Number Limit Profile Child Protection Leisure Business Chatting Computer Other Description Add a new profile Modify the selected profile To edit a profile simply select the one you want to modify and click the Edit button The edit window will appear for you to modify
82. D On Green Off Left LED Green GigaLAN 1 2 3 4 ff Blinking Right LED On Green Off Dray Tek Explanation The router is powered on and running normally The router is powered off The profile s of CSM Content Security Management for IM P2P URL Web Content Filter application can be enabled from Firewall gt gt General Setup Such profile must be established under CSM menu The VPN tunnel is active No VPN tunnel is active The DoS DDoS function is active It will blink while deleting an attack The WANI or WAN2 connection is ready It will blink while transmitting data The QoS function is active The QoS function is disabled The USB device is connected and ready for use The data is transmitting The port is connected The port is disconnected The data is transmitting The port is connected with 1000Mbps The port is connected with 10 100Mbps The port is connected The port is disconnected The data is transmitting The port is connected with 1000Mbps The port is connected with 10 100Mbps Vigor2960 Series User s Guide Connectors ACT Des QoS Coe WANT USE Factory VEN WAM USEJ Ferari Interface Factory Reset GigaWAN 1 2 GigaLAN 1 2 3 4 USB1 2 Vigor2960 Series User s Guide Description Restore the default settings Usage Turn on the router ACT LED is blinking Press the hole and keep for more than 5 seconds When you see the
83. Data Flow Monitor E External Devices Product Registration Each item will be explained as follows Item Description Refresh Renew the web page Source Display the source IP address and port of local PC Destination Display the destination IP address and port of remote host WAN Display the WAN interface used Protocol Display the protocol of such NAT session used State Display the actual state of the TCP connection TTL Display how long the conntrack entry has to live Dray Te k 266 Vigor2960 Series User s Guide 4 13 5 Traffic Graph Click Diagnostics and click Traffic Graph to pen the web page Specify LAN and WAN profiles to display corresponding graphs for CPU Memory LAN and WAN configurations Click Refresh to renew the graph at any time Dray Tek Vigor 2960 Series Login Admin Diagnostics gt gt Traffic Graph gt gt Setup Off i e Setup i Memory Enable This Profile LAN WAN Routing Table ARP Cache Table DHCP Table NAT Session Table Web Console Ping Trace Route Data Flow Monitor External Devices Product Registration Each item will be explained as follows Item Description Setup In this page simply specify which LAN profile and WAN profile will be applied The traffic graph will be drawn based on the profiles selected Enable This Profile Check this box to enable such profile LAN Use the drop down menu to choose a LAN profile WAN Use the drop down menu to choose a WAN pro
84. Description Profile Display the name of such profile Enable This Profile Check this box to enable such profile Auth Type The authentication to be used by Pre Shared Key or RSA Signature Choose PSK or RSA for such profile Vigor2960 Series User s Guide 183 Dray Te k Dray Tek Certificate Presared Key Security Protocol WAN Profile Local IP Subnet Mask Local Next Hop Remote Host Remote IP Subnet Mask More Remote Subnet Local GRE IP Remote GRE IP Previous Finish Cancel Choose a local certificate from the drop down list Type a pre shared key for authentication if PSK is selected as Auth Type Choose ESP to specify the IPSec protocol for the Encapsulating Security Payload protocol The data will be encrypted and authenticated Choose AH to specify the IPSec protocol for the Authentication Header protocol The data will be authenticated but not be encrypted Choose a wan profile to be used by such profile Type the IP address and subnet mask of local host Specify the gateway for WAN interface Usually use the default setting leave it in blank Type the WAN IP address for the remote host Type the LAN IP address and LAN subnet mask for the remote host Add more remote subnet in this field if required The virtual IP address of the router specified for this tunnel The virtual IP address of the remote client specified for this tunnel Back to the previous page Save the
85. Enable This Pro Destination IP A Prefix Length Hexthop WAITLLAN Profil Metric Mo tems ta show Each item will be explained as follows Item Description Add Add a new static route setting Edit Modify the selected static route setting To edit static route setting simply select the one you want to modify and click the Edit button The edit window will appear for you to modify the corresponding settings for the Dray Te k 78 Vigor2960 Series User s Guide selected rule Delete Remove the selected static route setting To delete a static route setting simply select the one you want to delete and click the Delete button Refresh Renew current web page Rename Allow to modify the selected profile name Profile Display the name of such static route Enable This Profile Display the status of the profile False means disabled True means enabled Destination IP Address Display the IP address for such static route profile Prefix Length Display the prefix length of the profile Nexthop Display the nexthop address for such static route profile WAN LAN Profile Display the subnet LAN or WAN profile of the gateway Metric Display the distance to the target How to add a new IPv6 Static Route profile 1 Open LAN gt gt Static Route and click the IPv6 Static Route tab 2 Click the Add button LAH gt Static Route gt gt IPv Static Route Static Rote IPv Static Route Inter L4h Route Sp add J eat ff Delete
86. GH Refresh G Rename Profile Enable This Pro Destination IP A Prefix Length Mo tems to sho 3 The following dialog will appear Vigor2960 Series User s Guide 79 Dr ay Te k IPw6 Static Route Profile Enable This Profile Destination IP Address Prefix Length Nexthop WAR LAN Profile Metric V6_New_Control f630 250 1212 00 f7 6600 30 fee0 250 1212 00 f7P6666 lan ae 20 Optional m Apply Ea Cancel Available parameters are listed as follows Item Description Profile Name Type the name of the static route profile Enable This Profile Check this box to enable such profile Destination IP Type the IP address for such static route profile Address Prefix Length Type the prefix length for such profile Nexthop Type the nexthop address for such static route profile WAN LAN Profile Choose one of the LAN WAN profiles of the gateway for such static route Metric Type the distance to the target usually counted in hops Apply Click it to save and exit the dialog Cancel Click it to exit the dialog without saving anything 4 Enter all the settings and click Apply The new profile will be added on the screen LAN gt gt Static Route gt gt IPv6 Static Route C3 Add DK Edt fff Delete GS Refresh Q Rename Profile Enable Destination IP Address Prefix L Nexthop WARILA MI V6_Ne true fe80 250 1212 00TF 6800 30 f680 250 1212 00776666 lant 0 80 Vigor2960 Series User s Guide
87. Guide Weight Display the weight of the QoS queue How to edit the outgoing queue 1 5 weight for the QoS policer The bandwidth of the whole network traffic is dispatched according to the weight setting configured in Queue 1 5 Weight For example the weight value for queue is set to 5 for queue 2 is 4 for queue 3 is 3 for queue 4 is 2 and for queue 5 is 1 Then session of queue 1 will have the largest bandwidth for it occupies largest weight 5 5 4 3 2 1 1 Open Bandwidth Management gt gt Outgoing Class and click the Queue 1 5 Weight tab 2 Choose one of the profiles and click the Edit button Total Rate Control Class Rate Control Queue 1 5 Weight ye Edit amp Refresh QoS Queue Wietglit low _queue_4 0 low _queue_4 0 low_queue_3 0 3 The following dialog will appear Queue 1 5 Weight j QoS Queue low queue 4 H Apply 9 Cancel Available parameters are listed as follows Item Description QoS Queue Display the name of the QoS queue Weight Type the weight of queues in bytes range from 0 to 1000000 Apply Click it to save the configuration and exit the page Cancel Click it to exit the page without saving the configuration 4 Enter all the settings and click Apply The outgoing queue 1 5 weight for QoS Policer has been modified Vigor2960 Series User s Guide 237 Dray Te k Total Rate Control Class Rate Control Queue 1 5 Weight YE Edit amp Refresh QoS Queue Weight low queue 4 25 low queue 4 0
88. IP address for the filter Service Type Display the protocol used for such filter Queue Number Display the queue number that such filter is categorized How to add an outgoing filter for the QoS policer 1 Open Bandwidth Management gt gt Outgoing Filter 2 Simply click the Add button Bandwidth Management gt gt Outgoing Filter Outgoing Fitter fy Add gt Edt ff Delete GS Refresh GB Rene Profile Enable This Profi Source IP Destination Mo items to show 3 The following dialog will appear Profile gt Profile Gut filt_1 J Enable This Profile Source IP IPF_object_1 TEE ape ae D Serice Type Any ia EE Queue Number 0 Apply G9 Cancel Available parameters are listed as follows Item Description Profile Type the name of the filter profile Enable This Profile Check this box to enable such profile Source IP Type the source IP address with subnet mask value to be applied for this filter Destination IP Type the destination IP address with subnet mask value to be applied for this filter Vigor2960 Series User s Guide 239 Dray Te k Service Type Choose one of the service types from the drop down list If you want to create a new Service type simply click D to open the following dialog Profile f Profile for_out_filter Protocol TCP Source Port Start 1 Source Port End 65535 Destination Port Start 1 Destination Port End 65535 Gs xdd Cancel Profile ty
89. LAN IP address and LAN subnet mask for the remote host More Remote Subnet Add more remote subnet in this field if required Apply Click it to save the configuration Cancel Click it to exit the page without saving the configuration Dray Te k 194 Vigor2960 Series User s Guide 4 After filling the required information for Basic click the Advanced tab to open the following page IPSec Profile J Enable This Profile Type Basic Advanced Aggressive Mode Local Peer ID Remote Peer ID Phase Key Life Time Phase Key Life Time L L1 1IPSec PPTP Dial Out PPTP Dial In GRE Proposal Enable Disable Optional Optional 28000 3600 Perfect Forward Secrecy Status Enable Disable Dead Peer Detection Status Enable Disable i DPO Delay 30 H Apply amp Y Cancel Available parameters are listed as follows Item Aggressive Mode Local Peer ID Remote Peer ID Phase 1 Key Life Time Phase 2 Key Life Time Perfect Forward Secrecy Status Dead Peer Detection Status DPD Delay Vigor2960 Series User s Guide Description Enable Click it to enable Aggressive Mode Disable Click it to disable Aggressive Mode Type the ID for Vigor2960 which can be configured by the remote end It is available for Aggressive Mode enabled only Peer ID is on behalf of the IP address while identity authenticating with remote VPN server
90. P IPSec Tunnel and L2TP by itself or over PSec and corresponding security methods etc The router supports up to 200 VPN tunnels simultaneously The following figure shows the summary table Dray Tek Auto Logout SMin y Quick Start Wizard Online Status VPN Client Wizard VPN Server Wizard Remote Access Control PPP General Setup IPSec General Setup VPN TRUNK Management Connection Management Vigor2960 Series 16 48 06 Login Admin E VPN and Remote Access gt gt VPN Profiles VPN Profiles Qy Add DK Edt ff Delete G9 Refresh IPSec O PPTP Dial Out PPTP Dial in Profile Number Limit 200 Enable This Profile Local IP Subnet Mask Remote IP Subnet Mas More Remote Subnet true 192 168 1 0 24 0 0 0 0 32 Each item will be explained as follows Item Add Edit Delete Refresh IPSec PPTP Dial out PPTP Dial in Profile Enable This Profile Dray Tek Description Add a new profile Modify the selected profile To edit a profile simply select the one you want to modify and click the Edit button The edit window will appear for you to modify the corresponding settings for the selected profile Remove the selected profile To delete a profile simply select the one you want to delete and click the Delete button Renew current web page Display the LAN to LAN profile with IPSec policy Display the LAN to LAN profile with PPTP Dial out policy Display the LAN to LAN profile with PPTP Dial
91. PN and Remote Access gt gt IPSec General Setup Auto Logout 5Min A IPSec General Setup Quick Start Wizard Caina dinten Preshared Key WAN Profile want y DHCP LAN Profile lan1 v IKE Port 500 NAT T Port 4500 IPSec MSS 1360 GRE over IPSec MSS 1360 VPN Client Wizard VPN Server Wizard Remote Access Control PPP General Setup VPN Profiles VPN TRUNK Management Connection Management H Apply Q Cancel Available parameters are listed as follows Item Description Preshared Key Specify a key for IKE authentication Confirm Pre Shared Key Retype the characters to confirm the pre shared key WAN Profile Choose the WAN interface profile s to be used DHCP LAN Profile Choose one of the LAN profiles for VPN IKE Port Type the UDP port number for Internet Key Exchange IKE traffic to the VPN server NAT T Port Type the UDP port number for IPSec network address translator traversal NAT T traffic IPSec MSS Type the port number for IPSec MSS GRE over IPSec MSS Type the port number for GRE over IPSec MSS Apply Click it to save the configuration Cancel Click it to discard the settings configured in this page Vigor2960 Series User s Guide 191 Dray Te K 4 8 6 VPN Profiles Here you can manage LAN to LAN connections by maintaining a table of connection profiles You may set parameters including specified connection direction dial in or dial out connection peer ID connection type VPN connection including PPT
92. RP table of this router The information for IP and MAC will be displayed in this field Each pair of IP and MAC address listed in ARP table can be selected and added to IP Bind List by clicking Move on IP Bind List Display the IP address of one device Display the MAC address of the device It allows you to add one pair of IP MAC address and display on the table of IP Bind List i Dray Tek Edit It allows you to edit and modify the selected IP address and MAC address that you create before Delete You can remove any item listed in IP Bind List Simply click and select the one and click Delete The selected item will be removed from the IP Bind List Select All Choose all of the selections at one time Refresh It is used to refresh the ARP table When there is one new PC added to the LAN you can click this link to obtain the newly ARP table information Refresh Renew current web page Bind Table It displays a list for the IP bind to MAC information Profile Display the name of the profile IP Address Display the IP address specified for the profile MAC Display the MAC address specified for the profile How to configure Bind IP to MAC 1 Open LAN gt gt Bind IP to MAC 2 Use the drop down Mode menu to specify a suitable mode LAN gt Bind IP to MAC Bind IP to MAC Mode Enable v SelectAll W Move Disable ARP Ta ohle IP Strict_ Bind lress 1927 1466 1 1F ech 4e da 48 79 There are three modes offered for yo
93. Rename Profile Enable This Profile WAH Profile LAH Profile IF Mask Routingtest1 true wand land 192 168 1 34 255 255 255 0 4 2 3 Static Route When there are several subnets in LAN a more effective and quicker way for connection is static route rather than other methods Simply set rules to forward data from one specified subnet to another specified subnet Dray Tek Vigor2960 Series 11 51 17 Login Admin LAN gt gt Static Route gt gt Static Route Auto Logout Off een Quick Start Wizard E LAN No items to show General Setup IP Routing Static Route Switch Bind IP to MAC RIP Configuration OSPF Configuration NAT Q Add DK Edt ff Delete G9 Refresh GB Rename Profile Num Profile Enable This Pro Destination IP A Subnet Mask Gateway WAN LAN Profile Metric Firewall Objects Setting User Management Applications VPN and Remote Access Certificate Management SSL VPN Bandwidth Management System Maintenance 4 m gt Diagnostics Vigor2960 Series User s Guide e Dray Te k Dray Tek Static Route LAN gt Static Route gt gt Static Route Cy Add J Edt Profile fl Delete Enable This Pro Destination IP A Subnet Mask GS Refresh GP Rename Profile Num Gateway WAN LAN Profile Metric No tems to show mM i Each item will be explained as follows Item Add Edit Delete Refresh Rename Profile Enable This Profile
94. Route Load Balance 4 1 1 General Setup This section will introduce some general settings of Internet and explain the connection modes for WAN profiles in details This router supports multi WAN function It allows users to access Internet and combine the bandwidth of the WAN profiles to speed up the transmission through the network Each WAN port can connect to different ISPs even 1f the ISPs use different technology to provide telecommunication service such as DSL Cable modem etc If any connection problem occurred on one of the ISP connections all the traffic will be guided and switched to the normal communication port for proper operation Dray Tek Vigor 2960 Series 14 21 32 Login Admin gt DrayTek WAN gt gt General Setup 5M asinine as General Setup Guiick Start Wizard pee eee YK Edt GS Refresh Online Status i Profile Enable This Pr Description VLAN ID VLAN Tag Port IPv4 Protocol IPv6 Protocol a Eanna sae want true 10 Disable WAN1 DHCP Link Local Default Route wan2 true 11 Disable WAN2 Static Link Local Load Balance External Devices Product Registration Each item will be explained as follows Item Description Edit Modify the selected WAN profile To edit a profile simply select the one you want to modify and click the Edit button The edit window will appear for you to modify the corresponding settings for the selected rule Refresh Renew current web page Profile Display t
95. Settings Create New VPN Profile Profile Status No items to show Ul VPN Client Wizard VPN Server Wizard Remote Access Control PPP General Setup IPSec General Setup LAN to LAN VPN TRUNK Management _ Connection Management wpe ay W gt Next E cance lt Vigor2960 Series User s Guide 177 Dray Te k How to create LAN to LAN profile for VPN client dial out 1 Open VPN and Remote Access gt gt VPN Client Wizard 2 The following dialog will appear VPN and Remote Access Step 1 Type PPTP IPSec VPN Settings Via Select From Current Settings Create New VPN Profile Profile Status Mo items to show amp Next EJ Cancel Available parameters are listed as follows Item Description Type Specify which protocol PPTP or IPSec will be used for such VPN profile VPN Settings Via Select From Current Settings Current VPN LAN to LAN profiles will be listed below such setting Choose the one you need Create New VPN Profile It allows you to create a new VPN LAN to LAN profile Simply type the name in the field of Profile Name The field of Profile Name is available only when you click this setting Dray Te k 178 Vigor2960 Series User s Guide 3 Specify the type Click Create New VPN Profile and type the name of the profile Then click Next VPN and Remote Access Step 1 Type PPTP CoiPSec VPN Settings Via Select From Cur
96. Status EPEN rer Server IP 127 D D 1 Server Port 514 Router Name Vigor Optional Firewall Log Enable Disable A VPN Log Enable Disable q User Access Log Enable Disable WAN Log Enable Disable Others Log Enable Disable TR 069 Administrator Password Configuration Backup Syslog Mail Alert Time and Date s Access Control oo SNMP Setup E Apply Cancel Bahoant Quetom w Syslog Access Setup To configure settings for Syslog open System Maintenance gt gt Syslog Mail Alert and click the Syslog Access Setup tab System Maintenance gt gt Syslog Mail Alert gt gt Syslog Access Setup Syslog Access Setup Syslog File hail Alert d Status Local x Server IP 127 o lo 1 Server Port 514 Router Name Vigor Miptional Firewall Log Enable Disable VPN Log Enable Disable User Access Log Enable Disable WAN Log Enable Disable Others Log Enable Disable E Apply Cancel Available parameters are listed as follows Dray Te k 250 Vigor2960 Series User s Guide Item Description Status Choose one of the selections to determine current status for Syslog access If you choose Local as Status you don t need to type any server IP and port Just give a name for the router Disable bd Disable Remote Local Bath Server IP Type the IP address of the Syslog server
97. This information is helpful in diagnosing network problems such as IP address conflicts etc Click Diagnostics and click DHCP Table to open the web page Dray Tek Vigor 2960 Series 13 52 20 Login Admin Diagnostics gt gt DHCP Table Auto Logout Off G Refresh IP Address Start Date Start Time End Date End Time Mac Address No items to show Routing Table ARP Cache Table DHCP Table NAT Session Table Traffic Graph Web Console Ping Trace Route Data Flow Monitor External Devices Product Registration Each item will be explained as follows Item Description Refresh Renew the web page IP Address Display the IP address of the static DHCP server Start Date Display the starting date that DHCP server is activated Start Time Display the starting time that DHCP server is activated End Date Display the end date that DHCP server is closed End Time Display the end time that DHCP server is closed Mac Address Display the MAC address of the static DHCP server Vigor2960 Series User s Guide 265 Dray Te k 4 13 4 NAT Session Table This table can display about 30000 sessions with 20 pages Dray Tek Vigor 2960 Series 13 52 59 Login Admin Diagnostics gt gt NAT Session Table a since ery as i G Refresh sone Source Destination WAN Protocol State TTL ei Aarne na N ae Routing Table ARP Cache Table E DHCP Table NAT Session Table Traffic Graph Web Console Ping Trace Route
98. age Dray Tek When you finished the above settings please click Finish Later you can surf the Internet at any time Quick Start Wizard Step 2 Host Name wigor2960 Optional saving Wizard Configuration a Previous A oO i Cancel When the following screen appears it means you have finished the Quick Start Wizard configuration Note Pi i Wizard Setting Complete Sy OK Dray Tek 16 Vigor2960 Series User s Guide 2 3 Register Vigor Router Please follow the steps below to register the router 1 Before using such function please register your router online first Log into the web configurator of Vigor2960 and click Product Registration Reboot System Firmware Upgrade Product Registration 2 A Login page will be shown on the screen Please type the account and password that you created previously And click Login Please take a moment to register Membership Registration entitles you to upgrade firmware for your purchased product and receive news about upcoming products and services LOGIN UserName Auth Code texhdd txxhdd If you cannot read the word click here Forgotten passwaed Coan Don t have a My igor Account Create an account now Become the Myviger member you can receive fhe e newsleffer update Vigor2960 Series User s Guide 17 Dray Te k 3 Dray Tek The following page wil
99. anagement gt gt Incoming Class gt Class Rate Control Total Rate Control Class Rate Control YE Edit GS Refresh QoS Policer Mode Rate incoming classo Disable 0 incoming class Enable 15 4 11 2 Incoming Filter There are 30 filter rules for incoming data that can be configured in such page Dray Tek Vigor 2960 Series 11 25 49 Login Admin Bandwidth Management gt gt Filter Rule Auto Logout Off Each item will be explained as follows Item Edit External Devices b Description Modify the selected policy Filter Rule ee 5g piee Online Status x a Filter Rule Policer Drop Reserved Sani es filter_rule_0 no_rate_contro Disable Disable E ONT fiter_rule_1 no_rate_contro Disable Disable o Firewall OOo filter_rule_2 no_rate_contro Disable Disable _ Objects Setting fiter_rule_3 no_rate_contro Disable Disable User Management filter_rule_4 no_rate_contro Disable Disable Applications gt fiter_rule_5 no_rate_contro Disable Disable and Remote Access filter_rule_6 no_rate_contro Disable Disable rertific fiter_rule_7 no_rate_contro Disable Disable lt filter_rule_ amp no_rate _contro Disable Disable ion rae it ananernment fiter_rule_9 no_rate_contro Disable Disable Incoming Class filter_rule_10 no_rate_contro Disable Disable filter_rule_11 no_rate_contro Disable Disable Outgoing Class filter_rule_12 no_rate_contro Disable Disable Outgoi
100. and Connection on Router on Windows XP Network Connections will appear The connection status and control status will be able to be activated The NAT Traversal of UPnP enables the multimedia features of your applications to operate This has to manually set up port mappings or use other similar methods The screenshots below show examples of this facility Dray Tek 174 Vigor2960 Series User s Guide Address amp Network Connections Broadband gt gt Network Tasks IP Broadband Connection on Router Status PE General AA 2 ci hinet E Create a new connection oe Disconnected 9 Set up a home or small m WAN Miniport PPPOE Internet Gateway office network Status Connected Dial up Duration 00 19 06 See Also TA ii Speed 100 0 Mbps va Disconnected 1 Network Troubleshoot JL Network Troubleshooter di i DrayTek ISDN PPP Rani Internet Internet Gateway My Computer Other Places Internet Gateway wd a ya G Control Panel IP Broadband Connection on lt Router 4 My Network Places sane Packet Eo My Documents Sent 404 fad ig My Computer Recened 1 115 EBG _ LAN or High Speed Internet Local rea Connection Enabled mee Realtek RTL139 810x Family Details Network Connections System Folder The UPnP facility on the router enables UPnP aware applications such as MSN Messenger to discover what are behind a NAT router The application will also learn the
101. and choose Incoming Class Dray Tek Vigor 2960 series well Bandwidth Management gt gt Incoming Class gt gt Total Rate Control wisi al z Total Rate Control Class Rate Control Quick Start Wizard Online Status Mode OEnable Disable Rate 0 Kbps Mbps Incoming Class Incoming Filter Outgoing Class Outgoing Filter Sessions Limit Bandwidth Limit E Apply Cancel Cvtarnal Nm icne Vigor2960 Series User s Guide 225 Dray Te k Total Rate Control This page can set the total rate of incoming data for the QoS policer Bandwidth Management gt Incoming Class gt gt Total Rate Control Total Rate Control Class Rate Control Mode Enable 0 Disable Rate 0 Kbps O Mbps E Apply 9 Cancel Available parameters are listed as follows Item Description Mode Click Enable to enable such function Rate Type the number as the total transmission rate for the incoming data Apply Click it to save the configuration Cancel Click it to discard the settings configured in this page Dray Te k 226 Vigor2960 Series User s Guide Class Rate Control This page allows you to edit the incoming class rate for the QoS policer Bandwidth Management gt Incoming Class gt gt Class Rate Control YE Edit GS Refresh Qos Policer Mode Rate incoming_clasa0 Disable 0 incoming clazs1 Disable 0 Each item will be explained as follows Item Description Edit Modify the selected policy To edit a pro
102. ask Choose the static mask from the drop down list Dray Te K 10 Vigor2960 Series User s Guide Gateway IP Address Type a public gateway address for such WAN profile click it to remove the IP address if you are not satisfied with it DNS Server IP Add Click this button to display the IP address field for Address adding a new IP address Type the IP address on the tiny boxes one by one Add E Save DNS Server IP Address INS Server IP Address 4 5 95 1 1l il Save After finished the IP address configuration click Save to save the setting onto the router 3 Add E Save DNS Server IP Address 168 95 1 1 ii ll _ Click the icon to remove the selected entry Previous Click it to return to previous setting page Finish Click it to finish the configuration Cancel Click it to discard the settings configured in this page When you finished the above settings please click Finish Vigor2960 Series User s Guide 11 Dray Te k If DHCP is selected DHCP allows a user to obtain an IP address automatically from a DHCP server on the Internet If you choose DHCP mode the DHCP server of your ISP will assign a dynamic IP address for Vigor2960 automatically It is not necessary for you to assign any setting Host Name is required for some ISPs Quick Start Wizard Step 2 Host Name Optional w Previous Ly oO Finish E Cancel Available parameters are listed as follows Item Description Host Name Opt
103. assign an IP address for remote dial in user from such IP range How to edit a LAN profile for DHCP l Dray Tek Open LAN gt gt General Setup and click the DHCP tab General Setup DHCP DHCP Relay RADD DHEF YE J Edt G4 Refresh Profile Enable Thi Start IP Ena IP DHS Routers Lease Tim Specify Re Remote Di Remote Di land true 192 166 1 192 166 1 168 95 1 1 6400 Disable 192 166 1 192 168 1 lantest true 0 0 0 10 0 0 0 195 a6400 Disable 000196 00 0 245 following dialog DHCP Profile Enable This Profile Start IP End IF DNS Routers Lease Time Specify Remote Dial in IP Remote Dial in Start IP Remote Dial in End IP lani 168 1 192 168 1 195 Ca Add E Save DHS No items to show Hi Optional 26400 Seconds Enable Disable 192 168 1 156 192 168 1 245 E Apply Available parameters are listed as follows 64 Choose one of the LAN profiles by clicking on it and click the Edit button to open the a Cancel Vigor2960 Series User s Guide Item Profile Enable This Profile Start IP End IP DNS Routers Lease Time Specify Remote Dial in IP Remote Dial in Start IP Remote Dial in End IP Apply Cancel Description Display the name of the LAN profile Check this box to enable this profile Set the starting IP address of the IP address pool for DHCP server Set the ending IP address of the IP address pool for DHCP server Set t
104. ation of this IP object If an IP object is set to Source it will only appear in the field of Source IP on Firewall gt gt IP Filter Rule SOURCE m Any SOURCE Destination 122 Vigor2960 Series User s Guide Item Address Type Start IP Address End IP Address Subnet Mask Apply Cancel Description Choose the address type Single Range Subnet for such profile Range nw single Range Subnet Type the IP address of the starting point for such profile Type the IP address of the ending point for such profile if you choose Range as Address Type Use the drop down list to choose the subnet mask for such profile if you choose Subnet as Address Type Click it to save and exit the dialog Click it to exit the dialog without saving anything 4 Enter all the settings and click Apply 5 Anew IP object profile has been created Objects Setting gt gt IP Object IP Object T gt Add SH Edit f Delete Refresh Profile Interface Address Type Start IP Addres End IP Address Subnet Mask IP_object_1 Source Subnet 192 168 1 78 255 255 255 0 CRM server Destination Single 172 16 1 1 Vigor2960 Series User s Guide 7 Dray Tek 4 5 2 IP Group To manage conveniently several IP object profiles can be grouped under a group Different IP group can contain different IP object profiles gt Dray Tek Vigor2960 Series 14 32 36 Login Admin gt Objects Setting gt gt IP Group Auto Logout Off v Ad
105. ations click Reboot Reboot with Customized Click it to reboot the router using the current configuration Configurations only the configuration settings listed and selected below If you choose this option Select Config File will be available for you to select O Reboot with Current Configurations Reboot Option O Reboot with Factory Default Configurations Reboot with Customized Configurations Select Config File lan_wan_profile wan w lan wan_ profile g load balance wan vlan lan_vlan switth mirror Static_route ipbind mac naor rodirort IASG iil Vigor2960 Series User s Guide 257 Dray Te k After choosing the configuration files click Reboot Reboot Click this button to execute the rebooting job 4 12 9 Firmware Upgrade The following web page will guide you to upgrade firmware by using such page Download the newest firmware from DrayTek s web site or FTP site The DrayTek web site is www DrayTek com or local DrayTek s web site and FTP site is ftp DrayTek com Click System Maintenance gt gt Firmware Upgrade Dray Tek Vigor 2960 Series 10 24 11 System Maintenance gt gt Upgrade Firmware iii dia OT Upgrade Firmware Current Firmware Version 1 0 5RC7 Select File Browse TR 069 Administrator Password Configuration Backup Syslog Mail Alert Time and Date Access Control SNMP Setup Reboot System Firmware Upgrade External Devices Upgrade Pro
106. ber IP Object No items to show IP Group Service Type Object Service Type Group Keyword Object Keyword Group File Extension Object IM Object Protocol Object Web Category Object Time Object Time Group Each item will be explained as follows Item Description Add Add a new profile Edit Modify the selected profile To edit a profile simply select the one you want to modify and click the Edit button The edit window will appear for you to modify the corresponding settings for the selected rule Delete Remove the selected profile To delete a rule simply select the one you want to delete and click the Delete button Refresh Renew current web page Profile Number Limit Display the total number 32 of the object profiles to be created Profile Display the name of the IM object profile Member Display the P2P application specified in such profile Vigor2960 Series User s Guide 141 Dray Te k How to create a new P2P Object Profile 1 Open Objects Setting gt gt P2P Object 2 Simply click the Add button Objects Setting gt P2P Object P P Object T Add SM Edit ff Delete 4 Refresh Profile Mo 3 The following dialog will appear P2P Object ise Profile P2P_Obj_1 Member SoulSeek eDonkey Fe v Apply G9 Cancel Available parameters are listed as follows Item Description Profile Type the name of the IM object group The number of the characters allowed to be typed here is 10
107. bjects Apply Description Type the name of the service type object group The number of the characters allowed to be typed here is 20 Make a brief explanation for such profile if the group name is set not clearly Use the drop down list to check the keyword object profiles under such group All the available keyword objects that you have added on Objects Setting gt gt Keyword Object will be seen here Click it to save the configuration 134 Vigor2960 Series User s Guide Item Description Cancel Click it to exit the dialog without saving the configuration 4 Enter all the settings and click Apply 5 A new Keyword Group profile has been created Objects Setting gt gt Keyword Group Keyword Group Ta add DE Edt ff Delete GS Refresh Profi Group Hame Description Objects Ki 1 first group kad 4 5 7 File Extension Object This page allows you to set file extension profiles which will be applied in Firewall All the files with the extension names specified in these profiles will be processed according to the chosen action Dray Tek Vigor 2960 Series 15 14 57 Login Admin Objects Setting gt gt File Extension Object Auto Logout Off 2 Se Add Edit i Delete GS Refresh Profile Number Limit 8 Se Profile Image Video Audio Java ActiveX Compressior Execution IP Object No items to show IP Group Service Type Object Service Type Group Keyword Object Keyword Group IM Object z P2P Objec
108. by such rule In which WAN Profile wanl to wan5 profiles are configured in default In addition profiles configured in WAN gt gt Load Balance Policy gt gt Pool page also will be displayed here To have user defined WAN profile please refer to WAN lt lt General Setup for detailed information Load Balance Pool WAN Profile want want wane Apply Click it to save the configuration Cancel Click it to return to the factory setting 4 Enter all the settings and click Apply The new rule profile will be added on the screen WAN gt gt Load Balance gt gt Rule Pool Rule Ty Add DK Edi fff Delete GS Refresh gt MoveUp e Move Down Profile Enable Thi Protocol Source IPs Source Ma Destinatior Destinatior Destinatior Destinatior Load Balan Heavytraffic true ALL 192 166 1 255 2552 192 166 1 255 256 want Vigor2960 Series User s Guide 57 Dray Te k 4 2 LAN Local Area Network LAN is a group of subnets regulated and ruled by router The design of network structure is related to what type of public IP addresses coming from your ISP The most generic function of Vigor router is NAT It creates a private subnet of your own As mentioned previously the router will talk to other public hosts on the Internet by using public IP address and talking to local hosts by using its private IP address What NAT does is to translate the packets from private IP address to public IP address to forward the right packets to the r
109. cation folder and get into Network 3 On the Network screen select Using DHCP from the drop down list of Configure Pv4 0900 __ Network mae y Show All Displays Sound Network Startup Disk Location Automatic Show Built in Ethernet F IP Address 192 168 1 10 Renew DHCP Lease Subnet Mask 255 255 255 0 DHCP Client ID If required Router 192 168 1 1 DNS Servers Optional Search Domains Optional IPv6 Address fe80 0000 0000 0000 020a 95ff fe8d 72e4 Configure IPv6 Sooner re Click the lock to prevent further changes Assist me Apply Now Vigor2960 Series User s Guide 275 Dr ay Tek 5 3 Pinging the Router from Your Computer The default gateway IP address of the router is 192 168 1 1 For some reason you might need to use ping command to check the link status of the router The most important thing is that the computer will receive a reply from 192 168 1 1 If not please check the IP address of your computer We suggest you setting the network connection as get IP automatically Please refer to the section 5 2 Please follow the steps below to ping the router correctly For Windows L Ds 4 Open the Command Prompt window from Start menu gt Run Type command for Windows 95 98 ME or cmd for Windows NT 2000 XP Vista The DOS command dialog will appear w Command Prompt Microsoft Windows AFP Version 5 1 2688 lt C gt Copyri
110. cation with mOTP function Type the code for authentication e g 1234 Use the 32 digit secret number generated by mOTP in the mobile phone e g e759bb6f0e94c7ab4fe6 It is available when System User is set with false The web proxy over SSL will be applied for VPN It is available when System User is set with false Choose one of the SSL Application profiles VNC for applying into this profile to Dray Tek Dray Tek SSL Application RDP Apply Cancel It is available when System User is set with false Choose one of the SSL Application profiles RDP for applying into this profile Click it to save the configuration Click it to exit the dialog without saving the configuration Enter all the settings and click Apply A new User Profile has been created User Management gt gt User Profile User Profile Add Username Data_out YE Edit ff Delete GS Refresh Enable This P System User PPTP L 2TP DHCP from true Disable Disable lan 162 Vigor2960 Series User s Guide 4 6 3 User Group The User Group can consist of several user profiles which help the administrator to manage a large number of users conveniently DrayTek AE Series 16 41 46 Login Admin ie F User Management gt gt User Group Auto Logout Off v Quick Start Wizard QQ E ps meee Add Edit i Debie Ra Refresh Profile Number Limit 200 Usergroup Enable This Profile Member No items to show General Setup
111. ch profile How to create a new MAC Block profile 1 Open Firewall gt gt MAC Block 2 Simply click the Add button Firewall gt gt MAC Block MAC Block a Add DE Edt ff Delete GS Refresh Profile Enable This Profili Mo te 3 The following dialog will appear MAC Block x Profile MA 1 Enable This Profile MAC Address OO 40 rF A BE ao EJ apply 3 Cancel Available parameters are listed as follows Item Description Profile Type the name which can briefly describe the reason of the MAC block of such profile Enable This Profile Check the box to enable this profile MAC Address Type the MAC address which will be blocked by the system for such profile Apply Click it to save and exit the dialog Cancel Click it to exit the dialog without saving anything 4 Enter all the settings and click Apply Vigor2960 Series User s Guide 119 Dr ay Te k 5 A new MAC Block profile has been created Firewall gt gt MAC Block MAC Block T gt Add E Edit i Delete 4 Refresh G Rename Profile Enable This Profile MA 1 true 4 5 Objects Setting Vigor2960 allows users to set different filter profiles based on IP service type keyword file extension instant message application P2P application protocol application web category and time setting These objects setting profiles can be applied in Firewall Dray Tek Objects Setting IP Object IP Group Service Type Object Service T
112. characters allowed to be typed here is 10 Specify one of the protocols for such profile It is available for TCP UDP protocol It can be ignored for ICMP Type a port number 0 65535 as the starting source port ou Dray Tek Item Source Port End Destination Port Start Destination Port End Apply Cancel Description It is available for TCP UDP protocol It can be ignored for ICMP Type a port number 0 65535 as the ending source port It is available for TCP UDP protocol It can be ignored for ICMP Type a port number 0 65535 as the starting destination port It is available for TCP UDP protocol It can be ignored for ICMP Type a port number 0 65535 as the ending destination port Click it to save the configuration Click it to exit the dialog without saving anything 4 Enter all the settings and click Apply 5 Anew Service Type Object profile has been created SYSLOG UDP TELNET TCP TFTP UDP Others TCP T 4 5 4 Service Type Group 1 65535 a14 514 1 65535 23 23 1 65535 59 69 1 65535 1 65535 MW This page allows you to bind several service types into one group To manage conveniently several service type profiles can be grouped under a service type group Different service type group can contain different service type profiles Dr ay Tek Vigor 2960 Series 15 05 09 Login Admin Objects Setting gt gt Service Type Group Auto Logout Off IP Obj
113. ck it to save the configuration Cancel Click it to exit the dialog without saving the configuration 4 Enter all the settings and click Apply 5 Anew P2P Object profile has been created Objects Setting gt Protocol Object Protocol Object Gp Add gt Edit f Delete 4 Refresh Profile Member Proto_Obj_1 PostgreSQL Sybase DA 4 5 11 Web Category Object We all know that the content on the Internet just like other types of media may be inappropriate sometimes As a responsible parent or employer you should protect those in your trust against the hazards With web category filtering service of the Vigor router you can protect your business from common primary threats such as productivity legal liability network and security threats For parents you can protect your children from viewing adult websites or chat rooms WCE adopts the mechanism developed and offered by certain service provider No matter activating WCF feature or getting a new license for web content filter you have to click Activate URL to satisfy your request Note that service provider matching with Vigor router currently offers a period of time for trial version for users to experiment If you want to purchase a formal edition simply contact with your DrayTek dealer Vigor2960 Series User s Guide 145 Dray Te k Dray Tek Vigor 2960 Series 15 26 29 Login Admin Objects Setting gt gt Web Category Object gt gt Web Category Object Off a Web
114. cker sends spoofed SYN packets with identical source address destination addresses and port number as those of the victim Click Enable to activate the Block Smurf function The router will reyect any ICMP echo request destined for the broadcast address Click Enable to activate the Block Trace Route function Click Enable to activate the Block SYN fragment function Any packets having the SYN flag and fragmented bit sets will be dropped Click Enable to activate the Block fraggle Attack function Any broadcast UDP packets received from the Internet are blocked Click Enable to activate the Block Tear Drop function This attack involves the perpetrator sending overlapping packets to the target hosts so that target host will hang once they re construct the packets The routers will block any packets resembling this attacking activity Click Enable to activate the Block Ping of Death function Many machines may crash when receiving an ICMP datagram that exceeds the maximum length The router will block any fragmented ICMP packets with a length greater than 1024 octets Click Enable to activate the Block ICMP fragment function Any ICMP packets with fragmented bit sets are dropped Click Enable to activate the Block Unknown Protocol function The router will block any packets with unknown protocol types a Dray Tek Item Apply Cancel 4 4 3 MAC Block Description Click it to save the configuration Click it to discar
115. col IPv6 Protocol General Setup want false 10 Disable WAN None Link Local Default Route wan2 false 11 Disable WAN2 None Link Local Load Balance External Devices Product Registration 5 5 Backing to Factory Default Setting If Necessary Sometimes a wrong connection can be improved by returning to the default settings Try to reset the router by software or hardware Warning After pressing factory default setting you will lose all settings you did before Make sure you have recorded all useful settings before you pressing The password of the factory default is null Software Reset You can reset router to factory default via Web page Go to System Maintenance gt gt Reboot System on the web page The following screen will appear Choose the selection you need and click Reboot After few seconds the router will return all the settings to the factory settings System Maintenance gt Reboot System gt gt Reboot System Reboot System O Reboot with Current Configurations Reboot Option Reboot with Factory Default Configurations O Reboot with Customized Configurations Cy Reboot D ra y T e k 278 Vigor2960 Series User s Guide Hardware Reset While the router is running ACT LED blinking press the Factory Reset button and hold for more than 5 seconds When you see the ACT LED blinks rapidly please release the button Then the router will restart with the default configuration E was Factory
116. configuration click Save to save the setting onto the router Ea Add E Save DNS Server IP Address 168 95 1 1 Dray Tek IP Alias MTU MRU Connection Detection Mode Connection Detection Host Dray Tek o W _ Click the icon to remove the selected entry Type other IP addresses to be bound to this interface This setting is optional If you have typed addresses here you can see and choose it in later web page settings e g NAT gt gt Port Redirection DMZ Host Add Click this button to display the IP address field for adding a new IP address Type the IP address on the tiny boxes one by one C35 Add H Save IP Subnet Mask IP Alias 192 158 1 85 255 255255 0 il Save After finished the IP address configuration click Save to save the setting onto the router C add B Save IP Subnet Mask IP Alias 192 166 1 65 255 255 255 0 i o ll _ Click the icon to remove the selected entry Type the value of MTU MRU The default value is 1500 Select a detecting mode for this WAN interface There are three ways ARP PING and HTTP supported in Vigor router for you to choose to send the request out PING w None ARP PING HTTP Add Click this button to have a field for adding a new IP address Assign an IP address or Domain name as a destination to be detected whether the host is active sending reply to the router or not If not the connection of WAN interface will be regar
117. connection to 1 e2feJan 4 06 17 01 Vigor pptp i 448 Call manager exited with enor 256 lt 29 gt Jan 4 06 17 31 Vigor pptp 3403 anon log callmarmain ppip_callmar c 1 32 IP 192 168 1 69 2782Jan 4 06 17 34 Vigor pptp 3403 anon wamlopen_inetsockpptp_callmar c 340 connect No route to host lt 26 gt Jan 4 06 17 34 Vigor pppd 3403 anon fatal callmgr_main pptp_callmar c 1 345 Could not open control connection to 1 lt 2 Jan 4 06 17 34 Vigor pptp i446 Call manager exited with emor 256 79 Jan 4 06 18 04 Vigor pptp 3650 anon log callmar_mainppip_callmor c 1 32 IP 192 168 1 69 282Jan 4 06 18 07 Vigor pptp 3650 anon warnfopen_inetsock pptp_callmgr c 340 connect No route to host lt 276 gt Jan 4 06 18 07 Vigor pppd 3650 anon fatal callmgr_main pptp_callmor c 135 Could not open control connection to 1 27 Jan 4 06 18 07 Vigor pptp 1448 Call manager exited with enor 256 lt 279 gt Jan 4 06 18 37 Vigor pptp 3868 anon log callmormainpptp_callmar c 1 32 IP 192 168 1 69 28 Jan 4 06 18 40 Vigor pptp 3868 anon wam open_inetsock pptp_callmagr c 340 connect No route to host lt 26 gt Jan 4 06 18 40 Vigor pppd 3868 anon fatal callmgr_main pptp_callmar c 1 35 Could not open control connection to 1 Mail Alert System Maintenance gt Syslog Mail Alert gt gt Mail Alert Syslog Access Setup Syslog File Mail Alert Enable This Profile Mail From Ea Add Save Mail To Mo items to show Mail To
118. d Edit i Delete 6 Refresh Profile Number Limit 32 Group Name Interface Description Objects IP Object No items to show IP Group Service Type Object Service Type Group Keyword Object Keyword Group File Extension Object IM Object P2P Object Protocol Object Web Category Object Time Object Time Group Each item will be explained as follows Item Description Add Add a new profile Edit Modify the selected profile To edit a profile simply select the one you want to modify and click the Edit button The edit window will appear for you to modify the corresponding settings for the selected rule Delete Remove the selected profile To delete a rule simply select the one you want to delete and click the Delete button Refresh Renew current web page Profile Number Limit Display the total number 32 of the object profiles to be created Group Name Display the name of the object group Interface Display the interface of the object group Description Display the description for such profile Objects Display the object profiles grouped under such group How to create a new IP Group profile 1 Open Objects Setting gt gt IP Group 2 Simply click the Add button Dray Te k 124 Vigor2960 Series User s Guide Objects Setting gt gt IP Group IP Group K3 Acd X Edit ii Delete G Refresh Group Hame Interface 3 The following dialog will appear IP Group ih oooi Interface La i
119. d domain name to access the router or internal virtual servers from the Internet It is particularly helpful if you host a web server FTP server or other server behind the router DrayTek MEV Series 10 30 42 Login Admin eS Applications gt gt Dynamic DNS gt gt Status Auto Logout Off ow une O Quick Start Wizard 4 PE G Refresh Auto Refresh 10 Seconds v Ete Profile Sinin bomen Heme E ddns1 E tT dans2 ee ddns3 ai aN ameer ae ects ddns4 Hor Canac User Manageme i ddnss Not Connected ipplications ddns6 Not Connected Dynamic DNS ddns7 Not Connected GVRP ddns8 Not Connected IGMP Proxy ddns9 Not Connected UPnP ddns10 Not Connected Wake on LAN External Devices Product Registration lt Before you use the Dynamic DNS feature you have to apply for free DDNS service to the DDNS service providers The router provides up to ten accounts from eight different DDNS service providers Basically Vigor routers are compatible with the DDNS services supplied by most popular DDNS service providers such as www dyndns org www no ip com www dtdns com www changeip com www dynamic nameserver com You should visit their websites to register your own domain name for the router Vigor2960 Series User s Guide 167 Dr ay Tek Status This page displays all the available DDNS profiles Applications gt gt Dynamic DNS gt gt Status Status Setting GY Refresh Profile ddns ddns ddns
120. d the settings configured in this page MAC Block allows you to set lots of proprietary MAC Address Packets will be dropped if the source or destination MAC Address of packets is matched with these assigned MAC Addresses The advantage of MAC Block is that it can filter some unnecessary packets or attacking packets on LAN network Dray Tek Auto Logout Off v Quick Start Wizard Online Status Filter Setup DoS Defense MAC Block External Devices Product Registration Vigor 2960 Series 14 26 48 Login Admin Firewall gt gt MAC Block MAC Block Tp Add DK Edit fff Delete GY Refresh GB Rename Enable This Profile MAC Address No items to show Each item will be explained as follows Item Add Edit Delete Refresh Rename Profile Enable The Profile Dray Tek Description Add a new profile Modify the selected profile To edit a profile simply select the one you want to modify and click the Edit button The edit window will appear for you to modify the corresponding settings for the selected rule Remove the selected profile To delete a rule simply select the one you want to delete and click the Delete button Renew current web page Allow to modify the selected profile name Display the name of the profile Display the status of the profile False means disabled True means enabled 118 Vigor2960 Series User s Guide Item Description MAC Address Display the MAC address for su
121. ded as breaking down This function is available when Connection Detection Mode is set with PING or HTTP T gt Add H Save Connection Detection Hos 192 168 1 28 mi Connection Detection Host Save click this button to save the setting 40 Vigor2960 Series User s Guide Connection Detection Interval Connection Detection Retry Apply Cancel o ell W _ click the icon to remove the selected entry Assign an interval period of time for each detecting Assign detecting times to ensure the connection of the WAN interface After passing the times you set in this field and no reply received by the router the connection of WAN interface will be regarded as breaking down Click it to save the configuration and exit the dialog Click it to exit the dialog without saving the configuration If you choose DHCP as IPv4 protocol type click the DHCP Tab to open the following page General Setup Global Host Name IP Alias MTUMRU DHCP vigor2960 Optional Add E Save IP Subnet Mask Mo tema to show 1500 Connection Detection Mode None wt Apply E Cancel Available parameters are listed as follows Item Host Name Optional IP Alias Vigor2960 Series User s Guide Description Type a name as the host name for identification Type other IP addresses to be bound to this interface This setting is optional If you have typed addresses here you can see and
122. dress of Vigor router 192 168 1 1 For the detailed information please refer to the later section Trouble Shooting of this guide 2 Open a web browser on your PC and type http 192 168 1 1 A pop up window will open to ask for username and password Please type default values on the window for the first time accessing The default value for user name is admin and the password is admin Next click Login DrayTek AET TER Login o a User admin Password eeeee English Login Vigor2960 Series User s Guide 7 Dray Te k 3 Now the Main Screen will pop up DrayTek METOE 143240 E l Refresh Auto Logout 5Min v Device Information System Information Quick Start Wizard Model Vigor2960 CPU Usage 5 j 1 Online Status Hardware 1 0 gt Memory Usage 22 CPU Usage 0 a Build Date 201 2 07 02 02 19 01 Coprocessor LJ AE Bs Revision 11458 System Up Time 0 days 0 7 48 en 7 Current System Time SatJan 1 08 07 46 UTC 2011 tev _ Objects Setting IPv4 IPv6 User Management Profile Connectio Uptime MAC Protocol IP Gateway DNS RX Packet TX Packet Operation 771177 A ppicauons lant up D days 0 7 00 50 7F F static NAT 192 168 1 2369 2869 an emote Access Certificate Management SSLYPN oS Bandwidth Management System Maintenance Diagnostics External Devices Product Registration 4 Goto System Maintenance page and choose Adm
123. duct Registration Available parameters are listed as follows Item Description Current Firmware Display current version of the firmware Version Select File Use the Browse button to locate and select the new firmware Upgrade Click it to perform the firmware upgrade Dray Te k 258 Vigor2960 Series User s Guide 4 13 Diagnostics In some cases a user may need to know some information about the router such as static or dynamic databases or other routing information The Vigor2960 supports five functions Routing Table ARP Cache Table DHCP Assignment Table NAT Sessions Table and Traffic Graph for the user to review such information Routing Table ARP Cache Table DHCP Table NAT Session Table Traffic Graph Web Console Ping Trace Route Data Flow Monitor 4 13 1 Routing Table Click Diagnostics and click Routing Table to open the web page DrayTek avert Login Admin Diagnostics gt gt Routing Table gt gt Routing Table gorsccsccscccsnncencsasencessnncesoasnseng i Routing Table i IPv6 Routing Table Auto Logout Off y amp Refresh Destination Gateway Genmask Flags Metric lface 192 168 1 0 0 0 0 0 255 255 255 0 U 0 lan lan1 172 16 0 0 0 0 0 0 255 255 0 0 U 0 wan wan2 Ul Routing Table ARP Cache Table DHCP Table NAT Session Table Traffic Graph Web Console Ping Trace Route Data Flow Monitor External Devices Product Registration
124. e Access Control SNMP Setup Dahonot Cuetam T Restore Each item will be explained as follows Item Description Decrypt Config Check this box to decrypt an encrypted configuration file You can specify a password for decrypting the file for restoring it for use next time Password Type a password for encrypting the file Confirm Password Retype the password for confirmation Restore Type Choose one of the types to determine where the file will be downloaded from Restore Settings via Local Config File Click it to restore the configuration settings through a configuration file stored locally Restore Settings via TFTP Server Click it to restore the configuration settings through TFTP server Select File Use the Browse button to locate the file for uploading to the router Restore Click it to upload the selected file to the router After finishing the restoration the system will ask you to reboot the router Confirm 4 B Restore success reboot now OK Cancel Vigor2960 Series User s Guide 249 Dr ay Tek 4 12 4 Syslog Mail Alert SysLog function is provided for users to monitor router There is no bother to directly get into the Web Configurator of the router or borrow debug equipments Dray Tek Vigor 2960 Series 10 12 58 System Maintenance gt gt Syslog Mail Alert gt gt Syslog Access Setup a I Syslog Access Setup Syslog File Mail Alert Quick Start Wizard Online
125. e DoS and URL Universal Resource Locator content filtering facilities These firewall filters help to protect your local network against attack from outsiders A firewall also provides a way of restricting users on the local network from accessing inappropriate Internet content and can filter out specific packets which may trigger unexpected outgoing connection such as a Trojan The following sections will explain how to configure the Firewall Users can select IP Filter DoS Defense MAC Block and Port Block options from Firewall menu The DoS Defense facility can detect and mitigate the DoS attacks Vigor2960 Series User s Guide 101 Dray Tek Firewall Filter Setup Dos Defense MAC Block 4 4 1 Filter Setup Vigor firewall will filter the packets based on the settings including IP Filter Application Filter and URL Filter configured under Firewall gt gt Filter Setup These filters will group certain objects e g IP Object Service Object Keyword Object File Extension Object IM Object P2P Object P2P Object Protocol Object Web Category Object Time Object and etc and form a powerful firewall to protect your computer Dray Tek Vigor 2960 Series 13 58 11 l Login Admin Firewall gt gt Filter Setup gt gt IP Filter Off i iia i IP Filter Application Filter URL Filter Quick Start Wizard kamene IP Filter Rule Group Online Status a add DK Edt ff Delete GS Refresh GB Rename P
126. e Group Keyword Group File Extension Object IM Object P2P Object Protocol Object Web Category Object Time Object Time Group Objects Setting gt gt Keyword Object sepppeseessnessnacenscqneseaanesneesesens E Add X Edit i Delete Refresh Profile Number Limit 100 Member No items to show lt Each item will be explained as follows Item Add Edit Delete Refresh Profile Number Limit Profile Member Vigor2960 Series User s Guide Description Add a new profile Modify the selected profile To edit a profile simply select the one you want to modify and click the Edit button The edit window will appear for you to modify the corresponding settings for the selected rule Remove the selected profile To delete a rule simply select the one you want to delete and click the Delete button Renew current web page Display the total number 100 of the object profiles to be created Display the name of the keyword object profile Display the words specified in such profile ii Dray Tek How to create a new Keyword Object profile 1 Open Objects Setting gt gt Keyword Object 2 Simply click the Add button Objects Setting gt gt Keyword Object Keyword Object Ta Add J Edt J Delete GS Refresh Profile 3 The following dialog will appear Keyword Object JX Profile KO_1 a Add E Save Member games Member H apply GQ Cancel T Available
127. e IP Address 192 168 25 HIN Optional Source Mask 255 255 255 0 Optional Destination IP Address 192 168 as AIN Optional Destination Mask 255 255 255 0 Optional Load Balance Pool WAN Profile want y H Apply K Cancel Available parameters are listed as follows Item Description Profile Type the name of the rule Enable This Profile Check this box to enable such profile Protocol Choose a protocol ALL TCP UDP TCP UDP ICMP FTP TFTP HTTP SMTP POP3 for such rule applied to load balance All is the default setting Dray Te K 56 Vigor2960 Series User s Guide Source IP Address Type a WAN IP address here as the source IP address for such rule Click the icon to clear the IP setting Source Mask Use the drop down list on the right to choose a suitable mask for the source Source Mask 255 255 255 0 g 255 255 255 0 P 255 255 254 0 Destination IF Address 955 255 0 0 255 254 0 0 0 0 0 0 Tactics Klack 775 O07 Destination IP Type a WAN IP address here as the destination IP address Address for such rule MM Click the icon to clear the IP setting Destination Mask Use the drop down list on the right to choose a suitable mask for the destination Destination Port Type a value as the destination port starting for such rule Start Destination Port Type a value as the destination port ending for such rule End Load Balance Pool Choose one of the profiles to be used
128. e LAN interface that packets transmitted to Internet through such LAN profile with the VLAN ID number is tagged or untagged How to add a new 802 1Q VLAN profile 1 Open LAN gt gt Switch and click the 802 1Q VLAN tab 2 Click the Add button LAN gt 302 10 VLAN 802 10 VLAN T add gt Edit ff Delete G Refresh VLAN ID Member Untag 10 LAM LAN LAM LAM 3 The following dialog will appear 602 10 VLAN 28 VLAN ID 15 Member LAN3 We Untag W E LAN ya Apply Cancel E LANs Available parameters are listed as follows Item Description VLAN ID Type the number as the VLAN ID Type a number used for identification on VLAN for your computer Later you have to type the same ID number for each PC which wants to be grouped within the same VLAN group Vigor2960 Series User s Guide 83 Dray Te k Member Determine which LAN interface can be used to access into Internet for such LAN profile with the VLAN ID number Untag Determine if the packets transmitted to Internet through such LAN profile with the VLAN ID number is tagged or not Apply Click it to save and exit the dialog Cancel Click it to exit the dialog without saving anything 4 Enter all the settings and click Apply The new profile will be added on the screen LAN gt 302 10 VLAN 802 10 VLAN T Add gt Edit jf Delete 4 Refresh Profile Mur VLAN ID Member Untag 10 LAM LAN LAM LAM 15 LAM S Dray Te k 84 Vigor2960 Serie
129. e This Profile General Setup IP Routing Switch Bind IP to MAC RID Cnnfimiratinn Vigor2960 Series User s Guide 27 Dr ay le k Open LAN gt gt OSPF Configuration to enable this profile Click Add to make the LAN Profiles lan2 area setting as 11 and lanl area as 11 As shown in the topology diagram Auto Logout Off Quick Start Wizard Online Status General Setup IP Routing Static Route Switch Bind IP to MAC RIP Configuration Op tt OSPF Configuration LAN gt gt OSPF Configuration OSPF Configuration J Enable This Profile amp Ada LAN Profile lan2 lan1 Area Profile 11 Configuration for Vigor3900 B l Open LAN gt gt General Setup to create a LAN 192 168 2 1 24 profile named lan1 with the settings shown below Gener al Setup Profite IF Enable This Profile Description VLAN ID Deiauh MAC Address MAC Arhi i IPvd Protocol Mode P Address Saibnet Mask ihatewiay IP Aera bard faphonah AAT ui Vad e i o 2552552550 x Optional Ep ada H Save iP Subnet Mask Mode Pach iteris to sheir 2 Next continue to create a LAN 192 168 3 2 24 profile named lan2 with the settings shown below General Setup Profile F Enable This Prote Descrip VLAN ID Demit MAC Mihkegs MAC Mikii vi Protoca Mods P Address Subnet Mask Gateway IP Addi ese Dray Tek lan Optio
130. e g Vigor3900A Vigor3900B and Vigor2960 shown above at the root of a tree and calculate the shortest path to each destination according to the cumulative cost to reach the destination Each router has its own view of the topology and calculates its own SPF tree even though all the routers build a shortest path tree using the same link state database Dray Te k 26 Vigor2960 Series User s Guide Configuration for Vigor3900 A 1 Open LAN gt gt General Setup to create a LAN 192 168 1 1 24 profile named lan with the settings shown below bene a Setup Profile Enable This Profile Desciiption VLAN ED Defaut MAC Address MAC Address Pd Protocol Mike NAT IP Address 1823 188 1 1 Subret Mask 255 255 755 0 w Gateway IP Address Gadd E Sire iP Subnet Wask Ho hems bo shpa E an Cancel E 2 Next continue to create a LAN 192 168 3 1 24 profile named lan2 with the settings shown below General Setup Profile ian F Enable This Protile Description Iptonal VLAN ID 11 Dola MAC Adhkoss Ge Enable 7 Disable Fud Protoced Hatic Mode MAT Address 132 168 3 i Subnet Mask 755 255 255 0 abea IP Ack ess Optional Subnet Mask Mode Po ibere bi 8 Rete Appir QI Cancel 3 Open LAN gt gt Static Route Setup and click the Inter LAN Route tab to enable this profile Auto Logout Off Static Route IPv6 Static Route Inter LAN Route Quick Start Wizard Jl Enabl
131. e protocol used for the entry TOP ka TOP UDF TOPIUDP Use the drop down menu to specify which mode you want to use Port Redirection Mode Range to One r One to One Range to One Range to Range Type the starting ending number of the public port Type a port number for such profile Click it to save and exit the dialog Click it to exit the dialog without saving anything 4 Enter all the settings and click Apply A new profile has been added onto Port Redirection table NAT gt Port Redirection Port Redirection 3 Add X Edt ff Delete GS Refresh Q Rename Profile Enable Th Public IP Use IP Ali Alias Private IP Protocol Port Redit Public Por Public F PR_1 true J All 197 166 TCPYUDP One to 0 20 94 Vigor2960 Series User s Guide Dray Tek 4 3 2 DMZ Host In computer networks a DMZ De Militarized Zone is a computer host or small network inserted as a neutral zone between a company s private network and the outside public network It prevents outside users from getting direct access to company network A DMZ is an optional and more secure approach to a firewall and effectively acts as a proxy server as well In a typical DMZ configuration for a small company a separate computer or host in network terms receives requests from users within the private network for access to Web sites or other companies accessible on the public network The DMZ host then initializes sessions for these requests on t
132. e system administrator to IP3 login Vigor2960 Series User s Guide 255 Dray Te k The former box indicates an IP address allowed to login to the router and the later box indicates a subnet mask allowed to login to the router Allow Ping from WAN Click Enable to allow system administrator to ping the router from WAN interface Allow Ping form LAN Click Enable to allow system administrator to ping the router from LAN interface Apply Click this button to save the configuration and exit the web page Cancel Click it to discard the settings configured in this page 4 12 7 SNMP Setup This page allows you to manage the settings for SNMP setup Dray Tek Vigor 2960 Series 10 23 03 System Maintenance gt gt SNMP Agent Auto Logout Off v SNMP Agent Enable This Profile Get Community public Set Community private Manager Host IP default TR 069 Administrator Password Configuration Backup Syslog Mail Alert Time and Date Access Control Reboot System Firmware Upgrade External Devices Apply Cancel Product Registration Available parameters are listed as follows Item Description Enable This Profile Check the box to enable such profile Get Community Set the name for getting community by typing a proper character The default setting is public Set Community Set community by typing a proper name The default setting is private Manager Host IP Type the IP address for the manager host Apply
133. ecified PC accessing into Internet within 5 minutes UnBlock Allow the specified PC accessing into Internet within 5 minutes Recent 5 Minutes Display the records with 5 minutes 24 hours recently Recent 24 Hours Auto Refresh Specify the interval of refresh time to obtain the latest status The information will update immediately when the Refresh button is clicked Dray Te K 270 Vigor2960 Series User s Guide Item IP Address TX rate Kbps RX rate Kbps Sessions Block Time 4 14 External Devices Description Display the IP address of the monitored device Display the transmission speed of the monitored device Display the receiving speed of the monitored device Display the session number that you specified in Limit Session web page Display the time for the duration of the block Vigor router can be used to connect with many types of external devices In order to control or manage the external devices conveniently open External Devices to make detailed configuration Vigor 2960 Series 10 34 22 External Devices gt gt External Devices Auto Logout Off v External Devices Jl Enable External Devices Refresh Status On Line Routing Table ARP Cache Table DHCP Table NAT Session Table Traffic Graph Web Console Ping Trace Route Data Flow Monitor External Devices Product Registration r Model Name IP Address Connection Time Clear Vigor2830 Series 0 0 0 0 00 00 00 TTT Each i
134. ect IP Group Service Type Object Keyword Object Keyword Group File Extension Object IM Object P2P Object Protocol Object Web Category Object Time Object Time Group Service Type Group Add Edit fil Delete Refresh Profile Number Limit 32 Group Name Description Objects No items to show Each item will be explained as follows Dray Tek 128 Vigor2960 Series User s Guide Item Description Add Add a new profile Edit Modify the selected profile To edit a profile simply select the one you want to modify and click the Edit button The edit window will appear for you to modify the corresponding settings for the selected rule Delete Remove the selected profile To delete a rule simply select the one you want to delete and click the Delete button Refresh Renew current web page Profile Number Limit Display the total number 32 of the object profiles to be created Group Name Display the name of the service type group Description Display the description for such profile Objects Display the service type object profiles grouped under such group How to create a new Service Type Group profile 1 Open Objects Setting gt gt Service Type Group 2 Simply click the Add button Objects Setting gt gt Service Type Group Service Type Group Ty acd DE eat ff delete G Retr Group Hame Descript 3 The following dialog will appear Service Type Group 2 Group Hame Cross_De
135. ected for such rule How to add a Load Balance Rule profile l Dray Tek Open VPN and Remote Access gt gt VPN TRUNK Management and click the Load Balance Rule tab Simply click the Add button VPN and Remote Access gt gt VPN TRUNK Managel Load Balance Rule Load Balance Pool fy Add gt Edit jj Delete GR Profile Enable Th Protocol Source IF Sourc Mo The following dialog will appear Load Balance Rule om Profile IB_rule_1 Enable This Profile Protocol TCPYUDP a Source IP Address 192 168 1 45 min Optional Source Mask 200 200 200 0 Optional Destination IP Address 192 168 1 ao m Optional Destination Mask ia ba ce Bees s Optional Destination Port Start 200 Optional Destination Port End 300 Optional Load Balance Pool LB_Pool_1 ne Oo Apply Cancel 206 Vigor2960 Series User s Guide Available parameters are listed as follows Item Description Profile Type the name of the profile Enable This Profile Check this box to enable such profile Protocol Type the protocol configured by such profile Source IP Address Type the source IP address specified for this profile Source Mask Type the subnet mask address specified for the source IP Destination IP Type the destination IP address specified for this entry Address Destination Mask Type the subnet mask address specified for the destination IP Destination Port Type the start point specified in the Dest Port Ran
136. ed timeout period The default setting for threshold is 300 packets per second The default setting for timeout is 10 seconds Click Enable to activate the UDP flood defense function 116 Vigor2960 Series User s Guide Item UDP Flood Threshold UDP Flood Timeout Block Port Scan Port Scan Threshold Block IP Options Block Land Block SMURF Block Trace Route Block SYN Fragment Block Fraggle Block Tear Drop Block Ping of Death Block ICMP Fragment Block Unknown Protocol Vigor2960 Series User s Guide Description If the amount of UDP packets from the Internet exceeds the user defined threshold value the router will be forced to randomly discard the subsequent UDP packets within the user defined timeout period The default setting for threshold is 300 packets per second The default setting for timeout is 10 seconds Click Enable to activate the Port Scan detection function Port scan sends packets with different port numbers to find available services which respond The router will identify it and report a warning message if the port scanning rate in packets per second exceeds the user defined threshold value The default threshold is 300 pps packets per second Click Enable to activate the Block IP options function The router will ignore any IP packets with IP option field appearing in the datagram header Click Enable to activate the Block Land function A Land attack occurs when an atta
137. ed by the built in DHCP server of the Vigor router The router itself will also use the default private IP address 192 168 1 1 to communicate with the local hosts Meanwhile Vigor router will communicate with other network devices through a public IP address When the data flow passing through the Network Address Translation NAT function of the router will dedicate to translate public private addresses and the packets will be delivered to the correct host PC in the local area network Thus all the host PCs can share a common Internet connection Get Your Public IP Address from ISP In ADSL deployment the PPP Point to Point style authentication and authorization is required for bridging customer premises equipment CPE Point to Point Protocol over Ethernet PPPoE connects a network of hosts via an access device to a remote access concentrator or aggregation concentrator This implementation provides users with significant ease of use Meanwhile it provides access control billing and type of service according to user requirement When a router begins to connect to your ISP a serial of discovery process will occur to ask for a connection Then a session will be created Your user ID and password is authenticated Vigor2960 Series User s Guide 35 Dray Te k via PAP or CHAP with RADIUS authentication system And your IP address DNS server and other related information will usually be assigned by your ISP WAN General Setup Default
138. ed onto Address Mapping table HAT gt gt Address Mapping Address Mapping a Add DR Edt f Delte G4 Refresh Q Rename Profile Enable This P WAN Profile Private IP Private IP suk Protocol ADD M true wan 192 168 11 99 255 255 255 0 All 100 Vigor2960 Series User s Guide 4 3 4 SIP ALG SIP ALG means Session Initiation Protocol Application Layer Gateway This page allows you to choose LAN and WAN profiles to make SIP message and RTP packets of voice being transmitting and receiving correctly via NAT by Vigor router Dray Ti 2 4 7 7 ray ek Vigor 2960 Series 15 46 09 Login Admin gt NAT gt gt SIP ALG A ff panseannnnnnannennnnanannsnnnnnanssnnge Auto Logout O v PAY Quick Start Wizard 4 OTT Online Status Enable This Profile LAN Interface lant v WAN Interface wan1 Port Redirection DMZ Host Address Mapping SIP ALG External Devices H Apply Q Cancel Product Registration s Available parameters are listed as follows Item Description Enable This Profile Check the box to enable the Mirror function for the switch LAN Interface Choose one of the LAN profiles WAN Interface Choose one of the WAN profiles Apply Click it to save the settings Cancel Click it to discard the settings configured in this page 4 4 Firewall The firewall controls the allowance and denial of packets through the router The Firewall Setup in the Vigor2960 Series mainly consists of packet filtering Denial of Servic
139. ed profile To edit a profile simply select the one you want to modify and click the Edit button The edit window will appear for you to modify the corresponding settings for the selected profile Delete Remove the selected profile To delete a profile simply select the one you want to delete Vigor2960 Series User s Guide 243 Dray Te k Refresh Rename Profile Enable This Profile Start IP End IP TX Limit RX Limit Enable Smart Bandwidth Limit Session Threshold TX Limit RX Limit Apply Cancel and click the Delete button Renew current web page Allow to modify the selected profile name Display the name of the bandwidth limitation profile Display the status of such profile Display the start IP address for the profile Display the end IP address for the profile Display the limitation for the speed of the upstream for the profile Display the limitation for the speed of the downstream for the profile Check the box to enable smart bandwidth limit function It will apply to the IP addresses that are not included in the limitation list defined in the Bandwidth Limit profile If the session number for data transmission is over the threshold number configured here the system will start to limit the TX transmitting and RX receiving rate Type a number as transmitting rate or keep the default setting Type a number as receiving rate or keep the default setting Click it to save the configuratio
140. ees Select E In total within your company Supplier f Where you bought it from Date of Purchase mm dd yyyy Internet Connection C Cable O ADSL O VDSL O Fiber O 3G O WIMAX O LTE 18 Vigor2960 Series User s Guide 5 Now your router information has been added to the database Click OK to leave this web page and return to My Information web page Your device has been successtully added to the database 6 Take a look at the page of My Information the new added Vigor2960 is listed under Your Device List DrayTek i My Intormation bD About Us Welcome draytekiae Product Last Login Time 2011 08 24 09 39 13 Last Login From 123 110 144 220 My Information Current Login Time 2011 08 24 23 01 15 ra VigorACs SI Current Login From 114 397 142 184 AowNo 5 PageNo 2 v Vigor Series Your Device List be Management 4 Customer Survey ite 201007071 44501 Vigors300V Vigord300 20100700S Vigor2820 Vigor2820 0107 0051 04501 Vigor2 7 10vn Vigorz710 2010121707 335201 Vigor 920 Vigor2920 vigor 960 Vigor 960 Vigor2960 Series User s Guide 19 Dray Tek This page is left blank Dray Te k 20 Vigor2960 Series User s Guide Chapter 3 Application and Tutorial 3 1 How to Build SSL VPN with RDP Service in the Browser via Logging in Router s HTTPS Server Remote Desktop Protocol RDP is a protocol designed for secure communications
141. elete Refresh Rename Group Enable The Profile Comment Add a new group profile for IP filter Modify the selected profile To edit a profile simply select the one you want to modify and click the Edit button The edit window will appear for you to modify the corresponding settings for the selected rule Remove the selected profile To delete a rule simply select the one you want to delete and click the Delete button Renew current web page Allow to modify the selected profile name Display the name of the IP filter group profile Display the status of the profile False means disabled True means enabled Display the description for such profile IP Filter Rule Group of Selected Group Add Edit Vigor2960 Series User s Guide Add a new IP filter rule profile Before you create an IP filter rule you have to create an IP filter group first Otherwise you are not allowed to add any IP filter rule here Modify the selected profile o Dray Tek Item Description To edit a profile simply select the one you want to modify and click the Edit button The edit window will appear for you to modify the corresponding settings for the selected rule Delete Remove the selected profile To delete a rule simply select the one you want to delete and click the Delete button Refresh Renew current web page Rename Allow to modify the selected profile name Rule Display the name of the IP filter rule Enable T
142. enable such profile Member Use the drop down list to check the user profile s under such group Apply Click it to save the configuration Cancel Click it to exit the dialog without saving the configuration 4 Enter all the settings and click Apply 5 Anew User Profile has been created User Management gt gt User Group User Group Sa add f Edit ff Delete amp Refresh Usergroup Enable This Profile Member LAM UGroup 1 true Data_out Dray Te k 164 Vigor2960 Series User s Guide 4 6 4 RADIUS Remote Authentication Dial In User Service RADIUS is a security authentication client server protocol that supports authentication authorization and accounting which is widely used by Internet service providers It is the most common method of authenticating and authorizing dial up and tunneled network users The built in RADIUS client feature enables the router to assist the remote dial in user or a wireless station and the RADIUS server in performing mutual authentication It enables centralized remote access authentication for network management Vigor 2960 Series 09 53 55 User Management gt gt RADIUS Auto Logout Off RADIUS Quick Start Wizard Online Status Enable This Profile Server IP Address Destination Port 1812 Shared Secret General Setup User Profile User Group LDAP Active Directory External Devices E Apply Cancel Deaduct Danicteation Available parameters are listed as follows I
143. ept INLP security requests Check publisher certificate for revocation ar Enable online certificate validation a Enable list of trusted publishers Use SSL 2 0 compatible ClientHello Format 25 A yr Dray Tek 3 2 How to Configure OSPF OSPF Open Shortest Path First uses the algorithm of SPF Shortest Path First to calculate the route metric It is suitable for large network and complicated data exchange Both Vigor2960 and Vigor3900 support up to OSPF version 2 only for IPv4 The autonomous system AS used in OSPF indicates the largest entity and can be divided into several areas Usually Area 0 will be used as OSPF backbone which distributing the routing information among areas When you need faster convergence than distance vector want to support much larger networks or want to have less susceptible to bad routing information you can enable OSPF feature to fit your request Note that both routers must support OSPF function at the same time to build the OSPF connection In the following example a PC can go 192 168 2 0 24 and 192 168 4 0 24 without setting any Static Route Refer to the OSPF topology diagram listed below Area 11 Vigor3900 A Vigor2960 192 168 4 0 24 192 168 3 1 24 192 168 1 1 24 z IP 192 168 1 10 24 Gateway 192 168 1 1 Vigor3900 B ws 192 168 2 0 24 OSPF can place each router
144. er Management gt gt User Profile to create a new profile named 7788 Set the Password as 7788 and choose the profile of Win7 as SSL Application RDP Click Apply User Profile Username 7788 Enable This Profile Password Idle Timeout sec 300 Usage Time min 480 System User false Group Use PPTP O Enable Disable L2TP O Enable Disable DHCP from lant x Static IP Address Use mOTP O Enable Disable mOTP PIN Code a ee ites E Apply amp Cancel 5 Logout Vigor2960 6 Login Vigor2960 HTTPS Server with 7788 for both Username and Password DrayTek fai ue E User 7788 Password eeee English v Login Dray Tek 22 Vigor2960 Series User s Guide 7 A screen like the following figure will appear Simply click the SSL Application link Pigerened SSL Rin H me SSL Web Proxy SSL Application logout INFO Maan Page 7700 1 163 133 203 You have successfully logged in Wiame to the YOu 2r granted the following prvidepes OrayTek SSL WPHI Tirne out sier 5 minutes Eaa Teor 8 In the following screen click Connect for connecting to Win7 the RDP server DrayTek Fiwened SSL VFM Home SOL Web Proxy SSi Appli ation i logout INFO Use SSL Applitatori a SSL Application Click Connect to I RDP establish an SSL Application E Win 192 166
145. ess MAC Address and an IP address Dray Tek Vigor 2960 Series 13 50 16 Login Admin Diagnostics gt gt ARP Cache Table gt gt ARP Cache Table Auto Logout Off ee G Refresh Clear All IP Address HW Type MAC Address Flags Profile Clear 192 168 1 10 ether e0 cb 4e da 48 79 C lan lan1 mm iit Routing Table ARP Cache Table DHCP Table NAT Session Table Traffic Graph Web Console Ping Trace Route Data Flow Monitor External Devices Product Registration E ARP Cache Table Diagnostics gt gt ARP Cache Table gt gt ARP Cache Table ARP Cache Table IPv6 Neighbor Table G Refresh Clear All IP Address HW Type MAC Address Flags Profile Clear 192 162 1 10 ether e0 ch 4e da 43 79 C lan lan1 N D r ay Ti e k 262 Vigor2960 Series User s Guide Each item will be explained as follows Item Description Refresh Renew the web page Clear All Remove all of the information from this page IP Address Display the IP address for different ARP cache HW type Display the hardware type of the address from RFC 826 MAC Address Display the MAC address for different ARP cache Flags Each complete entry in the ARP cache will be marked with the flag of 0x2 Permanent entries are marked with 0x4 and published entries have the Ox8 flag Profile Display the direction of such route represented with LAN WAN profile starting from LAN WAN profile to LAN WAN profile
146. external IP address and configure port mappings on the router Subsequently such a facility forwards packets from the external ports of the router to the internal ports used by the application Sr TIP Broadband Connection on Router Properties Ed x General Connect to the Internet using a3 IP Broadband Connection on Aouter Advanced Settings Services Select the services running on your network that Internet users can ACCESS Ftp Example menmegr 192 169 29 11 131 35 60654 UDP menmegr 1592 168 29 11 7824 13251 UDP m nmegr 192 168 29 11 5789 63231 TCF This connection allows you to connect to the Internet through a shared connection on another computer 5 A Show icon in notification area when connected As Edt a l The reminder as regards concern about Firewall and UPnP Can t work with Firewall Software Enabling firewall applications on your PC may cause the UPnP function not working properly This is because these applications will block the accessing ability of some network ports Security Considerations Activating the UPnP function on your network may incur some security threats You should consider carefully these risks before activating the UPnP function gt Some Microsoft operating systems have found out the UPnP weaknesses and hence you need to ensure that you have applied the latest service packs and patches gt Non privileged users can control some rou
147. f v O N s A amp Refresh X Edit Ai Delete Group Name Description IP Object IPGroup m Service Type Object ee Service Type Group Keyword Object n Keyword Group File Extension Object IM Object P2P Object Protocol Object Web Category Object Time Object Time Group ser Management DDI D Dray Tek No items to show Specify which days in one week should perform the Click it to save the configuration Click it to exit the dialog without saving the configuration Enid Date Endl Time 2010 01 01 00 00 00 h Login Admin a Profile Number Limit 8 Objects lt Vigor2960 Series User s Guide Each item will be explained as follows Item Description Add Add a new profile Edit Modify the selected profile To edit a profile simply select the one you want to modify and click the Edit button The edit window will appear for you to modify the corresponding settings for the selected rule Delete Remove the selected profile To delete a rule simply select the one you want to delete and click the Delete button Refresh Renew current web page Profile Number Limit Display the total number 8 of the object profiles to be created Group Name Display the name of the group Description Display the brief explanation for such group Objects Display the time objects selected by such group How to create a new Time Group Profile 1 Open Objects Settin
148. ficulty Dray Tek Auto Logout Off Quick Start Wizard Online Status General Setup IP Routing Static Route Switch Bind IP to MAC RIP Configuration OSPF Configuration Vigor 2960 Series 11 47 36 Login Admin LAN gt gt IP Routing IP Routing deeecceecccsccesccccccccssccceccccccceesuuuuusuuuusUUsUUsUsUUUsUUUEUUUsUUUUUUUUUSUSUSUSUSUCUSUUEUUUSUSUSUSUSUSUSSUCSUSUSSUSUSSSESSSSSESUSSUSSSSUSSUUSSUSUSUSUCUUUUUUUUUSUUUUSUSUSUSUUUUSUUUUUUUUUUUUUUUUUUUUUUUUUSUUUCUUSUSUSUSUSUSUSUSUSUUUUUUUUUSUUUSUSUSUSUSUUUUUSUUUUUUUCUSUSUSUSUUUSUSUUUSUSUUUUSUSUESEUSUEUEUSSSUSSSSSSSUESESSEEEEER E gt Add DK Edt ff Delete G9 Refresh GB Rename Profile Num Enable This Profile WAN Profile LAN Profile IP Mask No items to show Each item will be explained as follows Item Add Edit Delete Refresh Rename Profile Enable This Profile WAN Profile Vigor2960 Series User s Guide Description Add a new IP Routing profile Modify the selected IP routing setting To edit the IP routing setting simply select the one you want to modify and click the Edit button The edit window will appear for you to modify the corresponding settings for the selected profile Remove the selected route setting To delete a static route setting simply select the one you want to delete and click the Delete button Renew current web page Allow to modify the selected profile name Display the name of such IP route profile Display
149. file Refresh Click it to renew the web page under the Setup tab Apply Click it to save the configuration configured under the Setup tab CPU Click the CPU tab There are three selections provided for you to specify Recent 24 Hours Display the information of CPU operation about recent 24 hours Recent 7 Days Display the information of CPU operation about recent 7 days Recent 4 Weeks Display the information of CPU operation about recent 4 weeks Memory Click the Memory tab There are three selections provided for you to specify Recent 24 Hours Display the information of memory Vigor2960 Series User s Guide 267 Dray Te k Item Description operation about recent 24 hours Recent 7 Days Display the information of memory operation about recent 7 days Recent 4 Weeks Display the information of memory operation about recent 4 weeks LAN Click the LAN tab There are three selections provided for you to specify Network Interface Display the information of LAN or WAN operation Recent 24 Hours Display the information of LAN operation about recent 24 hours Recent 7 Days Display the information of LAN operation about recent 7 days Recent 4 Weeks Display the information of LAN operation about recent 4 weeks WAN Click the WAN tab There are three selections provided for you to specify Network Interface Display the information of WAN or WAN operation Recent 24 Ho
150. file simply select the one you want to modify and click the Edit button The edit window will appear for you to modify the corresponding settings for the selected policy Refresh Renew current web page QoS Policer Display the name of the QoS Policer Mode Display the status of QoS Policer Rate Display the rate of QoS Policer Vigor2960 Series User s Guide 227 Dr ay Te k How to edit the incoming class rate for the QoS policer 1 Open Bandwidth Management gt gt Incoming Class and click the Class Rate Control tab 2 Choose one of the incoming class rates and click the Edit button Bandwidth Management gt gt Incoming Class gt gt Class Rate Control Total Rate Control Class Rate Control Y Edit 6S Refresh Qos Policer Mode Incoming classo Disable incoming class Disable 3 The following dialog will appear Class Rate Control LoS Policer incoming class Mode Enable Disable fF Apply Go Cancel Available parameters are listed as follows Item Description QoS Policer Display the name of the incoming class profile Mode Click Enable to invoke such incoming class profile Rate Type the number of rate for such profile Apply Click it to save the configuration and exit the page Cancel Click it to exit the dialog without saving the configuration 4 Enter all the settings and click Apply Dray Te k 228 Vigor2960 Series User s Guide 5 The QoS Policer profile has been modified Bandwidth M
151. file Number Limit Username Enable This Profile System User PPTP L2TP Dray Tek Description Add a new profile Modify the selected profile To edit a profile simply select the one you want to modify and click the Edit button The edit window will appear for you to modify the corresponding settings for the selected rule Remove the selected profile To delete a rule simply select the one you want to delete and click the Delete button Renew current web page Display the total number 200 of the object profiles to be created Display the name of the user Display the status of the profile False means disabled True means enabled Display the status of the System User False means disabled True means enabled Display the status of PPTP L2TP connection for such user profile Display the LAN profile that such profile belongs to 158 Vigor2960 Series User s Guide Item Description DHCP from Display the LAN profile that DHCP server used for assigning IP address es Static IP Address Display the IP address for such user profile which accesses Internet with PPTP L2TP connection Use mOTP Display if mOTP is activated enable or disable or not How to create a new User Profile 1 Open User Management gt gt User Profile 2 Simply click the Add button User Management gt gt User Profile Ts Add OK Edt ff Delete GS Refresh Username Enable This P System User PPTP 3 The following dialo
152. file extensions for execution offered for you to choose Use the drop down list to check the box es to select the file extension you need Apply Click it to save the configuration Cancel Click it to exit the dialog without saving the configuration 4 Enter all the settings and click Apply 5 Anew File Extension Object profile has been created File Extension Object T gt Add 3 Edit ff Delete Refresh Profile Image Video Audio Java ActiveX Compression Execution File _Ext_1 brrnip dib mov mpe mg au mps mda class jad alx apb axs ace ke nf pit Vigor2960 Series User s Guide 137 Dr ay Te k 4 5 8 IM Object People like to use Instant Message to communication with friends on line just for fun or just because it is easy and convenient However it might reduce the productivity of employees to a company Therefore a tool to block or limit the usage of IM application is important to a company IM object setting lists all of the popular instant message application for you to choose to block Choose the one s you want to block and save as an IM Object profile Later it can be applied to Firewall as a filter rule and reach the purpose of block Dray Tek Vigor 2960 Series Login Admin Objects Setting gt gt IM Object Auto Logout Off IP Object IP Group Service Type Object Service Type Group Keyword Object Keyword Group File Extension Object P2P Object Protocol Object Web Category Object Time Object
153. g gt gt Time Group 2 Simply click the Add button Objects Setting gt Time Group Time Group fp Add J Edit jj Delete 6 Refresh Group Name Description Mo items 3 The following dialog will appear Time Group Group Name Timetsrp_1 Description For Market Onhy Optional Objects TimeQ_1 r W Timeo_4 l Apply ga Cancel as ane Vigor2960 Series User s Guide 153 Dray Te k Available parameters are listed as follows Item Description Profile Type the name of the time group The number of the characters allowed to be typed here is 10 Description Make a brief explanation for such profile if the group name is set not clearly Objects Use the drop down list to check the time object profiles under such group All the available time objects that you have added on Objects Setting gt gt Time Object will be seen here Objects Timed 1 ki W Timeo Apply Click it to save the configuration Cancel Click it to exit the dialog without saving the configuration 4 Enter all the settings and click Apply 5 Anew Web Category Object profile has been created Objects Setting gt gt Time Group Time Group Z gt Add 3 Edit f Delete 6 Refresh Group Name Description Objects TimeGrp 1 For Warket only Timed 1 4 6 User Management User Management can manage all the accounts user profiles to connect to Internet via different protocols General Setup User Profile User Group RADIUS LDAP Active
154. g will appear Vigor2960 Series User s Guide 159 Dray Te k i User Profile Username Data_out Enable This Profile Password oe Idle Timeout sec 300 Usage Time min 400 System User fale we PPTP L2TPF DHCP from Static IP Address Enable Disable Enable Disable lant a HIN Optional Use mOTP Enable Disable SSL Proxy Webserver WF SSL Application VNC ha ee ee ie mani AA an a WW ol Apply S Cancel Available parameters are listed as follows Item Username Enable This Profile Dray Tek Description Type a name for such user profile e g LAN_User_Group_l WLAN_User_Group_A WLAN_User_Group_B etc When a user tries to access Internet through this router an authentication step must be performed first The user has to type the Username specified here to pass the authentication When the user passes the authentication he she can access Internet via this router However the accessing operation will be restricted with the conditions configured in this user profile Check this box to enable such profile 160 Vigor2960 Series User s Guide Password Idle Timeout Usage Time min System User Group PPTP L2TP DHCP from Static IP Address Use mOTP mOTP PIN Code mOTP secret SSL Proxy SSL Application VNC Vigor2960 Series User s Guide Type a password for such profile e g lug 123 wug123 wug456 etc
155. ge How to add a new profile 1 Open LAN gt gt OSPF Configuration 2 Check Enable This Profile 3 Click the space of Profile A pop up dialog will appear Click Add Vigor2960 Series User s Guide 89 Dray Te k Ta Add LAH Profile Area Profile lant lantest 4 Use the drop down list of LAN Profile to choose the one you need And specify the value of Area either 0 0 0 0 255 255 255 255 or 0 4294967295 for that profile Ta Add LAH Profile Area lantest mw 30 Profile o If you are not satisfied the settings simply click W to remove the entry and then re type the settings 5 Click Apply to save the settings and exit the dialog A new profile is created and displayed on the screen OSPF Configuration m Enable This Profile Ta Add LAH Profile Area lantest 35 Profile Dray Te k 90 Vigor2960 Series User s Guide 4 3 NAT NAT Network Address Translation is a method of mapping one or more IP addresses and or service ports into different specified services It allows the internal IP addresses of many computers on a LAN to be translated to one public address to save costs and resources of multiple public IP addresses It also plays a security role by obscuring the true IP addresses of important machines from potential hackers on the Internet The Vigor 3900 Series is NAT enabled by default and gets one globally routable IP addresses from the ISP by Static PPPoE or DHCP mechanism The Vig
156. ge Start Destination Port Type the end point specified in the Dest Port Range End Load Balance Pool Use the drop down list to choose one profile configured in load balance pool Then such rule will be applied by the pool Apply Click it to save the configuration Cancel Click it to exit the page without saving the configuration 4 Enter all the settings and click Apply 5 A new profile has been created VPN and Remote Access gt gt VPN TRUNK Management gt gt Load Balance Rule Load Balance Rule Load Balance Pool T Add DK Edit ff Delete 4 Refresh Profile Enable Thi Protocol Source IP Source Ma Destination Destinat LA rule_1 true TORIJDP 192 166 1 255 255 28 192 768 70 255 255 Vigor2960 Series User s Guide 207 Dr ay Te k Load Balance Pool This page allows the user to integrate several WAN profiles as a pool profile specified with the function of load balance or failover VPN and Remote Access gt VPN TRUNK Management gt Load Balance Pool Load Balance Rule Load Balance Pool fp Add JE Edit ff Delete 6 Refresh Profile Interface Mo items to show e Each item will be explained as follows Item Description Add Add a new profile Edit Modify the selected profile To edit a profile simply select the one you want to modify and click the Edit button The edit window will appear for you to modify the corresponding settings for the selected profile Delete Remove the selected profile
157. ght 1985 2001 Microsoft Corp D Documents and Settings fae ping 192 168 1 1 Pinging 192 168 1 1 with 32 bytes of data Reply from 192 168 1 1 bytes 32 time lt ims TTL 255 Reply from 192 168 1 1 bytes 32 time lt ims Reply from 192 168 1 1 bytes 32 time lt ims Reply from 192 168 1 1 bytes 32 time lt ims TTL 255 Ping statistics for 192 168 1 1 Packets Sent 4 Received 4 Lost A loss Approximate round trip times in milli seconds Minimum ms Maximum ms Average Ams D Documents and Settings fae gt _ Type ping 192 168 1 1 and press Enter If the link is OK the line of Reply from 192 168 1 1 bytes 32 time lt Ims TTL 255 will appear If the line does not appear please check the IP address setting of your computer For Mac OS Terminal 1 2 3 4 Dray Tek Double click on the current used Mac OS on the desktop Open the Application folder and get into Utilities Double click Terminal The Terminal window will appear Type ping 192 168 1 1 and press Enter If the link is OK the line of 64 bytes from 192 168 1 1 icmp_seq 0 ttl 255 time xxxx ms will appear 276 Vigor2960 Series User s Guide 806 Terminal bash 80x24 Last login Sat Jan 3 B2 24 16 on ttypi Welcome ta Darwin Vigorla draytekd ping 192 168 1 1 PING 192 168 1 1 192 168 1 1 56 data bytes 64 bytes from 192 165 1 1 tcomp_seq 6 ttl 255 times8 755 ms 64 bytes from 192 165 1 1 icmp_seg 1 ttl 255 times8 697
158. gor2960 and Vigor2710 Vigor2710 WAN Vigor2960 WAN 111 243 176 145 i 1 169 162 1 f l aT LAN LAN 192 168 2 1 24 192 168 29 1 24 Configuring Vigor2960 1 Access into the web configurator of Vigor2960 and open VPN and Remote Access gt gt LAN to LAN Profiles to add a new VPN configuration IPSec gt Profile 2710 Enable This Profile Set PPTP Dial In For User Profie Basic Advanced GRE Proposal Auth Type PSK s Preshared Key Security Protocol ESP e WAN Profile wand v E Local IP Subnet Mask 192 1685 29 D 295 255 255 0 ka Local Next Hop 0 j j 0 Remote Host 111 243 176 145 Remote IP Subnet Mask 1927 168 2 D 255 255 255 0 a ke 4 T i H apply G9 Cancel Type the Pre shared key and choose a WAN Profile Specify Local IP Subnet Mask with 192 168 29 0 24 The Remote Host should be Vigor 2710 s WAN IP address And the Remote IP Subnet Mask should be192 168 2 0 24 2 Click Apply to save the settings and return to previous page Dray Tek 32 Vigor2960 Series User s Guide Configuring Vigor2710 1 In Vigor2710 it is necessary to build two VPN connections for two WANs to connect with Vigor2960 Please open the web configurator of Vigor2710 and open VPN and Remote Access gt gt LAN to LAN 1 Common Settings Profile Name 2960 Call Direction Bothl Dial out Dial in Always on Enable this profile YPN Dial Qut Throug
159. h WANT First Netbios Naming Packet Pass O eBlock Multicast via YPN Opass Block for some IGMP IP Camera DHCP Relay etc 3 Idle Timeout second s L Enable PING to keep alive First please type the name of such VPN connection in the field of Profile Name e g 2960 Check the box of Enable this profile Choose Dial Out as Call Direction and check the box of Always on For Dial Out Settings please choose IPSec Tunnel and type WAN IP address of Vigor2960 in the field of Server IP Host Name for VPN e g 1 169 162 1 Type the same IKE Pre Shared Key configured in Vigor2960 2 Dial Out Settings Type of Server I am calling IPsec Tunnel iA L2TP with IPsec Policy Server IP Host Name for VPN such as draytek com or 123 45 67 89 1 169 162 1 Vigor2960 Series User s Guide 33 Usermname Password PPP Authentication VJ Compression On IKE Authentication Method Pre Shared Key IKE Pre Shared Key onneeseees Digital Signature 509 Peer ID Local ID Alternative Subject Name First Subject Name First IPsec Security Method Medium 4H High ESP 3DES without Authentication Advanced Index 1 15 in Schedule Setup 4 FJ Dray Tek 3 For the role of Vigor2710 is dialing out please skip Dial In setting Type the Remote Network IP and Remote Network Mask of Vigor2960 to complete configuration 4 TCP IP Network Settings My WAN IP RIP Directio
160. haracters allowed to be typed here is 10 Member Several IM applications offered for you to choose Check the one s you want to add for such profile Member MSN QQ ICQ ICHAT v v MSN AlM J WebIM Google Talk Yahoo Msg eMessenger 7 QQ WebMsn v ica PEEP 7 iCHAT SKYPE IMhaha Vigor2960 Series User s Guide 139 Dray Tek Dray Tek Item Description WebIM It lists a package of IM application based on web page You may check the box to include all of them Apply Click it to save the configuration Cancel Click it to exit the dialog without saving the configuration Enter all the settings and click Apply A new IM Object profile has been created Objects Setting gt IM Object IM Object a Add Edit i Delete amp Refresh Profile Member Ih 1 MSM Go ila ifHAT 140 WebIM enable Vigor2960 Series User s Guide 4 5 9 P2P Object Vigor2960 can block P2P application for users especially for the ones who always upload or download improper files to Internet P2P object setting lists all of the point to point application for you to choose to block Choose the one s you want to block and save as a P2P Object profile Later it can be applied to Firewall as a filter rule and reach the purpose of block Dray Tek Vigor 2960 Series 15 22 20 Login Admin gt Objects Setting gt gt P2P Object Auto Logout Off v Add X Edit i Delete 6 Refresh Profile Number Limit 32 je Profile Mem
161. he Profile Display the status of the profile False means disabled True Time Profile Source IP Destination IP means enabled If no time schedule is set None will be shown in this field Display the source IP object profile selected for each rule Display the destination IP object profile selected for each rule Service Type Display the service type object profile selected for each rule Action Display the action pass or block of such rule will use Next Group Display the name for next group selected If no group is chosen None will be shown instead Syslog Display the status enable or disable of the Syslog function How to create an IP Filter group To build an IP group containing IP filter rules please follow the steps 1 Open Firewall gt gt Filter Setup and click the IP Filter tab 2 Simply click the Add button Firewall gt gt Filter Setup gt gt IP Filter IP Filter Application Fitter URL Fitter IP Fitter Rule Group Ks Add X Edit ii Delete GY Refresh c Fe Group Enable This Profile Vigor2960 Series User s Guide Dray Tek i 3 The following dialog will appear Loess i i bnar Bee tel m IP Filter C en ee a aa Group IPF_Marketing J Enable This Profile Comment used for MKT Dept a Apply R Cancel Available parameters are listed as follows Item Description Group Type the name of the IP filter group Enable This Profile Check the box to enable this profile Comment Give
162. he private IP address for DNS server If this field is blank users on LAN will treat Vigor2960 as the DNS server a add H Save DNS E iit Add Click it to add a new IP address for DNS server Save Click it to save the setting ell W _ click the icon to remove the selected entry In general this box will be blank It means Vigor2960 will be regarded as the gateway for the user However if you want to use other gateway please assign the IP address in this field Set a lease time for the DHCP server The time unit 1s minute Enable Enable this function that remote clients within the range specified below can access into Vigor2960 WUI Disable Disable this function Specify the start IP address for an IP range The DHCP server can assign an IP address for remote dial in user from such IP range Specify the end IP address for an IP range The DHCP server can assign an IP address for remote dial in user from such IP range Click it to save and exit the dialog Click it to exit the dialog without saving anything When you finish the above settings please click Apply to save the configuration and exit the dialog The LAN profile has been edited Vigor2960 Series User s Guide Dray Tek DHCP Relay This page allows users to specify which subnet that DHCP server is located that the relay agent should redirect the DHCP request to LAN gt General Setup gt gt DHCP Relay General Set
163. he profile name Enable This Profile Display the status of the profile False means disabled True Dray Te k 36 Vigor2960 Series User s Guide Description VLAN ID VLAN Tag Port IPv4 Protocol Type IPv6 Protocol Type means enabled Display a brief explanation for such profile Display the VLAN ID of the profile If the data transmitted with tag Enable will be displayed in this field Otherwise Disable will be shown instead Display the physical WAN interface for such profile Display the IPv4 protocol selected by the profile Display the IPv6 protocol selected by the profile How to edit the WAN profile 1 Open WAN gt gt General Setup Choose WANI or WAN2 profile and click the Edit button to open the following dialog Only the tab of the protocol specified in IPv4 Protocol field will be available for you to modify If you want to change and specify another connection mode for such WAN profile remember to choose the mode from the drop down list of IPv4 Protocol General Setup Global Profile want Enable This Profile Description VLAN ID 10 VLAN Tag Disable Port WANA DHCP Optional Default MAC Address Enable Disable Mode MAT IPw4 Protocol DHCP IPv6 Protocol Link Local Available parameters for Item Profile Enable This Profile Description VLAN ID VLAN Tag Vigor2960 Series User s Guide m Apphy R Cancel global configuration are listed as follows Descrip
164. he public networks However the DMZ host is not able to initiate a session back into the private network It can only forward packets that have already been requested Users of the public network outside the company can access only the DMZ host The DMZ may typically also have the company s Web pages so these could be served to the outside world If an outside user penetrated the DMZ host s security only the Web pages will be corrupted but other company information would not be exposed Dray Tek Vigor 2960 Series 13 52 47 Login Admin NAT gt gt DMZ Host Auto Logout O DMZ Host Quick Start Wizard aaa MK Edt ff Delete GS Refresh GB Rename Profile Num Profile Enable This Profile WAN Profile Private IP Use IP Alias IP Alias No items to show Port Redirection DMZ Host Address Mapping SIP ALG External Devices Product Registration Each item will be explained as follows Item Description Add Add a new DMZ host profile Edit Modify the selected profile To edit a profile simply select the one you want to modify and click the Edit button The edit window will appear for you to modify the corresponding settings for the selected rule Delete Remove the selected profile To delete a profile simply select the one you want to delete and click the Delete button Refresh Renew current web page Rename Allow to modify the selected profile name Vigor2960 Series User s Guide 95 Dray Te k Profile
165. hoose a schedule profile to be applied on such rule You can click K to create another new time object profile Source IP Choose one or more IP object profiles from the drop down list The selected profile will be treated as source IP You can click a to create another new IP object profile Exception IP Choose one or more IP object profiles from the drop down list The selected profile will be treated as exception IP which will not be filtered by the router for such group You can click a to create another new IP object profile IM Block Choose one or more IM object profiles from the drop down list which will not be allowed to pass through the router You can click K to create another new IM object profile P2P Block Choose one or more P2P object profiles from the drop down list which will not be allowed to pass through the router You can click a to create another new P2P object profile Protocol Block Choose one or more Protocol object profiles from the drop down list which will not be allowed to pass through the router You can click g to create another new protocol object profile Apply Click it to save and exit the dialog Cancel Click it to exit the dialog without saving anything 4 Enter all the settings and click Apply 5 A new Application filter profile has been added Firewall gt Filter Setup gt gt Application Filter IP Fitter Application Filter URL Fitter Sp Add Qe Edt fff Delete GS Refresh G Rename
166. ice type object profiles have been created in this page Dray Tek Vigor 2960 Series 14 35 56 Login Admin gt Objects Setting gt gt Service Type Object AutoLogout Off Service Type Object Q Add X Edt f Delte G Refresh Profile Number Limit 96 Ss Profile Protocol Source Port Start Source Port End Destination Port Si Destination Port En al Object AUTH TCP 1 65535 113 113 IP Group BGP TCP 1 65535 179 179 BOOTPCLIENT UDP 1 65535 68 68 Service Type Group BOOTPSERVER UDP 1 65535 67 67 Keyword Object CU_SEEME_HI TCP UDP 1 65535 24032 24032 Keyword Group CU_SEEME_LO TCP UDP 1 65535 7648 7648 File Extension Object DNS TCP UDP 1 65535 53 53 IM Object FINGER TCP 1 65535 79 79 P2P Object FTP TCP 1 65535 20 21 Tentarei Sins H_323 TCP 1 65535 1720 1720 Web Category Object HTTP TCP 1 65535 80 80 Time Object HTTPS TCP 1 65535 443 443 Time Group IKE UDP 1 65535 500 500 IRC TCP UDP 1 65535 6667 6667 L2TP UDP 1 65535 1701 1701 NEWS TCP 1 65535 144 144 n NFS UDP 1 65535 2049 2049 NNTP TCP 1 65535 119 119 Each item will be explained as follows Item Description Add Add a new profile Edit Modify the selected profile To edit a profile simply select the one you want to modify and click the Edit button The edit window will appear for you to modify the corresponding settings for the selected rule Delete Remove the selected profile To delete a rule simply select the one you want to delete a
167. ient Wizard VPN Server Wizard Remote Access Control PPP General Setup IPSec General Setup VPN Profiles VPN TRUNK Management Connection Management Apply Z Cancel Available parameters are listed as follows Item Description Authenticate Protocol The router will authenticate the dial in user with the protocol selected here CHAF y PAP CHAP PAP It means the router will attempt to authenticate dial in users with the PAP protocol CHAP It means the router will attempt to authenticate dial in users with the CHAP protocol User Authentication Set user authentication to Local server or RADIUS server Type YP Local r Local RADIUS Dray Te k 190 Vigor2960 Series User s Guide LAN Profile Choose a LAN profile for L2TP Server if RADIUS is selected as user authentication type Apply Click it to save the configuration Cancel Click it to discard the settings configured in this page 4 8 5 IPSec General Setup The IPSec services can provide access control connectionless integrity data origin authentication rejection of replayed packets that is a form of partial sequence integrity and confidentiality by encryption These objectives are met through the use of two traffic security protocols the Authentication Header AH and the Encapsulating Security Payload ESP and through the use of cryptographic key management procedures and protocols a Dr ay Te k Vigor 2960 Series 16 39 28 Login Admin Ba 3 V
168. ify Re Remote Di Remote Di lant true 192 168 1 192 168 1 168 95 1 1 56400 Disable 192 165 1 192 168 1 0 0 0 195 S6400 Disable 0 0 0196 0 0 0 245 lantest true 0 0 0 10 Each item will be explained as follows Item Edit Refresh Profile Enable This Profile Start IP End IP Vigor2960 Series User s Guide Description Modify the selected LAN profile To edit a profile simply select the one you want to modify and click the Edit button The edit window will appear for you to modify the corresponding settings for the selected rule Renew current web page Display the name of the LAN profile Display the status of the profile False means disabled True means enabled Display the starting IP address of the IP address pool for DHCP server Display the ending IP address of the IP address pool for DHCP server n Dray Tek DNS Routers Lease Time Specify Remote Dial in IP Display the IP address for DNS In general this box will be blank It means Vigor2960 will be regarded as the gateway for the user Display the lease time for the DHCP server Display the status of remote dial in function Disable means disabled Enable means enabled Remote Dial in Start IP Display the start IP address for an IP range The DHCP server can assign an IP address for remote dial in user from Remote Dial in End IP such IP range Display the end IP address for an IP range The DHCP server can
169. ight host and vice versa Besides Vigor router has a built in DHCP server that assigns private IP address to each local host General Setup IP Routing Static Route Switch Bind IP to MAC RIP Configuration OSPF Configuration 4 2 1 General Setup This page allows you to set LAN profiles for PCs in LAN Settings of DHCP DHCP Relay RADVD and DHCPv6 settings are generated automatically by the system when the LAN profile is created You can edit these settings by switching into each tab individually Note One LAN profile shall be enabled at least to keep the normal operation The default LAN profile named lan1 shall not be deleted Otherwise the system might be damaged If such file is deleted due to careless please reset your router to restore the default setting LAN gt gt General Setup gt gt General Setup General Setup DHCP DHCP Relay RADYD DHCP v6 a Add y Edit im Delete gh Refresh Profile Number Limit 10 Profile Enable This Profile Description VLAN ID IPv 4 Protocol IPw Protocol lan true 10 static Link Local Dray Te k 58 Vigor2960 Series User s Guide General Setup This page allows you to enable the profile give a brief explanation for such profile specify the VLAN ID specify MAC address and choose protocol type for such profile LAN gt General Setup gt gt General Setup General Setup DHCP DHCP Relay RAD YD DHCP 6 Profile Enable This Profile Description WLAN ID IPv d Protocol Pw Prot
170. iguration allows you to enable the profile give a brief explanation for such profile specify the VLAN ID specify MAC address choose IPv4 and IPv6 protocol and specify the mode of the data transmission NAT or Routing Dray Te k 38 Vigor2960 Series User s Guide Different IPv4 and IPv6 protocol types specified will bring up different configuration web page If you choose Static as IPv4 protocol type click the Static tab to open the following page General Setup Global IP Address Subnet Mask Gateway IP Address DNS Server IP Address IP Alias Static 0 0 0 0 200 200 2c 0 v m Optional T add H save DNS Server IP Address Mo tems to show 3 Add fl Save IP Subnet Mask Mo tems to show ol Apply R Cancel Available parameters are listed as follows Item IP Address Subnet Mask Gateway IP Address DNS Server IP Address Vigor2960 Series User s Guide Description Type the IP address specified for such profile Use the drop down list to choose the subnet mask for such profile Type a public gateway address for such WAN profile click it to remove the IP address if you are not satisfied with it Add Click this button to display the IP address field for adding a new IP address Type the IP address on the tiny boxes one by one gt add H Save DNS Server IP Address DNS Server IP Address 458 95 1 1l Ti Save After finished the IP address
171. ile Number Limit 128 Profile Enable This Protocol Source IP Source Ma Destinatior Destinatior Destinatior Destinatior Load Balance No tems to show Each item will be explained as follows Item Description Add Add a new profile Edit Modify the selected profile To edit a profile simply select the one you want to modify and click the Edit button The edit window will appear for you to modify the corresponding settings for the selected profile Delete Remove the selected profile To delete a profile simply select the one you want to delete and click the Delete button Refresh Renew current web page Profile Display the name of the profile Enable This Profile Display the status of the profile False means disabled True means enabled Protocol Display the protocol configured by such profile Source IP Address Display the source IP address specified for this profile Source Mask Display the subnet mask address specified for the source IP of this entry Vigor2960 Series User s Guide 205 Dr ay Te k Destination IP Address Display the destination IP address specified for this entry Destination Mask Display the subnet mask address specified for the destination IP of this entry Destination Port Start Display the start point specified in the Dest Port Range for this entry Destination Port End Display the end point specified in the Dest Port Range for this entry Load Balance Pool Display the load balance pool sel
172. ime Profile Source IP Destination IP Service Type Input Interface Output Interface Fragments Action Syslog Vigor2960 Series User s Guide Description Type the name of the IP filter rule Check the box to enable this profile Choose a schedule profile to be applied on such rule You can click a to create another new time object profile Choose one or more IP object profiles from the drop down list The selected profile will be treated as source IP You can click K to create another new IP object profile Choose one or more IP object profiles from the drop down list The selected profile will be treated as destination IP You can click g to create another new IP object profile Choose one or more service type object profiles from the drop down list The selected profile will be treated as service type You can click a to create another new service type object profile Choose one of the LAN or WAN profiles as data receiving interface Choose one of the LAN or WAN profiles as data transmitting interface Specify the action for fragmented packets do not care r do_not_care fragment Untragment do_not_care No action will be taken towards fragmented packets unfragment Apply the rule to unfragmented packets fragment Apply the rule to fragmented packets The action to be taken when packets match the rule Block Packets matching the rule will be dropped immediately Pass Packets ma
173. in the future 3 Add H Save IF Subnet Wask Mode 192 168 1 83 255 255 255 0 MAT C 255 255 255 0 NAT m E ke Add Click it to add a new subnet mask with IP address and specified mode Save Click it to save the settings IP Type the IP address if you click Add for adding a new entry Subnet Mask Use the drop down list to choose the one you want Mode Specify NAT or Routing as the mode W _ click the icon to remove the selected entry IP v6 Protocol It defines the IPv6 connection types for LAN interface Possible types contain Link Local Static and DHCP SLA Except Link Local each type requires different parameter settings Link Local Link Local address is used for communicating with neighbouring nodes on the same link It is defined by the address prefix fe80 10 You don t need to setup Link Local address manually for it is generated automatically according to your MAC Address Static This type allows you to setup static IPv6 address for LAN DHCP SLA DHCPv6 client mode would use IA_NA option of DHCPv6 protocol to obtain IPv6 address from server IPv6 Address If Static is chosen as IPv6 Protocol please type the IPv6 address in this field IPv6 Prefix Length Type the IPv6 prefix length for IPv6 Static protocol Vigor2960 Series User s Guide 61 Dray Te k Dray Tek DHCPv6 SLA If DHCP SLA is chosen as IPv6 Protocol please choose one WAN Interface of the WAN profi
174. ings and click Apply Vigor2960 Series User s Guide 223 Dr ay Te k 5 Anew SSL Application profile has been created SSL VPN gt gt SSL Application gt RDP VAC T Add Profile FDF_1 4 10 3 Online User Status ROP YE Edit ff Delete Refresh IP Address Port 192 168 1 57 3389 If you have finished the configuration of SSL Web Proxy server users can find out corresponding settings when they access into Draytek SSL VPN portal interface Dray Tek 15 47 28 Login Admin Auto Logout Off v Quick Start Wizard Online Status ti r lt m f m f I h j e G A m y 4 A 4 i f m fl i a j A n fl SSL Web Proxy SSL Application Online User Status e iat dsi age M gt rem tenance External Devices Product Registration Vigor2960 Series SSL VPN gt gt SSL VPN Status amp Refresh Auto Refresh 10 Seconds v User Name Remote IP Time out No items to show lt Each item will be explained as follows Item Refresh Auto Refresh User Name Remote IP Time out Dray Tek Description Renew current web page Specify the interval of refresh time to obtain the latest status The information will update immediately when the Refresh button is clicked Display current user who visit SSL VPN server Display the IP address for the host Display the time remaining for logging out 224 Vigor2960 Series User s Guide 4 1
175. inistrator Password System Maintenance gt gt Administrator Password Administrator Password Original Password New Password Confirm Password 5 Enter the login password admin in default on the field of Original Password Type a new one in the field of New Password and retype it on the field of Confirm Password Then click Apply to continue 6 Now the password has been changed Next time use the new password to access the Web Configurator for this router Dray Te k 8 Vigor2960 Series User s Guide 2 2 Quick Start Wizard Quick Start Wizard is a wizard which is designed for configuring your router accessing Internet with simply steps In the Quick Start Wizard group you can configure the router to access the Internet with different modes such as Static DHCP PPPoE or PPTP modes For most users Internet access 1s the primary application The router supports the Ethernet WAN interface for Internet access Click Quick Start Wizard from the home page Quick Start Wizard will guide the user to establish LAN interface profile WAN interface profile and select proper protocol for connection The following will explain in more detail for the various broadband access configurations 2 2 1 Step 1 Specifying the WAN Profile In the first page of Quick Start Wizard please choose a WAN profile and specify IPv4 protocol Quick Start Wizard Step 1 Profile want we Pwd Protocol Static P q W Next me G
176. ional Type a name as the host name for identification Previous Click it to return to previous setting page Finish Click it to finish the configuration Cancel Click it to discard the settings configured in this page When you finished the above settings please click Finish If PPPoE is selected PPPoE stands for Point to Point Protocol over Ethernet It relies on two widely accepted standards PPP and Ethernet It connects users through an Ethernet to the Internet with a common broadband medium such as a single DSL line wireless device or cable modem All the users over the Ethernet can share a common connection PPPoE is used for most of DSL modem users All local users can share one PPPoE connection for accessing the Internet Your service provider will provide you information about user name password and authentication mode If your ISP provides you the PPPoE Point to Point Protocol over Ethernet connection please select PPPoE for this router to get the following page Enter the username and password provided by your ISP on the web page Dray Te k 12 Vigor2960 Series User s Guide Quick Start Wizard EEE EEE ELLE LLL Username Password AW Previous iy E Finish amp Cancel Available parameters are listed as follows Item Description Username Type in the username provided by ISP in this field Password Type in the password provided by ISP in this field Previous Click it to return to previous setting
177. isable TR 069 a HTTPS Port 443 Administrator Password Configuration Backup User Define Enable Disable Syslog Mail Alert Time and Date Access Control SNMP Setup Reboot System Firmware Upgrade Allow Ping fromthe WAN Enable O Disable E 4 gt External Devices Apply e Cancel Product Registration s Available parameters are listed as follows Item Description Web Allow Click Enable to allow system administrator to login from the Internet and management the web page of the router Web Port Type the port number for the management through web page Telnet Allow Click Enable to allow system administrator to login from the telnet and management the web page of the router Telnet Port Type the port number for the management through telnet page SSH Allow Click Enable to allow system administrator to login from the SSH server and management the web page of the router SSH Port Type the port number for the management through SSH server HTTPS Allow Click Enable to allow system administrator to login from the HTTPS server and management the web page of the router HTTPS Port Type the port number for the management through HTTPS server User Define Click Enable to allow system administrator to login from the user defined IP address and management the web page of the router If you enable such function the system can be managed by these three IP addresses via WAN Allowed IP1 Allowed Type the first IP address for th
178. l Click it to exit the dialog without saving the configuration Vigor2960 Series User s Guide 49 Dr ay Tek 4 1 3 Load Balance Vigor2960 supports a load balancing function It can assign traffic with protocol type IP address for specific host a subnet of hosts and port range to be allocated in WAN interface User can assign traffic category and force it to go to dedicate network interface based on the following web page setup In the WAN group click the Load Balance option Pool This page allows the user to integrate several WAN profiles as a pool profile specified with the function of load balance or failover The profiles configured here will be selected in the field of WAN gt gt Default Route page Dray Tek Auto Logout Off v Quick Start Wizard Online Status General Setup Default Route Load Balance External Devices Product Reaistration Vigor 2960 Series WAN gt gt Load Balance gt gt Pool Pool Rule Ty Add X Edit f Delete Refresh Profile Num Profile Mode Interface Primary Profile Backup Profile No items to show lt Each item will be explained as follows Item Add Edit Delete Refresh Profile Mode Interface Dray Tek Description Add a new pool profile Modify the selected pool profile To edit a profile simply select the one you want to modify and click the Edit button The edit window will appear for you to modify the corresponding settings for the selec
179. l be displayed after you logging in My Vigor From this page please click Add Dray Tek My Information D About Us Welcome james_fae Product Last Login Time 2011 08 24 09 39 13 Last Login From 123 110 144 220 O My Information Current Login Time 2011 08 24 23 01 15 Current Login From 114 37 142 164 RowNo 5 w PageNo X Vigors SI Vigor Series Your Device List Q Management serial Number D N BS Product Host ID evice Name Mar Saia 104001703857 Vigor2710 Vigor2710 Customer Survey 200807100001 VigorPro5300 YigorPro5300 200911030001 ryan YigorPro5300 Note Below the field of Your Device List all the Vigor routers that you have registered to My Vigor website will be displayed in sequence When the following page appears please type in Nick Name for the router and choose the right registration date from the popup calendar it appears when you click on the box of Registration Date After adding the basic information for the router please click Submit DrayTek k Seat Leo D About Us My Product Search for this site Product Registration Devi My Information gistration ce X VigorACs SI Serial number Vigor Series Nickname vigor2960 Management Registration Date 08 24 2011 Product Usage Selet Registration p s Product Rating Select Your opinion so far 4h Customer Surrey No of Employ
180. l for having effective bandwidth management gt Dial out connection types contain IPSec PPTP L2TP L2TP over IPSec and GRE over IPSec gt The web page is simple to understand and easy to configure The TCP Session transmitted by using VPN TRUNK VPN Load Balance mechanism will not be lost due to one of VPN Tunnels disconnected Users do not need to reconnect with setting TCP UDP Service Port again The VPN Load Balance function can keep the transmission for internal data on tunnel stably Dray Tek Vigor 2960 Series 14 55 29 Login Admin VPN and Remote Access gt gt VPN TRUNK Management gt gt Load Balance Rule Auto Logout Off v Online Status Add X Edit ni Delete Ay Refresh Profile Number Limit 128 Profile Enable This Protocol Source IP Source Ma Destinatior Destinatior Destinatior Destinatior Load Balance No items to show E E e m 4 al r 1 a s A Si m am C gt f f f of w A f VPN Client Wizard VPN Server Wizard Remote Access Control PPP General Setup LAN to LAN VPN TRUNK Management IPSec General Setup Connection Management D r ay Te k 204 Vigor2960 Series User s Guide Load Balance Rule To build VPN load balance connection with other router you can define the load balance rule in this page VPH and Remote Access gt gt VPN TRUNK Management gt gt Load Balance Rule G3 Add Edt fff Delte G9 Refresh Prof
181. lace the router in a damp or humid place e g a bathroom The router should be used in a sheltered area within a temperature range of 5 to 40 Celsius Do not expose the router to direct sunlight or other heat sources The housing and electronic components may be damaged by direct sunlight or heat sources Do not deploy the cable for LAN connection outdoor to prevent electronic shock hazards Keep the package out of reach of children When you want to dispose of the router please follow local regulations on conservation of the environment We warrant to the original end user purchaser that the router will be free from any defects in workmanship or materials for a period of two 2 years from the date of purchase from the dealer Please keep your purchase receipt in a safe place as it serves as proof of date of purchase During the warranty period and upon proof of purchase should the product have indications of failure due to faulty workmanship and or materials we will at our discretion repair or replace the defective products or components without charge for either parts or labor to whatever extent we deem necessary tore store the product to proper operating condition Any replacement will consist of a new or re manufactured functionally equivalent product of equal value and will be offered solely at our discretion This warranty will not apply if the product is modified misused tampered with damaged by an
182. lay the status of the profile False means disabled True means enabled If no time schedule is set None will be shown in this field Display the source IP object profile selected for such group Display the IP object profile which will not be filtered by the router for such group o Dray Tek Item Description IM Block Display the IM object profile selected for such application profile P2P Block Display the P2P object profile selected for such application profile Protocol Block Display the protocol object profile selected for such application profile How to create an Application Filter profile 1 Open Firewall gt gt Filter Setup and click the Application Filter tab 2 Simply click the Add button Firewall gt gt Fiter Setup gt gt Application Filter IP Fitter Application Filter URL Fitter Za Add YE Edt f Delete GS Refresh G Rename Profile Enable This Pri Time Profile Source IP Exception IP Mo tems to show 3 The following dialog will appear Profile 2 Profile NoO_IM ey EE Time Profile None mn 3 io w Source IF cae None Ll Exception IP gy IM Block None m E P2P Block None m EP Frotocol Block None ws gs z B Apply R Cancel Dray Te K 110 Vigor2960 Series User s Guide Available parameters are listed as follows Item Description Profile Type the name of the Application filter profile Enable This Profile Check the box to enable this profile Time Profile C
183. le 1 Open NAT gt gt Address Mapping 2 Simply click the Add button NAT gt Address Mapping Address Mapping T add gt Edit Profile M Delete GS Refresh Enable This P WAN Profile Private IP 3 The following dialog will appear Address Mapping Profile J Enable This Profile WAN Profile Private IP Private IP subnet Mask Protocol Use IP Alias Mo iterr ame the ADO M wand sy 192 188 14 255 255 255 0 z all m O Enable Disable E Apply 9 Cancel Available parameters are listed as follows Item Profile Vigor2960 Series User s Guide Description Type the name of the profile 2 Dray Tek Dray Tek Enable This Profile Check the box to enable the Address Mapping profile WAN Profile Choose a WAN profile for such entry Private IP Type the private IP used for this entry Private IP subnet Type the subnet mask used for this entry Mask Protocol Choose the protocol used for the entry All w TEF UDF TOPRILIDP All Use IP Alias Click Enable to invoke IP Alias function IP Alias IP alias that can be selected and used for port redirection Before using it please go to WAN gt gt General Setup and enable the wan profile Add several IP addresses under Static mode for wanl Apply Click it to save and exit the dialog Cancel Click it to exit the dialog without saving anything Enter all the settings and click Apply A new profile has been add
184. les in this field DHCPv6 SLA ID The ID number set here is used by an individual organization to create its own local addressing hierarchy and to identify subnets Apply Click it to save and exit the dialog Cancel Click it to exit the dialog without saving anything When you finish the above settings please click Apply to save the configuration and exit the dialog LAH gt General Setup gt gt General Setup General Setup DHCP DHCP Felay RADYD DHEF YE a add J Edt ff Delete G4 Refresh au Profile Enable This Profile Description VLAH ID IPw4 Protocol IPw Protocol land true 10 static Link Local lantest true Just for test 21 static DHCP SLA 62 Vigor2960 Series User s Guide DHCP In the Vigor2960 router there are some IP address settings for the LAN interface The IP address subnet mask is for private users or NAT users The IP address of the default gateway on other local PCs should be set as the Vigor2960 server IP address When the DSL connection between the DSL and the ISP has been established each local PC can directly route to the Internet The IP address subnet mask can also be used to connect to other private users PCs On this page you will see the private IP address defined in RFC 1918 Usually we use the 192 168 1 0 24 subnet for the route LAH gt gt General Setup gt gt DHCP General Setup DHCP DR Edt Refresh DHCP Relay RADYD DHCP ye Profile Enable Thi Start IP Encl IP DHS Routers Lease Tim Spec
185. m the user when the permitted A Dray Tek Administration Message session limit is reached Apply Click it to save the configuration Cancel Click it to discard the settings configured in this page How to add a session limit profile for the QoS policer 1 Open Bandwidth Management gt gt Sessions Limit 2 Simply click the Add button Bandwidth Management gt Sessions Limit Sessions Limit fy add gt Edit jj Delete G5 Refresh Profile Enable This Profile So Mo items to 3 The following dialog will appear Sessions Limit 2 Profile Session 1 4 Enable This Profile Source IP 192 168 1 35 255 255 255 0 v Max Sessions 1000 H Apply G9 Cancel Available parameters are listed as follows Item Description Profile Type the name of the profile Enable This Profile Check this box to enable such profile Source IP Type the source IP address with subnet mask for limit session Max Sessions Defines the available session number for each host in the specific range of IP addresses If you do not set the session number in this field the system will use the default session limit for the specific limitation you set for each index This field cannot be typed with 0 otherwise the profile cannot be saved Apply Click it to save the configuration and exit the dialog Dray Te k 242 Vigor2960 Series User s Guide Cancel Click it to exit the dialog without saving the configuration 4 Enter all the set
186. meters are listed as follows Item Description Enable This Profile Check the box to enable the Mirror function for the switch Dray Tek 88 Vigor2960 Series User s Guide Profile Choose one of the LAN profiles Apply Click it to save the settings Cancel Click it to exit the dialog without saving anything 4 2 6 OSPF Configuration OSPF Open Shortest Path First uses the algorithm of SPF Shortest Path First to calculate the route metric It is suitable for large network and complicated data exchange When you need faster convergence than distance vector want to support much larger networks or want to have less susceptible to bad routing information you can enable OSPF feature to fit your request Note that both routers must support OSPF function at the same time to build the OSPF connection Dray Tek Vigor 2960 Sones LAN gt gt OSPF Configuration 14 50 38 Login Admin gt 5Min SSS i eee M OSPF Configuration f Online Status Enable This Profile Q Add General Setup LAN Profile Area Pamina No items to show Static Route Profile Switch Bind IP to MAC RIP Configuration OSPF Configuration El Apply 3 Cancel Available parameters are listed as follows Item Description Enable This Profile Check the box to enable the Mirror function for the switch Profile Create a new profile name Apply Click it to save the settings Cancel Click it to discard the settings configured in this pa
187. mit the session procession for specified Hosts In the Bandwidth Management menu click Sessions Limit to open the web page D Tek r ay e Vigor2960 Series 09 26 49 Bandwidth Management gt gt Sessions Limit eee OT M Sessions Limit Quick Start Wizard 4 Profile Numi r j rofile Num a Sy Add DK Edit f Delete Refresh G Rename Profile Enable This Profile Source IP Max Sessions No items to show Use Default Message Enable Disable Incoming Class Incoming Filter Outgoing Class Outgoing Filter Bandwidth Limit 4 w 2 Apply Cancel 4 W Cvtarnal Nmacane yv Each item will be explained as follows Item Description Add Add a new profile Edit Modify the selected profile To edit a profile simply select the one you want to modify and click the Edit button The edit window will appear for you to modify the corresponding settings for the selected profile Delete Remove the selected profile To delete a profile simply select the one you want to delete and click the Delete button Refresh Renew current web page Rename Allow to modify the selected profile name Profile Display the name of the profile Enable This Profile Display the status of the profile False means disabled True means enabled Source IP Display the IP address with subnet mask of the profile Max Sessions Connection Limit Vigor2960 Series User s Guide Display the maximum sessions used by the profile Display the message to infor
188. mounted on the wall by using standard brackets shown below Choose a flat surface on the wall which is suitable for placing the router Make the screw holes on the short side of the bracket aim at the screw holes on the router Next fasten both the bracket and the router with two screws and fasten both the wall and the bracket with another two screws Refer to the following figure Then continue to fasten the screws on the other side of the router and the wall with other screws When you finished about procedure the router has been mounted on the wall firmly Vigor2960 Series User s Guide 5 Dray Te k This page is left blank Dray Te k 6 Vigor2960 Series User s Guide Chapter 2 Initial Configuration For use the router properly it is necessary for you to change the password of web configuration for security and adjust primary basic settings This chapter explains how to setup a password for an administrator and how to adjust basic settings for accessing Internet successfully Be aware that only the administrator can change the router configuration 2 1 Changing Password To change the password for this device you have to access into the web browse with default password first 1 Make sure your computer connects to the router correctly g Notice You may either simply set up your computer to get IP f dynamically from the router or set up the IP address of the computer to be the same subnet as the default IP ad
189. n Click it to discard the settings configured in this page How to add a bandwidth limit profile for the QoS policer l 2 Dray Tek Open Bandwidth Management gt gt Bandwidth Limit Simply click the Add button Bandwidth Management gt gt Bandwidth Limit Bandwidth Limit fy add J Edit Profile The following dialog will appear M Delete 6 Refresh Start IP End IF Mo iter 244 Vigor2960 Series User s Guide Bandwidth Limit Profile Band limit_1 Enable This Profile Stat IP 192 End IP 192 TX Limit 1024 RX Limit gt 1024 168 rf 18 10 82 Kbps Mbps Kbps Mbps Apply G9 Cancel Available parameters are listed as follows Item Profile Start IP End IP TX Limit RX Limit Apply Cancel Description Type the name of the profile Define the start IP address for limit bandwidth Define the end IP address for limit bandwidth Define the limitation for the speed of the upstream If you do not set the limit in this field the system will use the default speed for the specific limitation you set for each index Do not type the value with 0 otherwise the profile cannot be saved Define the limitation for the speed of the downstream If you do not set the limit in this field the system will use the default speed for the specific limitation you set for each index Do not type the value with 0 otherwise the profile cannot be saved Click it to
190. n Remote Gateway IP i first subnet to remote network you have to Remote Network IP 192 168 29 0 Remote Network Mask 255 255 255 0 L Change default route to this YPN tunnel Only Local Network IP 192 168 2 0 single Wl ds sl supports this 4 Local Network Mask 255 255 255 0 4 Please check if the VPN connection is built successfully in both devices respectively For Vigor2960 open VPN and Remote Access gt gt IPSec gt gt Status for viewing the result VPN and Remote Access gt Connection Management Connection Management Profiles Lie gt Connect lIPSec PPIP Refresh VPN Type Remote IP Virtual Network Up Time RxX Packets TX Packets Dis 2710 IPSec 3DES_No Auth 111 243 176 145 192 168 2 0 24 00 01 06 1 0 y As to Vigor2710 please open VPN and Remote Access gt gt Connection Management to confirm the result VPN and Remote Access gt gt Connection Management Dial out Tool Refresh Seconds 10 iad YPN Connection Status Current Page 1 Fage No co Virtual Tx Tx Rx Rx YPN Type iinet Network Pkts Rate Bps Pkts Rate Bps UpTime 1 IFsec Tunnel 1 169 162 1 ee 2960 2DES No Auth via wang 19415829 0 24 0 0 0 10 19 Drop MMEEMKEM Data isn t encrypted Dray Te k 34 Vigor2960 Series User s Guide Chapter 4 Advanced Configuration After finished basic configuration of the router you can access Internet with ease For the people who want to adjust more setting for suiting hi
191. nal 11 amp Enable C Disable static MAT Ma i32 168 3 2 265 255 754 0 Sptioraly Ry Add H Save IF Subnet Mask Mo ibama Bo ahga ml Aper go cancel 28 Vigor2960 Series User s Guide 3 Open LAN gt gt Static Route Setup and click the Inter LAN Route tab to enable this profile Auto Logout Off Static Route IPv6 Static Route Inter LAN Route Quick Start Wizard Jl Enable This Profile General Setup Static Route Switch Bind IP to MAC RID Fanfic atinn 4 Open LAN gt gt OSPF Configuration to enable this profile Click Add to make the LAN Profiles lan2 area setting as 11 and lanl area as 11 As shown in the topology diagram LAN gt gt OSPF Configuration Auto Logout Off v ses OSPF Configuration Quick Start Wizard a Status F Enable This Profile aN Cr General Setup LAM rome aches IP Routing lan2 11 i i Static Route Profile lant 11 m Switch Bind IP to MAC RIP Configuration OSPF Configuration Configuration for Vigor2960 1 Open LAN gt gt General Setup to create a LAN 192 168 4 1 24 profile named lan1 with the settings shown below imar al Setup Profile fan F Enae This Profile Caeser igen VILAM ID t Defaut MAC Ailib ss G nahe 5 Dee aible MAC Adibnaes IP Protocol slate Moile IF Miet Se Prek Gatesy IP Adress iienal Subri biak Mo ferta to shove per G Cancel Vigor2960 Series User s G
192. nd click the Delete button Refresh Renew current web page Profile Number Limit Display the total number 96 of the object profiles to be created Profile Display the name of the service type object profile Dray Tek 126 Vigor2960 Series User s Guide Item Protocol Source Port Start Source Port End Destination Port Start Destination Port End Description Display the protocol selected for such profile Display the starting source port for such profile Display the ending source port for such profile Display the starting destination port for such profile Display the ending destination port for such profile How to create a new Service Type Object profile 1 Open Objects Setting gt gt Service Type Object 2 Simply click the Add button Objects Setting gt gt Service Type Object Service Type Object AS Add X Ecitt ii Delete s Refresh Profile P rotocal Source Port Si ALITH TCP 3 The following dialog will appear Prote Piano Oe Po siai o ai ee Poi Fria ill Ha Service Type Object Profile Protocol Source Port Start Source PortEnd egi athera ICP s 65535 Destination Port Start 1 Destination Port End 65535 LIT Tre A Apply G Cancel w P a eer m Available parameters are listed as follows Item Profile Protocol Source Port Start Vigor2960 Series User s Guide Description Type a name for such profile The number of the
193. nfig File Name Y2960_2012 07 13 tgz Backup Each item will be explained as follows Dray Tek Item Encrypt Config Backup Type Config File Name Backup Description Check this box to encrypt the configuration file Password Type a password for encrypting the file Confirm Password Retype the password for confirmation Choose one of the types to determine where the file will be stored Backup to Local File The configuration file will be stored in local host Backup to Remote TFTP Server The configuration file will be stored in the remote TFTP server specified Backup Selected Config The configuration file will be stored with an existing file in local host You must select which file you want to store The default configuration file name file format shall be tgz will be shown here You can change the name if required Execute the file downloading job to the computer 248 Vigor2960 Series User s Guide Restore i Vigor 2960 Series 10 11 05 System Maintenance gt gt Configuration Backup gt gt Restore Auto Logout Off Backup Restore Quick Start Wizard Online Status F Decrypt Config Password Confirm Password Restore Settings via Local Config File Restore Type O Restore Settings via TFTP Server Select File Ripta FIRS smi hte a a perme fe cde zt TARN ccess E TR 069 Administrator Password Configuration Backup Syslog Mail Alert Time and Dat
194. ng LAN No items to show i NAT Firewall Objects Setting TEEPEE a a User Management Applications VPN and Remote Access Certificate Management SSL VPN SSL Application Online User Status Bandwidth Management System Maintenance Diagnostics l Product Registration Li E Vigor2960 Series User s Guide 219 Dray Tek VNC VNC stands for Virtual Network Computing It allows you to access and control a remote PC through VNC protocol SSL VPN gt gt SSL Application gt gt VNC 2o ve RQ Add A Edt fj Delete G Refresh E Profile IP Address Port Scaling No tems to show Each item will be explained as follows Item Description Add Add a new profile Edit Modify the selected profile To edit a profile simply select the one you want to modify and click the Edit button The edit window will appear for you to modify the corresponding settings for the selected profile Delete Remove the selected profile To delete a profile simply select the one you want to delete and click the Delete button Refresh Renew current web page Profile Display the name of the profile that you create IP Address Display the IP address for this protocol Port Display the port used for this protocol Scaling Display the percentage for such application How to create a new SSL Application with VNC protocol 1 OpenSSL VPN gt gt SSL Application and click the VNC tab Dray Te k 220 Vigor2
195. ng Filter filter_rule_13 no_rate_contro Disable Disable Sessions Limit filter_rule_14 no_rate_contro Disable Disable Bandwidth Limit filter_rule_15 no_rate_contro Disable Disable filter_rule_16 no_rate_contro Disable Disable gt fiter_rule_17 no_rate_contro Disable Disable To edit a profile simply select the one you want to modify and click the Edit button The edit window will appear for you to modify the corresponding settings for the selected policy Refresh Filter Rule Renew current web page Display the name of the filter rule Policer Display the name of filter Policer Drop Display the status for the packet to be discarded or not Reserved Display the status for the packet to be kept in the buffer or not Vigor2960 Series User s Guide 229 Dray Tek How to edit the incoming filter for the QoS policer l 2 3 Dray Tek Open Bandwidth Management gt gt Incoming Filter Choose one of the filter rules and click the Edit button Bandwidth Management gt gt Filter Rule Filter Rule y Edit GS Refresh Fitter Rule Policer Drop filter_rule_O ho rate_contral Disable filter_rule_1 no rate _contral Disable filter_ rule no rate control Disable filter_rule_3 ho rate_contral Disable The following dialog will appear Fitter Rule Fitter Rule filter _rule_1 Policer no _rate_contral w Drop O Enable Disable Reserved O Enable Disable IP Protocol Mone Source IP Address U 0 Source IP
196. o point private link The DrayTek Vigor2960 Series VPN router supports Internet industry standards technology to provide customers with open interoperable VPN solutions such as X 509 DHCP over Internet Protocol Security IPSec up to 500 tunnels and Point to Point Tunneling Protocol PPTP 1 1 Web Configuration Buttons Explanation Several main buttons appeared on the web pages are defined as the following f Apply Save and apply current settings O Cancel Cancel current settings and recover to the previous saved settings or discard the settings configured in the page amp Next Go to next page T Previous Return to the previous page f Finish Complete the setting configuration Note For the other buttons shown on the web pages please refer to Chapter 4 for detailed explanation 1 2 LED Indicators and Connectors Before you use the Vigor router please get acquainted with the LED indicators and connectors first The displays of LED indicators and connectors for the routers are different slightly Vigor2960 Series User s Guide l Dr ay Te k Description for LED Dray Tek ACT Deh God Vigor2960 Dug Security Fireeall CoM WAM W91 Factory VPN WAN USE2 Meari LED ACT Activity SEWE Blinking Off CSM iz 5 VPN Off DoS Blinking WANI 2 Blinking QoS O 5 5 5 USB1 2 Blinking LED on Connector Left LED Green GigaWAN 1 2 ff Blinking Right LE
197. oad Balance Rule Load Balance Pool 3 Add 3 Edit ff Delete amp Refresh Profile Interface L _Foogl_i Refer to Chapter 3 How to Configure VPN Load Balance between Vigor2960 and Other Router for getting more detailed information about Load Balance application 4 8 8 Connection Management You can find the summary table of all VPN connections You may disconnect any VPN connection by clicking Disconnect button f A g r s 7 Dray Tek Vigor 2960 Series 15 08 04 Login Admin VPN and Remote Access gt gt Connection Management Off Auto Logout O Connection Management Online Status Profiles v Connect IPSec PPTP G amp Refresh VPN Type Remote IP Virtual Networ Up Time RX Packets TX Packets Disconnect No items to show VPN Client Wizard VPN Server Wizard Remote Access Control PPP General Setup IPSec General Setup LAN to LAN VPN TRUNK Management Connection Management Each item will be explained as follows Item Description Profile This filed displays the profile configured in LAN to LAN with Index number and VPN Server IP address The VPN connection built by General Mode does not support VPN backup function Connect Click this button to execute dial out function IPSec Click it to perform IPSec VPN connection PPTP Click it to perform PPTP VPN connection Refresh Renew current web page VPN Display the name of VPN profile Dray Te k 210 Vigor2960 Series User s Guide Type Display
198. object profile Click it to save and exit the dialog Click it to exit the dialog without saving anything 4 Enter all the settings and click Apply A new URL filter profile has been added Firewall gt gt Filter Setup gt gt URL Filter IFP Filter Application Filter URL Filter T gt Add DK Edit fff Delete G Refresh GP Rename Profile Enable This P Time Profile Source IP Keyword Pas Keyword Bloc File Extension Web Category AP_F Rulet true Mone Any Mone Mone Mone Mone Kewword 1 true Mone Any Mone Mone Mone Mone Vigor2960 Series User s Guide 7 Dray Tek 4 4 2 DoS Defense The DoS function helps to detect and mitigates DoS attacks These include flooding type attacks and vulnerability attacks Flooding type attacks attempt to use up all your system s resources while vulnerability attacks try to paralyze the system by offending the vulnerabilities of the protocol or operation system Dray Tek Firewall gt gt System Auto Logout Off v Quick Start Wizard Online Status Filter Setup DoS Defense MAC Block External Devices Product Registration System Enable This Profile Block SYN Flood SYN Flood Threshold SYN Flood Timeout Block ICMP Flood ICMP Flood Threshold ICMP Flood Timeout Block UDP Flood UDP Flood Threshold UDP Flood Timeout Block Port Scan Port Scan Threshold Block IP Options Block Land Oi nt CRUNT Vigor 2960 Series Enable Disable 300 10
199. ocol lan true 10 static Link Local Each item will be explained as follows Item Description Add Add a new LAN profile Edit Modify the selected LAN profile To edit a profile simply select the one you want to modify and click the Edit button The edit window will appear for you to modify the corresponding settings for the selected rule Delete Remove the selected LAN profile To delete a rule simply select the one you want to delete and click the Delete button Refresh Renew current web page Profile Display the name of the LAN profile Enable This Profile Display the status of the profile False means disabled True means enabled Description Display the brief explanation for the LAN profile VLAN ID Display the VLAN ID configured for the LAN profile IPv4 Protocol Type Display the IPv4 protocol type for the LAN profile IPv6 Protocol Type Display the IPv6 protocol type for the LAN profile Vigor2960 Series User s Guide Dray Tek How to add a new LAN profile 1 Open LAN gt gt General Setup and click the General Setup tab LAHN gt gt General Setup gt gt General Setup General Setup DHCP DHCP Relay RADYD DHCPYE Se Add J Edt ff Delete G4 Refresh Profile Enable This Profile Description VLAH ID lant true 10 2 Click the Add button to open the following dialog Different protocol type selected will bring up different configuration web page General Setup e Profile lantest W Enable This P
200. on 3 Enter all the settings and click Apply 4 The DDNS Profile has been modified Applications gt gt Dynamic DNS gt gt Setting Status Setting YE Edt Refresh Profile Enable This Prof WAN Profile Routing Policy Service Provider Service Type Domain Name ddng1 trus want selected wan_fi dyndns Dynamic 192 168 1 101 ddns2 falee want dyndns Dynamic Vigor2960 Series User s Guide i Dray Tek 4 7 2 GVRP This function can define the method for the changing the VLAN information among devices With supporting GVRP the device can receive the VLAN information coming from other devices Dray Tek Auto Logout Off v Quick Start Wizard Online Status i Dynamic DNS E E y x F gt i 5 p m Vigor2960 Series 09 20 06 Applications gt gt GVRP GVRP F Enable This Profile Interface y Join Time 20 Seconds IGMP Proxy UPnP Wake on LAN i res 4 LGte g nue i sll i akiaki aU id ia baad i Ih aL Sith External Devices Deaduct Danicteation E Apply Cancel ba Available parameters are listed as follows Dray Tek Item Description Enable This Profile Check this box to enable GVRP function Interface Choose a LAN or WAN profile Join Time Apply Cancel Define the time for the system to send GVRP packet to other device The unit is second Click it to save the configuration Click it to discard the settings configured
201. on The edit window will appear for you to modify the corresponding settings for the selected rule Refresh Renew current web page Profile Display the name of the LAN profile Enable This Profile Display the status of the profile False means disabled True Dray Te k 68 Vigor2960 Series User s Guide means enabled Advertisement Lifetime Display the lifetime value The lifetime associated with the default router in units of minutes ranging from 10 150 It is used to control the lifetime of the prefix A lifetime of O indicates that the router is not a default router and should not appear on the default router list How to edit a LAN profile for RADVD 1 Open LAN gt gt General Setup and click the RADVD tab LAH gt General Setup gt gt RADVD eee eae emeesaeeeaeeeeeeesseseeeeseessesen General Setup DHCP DHCP Relay RADY D DHCP YG T aaa nnn naanannn knn una nRRARARN AN RNANA DE Edt Refresh Profile Enable This Profile Advertisement Lifetime land falze 30 lantest falze 30 2 Choose one of the LAN profiles by clicking on it and click the Edit button to open the following dialog ed oT i obi RADY Oo 2 Profile lantest Advertisement Lifetime 30 Minutes a Apply ga Cancel Available parameters are listed as follows Item Description Profile Display the name of the LAN profile Enable This Profile Check this box to enable this profile Advertisement Type a value for advertisement lifetime
202. on Block None hd 3 Web Category Block None hd Fp f Apply Cancel af T Available parameters are listed as follows Item Profile Enable This Profile Time Profile Source IP Keyword Pass Keyword Block File Extension Block Description Type the name of the URL filter profile Check the box to enable this profile Choose a schedule profile to be applied on such rule You can click K to create another new time object profile Choose one or more IP object profiles from the drop down list The selected profile will be treated as source IP You can click K to create another new IP object profile Choose one or more keyword object profiles from the drop down list which will be allowed to pass through the router You can click g to create another new keyword object profile Choose one or more keyword object profiles from the drop down list which will not be allowed to pass through the router You can click g to create another new keyword object profile Choose one or more P2P object profiles from the drop down list which will not be allowed to pass through the router You can click Ka to create another new file extension object profile 114 Vigor2960 Series User s Guide Item Web Category Block Apply Cancel Description Choose one or more WCE object profiles from the drop down list which will not be allowed to pass through the router You can click g to create another new WCF
203. op Remote Host Remote IP Subnet Mask WPR_CLI_ 14 Mone Ww wani 165 oO 255 255 255 0 v Oo o oO oO 255 255 255 255 kd Ta Add H save Subnet Mask Mo tems to show A Previous E E Finish Q Cancel Available parameters are listed as follows Item Profile Enable This Profile Auth Type Certificate Preshared Key Security Protocol Description Display the name of the VPN profile Check this box to enable such profile The authentication to be used by Pre Shared Key or RSA Signature Choose PSK or RSA for such profile Choose a local certificate from the drop down list Type a pre shared key for authentication if PSK is selected as Auth Type Choose ESP to specify the IPSec protocol for the Encapsulating Security Payload protocol The data will be encrypted and authenticated Choose AH to specify the IPSec protocol for the Authentication Header protocol The 180 Vigor2960 Series User s Guide data will be authenticated but not be encrypted WAN Profile Choose a wan profile to be used by such profile Local IP Subnet Type the IP address and subnet mask of local host Mask Local Next Hop Specify the gateway for WAN interface Usually use the Remote Host default setting leave it in blank Type the WAN IP address for the remote host Remote IP Subnet Type the LAN IP address and LAN subnet mask for the Mask remote host More Remote Add more rem
204. or Remote Dial In Enable Disable Auth Type PSK w Preshared Key s Security Protocol ESP r j WAN Profile want v g 1 Local IF Subnet Mask paa r i z f la m f Apply E Cancel Vigor2960 Series User s Guide 193 Dray Te k Available parameters are listed as follows Item Description Profile Type the name of the profile Enable This Profile Check this box to enable this profile Type There are three types offered here for you to choose Please choose IPSec for this case Basic Always On Click Enable to make router always keeping connection Auth Type The authentication to be used by Pre Shared Key or RSA Signature Choose PSK or RSA for such profile Preshared Key Type a pre shared key for authentication if PSK is selected as Auth Type Security Protocol Choose ESP to specify the IPSec protocol for the Encapsulating Security Payload protocol The data will be encrypted and authenticated Choose AH to specify the IPSec protocol for the Authentication Header protocol The data will be authenticated but not be encrypted WAN Profile Choose a wan profile to be used by such profile Local IP Subnet Mask Type the IP address and subnet mask of local host Local Next Hop Specify the gateway for WAN interface Usually use the default setting leave it in blank Remote Host Type the WAN IP address for the remote host Remote IP Subnet Mask Type the
205. or generating the local certificate Selected File Use the Browse button to specify a file to be used as trusted CA certificate Name Display the name of trusted CA built Subject Display the subject of the trusted CA built Issuer Display the issuer of the trusted CA built Status Display the status of the trusted CA built Valid From Display the starting point of the valid time of trusted CA Valid To Display the end point of the valid time of trusted CA 212 Vigor2960 Series User s Guide How to build a local certificate 1 Open Certificate Management gt gt Local Certificate 2 Simply click the Generate button Certificate Management gt gt Local Certificate Local Certificate Upload Select File El elau fa M Delte Download Ger en banc cet lomo 3 The following dialog will appear ETa umir l h Local Certificate Certificate Name ID Type ID Value Organization Unit Organization Locality City State Province Common Name Email Address Key Size Country Passphrase Local CA None ae Optional DT DrayTek HS Taiwan DT_License servicem draytek com 1024 TW H Apply Cancel Available parameters are listed as follows Item Certificate Name ID Type Vigor2960 Series User s Guide Description Type the name of the local certificate The ID type for such certificate There are four types Domain Name Certificated by domain name
206. or2960 Series assigns private network IP addresses according to RFC 1918 protocol and translates the private network addresses to a globally routable IP address so that local hosts can communicate with the router and access the Internet NAT Fort Redirection DMZ Host Address Mapping SIP ALG 4 3 1 Port Redirection Port Redirection means port forwarding It may be used to expose internal servers to the public domain or open a specific port to internal hosts Internet hosts can use the WAN IP address to access internal network services such as FTP WWW and etc The internal FTP server is running on the local host addressed as 192 168 1 2 When other users send this type of request to your network through the Internet the router will direct these requests to an appropriate host inside A user can also translate the port to another port by configuration For example port number with 1024 can be transferred into IP address of 192 168 1 100 of LAN The packet is forwarded to a specific local host if the port number matches that defined in the table DrayTek aay mare ra e Vigor2960 Series Login Admin NAT gt gt Port Redirection 5M eee a x Port Redirection Quick Start Wizard ac aad Add Edit Delet S Refresh R rofile Numb ie Q A X I Delete GS Refres GB Rename Profile Enable Th Public IP Use IP Ali Alias Private IP Protocol Port Redii Public Poi Public Poi Private Por i panies i No items to show Port Redirection
207. osnbesetotaesacetes 154 4 6 2 ISSUE FOC seno a aE a a ETE ARR aes 158 AESF AG aeaa E A E E E S 163 OS aoan A E E E E E E EE 165 46 5 LDAP Active DIFCCIOLY ssiinseiidcaniatuadansnntaadvonsinimaunaivinndsadadudodsenivetsnantedadaivniwsainesawadtaseinacsbndwonsuesn 166 A APIC O ere E E EE 167 ArT Dynamic DNG esesnesm onarena EE a E e TE 167 AGNI E E E A L E A E A A A E S E S ET 172 AT AI OY E E E E A A E A A E E P E E T 173 GT FUP T E E E E T 173 Aef AN A O EA N r a E E E E cauensreaeasmeaaseeercancocgaaaataes 176 4 8 VPN and Remote ACCESS cccccseseeccseeeeeeeseeeceeeeeeeeeeeeeeeeeeeeesaeeeeseaueeessaeeessageeseseeeeeesseseeeneas 177 4 8 1 VPN Client Wizard ccc cecccccccccceceeeceeceeeceeceeeeecaeeeeeeseaeeeeseaaeeesaeaeceesaeceeseaeeessaaeeessaeeeeeeseaes 177 4 8 2 VPN Server WIZaId ccccccccceesececcceeseceeeceeseeccesceeeseceeeseeaueceeeeeeasceeesaeaeceeesseueeceeetsaageceeeeteas 182 4 8 3 Remote ACCESS COntrOl ccccccccsecsccceeeeeeeeesseeceeeeeeeeeseeseeeeeeeseesseeeeeseesseueasseeeeeeeeseaseeeeeeeeees 188 4 8 4 PPP General SQUID cerris e ia Ea aa aE 189 4 8 5 IPSec General S tup saeni naa EEEE E EAE SEEE E EEE 191 A0 O NPN PONES suspresi ee ee er Ea ee 192 4 8 7 VPN Trunk Management cccccseeccecseeeecneesececseeeeeceeeeeeeeaeeeessaeeeeseeeeesaueeessageeeesaeeeeesaass 204 4 8 8 Connection Management ccc ceeeeeeccceecceeeeeeeceeeeeeeaeeeseeeeeeeesesseeeeeeesssaaseeeeeeeessssaaaeeeeeeesaaas 210 4 9
208. ote subnet in this field if required Subnet Local GRE IP The virtual IP address of the router specified for this tunnel Remote GRE IP The virtual IP address of the remote client specified for this tunnel Fill in the required information on this page and click Finish Later a new profile has been created VPH and Remote Access Step 1 Type PPTP VPH Settings Via O IPSec Select From Current Settings Create Hew VPH Profile Profile Status VPN_CLI_1 enable T E Next ge cancel Vigor2960 Series User s Guide 181 Dray Tek 4 8 2 VPN Server Wizard Such wizard is used to configure VPN settings for VPN server Such wizard will guide to set the LAN to LAN profile for VPN dial in connection from client to server step by step A kd o i 1 ia DrayTeK aero eae 11 3248 Login Admin VPN and Remote Access Auto Logout Off az Step 1 Type PPTP IPSec VPN Settings Via Select From Current Settings Create New VPN Profile Profile Status No items to show VPN Client Wizard VPN Server Wizard Remote Access Control PPP General Setup IPSec General Setup LAN to LAN VPN TRUNK Management Connection Management Certificate Management 7 W gt Next oy cance How to create LAN to LAN profile for VPN server 1 Open VPN and Remote Access gt gt VPN Server Wizard The following dialog will appear VPN and Remote Access Step 1 Step
209. ou each time you connect to it and request In some case your ISP provides service to always assign you the same IP address whenever you request In this case you can fill in this IP address in the Fixed IP field Please contact your ISP before you want to use this function Choose a proper protocol Static or DHCP After finished the settings in such page you need to open the Static or DHCP tab for configuring the settings there Type the IP address of PPTP server offered by your ISP Type the user name offered by your ISP Type the password offered by your ISP Type the value of MTU MRU The default value is 1452 Click Enable to display the PPTP debug message in syslog The default setting is Disable Enable Click it to enable the function of Always On The router will keep network connection all the time Disable Click it to disable the function of Always On Select a detecting mode for this WAN interface There are two ways PING and HTTP supported in Vigor router for you to choose to send the request out i Dray Tek Connection Detection Host Connection Detection Interval Connection Detection Retry Apply Cancel PING r Mone PING HTTP If you choose PING HTTP as Connection Detection Mode you have to specify the detection host address in this field Use the default setting Add Click this button to have a field for adding a new IP address Assign an IP address or Domain name as a destina
210. p and enable the wan profile Add several IP addresses under Static mode for wanl Apply Click it to save and exit the dialog Cancel Click it to exit the dialog without saving anything 4 Enter all the settings and click Apply A new profile has been added onto DMZ Host table HAT gt gt DMZ Host DMZ Host Ta Add De Edt fff Delete GS Refresh G Rename Profile Enable This Profile WAH Profile Private IP Use IP Alia DM 1 RD true wani 192 168 1 101 Disable Vigor2960 Series User s Guide 97 Dray Te k 4 3 3 Address Mapping This page is used to map specific private IP to specific WAN IP alias If you have a group of IP Addresses and want to apply to the router please use WAN IP alias function to record these IPs first Then use address mapping function to map specific private IP to specific WAN IP alias For example you have IP addresses ranging from 86 123 123 1 86 123 123 8 However your router uses 86 123 123 1 and the rest of the IPs are recorded in WAN IP alias You want that private IP 192 168 1 10 can use 86 123 123 2 as source IP when it sends packet out to Internet You can use address mapping function to achieve this demand Simply type 192 168 1 10 as the Private IP and type 86 123 123 2 as the WAN IP Dray Tek Auto Logout Off v Quick Start Wizard Online Status Port Redirection DMZ Host Address Mapping SIP ALG External Devices Product Registration Vigor 2960 Series NAT gt
211. parameters are listed as follows Item Description Profile Type the name of the service type object group The number of the characters allowed to be typed here is 10 Member Type the content for such profile For example type gambling as Contents When you browse the webpage the page with gambling information will be watched out and be passed blocked based on the configuration on Firewall settings Add Type the word in the box of Member and click this button to add the new word as keyword object Save Click it to save the setting W _ click the icon to remove the selected entry Apply Click it to save the configuration Dray Te k 132 Vigor2960 Series User s Guide Item Description Cancel Click it to exit the dialog without saving the configuration 4 Enter all the settings and click Apply 5 Anew Keyword Object profile has been created Keyword Object T gt add DE Edt fff Delete G Refresh Profile Profile Member KO 1 games 4 5 6 Keyword Group To manage conveniently several keyword profiles can be grouped under a keyword group Different keyword group can contain different keyword profiles Dray Tek r Vigor2960 Series 15 09 48 Login Admin gt Objects Setting gt gt Keyword Group Auto Logout M Keyword Group Add X Edit i Delete Refresh Profile Number Limit 16 e Group Name Description Objects IP Object No items to show IP Group Service Type Object Service Type Group Key
212. paring with traditional VPN SSLVPN S i S5L Web Proxy SSL Application Online User Status 4 10 1 SSL Web Proxy SSL Web Proxy will allow the remote users to access the internal web sites over SSL Bs A Auto Logout Off v Quick Start Wizard Online Status Al SSL Web Proxy SSL Application Online User Status External Devices Product Registration gt Vigor 2960 Series 15 40 06 Login Admin eo SSL VPN gt gt SSL Web Proxy SSL Web Proxy Add X Edit i Delete Refresh Profile Number Limit 10 Profile URL Host IP Address Webserver http 192 168 1 12 192 168 1 12 lt Each item will be explained as follows Item Add Edit Vigor2960 Series User s Guide Description Add a new profile Modify the selected profile To edit a profile simply select the one you want to modify and click the Edit button The edit window will appear for you to modify the corresponding settings for the selected profile 217 Dray Tek Delete Remove the selected profile To delete a profile simply select the one you want to delete and click the Delete button Refresh Renew current web page Profile Display the name of the profile that you create URL Display the URL Host IP Address Display the IP address for the Host How to create a new SSL Web Proxy 1 Open SSL VPN gt gt SSL Web Proxy 2 Simply click the Add button SSL VPN gt gt SSL Web Proxy SSL Web Proxy f
213. pe a new name for such service type Protocol There are two options TCP UDP and TCP UDP Select the protocol that you want to use Source Port Start End Type the start end number for the port range of the source port for such filter Destination Port Start End Type the start end number for the port range of the destination port for such filter Queue Number Choose a queue number to category the packets matching with the condition configured as above Queue 7 is the highest O is the lowest Queue Number 0 se 0 2 3 4 J i Apply Click it to save the configuration and exit the page Cancel Click it to exit the page without saving the configuration 4 Enter all the settings and click Apply 5 The outgoing filter for QoS Policer has been created Bandwidth Management gt gt Outgoing Filter Outgoing Filter Ty Add DK Edt ff Delete GS Refresh GP Rename Profile Enable This Profile Source IP Destination IF Service Type Qu Out fit trus IP_object_1 CRM_Server in Dray Te k 240 Vigor2960 Series User s Guide 4 11 5 Sessions Limit A PC with private IP address can access to the Internet via NAT router The router will generate the records of NAT sessions for such connection The P2P Peer to Peer applications e g BitTorrent always need many sessions for procession and also they will occupy over resources which might result in important accesses impacted To solve the problem you can use limit session to li
214. php Dray Te k iv Vigor2960 Series User s Guide Table of Contents haper Us PEC TAC Cia sats tataceta pees aroae acca eee eee eeeiee eee tee eoneeee seanee ce ecu ee ae seeeneee 1 1 1 Web Configuration Buttons Explanation ccccccccccccesssseeeceeeeeeeeeeeeseeeeeeeeseeeeeceeeeeseseaaeeseeeeeesaaas 1 1 2 LED Indicators and Conmnmeciol S ossiani aE A AE E AE E 1 Peig ere el SANS ele ON a E E E E E E E E E E E E E E E 4 1 3 1 Netw rk CONneCtON sosrsis iiaeia EATE T AEO AETAT 4 1 3 2 Wall Mounted Installation 2 0 0 0 cccccccccccccccessceeeeeeeeeeceeceeseeeeeeseeseceeseeecesseeeeessaeeesseeeeesaaaeeeeas 5 CADESE Ze TATA COn AON siaran EENE EEEE EN 7 2 1 Changing FaSsSWwWord sates asasciocresisceoee E E 7 22 UCK Stan NIZA esne ea AERE EESE EAE AS EEA 9 2 2 1 Step 1 Specifying the WAN Profile cccccccccsseseeeceeeeeeeeeeeeeeeeeeesseeeseeeeeeeeeseaseeeeeeeeessaaaas 9 2 2 2 Step 2 Configuring the Selected Protocol ccccecccccceeeeceeeseeeceeeeeeeeeeeeeeeeeeesaaeeeeeeeeeeeeaas 10 29 Register Vigor ROUTO ceccasinsncwasannsyant uiaraoaniastaroncinavenaiaideeeusanertaaianancdanckpdonotalsaadncntaanecdumaverntaeseentais 17 Chapter 3 Application and Tutorial cccccssscsssssesceseeseeseesenseesenseesenseesenseesenseeseneess 21 3 1 How to Build SSL VPN with RDP Service in the Browser via Logging in Router s HTTPS Server E E E A veaaaiasiesaseseaauates 21 32 FOW to COUGO DPF formenner E a E Ne 26
215. pt Description Used for departments Optional Objects AUTH w a Apply z Cancel Available parameters are listed as follows Vigor2960 Series User s Guide 129 Dray Te k Dray Tek Item Description Group Name Type the name of the service type object group The number of the characters allowed to be typed here is 20 Group Name Type the name of the service type object group The number of the characters allowed to be typed here is 20 Objects Use the drop down list to check the service type object profiles under such group All the available service type objects that you have added on Objects Setting gt gt Service Type Object will be seen here Apply Click it to save the configuration Cancel Click it to exit the dialog without saving the configuration Enter all the settings and click Apply A new Service Type Group profile has been created Objects Setting gt gt Service Type Group Service Type Group Sa Add De Edt Delete G4 Refresh atl Group Hame Description Objects Cross_Dept Used for departments ALITH 130 Vigor2960 Series User s Guide 4 5 5 Keyword Object Keyword can be set as a filter rule to be applied in Firewall Vigor2960 allows users to set keyword profile with several keywords Even it allows users to group several keyword profiles within a keyword group Dray Tek Vigor 2960 Series 15 07 18 Login Admin Auto Logout Off v IP Object IP Group Service Type Object Service Typ
216. rd VPN Server Wizard Remote Access Control IPSec General Setup VPN Profiles VPN TRUNK Management Connection Management a Apply Q Cancel Available parameters are listed as follows Item Description Authenticate Protocol The router will authenticate the dial in user with the protocol selected here MS CHAFP v2 w PAP CHAP MS CHAP MS CHAP v2 PAP It means the router will attempt to authenticate dial in users with the PAP protocol CHAP It means the router will attempt to authenticate dial in users with the CHAP protocol MPPE Encryption Specify one of the encryptions for such server It is available only when MS CHAP or MS CHAP_v2 is selected 1 25 bit vw 401 25 bit 25 bit Disable User Authentication Set user authentication to Local server or RADIUS server Type Vigor2960 Series User s Guide 189 Dray Te k Local r Local RADIWIS LAN Profile Choose a LAN profile for PPTP Server if RADIUS is selected as user authentication type Apply Click it to save the configuration Cancel Click it to discard the settings configured in this page L2TP This page display current status for VPN tunnel built with L2TP protocol s A Py m m Dray ek Vigor 2960 Series 16 38 30 Login Admin VPN and Remote Access gt gt PPP General Setup gt gt L2TP Auto Logout in v PPTP LTP Quick Start Wizard 4 OEE Online Status Authenticate Protocol CHAP v User Authentication Type Local w VPN Cl
217. rea Connection and click on Properties Disable Status Repair Bridge Connections Create Sharkcut Rename Properties 3 Select Internet Protocol TCP IP and then click Properties ethO Properties General Authentication Advanced Connect using BS ASUSTek Broadcom 440 10 100 Ir Configure This connection uses the following items El Client tor Microsoft Networks a File and Printer Sharing for Microsoft Networks fm 0s Packet Scheduler Internet Protocol TCP IP Description Transmission Control Protocol lnternet Protocol The default wide area network protocol that provides communication across diverse interconnected networks Show icon in notification area when connected Notify me when this connection has limited or no connectivity Dray Te k 274 Vigor2960 Series User s Guide 4 Select Obtain an IP address automatically and Obtain DNS server address automatically Internet Protocol TCP IP Properties General Alternate Configuration You can get IP settings assigned automatically if your network supports thie capability Otherwise you need to ask your network administrator for the appropriate IP settings Obtain an IP address automatically Use the following IP address Use the folowing ONS server addresses ees For Mac OS 1 Double click on the current used Mac OS on the desktop 2 Open the Appli
218. rent Settings Create New VPN Profile Profile Name VPR_CLI1 E Next Gy Cancel 4 If you choose PPTP as the Type you will get the following screen WPH and Remote Access Step 2 F Profile YPM_CLI_1 Enable This Profile Always On Enable C Disable Server IP Address 172 16 1 10 PPTP User Hame pPEtp_user Optional 3 PPTP Password enn Local IP Subnet Mask 192 l 168 3 55 255 255 255 0 Ep Add E save IP Subnet Mask 172 a 98 255 255 255 0 v iii Remote IP Subnet Mask w Previous W Finish R Cancel Available parameters are listed as follows Item Description Profile Display the name of the VPN profile Vigor2960 Series User s Guide 179 Dray Te k Dray Tek Enable This Profile Always On Server IP Address PPTP User Name PPTP Password Local IP Subnet Mask Remote IP Subnet Mask Check this box to enable such profile Click Enable to make router always keeping connection Type the IP address of PPTP server Type a user name for authentication in PPTP connection Type a password for authentication in PPTP connection Type the IP address and subnet mask of local host Type the LAN IP address and LAN subnet mask for the remote host If you choose IPSec as the Type you will get the following screen VPH and Remote Access Step 2 Profile Auth Type Certificate Preshared Key Security Protocol WAH Profile Local IF Subnet Mask Local Hext H
219. resses that have been configured in Firewall gt gt Bind IP to MAC will be shown in this drop down list Choose the IP address from the drop down list that you want to wake up Type any one of the MAC address of the binded PCs Click this button to wake up the selected IP See the following figure The result will be shown on the box Click this button to remove the result 176 Vigor2960 Series User s Guide 4 8 VPN and Remote Access A Virtual Private Network VPN is the extension of a private network that encompasses links across shared or public networks like the Internet In short by VPN technology you can send data between two computers across a shared or public network in a manner that emulates the properties of a point to point private link Below shows the menu items for VPN and Remote Access VPN and Remote Access VPN Client Wizard VPN Server Wizard Remote Access Control PPP General Setup IPSec General Setup LAN to LAN VPH TRUNK Management Connection Mana gement 4 8 1 VPN Client Wizard Such wizard is used to configure VPN settings for VPN client Such wizard will guide to set the LAN to LAN profile for VPN dial out connection from server to client step by step DrayTek MEVE Series 11 19 35 Login Admin gt T VPN and Remote Access Auto Logout Off v Step 1 Quick Start Wizard a Online Status Type PPTP O IPSec VPN Settings Via Select From Current
220. restricting the usage of application For example it can block people defined in IP object profile not using IM application not using P2P for file sharing and not downloading files via certain protocol Dray Tek o m 7 P ray e Vigor 2960 Series 14 17 47 Login Admin gt Firewall gt gt Filter Setup gt gt Application Filter e Off pececcccccccccccococccccccccccccccccccecccecccoccoce Auto Logout x P Fiter Application Filter URL Filter Quick Start Wizard L aa A f h R rote NUM acme K Add X Edit i Delete 9 Refres GB Rename Profile Enable This P Time Profile Source IP Exception IP IM Block P2P Block Protocol Bloc No items to show Filter Setup DoS Defense MAC Block External Devices Product Registration Each item will be explained as follows Item Description Add Add a new group profile for Application filter Edit Modify the selected profile To edit a profile simply select the one you want to modify and click the Edit button The edit window will appear for you to modify the corresponding settings for the selected rule Delete Remove the selected profile To delete a rule simply select the one you want to delete and click the Delete button Refresh Renew current web page Rename Allow to modify the selected profile name Profile Display the name of the application filter profile Enable The Profile Time Profile Source IP Exception IP Vigor2960 Series User s Guide Disp
221. roduct Registration naannnnannnneannnnenennnnnnsrnnesrnrrnsrrrrrrrrnrsrnrrnsnrertrrronnrrtrrrnnntretrenrnnn reenn 272 Chapter o TROUDIS SNOG UNO isinan eaea 273 5 1 Checking If the Hardware Status Is OK or Nob cccccccccssseeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeessaaaaeess 273 5 2 Checking If the Network Connection Settings on Your Computer Is OK or Not 020008 274 5 3 Pinging the Router from Your Computer cccceeeeeecceeeeceeeeeeeeeeeeeeeeeeeeceeeeeeeseeeeseeeeeeeessaaaaaees 276 5 4 Checking If the ISP Settings are OK or NOt cccccccceceecseseeeeeeeeeeeeeaeeeeeeeeeesseeeeseeeeeeeesseaaseees 277 5 5 Backing to Factory Default Setting If NECESSALY cccccccseeeecceeeeeeeeeeseeeeeeeesseaeaeeeeeeeessaaaaeess 278 9 6 Contacting YOUN DealeT sect acisese cet gatas acenene Wedsecpacdue aca tandoteadcbeseaia dee ai a 279 Vigor2960 Series User s Guide Vii Dray Te k Chapter 1 Preface The Vigor2960 Series integrates a rich suite of functions including NAT firewall VPN load balance and bandwidth management capability These products are very suitable for providing multi integrated solutions to SME markets A Virtual Private Network VPN is an extension of a private network that encompasses links across shared or public networks like an Intranet A VPN enables you to send data between two computers across a shared public Internet network in a manner that emulates the properties of a point t
222. rofile Description Optional VLAN ID 0 Default MAC Address Enable Disable IPv4 Protocol static Mode NAT v IP Address 0 l 0 0 0 Subnet Mask 255 255 255 0 e Gateway IP Address mint Optional D Add E Save IP subnet Mask Mode No items to show 2nd Subnet 4 m H Apply 3 Cancel Available parameters are listed as follows Item Description Profile Type the name of the LAN profile Enable This Profile Check this box to enable such profile Description Type the description for the new LAN profile VLAN ID Type a number as the VLAN ID to make the data be identified while performing data transmission Default MAC Enable Click it to enable the default MAC address for Address such profile Disable Click it to type the MAC address manually for such profile Dray Te k 60 Vigor2960 Series User s Guide MAC Address If Default MAC address is disabled please specify a MAC address manually IPv4 Protocol Display the fixed type static for the IPv4 protocol for such profile Mode Choose NAT or ROUTING as the operation mode for such profile IP Address Type the IP address of the router for the LAN profile Subnet Mask Use the drop down list to choose a suitable mask for the LAN profile Gateway IP Such IP address is ready for matching with the function of Address Virtual System click the icon to clear the IP setting 2 Subnet Specify one 2 subnet which might be needed
223. rofile VPN_Ser_1 Enable This Profile PPTP User Hame Local IP Subnet Mask 1 Remote IP Subnet Mask 1 92 168 1 57 255 255 255 0 v 92 168 1 62 255 255 255 0 v Available parameters Item Profile Enable This Profile PPTP User Name Local IP Subnet Mask Remote IP Subnet Mask S Previous amp E Finish Cancel are listed as follows Description Display the name of the profile Check this box to enable such profile Type a user name for authentication in PPTP connection Such profile shall be created in User Management gt gt User Profile previously Otherwise there are no selections displayed here Type the IP address and subnet mask of local host Type the LAN IP address and LAN subnet mask for the remote host 186 Vigor2960 Series User s Guide 5 Fill in the required information on this page and click Finish Later the new added VPN server profile will be displayed on the screen VPN and Remote Access Step 1 Type PPTP C IPSec VPN Settings Via Select From Current Settings Create New VPN Profile Protile Status VP Ser enable Eo Next GJ Cancel Vigor2960 Series User s Guide 187 Dray Te k 4 8 3 Remote Access Control Enable the necessary VPN service as you need If you intend to run a VPN server inside your LAN you should disable the VPN service e g PPTP VPN IPSec VPN L2TP VPN SSL VPN etc of Vigor Router to allow VPN tunnel pass through
224. rofile N Group Enable This Profile Comment No items to show ui MAC Block Lal m D IP Filter Rules of Selected Group E gt Add X Edit Delete G Refresh GB Rename Profile Number Limit 12 Rule Enable This Time Profile Source IP Destination Service Typ Action Next Group Syslog No items to show External Devices DoS Defense Product Registration o a K IP Filter This page allows you to create new IP filter rule s and group them for your request The upper part displays the information of IP Filter Group s the lower part displays the information of IP Filter Rule s You should create at least one IP filter rule and one group profile The following will explain IP Filter functions with details D r ay T e k 102 Vigor2960 Series User s Guide Firewall gt gt Filter Setup gt IP Filter IP Filter Application Filter NRL Filter IP Fiter Rule Group T gt Add gt E Edit f Delete Group IP Fiter Rules of Selected Group T gt Add Edit f Delete GS Refresh Gf Rename Enable This Profile Comment Mo items to show mM Refresh GF Rename Profile Number Limit 12 Rule Enable This Time Profile Source IP Destination Service Typi Action Next Group Syslog Mo items to show Each item will be explained as follows Item Description IP Filter Rule Group Add Edit D
225. rofiles VEN Profiles Add DK Edt fff Delete GS Refresh IPSec PPTP Dial Out C PPTP Dial In Profile Number Limit 200 Profile Enable This Profile Local IPF Subnet Mask Remote IP Subnet Mat More Remote Subnet VPH_CLI 1 true 197 1686 1 0 24 0 0 0 0 32 LoL 1 true 192 163 1 0 24 0 0 0 032 How to create a PPTP Dial Out VPN profile Below will guide you to create a PPTP dial out profile for VPN connection 1 Open VPN and Remote Access gt gt VPN Profiles 2 Simply click the Add button VPH and Remote Access gt gt WPN Profiles VPA Profiles y add J edt fff Delete Gh Refresh Profile Enable This Profile Local VPH_CLI 1 true 192 16 Dray Te k 198 Vigor2960 Series User s Guide 3 The following dialog will appear IPSec X Profile PTP_Out_1 Enable This Profile Type IPSec PPTP Dial Out PPTP Dial In Basic Advanced GRE Proposal Always On Enable Disable Auth Type PSK s Preshared Key oceee Security Protocol ESP r WAN Profile want Local IP Subnet Mask 192 166 1 To 255 255 255 0 r WM t i l Apply Cancel Available parameters are listed as follows Item Description Profile Type the name of the profile Enable This Profile Check this box to enable this profile Type There are three types offered here for you to choose Please choose PPTP Dial Out for this case PPTP Always On Click Enable to make the profile being always on Server IP Address Type
226. rtificate is created by the end user and must be signed by a trusted CA center Vigor2960 can serve as a trusted CA and is called with Root CA Therefore any user can ask for certificate signed by Vigor2960 When Vigor2960 serves as a Root CA it can sign the certificates coming from the users First building a Root CA for Vigor2960 by clicking Trusted CA Certificate Later certificate coming from other users can be uploaded to Root CA Vigor2960 and be signed by Vigor2960 Vigor2960 Series User s Guide 211 Dray Te k 4 9 1 Local Certificate This page allows users to generate certificate based on different work requests Local certificate can be signed by itself or signed by a root CA e g root CA on Vigor2960 Dray Tek Vigor 2960 Series 15 13 15 Login Admin eS Certificate Management gt gt Local Certificate Auto Logout Off Pe Seco Dray Tek Quick Start Wizard Online Status Local Certificate Trusted CA Certificate External Devices Product Registration aj Upload i Delete E Download oS Generate Select File Browse Subject Issuer Status Valid from Valid to No items to show Each item will be explained as follows Item Description Upload Allow you to upload current configuration to the host as a CA certificate Delete Remove the selected item of Trusted CA listed below Download Allow you to download an existing CA certificate to the router Generate Open another web page f
227. s On Fixed IP Address Type an IP address here if you choose Enable for Fixed IP Connection Select a detecting mode for this WAN interface There are Detection Mode two ways PING and HTTP supported in Vigor router for you to choose to send the request out PIM W Mone PING HTTF Vigor2960 Series User s Guide 43 Dr ay Te k Dray Tek Connection Detection Host Connection Detection Interval Connection Detection Retry IP Alias Apply If you choose PING HTTP as Connection Detection Mode you have to specify the detection host address in this field Use the default setting Add Click this button to have a field for adding a new IP address Assign an IP address or Domain name as a destination to be detected whether the host is active sending reply to the router or not If not the connection of WAN interface will be regarded as breaking down This function is available when Connection Detection Mode is set with PING or HTTP To Add E Save Connection Detection Hos 192 169 1 28 im Connection Detection Host Save Click this button to save the setting W _ Click the icon to remove the selected entry Assign an interval period of time for each detecting Assign detecting times to ensure the connection of the WAN interface After passing the times you set in this field and no reply received by the router the connection of WAN interface will be regarded as breaking down Type other IP addre
228. s Profile WAN Profile Routing Policy Service Provider Service Type Domain Name Vigor2960 Series User s Guide Description Modify the selected profile To edit a profile simply select the one you want to modify and click the Edit button The edit window will appear for you to modify the corresponding settings for the selected rule Renew current web page Display the name of the profile Display the status of the profile False means disabled True means enabled Display current WAN profile used by such DDNS profile Display the routing policy used for such DDNS profile Display the name of service provider used by such profile Display the type for such profile Display the domain name of such profile i Dray Tek How to edit an existing DDNS Profile There are 10 sets of DDNS server offered for you to modify and configure Please choose any one of them and click Edit to open the following page for modification 1 Open Applications gt gt Dynamic DNS and click the Setting tab 2 Choose the one you want to edit and click the Edit button on the top Setting Profile ddn 1 V Enable This Profile WAN Profile want T Routing Policy selected_wan_first s Service Provider dyndns T Service Type Dynamic w Domain Name User Login Name Password Wild Card Enable Disable Backup MX Enable Disable Mail Extender Optional a Apply Cancel Available parameters are lis
229. s User s Guide 4 2 4 Bind IP to MAC This function is used to bind the IP and MAC address in LAN to have a strengthen control in network When this function is enabled all the assigned IP and MAC address binding together cannot be changed If you modified the binding IP or MAC address it might cause you not access into the Internet This page allows you to configure related settings for the function of Bind IP to MAC Vigor2960 Series 16 47 03 Auto Logout Off Quick Start Wizard Online Status General Setup IP Routing Static Route Switch Bind IP to MAC RIP Configuration OSPF Configuration LAN gt gt Bind IP to MAC Bind IP to MAC Mode Disable v SelectAll W gt Move Add X Edit ff Delete ARP Table Bind Table IP MAC Address Profile IP Address MAC 192 168 1 17 e0 ch 4e da 48 79 No items to show Each item will be explained as follows Item Mode Select All Move ARP Table IP Address MAC Address Add Vigor2960 Series User s Guide Description Enable Choose it to invoke this function However IP MAC which is not listed in IP Bind List also can connect to Internet Disable Choose it to disable this function All the settings on this page will be invalid Strict Bind Choose it to lock the connection of the IP MAC which is not listed in IP Bind List Allow you to choose all the items listed in ARP Table Move the selected item to IP Bind List This table is the LAN A
230. s her request please refer to this chapter for getting detailed information about the advanced configuration of this router As for other examples of application please refer to chapter 3 4 1 WAN Quick Start Wizard offers user an easy method to quick setup the connection mode for the router Moreover if you want to adjust more settings for different WAN modes please go to WAN group and click the General Setup link Basics of Internet Protocol IP Network IP means Internet Protocol Every device in an IP based Network including routers print server and host PCs needs an IP address to identify its location on the network To avoid address conflicts IP addresses are publicly registered with the Network Information Centre NIC Having a unique IP address is mandatory for those devices participated in the public network but not in the private TCP IP local area networks LANs such as host PCs under the management of a router since they do not need to be accessed by the public Hence the NIC has reserved certain addresses that will never be registered publicly These are known as private IP addresses and are listed in the following ranges From 10 0 0 0 to 10 255 255 255 From 172 16 0 0 to 172 31 255 255 From 192 168 0 0 to 192 168 255 255 What are Public IP Address and Private IP Address As the router plays a role to manage and further protect its LAN it interconnects groups of host PCs Each of them has a private IP address assign
231. self which ports need to be opened Further the user does not have to manually set up port mappings or a DMZ UPnP is available on Windows XP and the router provide the associated support for MSN Messenger to allow full use of the voice video and messaging features Vigor2960 Series User s Guide 173 Dray Te k Dray Tek Auto Logout Off Quick Start Wizard Online Status Dynamic DNS GVRP IGMP Proxy Wake on LAN External Devices Vigor 2960 Series 16 49 33 Login Admin Applications gt gt UPnP UPnP Enable This Profile Download 1024 Kbps Mbps Upload 512 Kbps Mbps External Interface want Internal Interface an1 Max Session 500 Apply 3 Cancel Available parameters are listed as follows Item Enable This Profile Download Upload External Interface Internal Interface Max Session Apply Cancel Description Check this box to enable UPnP function Enter the maximum sustained WAN download speed in kilobits second Such information can be requested by UPnP clients Enter the maximum sustained WAN upload speed in kilobits second Such information can be requested by UPnP clients Select a WAN profile for UPnP protocol Select a LAN profile for UPnP protocol Determine the maximum session number for UPnP function Click it to save the configuration Click it to discard the settings configured in this page After enabling UPNP service setting an icon of IP Broadb
232. specify the authentication type Mode User Based me Authentication Type Local w White IP List Local LDAP Under User_Based mode use the drop down list to choose IP object and or IP group profiles Mode User Based w Authentication Type Local w White IP List hone w None IP_Group 1 Click it to save the configuration Dray Tek Item Description Cancel Click it to discard the settings configured in this page User Based Firewall Status The User Based Firewall Status is a monitoring tool which only works after you choose User_Based as the Mode setting on User Management gt gt General Setup User authentication setup will launch if the router 1s running in User_Based mode The User based Firewall Status will start to record each authentication event of specified users including authentication failure or success user s IP when or how much time the user uses and how much rest time for the user User Management gt General Setup gt gt User Based Firewall Status General Setup User Based Firewall Status GY Refresh Auto Refresh 10 Seconds iv User Name IP Allow Time Start Time End Time Rest Time Delete No teme to show Available parameters will be explained as follows Item Description Refresh Renew current web page Auto Refresh Specify the interval of refresh time to obtain the latest status The information will update immediately when the Refresh button is clicked 10 Seconds WF 10
233. ss DHCP IA_NA Add Click this button to type primary DNS server address DNS Address for IPv6 T gt Add H Save DHCPv6 IA_NA DNS Adare 192 168 1 29 ii DHCPVO IA NA DNS Address Save Click this button to save the setting ll _ Click the icon to remove the selected entry Apply Click it to save the configuration and exit the dialog Cancel Click it to exit the dialog without saving the configuration If you choose DHCP IA_PD as IPv6 protocol type It is not necessary for you to configure any web page 2 After finished the settings configuration click Apply to save and apply the settings 48 Vigor2960 Series User s Guide Dray Tek 4 1 2 Default Route This page allows you to assign a WAN profile as the default route Dray Tek Vigor 2960 Series 09 42 56 WAN gt gt Default Route Auto Logout Off Vv Default Route Quick Start Wizard anion finium WAN Profile Loadbalance Pool Name wan1 v General Setup Default Route Load Balance A t _ i 4 La a f i 3 e F a m J as o a S d gt T Ei D o External Devices Product Registration E Apply Cancel Available parameters are listed as follows Item Description WAN Profile Display the WAN profiles for user to choose as a default Load Balance Pool route Name In which wan1 to wan2 are factory default settings Apply Click it to save the configuration Cance
234. sses to be bound to this interface This setting 1s optional If you have typed addresses here you can see and choose it in later web page settings e g NAT gt gt Port Redirection DMZ Host Add Click this button to display the IP address field for adding a new IP address Type the IP address on the tiny boxes one by one Add H Save IP Subnet Mask IP Alias 192 166 1 Go 255 255 25 0 m Save After finished the IP address configuration click Save to save the setting onto the router T add B Save IP Subnet Mask IP Alias 192 166 1 85 255 255 255 0 Ti ll _ Click the icon to remove the selected entry Click it to save the configuration and exit the dialog 44 Vigor2960 Series User s Guide Cancel Click it to exit the dialog without saving the configuration If you choose PPTP as IPv4 protocol type click the PPTP Tab to open the following page General Setup Global PPTP PPTP Over Server Address Username Password MTWMRU Debug Always On Connection Detection Mode lt M a G a ee a O a I a T ee Static Static Ww 0 0 0 0 1452 Enable Disable Enable Disable None Ww m Apply amp Cancel Available parameters are listed as follows Item PPTP Over Server Address Username Password MTU MRU Debug Always On Connection Detection Mode Vigor2960 Series User s Guide Description Usually ISP dynamically assigns IP address to y
235. t Vigor2960 Series User s Guide Description Add a new rule profile Modify the selected rule profile To edit a profile simply select the one you want to modify and click the Edit button The edit window will appear for you to modify the corresponding settings for the selected rule Remove the selected rule profile To delete a rule simply select the one you want to delete and click the Delete button Renew current web page Move the selected profile up or down Display the name of the rule Display the status of such profile Display the protocol used for such rule Display the source IP address for such rule Display the source Mask for such rule Display the destination IP address for such rule Display the destination Mask for such rule Display the destination port starting value for such rule i Dray Tek Destination Port End Display the destination port ending value for such rule Load Balance Display the profile of load balance applied for such rule Pool WAN Profile How to add a new rule for Load Balance 1 Open WAN gt gt Load Balance Policy and click the tab of Rule 2 Simply click the Add button WAN gt Load Balance Policy gt gt Rule Pool Rule Ra Add QA Edit i Delete GS Refresh Profile Enable T Protocol Source Source I Destinat L No items to show 3 The following dialog will appear Rule 4 Profile Heavytraffic W Enable This Profile Protocol ALL WF Sourc
236. t Protocol Object Web Category Object Time Object Time Group Each item will be explained as follows Item Description Add Add a new profile Edit Modify the selected profile To edit a profile simply select the one you want to modify and click the Edit button The edit window will appear for you to modify the corresponding settings for the selected rule Delete Remove the selected profile To delete a rule simply select the one you want to delete and click the Delete button Vigor2960 Series User s Guide 135 Dray Te k Item Refresh Profile Number Limit Profile Image Video Audio Java ActiveX Compression Execution Description Renew current web page Display the total number 8 of the object profiles to be created Display the name of the profile Display the selected file extension of image Display the selected file extension of video Display the selected file extension of audio Display the selected file extension of java Display the selected file extension of activex Display the selected file extension of compression Display the selected file extension of execution How to create a new File Extension Object Profile l 2 Dray Tek Open Objects Setting gt gt File Extension Object Simply click the Add button Objects Setting gt gt File Extension Object File Extension Object fy add DK Edit jj Delete GH F Profile Image Video Ar The following dialog will appear
237. tching the rule will be passed immediately Block_If_No_Further_Match A packet matching the rule and that does not match further rules will be dropped Pass_If_No_Further_Match A packet matching the rule and that does not match further rules will be passed through Click Enable to make the history of firewall actions appearing on the System Maintenance gt gt Syslog Mail Alert gt gt Syslog File i Dray Tek System Maintenance gt gt Syslog Mail Alert gt gt Syslog File Syslog Access Setup Syslog File hail Alert Apply Click it to save and exit the dialog Cancel Click it to exit the dialog without saving anything 8 Enter all the settings and click Apply 9 Anew IP filter rule has been added onto IP Filter Rules of Selected Group table Group Enable This Profile Comment IPF_Marketing true used for MET Dept 1 Mm k IP Fiter Rules of Selected Group Ra Add Y Edit i Delete GS Refresh GP Rename Profile NumberLimit 12 Rule Enable This Time Profile Source IF Destination Service Ty Action Next Group Syslog Rule_1 true Mone Any Any Ary Pass Mone Disable Note You can create multiple IP filter groups Each IP Filter Rules of Selected Group belongs to an IP Filter Rule Group Click an IP Filter Rule Group to show its members in the lower display window Dray Te k 108 Vigor2960 Series User s Guide Application Filter Application Filter can integrate several application objects within one profile for
238. ted pool Remove the selected pool profile To delete a rule simply select the one you want to delete and click the Delete button Renew current web page Display the name of the rule Display the protocol of such rule Display the name of the WAN profiles for Load Balance 50 Vigor2960 Series User s Guide rule Primary Profile Display the primary profile configured in Failover page for such profile Backup Profile Display the backup profile configured in Failover page for such profile There are two modes Load_Balance and Failover for you to choose as the Pool configuration If you choose Load_Balance the tab of Load_Balance will be shown which allows you to configure for different WAN interfaces If you choose Failover the tab of Failover will be displayed which allows you to specify the primary profile and backup profile for such Pool setting How to add a pool profile for Load Balance 1 Open WAN gt gt Load Balance and click the tab of Pool WAN gt Load Balance gt gt Pool Pool Rule C3 Add gt Edt j Delete G9 Refresh Profile Mode Interface No tems to show 2 Simply click the Add button to open the following dialog Type a name for such profile e g LB_1 Choose Load_Balance as the Mode selection Pool Mode Load_Balance Profile Mode Load_Balance wt Load Balance Failover al Apply E Cancel Vigor2960 Series User s Guide 51 Dray Te k 3 Click the Load_ Balance Tab
239. ted as follows Item Description Profile Display the name of the profile Enable This Profile Check this box to enable such profile WAN Profile Choose a WAN profile that such profile will apply to Routing Policy Choose the routing policy of such profile Selected_wan_first Choose it to make such profile being applied by the selected WAN interface only first Selected_wan_only Choose it to make such profile being applied by the selected WAN interface only selected wan_first selected_wan_first selected_wan_only Service Provider Select the service provider for the DDNS account Dray Te k 170 Vigor2960 Series User s Guide Service Type Domain Name User Login Name Password Wildcard and Backup MX Mail Extender Apply Cancel Select a service type Dynamic Custom or Static If you choose Custom you can modify the domain that is chosen in the Domain Name field Dynamic w Dynamic Static Custom Type in one domain name that you applied previously Use the drop down list to choose the desired domain Type in the login name that you set for applying domain Type in the password that you set for applying domain The Wildcard and Backup MX features are not supported for all Dynamic DNS providers You could get more detailed information from their websites Type the IP Domain name of the mail server Click it to save the configuration Click it to exit the dialog without saving the configurati
240. tem Description Enable This Profile Check this box to enable such profile Server IP Address Enter the IP address of RADIUS server Destination Port The UDP port number that the RADIUS server is using The default value is 1812 based on RFC 2138 Shared Secret The RADIUS server and client share a secret that is used to authenticate the messages sent between them Both sides must be configured to use the same shared secret Refresh Renew current web page Apply Click it to save the configuration Cancel Click it to discard the settings configured in this page Vigor2960 Series User s Guide 165 Dray Te k 4 6 5 LDAP Active Directory Lightweight Directory Access Protocol LDAP is a communication protocol for using in TCP IP network It defines the methods to access distributing directory server by clients work on directory and share the information in the directory by clients The LDAP standard is established by the work team of Internet Engineering Task Force IETF As the name described LDAP is designed as an effect way to access directory service without the complexity of other directory service protocols For LDAP is defined to perform inquire and modify the information within the directory and acquire the data in the directory securely therefore users can apply LDAP to search or list the directory object inquire or manage the active directory Vigor 2960 Series 09 54 17 User Management gt gt LDAP Active Directory
241. tem will be explained as follows Item Enable External Devices Refresh Status Model Name IP Address Connection Time Clear Vigor2960 Series User s Guide Description Check the box to detect the external device connected to Vigor2960 Click it to renew the web page Display current status online or offline of the device Display the model name of the external product Display the IP address of the external product Display the connection time that the external product connecting to Vigor2960 alle Click the icon U to remove the record of the device when it is offline a Dray Tek After checking the box of Enable External Devices click Refresh Later the basic information of available devices will be displayed in this pag 4 15 Product Registration Please refer to section 2 3 Register Vigor Router for more detailed information Dray Te k 272 Vigor2960 Series User s Guide Chapter 5 Trouble Shooting This section will guide you to solve abnormal situations if you cannot access into the Internet after installing the router and finishing the web configuration Please follow sections below to check your basic installation status stage by stage Checking if the hardware status is OK or not Checking if the network connection settings on your computer are OK or not Pinging the router from your computer Checking if the ISP settings are OK or not Backing to factory default setting if
242. ter functions including removing and adding port mappings Vigor2960 Series User s Guide 175 Dray Tek removed 4 7 5 Wake on LAN The UPnP function dynamically adds port mappings on behalf of some UPnP aware applications When the applications terminate abnormally these mappings may not be A PC client on LAN can be woken up by the router it connects When a user wants to wake up a specified PC through the router he she must type correct MAC address of the specified PC on this web page of Wake on LAN of this router In addition such PC must have installed a network card supporting WOL function By the way WOL function must be set as Enable on the BIOS setting Auto Logout Off Quick Start Wizard Online Status Dynamic DNS GVRP IGMP Proxy UPnP Wake on LAN External Devices Product Registration Vigor 2960 Series 11 13 17 Login Admin Applications gt gt Wake on LAN Note Wake on LAN integrates with Bind IP to MAC function only binded PCs can wake up Wake By IPAddress MacAddress_ IP Address Available parameters are listed as follows Item Wake by IP Address MAC Address Wake Up Delete Dray Tek Description Two types provide for you to wake up the binded IP If you choose Wake by MAC Address you have to type the correct MAC address of the host in MAC Address boxes If you choose Wake by IP Address you have to choose the correct IP address The IP add
243. terval 600 Time Zone Taipei v Daylight Saving Enable Disable TR 069 Administrator Password Configuration Backup Syslog Mail Alert Time and Date Access Control SNMP Setup E Apply Cancel Dahoaat Quctam v Available parameters are listed as follows Item Description Time Type NTP Select to inquire time information from Time Server on the Internet using assigned protocol Browser Select this option to use the browser time from the remote administrator PC host as router s system time Server Type the domain name of the server Port Type the port number for the time server Interval Select a time interval for updating from the NTP server Time Zone Select the time zone where the router is located Daylight Saving Click Enable to enable the daylight saving Such feature is available for certain area Apply Click this button to save the configuration and exit the web page Cancel Click it to discard the settings configured in this page Dray Te k 254 Vigor2960 Series User s Guide 4 12 6 Access Control This page allows you to open or close the web configurator of Vigor2960 by using Telnet SSH HTTP HTTPS and etc DrayTek MEO T System Maintenance gt gt Access Control Auto Logout Off Access Control Web Allow Enable Disable Web Port 80 Telnet Allow Enable Disable Telnet Port 23 SSH Allow Enable Disable SSH Port 22 HTTPS Allow Enable D
244. the IP address of PPTP server PPTP User Name Type a user name for authentication in PPTP connection PPTP Password Type a password for authentication in PPTP connection Local IP Subnet Mask Type the IP address and subnet mask of local host Remote IP Subnet Mask Type the LAN IP address and LAN subnet mask for the remote host Apply Click it to save the configuration Cancel Click it to exit the page without saving the configuration 4 Enter all the settings and click Apply Vigor2960 Series User s Guide 199 Dray Te k 5 A new PPTP Dial Out VPN profile has been created WPN and Remote Access gt gt VPN Profiles VPH Profiles K3 Add JE Edt Jf Delete GS Refresh IPSec Profile Enable This Profile Local IP Subne PTP_Qut_1 true 192 168 1 7824 How to create a PPTP Dial In VPN profile Below will guide you to create a PPTP dial in profile for VPN connection 1 Open VPN and Remote Access gt gt VPN Profiles 2 Simply click the Add button YPN and Remote Access gt gt VPN Profiles VPH Profiles 3 Add YE Edt Jf Delete G4 Refresh Profile Enable This Profile L WPH CLI 1 trus 1 3 The following dialog will appear Dray Tek 200 Vigor2960 Series User s Guide PPTP Dial In gt Profile PTP_in_1 Type 1PSec PPTP Dial Out PPTP Dial In Set PPTP Dial In For User Profie PPTP PPTP User Name Local IP Subnet Mask 0 0 0 0 255 255 255 0 w Remote IP Subnet Mask
245. the connection type PPTP or IPSec for such VPN profile Remote IP Display the remote IP configure by VPN profile Virtual Network Display the virtual network established by such VPN profile Up Time Display the connection time of this VPN tunnel RX Packets Display the total received packets through this VPN TX Packets Display the total transmitted packets through this VPN Disconnect Terminate the VPN connection 4 9 Certificate Management A digital certificate works as an electronic ID which is issued by a certification authority CA It contains information such as your name a serial number expiration dates etc and the digital signature of the certificate issuing authority so that a recipient can verify that the certificate is real Here Vigor router support digital certificates conforming to standard X 509 Any entity wants to utilize digital certificates should first request a certificate issued by a CA server It should also retrieve certificates of other trusted CA servers so it can authenticate the peer with certificates issued by those trusted CA servers Here you can generate and manage the local digital certificates and set trusted CA certificates Remember to adjust the time of Vigor router before using the certificate so that you can get the correct valid period of certificate Below shows the menu items for Certificate Management Certificate Management Local Certificate Trusted CA Certificate Local ce
246. the status of the profile False means disabled True means enabled Display which WAN profile used for sending out the data packets i Dray Tek LAN Profile IP Mask Display which LAN profile used for the local device Display the private IP address for such profile Display the subnet mask for such profile How to add a new IP Routing profile 1 Open LAN gt gt IP Routing 2 Click the Add button LAN gt gt IP Routing IP Routing T gt Add Profile YE Edit M Delete GS Refresh Enable This Profil WAH Profile Mo i 3 The following dialog will appear IP Routing Profile Foutingtesti J Enable This Profile WAN Profile wart w LAN Profile lant IP 192 168 f 34 Mask 255 255 255 0 v H Apply Gg Cancel Available parameters are listed as follows Item Profile Enable This Profile WAN Profile LAN Profile IP Mask Dray Tek Description Type the name of the IP routing profile Check this box to enable such IP routing profile Choose one of WAN profiles for sending data out Choose one of LAN profiles for the local device Type the private IP address for such IP routing profile Use the drop down list to choose the subnet mask for such IP routing profile 74 Vigor2960 Series User s Guide 4 Enter all the settings and click Apply The new profile will be added on the screen LAH gt gt IP Routing IP Routing Re Add J Edt fff Delete GS Refresh Of
247. tings and click Apply 5 A session limit profile has been created Bandwitth Management gt gt Sessions Limit Sessions Limit Gp add gt Edit ff Delete GY Refresh Gf Rename Profile Enable This Profile Source IP Max Sessions session 1 true 192 766 7354 SOU 4 11 6 Bandwidth Limit The downstream or upstream from FTP HTTP or some P2P applications will occupy large of bandwidth and affect the applications for other programs Please use Limit Bandwidth to make the bandwidth usage more efficient In the Bandwidth Management menu click Bandwidth Limit to open the web page D r ay Tek Vigor 2960 Series 09 30 24 Bandwidth Management gt gt Bandwidth Limit MAU CURR ON x Bandwidth Limit Quick Start Wizard 4 Profile Numi i j rote Num eree Gy Add X Edit f Delete Refresh G Rename Profile Enable This Profile Start IP End IP TX Limit RX Limit No items to show F Enable Smart Bandwidth Limit Vill apply to the LAN IP notin Limitation List whose session number exceeds the thr Sessions Threshold 1000 Incoming Class Incoming Filter TX Limit 4000 Kbps Mbps Outgoing Class RX Limit 5000 Kbps Mbps Outgoing Filter Note Bandwidth limit only works for NEW sessions Original sessions are controlled by Hardware NAT Sessions Limit Bandwidth Limit 1 m gt E Apply Cancel gt Cvtarnsal Dmacne Each item will be explained as follows Item Description Add Add a new profile Edit Modify the select
248. tion Type a name for such profile Check this box to enable such profile Give the brief description for such profile Type the VLAN ID number for such profile Enable Click it to enable the function of VLAN Tag Data transmitted through the router will not be tagged with any number Disable Click it to disable the function of VLAN Tag Data transmitted through the router will be tagged with specified number for identification a Dray Tek Port Display the physical WAN interface for such profile Default MAC Enable Click it to enable the default MAC address for Address such profile Disable Click it to type the MAC address manually for such profile MAC Address Specify the MAC address for such profile if you click Disable for Default MAC address In default the system will determine it automatically Mode Determine such profile will be used for NAT or routing ROUTING ia MAT RJ TING IPv4 Protocol Type There are four connection modes for you to specify for IPv4 protocol type Each mode will bring up different web page Mone oy Mone Static DHCP PPPoE PFTP IPv6 Protocol Type There are four connection modes for you to specify for IPv6 protocol type Each mode will bring up different web page Link Local Link Local Static DHCP IA_ AA DHCP IA_PD Apply Click it to save the configuration and exit the dialog Cancel Click it to exit the dialog without saving the configuration Global conf
249. tion to be detected whether the host is active sending reply to the router or not If not the connection of WAN interface will be regarded as breaking down This function is available when Connection Detection Mode is set with PING or HTTP To Add E Save Connection Detection Hos 192 169 1 28 mM Connection Detection Host Save Click this button to save the setting ll _ Click the icon to remove the selected entry Assign an interval period of time for each detecting Assign detecting times to ensure the connection of the WAN interface After passing the times you set in this field and no reply received by the router the connection of WAN interface will be regarded as breaking down After finished the PPTP configuration please click Static or DHCP according to the PPTP Over Protocol setting to modify the Static DHCP configuration for such profile Click it to save the configuration and exit the dialog Click it to exit the dialog without saving the configuration If you choose Link Local as IPv6 protocol type Link Local address is used for communicating with neighbouring nodes on the same link It is defined by the address prefix fe80 64 You don t need to setup Link Local address manually for it is generated automatically according to your MAC Address Dray Tek 46 Vigor2960 Series User s Guide If you choose Static as IPv6 protocol type click the StaticV6 tab to open the following page
250. to save the configuration and exit the page Cancel Click it to exit the page without saving the configuration 4 Enter all the settings and click Apply Vigor2960 Series User s Guide 235 Dray Te k 5 The outgoing class rate for QoS Policer has been modified Total Rate Control Class Rate Control Queue 1 5 YVeight YL Edit Refresh Profile Status Rate Description outgoing classo Disable Control queue fthightest outgoing class Enable 65 Control queue Gihigher Hani Giese mieshis T rantai aiena Tna Outgoing Queue 1 5 Weight There are several available outgoing queues four shapers at varying levels and five data queues with weights All queues in the data group to be initialized with weights of zero resulting in a strict service to completion STC mechanism across all queues 0 Bandwidth Management gt gt Outgoing Class gt gt Queue 1 5 Weight Total Rate Control Class Rate Control Queue 1 5 Weight YE Edit Q Refresh Qos Queue Weight low gueue_5 low queue 4 low queue 3 low queue 2 co a A Oo low queue Each item will be explained as follows Item Description Edit Modify the selected policy To edit a profile simply select the one you want to modify and click the Edit button The edit window will appear for you to modify the corresponding settings for the selected policy Refresh Renew current web page QoS Queue Display the name of the QoS queue Dray Te k 236 Vigor2960 Series User s
251. tor Password This page allows you to set new password for accessing into the WUI of the router Dray Tek Vigor 2960 Series 10 05 27 System Maintenance gt gt Administrator Password Auto Logout Off Administrator Password Quick Start Wizard Online Status o Original Password New Password Confirm Password TR 069 Configuration Backup Syslog Mail Alert Time and Date Access Control SNMP Setup E Apply Dahnant Cuctam Each item will be explained as follows Item Description Original Password Type the old password New Password Type the new password Confirm Password Re type the new password for confirmation Vigor2960 Series User s Guide 247 Dray Te k 4 12 3 Configuration Backup Apply Click this button to save the configuration and exit the web page Most of the settings can be saved locally as a configuration file and can be applied to another router The router supports functions of restore and backup for the configuration file Backup Auto Logout Off Quick Start Wizard Online Status TR 069 Administrator Password Syslog Mail Alert Time and Date Access Control SNMP Setup Dahant Ciurctam Vigor2960 Series 10 06 49 System Maintenance gt gt Configuration Backup gt gt Backup Restore Jl Encrypt Config Password Confirm Password Backup to Local File Backup Type O Backup to Remote TFTP Server Backup Selected Config Co
252. trict the source port value Type the starting port number 0 65535 in the range of the source port Type the ending port number 0 65535 in the range of the source port Type the destination IP address for such incoming filter rule Type the mask address for the destination IP address Choose Enable to restrict the destination port value Type the starting port number 0 65535 in the range of the destination port Type the ending port number 0 65535 in the range of the destination port Click it to save the configuration and exit the page al Dray Tek Cancel Click it to exit the dialog without saving the configuration 4 Enter all the settings and click Apply 5 The incoming filter rule for QoS Policer has been modified Bandwidth Management gt gt Filter Rule Fitter Rule YE Edit GS Refresh Filter Rule Policer Drop Reserved filter_rule_O no_rate_control Disable Disable filter_rule_1 no_rate_control Enable Disable filter_rule_ no_rate_control Disable Disable 4 11 3 Outgoing Class Outgoing Class Setup allows you to configure bandwidth percentage for data and voice signals transmission Click the Bandwidth Management option and choose Incoming Class Dray Tek Vigor 2960 Series Bandwidth Management gt gt Outgoing Class gt gt Total Rate Control MEG LOO ON x me Total Rate Control Class Rate Control Queue 1 5 Weight Quick Start Wizard a Online Status j Status OEnable Disable
253. u to choose Disable The function of Bind IP to MAC is disabled Enable Specified IP addresses on the Bind Table will be reserved for the device with bind MAC address Other devices which are not listed on the Bind Table shall still get the IP address from DHCP server Strict_Bind Only specified IP addresses will be assigned to the device with bind MAC address Other devices which are not listed on the Bind Table shall still NOT get the IP address from DHCP server Dray Te k 86 Vigor2960 Series User s Guide 3 Click Add to open the following dialog Bind IP to MAC 2 Profile Bing_IF1 IP Address 192 l 168 qq MAC g 50 F CA BE gD H Apply G9 Cancel Available parameters are listed as follows Item Description Profile Type the name of the profile IP Address Type the IP address that will be used for the specified MAC address MAC Type the MAC address that is used to bind with the assigned IP address Apply Click it to save and exit the dialog Cancel Click it to exit the dialog without saving anything 4 Enter all the settings and click Apply 5 A new profile has been added onto Bind Table MAC Ss add J Edt ff Delete Select Al GS Refresh Bind Table dress Profile IP Adklress MAC ar 9 Bind _IF1 192 168 1 99 00 50 7 F EA gE 9D 4 2 5 RIP Configuration The Routing Information Protocol RIP is a dynamic routing protocol used in local and wide area networks The routing
254. uide 29 Dr ay Ie k 2 Next continue to create a LAN 192 168 3 3 24 profile named lan2 with the settings shown below General Setup Profile lan2 Enable This Profile Description Optional VLAN ID 11 Default MAC Address Enable Disable MAC Address loo 50 7 o IPv4 Protocol static Mode NAT IP Address 192 168 Subnet Mask 255 255 255 0 Gateway IP Address a Optional amp gt Add H Save UIP 2nd Subnet Subnet Mask No items to show 3 Open LAN gt gt Static Route Setup and profile Quick Start Wizard Online Status WAN General Setup Static Route Switch BID Cantino atinn Static Route IPvE Static Route Inter LAN Route click the Inter LAN Route tab to enable this Enable This Profile 4 Open LAN gt gt OSPF Configuration to enable this profile Click Add to make the LAN Profiles lan2 area setting as 11 and lan1 area as 11 As shown in the topology diagram AN General Setup IP Routing Static Route Profile Bind IP to MAC RIP Configuration OSPF Configuration all Dray Tek k OSPF Configuration LAN gt gt OSPF Configuration Enable This Profile E gt Add LAN Profile lanz lant Vigor2960 Series User s Guide 5 After setting check the routing information marked with
255. up DHCP DHCP Relay RADYO DACP v6 DE Edit GM Refresh Profile Enable This Profile DHCP Server Location DHCP Server IP lani false lantest falze Each item will be explained as follows Item Description Edit Modify the selected LAN profile To edit a profile simply select the one you want to modify and click the Edit button The edit window will appear for you to modify the corresponding settings for the selected rule Refresh Renew current web page Profile Display the name of the LAN profile Enable This Profile Display the status of the profile False means disabled True means enabled DHCP Server Location Display the LAN or WAN profile for the DHCP server DHCP Server IP Display the IP address of DHCP server Dray Te k 66 Vigor2960 Series User s Guide How to edit a LAN profile for DHCP Relay 1 Open LAN gt gt General Setup and click the DHCP Relay tab LAH gt gt General Setup gt gt DHCP Relay General Setup DHCP DHCP Relay RADYO DHCP YE J Edt G4 Refresh Profile Enable This Profile DHCP Server Location DHCP lani falze lantest false 2 Choose one of the LAN profiles by clicking on it and click the Edit button to open the following dialog isi i DHCP Relay l Profile l Enable This Profile l DHCP Server Location ea inte iste aiciaibia a Gunisia eisai ateie sla aisle Be celeste nS p c DHCP Server IP i HE Apply g Cancel Available parameters are listed as follows Item
256. ure Business Chatting Computer Other WO 1 AlcoholAnd Tok Sports Travel WWeb Hased Em Chat Botnets Hackine Mews Content Filter License Move your mouse to the link of Activate URL and click it The system will guide you to access into MyVigor website Dray Tek Vigor 2960 Series 16 12 56 Login Admin Objects Setting gt gt Web Category Object gt gt Content Filter License Off bn be Web Category Object Content Filter License Quick Start Wizard 4 Online Status License N aiana AR Info Serial Number enh of Se ry Start Date Expire Date IP Object IP Group Service Type Object Service Type Group Keyword Object Keyword Group File Extension Object IM Object P2P Object Protocol Object Time Object Time Group E Apply cancel lt After finishing the activation for the trial version of WCF remember to purchase Silver Card for WCF service from your DrayTek dealer or distributor Vigor2960 Series User s Guide 149 Dray Te k 4 5 12 Time Object You restrict Internet access to certain hours so that users can connect to the Internet only during certain hours say business hours The schedule is also applicable to other functions e g Firewall Login Admin Vigor 2960 Series 15 29 14 Objects Setting gt gt Time Object Auto Logout Off Add X Edit i Delete A Refresh Profile Number Limit 16 Cc ett Profile Frequency Start Date Start
257. urs Display the information of WAN operation about recent 24 hours Recent 7 Days Display the information of WAN operation about recent 7 days Recent 4 Weeks Display the information of WAN operation about recent 4 weeks Below show a graphic for CPU Diagnostics gt gt Traffic Graph gt gt CPU Setup CPU Memory LAN WAN Interval Recent 34 Hours Recent T Days C Recent 4 Weeks CPU Usaqet s Idle System User Nice 1 0 0 00 Dray Te k 268 Vigor2960 Series User s Guide 4 13 6 Web Console Click Diagnostics and click Web Console to pen the web page for typing commands used in console connection A remote user can operate Vigor2960 from this web page without installing and opening other connection utility ka Login 4 13 7 Ping Trace Route This page allows you to trace the routes from router to the host Simply type the IP address of the host in the box and click Run The result of route trace will be shown on the screen Dray Tek Vigor2960 Series 14 08 10 Login Admin Diagnostics gt gt Ping Trace Route Auto Logout Off Routing Table ARP Cache Table DHCP Table NAT Session Table Traffic Graph Web Console Ping Trace Route Data Flow Monitor Ping TraceRoute Host Interface lan1 Stat Q Stop External Devices 1 Product Registration Each item will be explained as follows Item Description Ping TraceRoute Click Ping to perform ping function Click
258. used instead Pool Mode Primary Profile want Failover m Apply R Cancel 4 Use the drop down list to choose the one you need Pool Mode Failover Primary Profile want yr Backup Profile wand y 5 Click Apply A new profile will be added on the page WAN gt gt Load Balance gt gt Pool Pool Rule C3 Add SK Edt fj Delete 4 Refresh Profile N Profile Mode Interface Primary Profile Backup Pre LB 1 Load Balance wani 20 FL i Failover wani 20 want wan 54 Vigor2960 Series User s Guide Dray Tek Rule This page will make the packets be transmitted with user defined profiles with IP address and protocol that is different with default route E r m 5i Dray Tek Vigor 2960 Series 14 37 22 Login Admin gt WAN gt gt Load Balance gt gt Rule sm penny Auto Logout in v nos Quick Start Wizard _ J d Add Edit Delete Refresh Move U Move Down Online Status V x i aii E aii Enable This Protocol Source IP 4 Source Ma Destinatior Destinatior Destinatior Destinatior Load Balanc General Setup Heavytraffic true ALL 192 168 1 25 255 255 25 192 168 1 85 255 255 25 want Default Route Load Balance External Devices Product Registration Each item will be explained as follows Item Add Edit Delete Refresh Move Up Move Down Profile Enable This Profile Protocol Source IP Address Source Mask Destination IP Address Destination Mask Destination Port Star
259. vi Vigor2960 Series User s Guide 412 9 ime and Dala Yeoea ae rccureurstanec ssatmeneiocacdsamnenteieraseieaniecsesdtesadeaanaunennssiexsag oumedsaaasshasdenamereinasamertcaiearaieore 204 4 12 6 AACCESS OM Ole caissindteccttcoowaxsuaie eens baaealenaassien Steatsedadtmcemadeautaateesdpaenaesdaiaashiao muasisanticn odntensdeents 255 412 eS LN eae 0 9 eee ee eee ee ee eee ee 256 A128 Rebol SYSIOM earning aiea Ea a T e iaa aeaeaei 257 4 12 9 Firmware Upgrade cccccccccssssececccesseeecceeeseceeccaeaeceeesaeaeeceeeesaaseceesseaaeececessageeeeessaageeeessaas 258 O DONOS NC S or a E E A E E E E atest 259 AST ROUUNG BUONO sesira arae r ea EAEE R erR E SE E T 259 4 13 2 ARP Cache Table eee ne ee ee Arei een ee ee 262 Go DAOP TADIC js caacsicavsshascescusu cavacccnestoeseuasesaena E 265 4 13 4 NAT Session TADIG saccceccsasdencevncdcececescedpisacdsedaveienisatesinednsvecsaderasdecsnuandsadssaecededeacdensetiacdecstas 266 BW Wie ECT E E E A AE EI E EAE AA EE A 267 4 136 WV COINS OS oot semianariiciedeunanasaenocaaeiapsaduindeiinsanasaliyinadoscineaeutaivenauiedehiuseoscmeccocmiasendecdehesaeisassanaie 269 4 13 7 Ping Trace Route tra taiasiandcsasannishudannsnipsiandeuantntsiahsnanedubpsnentales hutefchersaciehnsadensysandnisaesnessiuainssus 269 4 13 8 Data Flow WVION INO lriaies Pennant astannamnidanmciiattaakaidxantedaiiaweeotalsianninsaisen tanetichesleaotunmaavncesasandiolentxwcasevencdis 270 AAE emal DEVICE Soosi a a a a a E aces 271 4 15 P
260. will be shown in this field Display the source IP object profile selected for each rule Display the keyword object profile selected for each rule which is allowed to pass through the router 112 Vigor2960 Series User s Guide Item Description Keyword Block Display the keyword object profile selected for each rule which is not allowed to pass through the router File Extension Block Display the file extension object profile selected for each rule which is not allowed to pass through the router Web Category Block Display the web category object profile selected for each rule which is not allowed to pass through the router Web Category The message will display on the user s browser when he she Administration Message tries to access the blocked web page Apply Click it to save the configuration Cancel Click it to discard the settings configured in this page How to create a URL Filter profile 1 Open Firewall gt gt Filter Setup and click the URL Filter tab 2 Simply click the Add button IP Filter Application Filter URL Filter fp add Edit ff Delete GS Refresh GB Renar Profile Enable This P Time Profile Source IP Keyword APF Rulel true Mone Ary Mone 3 The following dialog will appear Vigor2960 Series User s Guide 113 Dr ay Te k Dray Tek Profile Profile SP eee Keyword 1 Time Profile None id EOF Any Fj Source IP EB Keyword Pass None hd EF F Keyword Block None hd Fe File Extensi
261. with_auth s IKE Phase2 Authentication Dial Out 4LL Sa F Accepted Proposal Dial In acceptall s r Apply Cancel T m a LED haida A mr Available parameters are listed as follows Item Description IKE Phasel Propose the local available authentication schemes and Proposal Dial Out encryption algorithms to the VPN peers and get its feedback to find a match IKE Phasel Propose the local available algorithms to the VPN peers and Authentication get its feedback to find a match Dial Out IKE Phase2 Propose the local available authentication schemes and Proposal Dial Out encryption algorithms to the VPN peers and get its feedback to find a match IKE Phase2 Propose the local available algorithms to the VPN peers and Authentication get its feedback to find a match Dial Out Accepted Proposal For the dial in VPN user please specify the limitation of the Dial In proposal acceptall When the VPN tunnel is established all the proposals supported by this device will be accepted and Vigor2960 Series User s Guide 197 Dray Te k applied acceptabove When the VPN tunnel is established only the selected proposal will be accepted and applied by this device Apply Click it to save the configuration Cancel Click it to exit the page without saving configuration 7 Enter all the settings and click Apply 8 Anew IPSec LAN to LAN profile has been created VPN and Remote Access gt VPN P
262. word Object File Extension Object IM Object P2P Object Protocol Object Web Category Object Time Object Time Group Each item will be explained as follows Item Description Add Add a new profile Edit Modify the selected profile To edit a profile simply select the one you want to modify and click the Edit button The edit window will appear for you to modify the corresponding settings for the selected rule Delete Remove the selected profile To delete a rule simply select the one you want to delete and click the Delete button Refresh Renew current web page Vigor2960 Series User s Guide 133 Dray Te k Item Profile Number Limit Group Name Description Objects Description Display the total number 16 of the object profiles to be created Display the name of the service type group Display the brief explanation for such profile Display the keyword object profiles grouped under such group How to create a new Keyword Group Profile l 2 Dray Tek Open Objects Setting gt gt Keyword Group Simply click the Add button Objects Setting gt gt Keyword Group Keyword Group Ta Add JE Edt ff Delete GS Refresh Group Hame Keyword Group Group Hame Description Objects Description The following dialog will appear KG 1 first group Cptional KO w El Apply R Cancel Available parameters are listed as follows Item Group Name Description O
263. y Information Federal Communication Commission Interference Statement This equipment has been tested and found to comply with the limits for a Class A digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference in a residential installation This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instructions may cause harmful interference to radio communications However there is no guarantee that interference will not occur in a particular installation If this equipment does cause harmful interference to radio or television reception which can be determined by turning the equipment off and on the user is encouraged to try to correct the interference by one of the following measures Reorient or relocate the receiving antenna Increase the separation between the equipment and receiver Connect the equipment into an outlet on a circuit different from that to which the receiver is connected Consult the dealer or an experienced radio TV technician for help This device complies with Part 15 of the FCC Rules Operation is subject to the following two conditions 1 This device may not cause harmful interference and 2 This device may accept any interference received including interference that may cause undesired operation Please visit http www draytek com user AboutRegulatory
264. y add gt Edit jj Delete Profile URL 3 The following dialog will appear SSL Web Proxy G Fefresh Profile SSL AF URL wy dravtek com Host IP Address 172 16 3 El Apply Gg Cancel Available parameters are listed as follows Item Description Profile Type name of the profile URL Type the address function variation or IP address or path of the proxy server Host IP Address If you type function variation as URL you have to type corresponding IP address in this filed Such field must match with URL setting Apply Click it to save the configuration Cancel Click it to exit the page without saving the configuration Dray Tek a Vigor2960 Series User s Guide 4 Enter all the settings and click Apply 5 Anew SSL Web Proxy profile has been created SSL VPN gt gt SSL Web Proxy SSL Web Proxy fa add De Edit jf Delete 6 Refresh Profile URL Host IP Atre Sol wP wy dravtek corm 172 16 3 54 4 10 2 SSL Application It provides a secure and flexible solution for network resources including VNC Virtual Network Computer RDP Remote Desktop Protocol SAMBA to any remote user with access to Internet and a web browser Dray Tek Vigor 2960 Series Login Admin SSL VPN gt gt SSL Application gt gt VNC Auto Logout Off v pre VNC RDP Quick Start Wizard a amp Add X Edit i Delete Refresh Profile Number Limit 10 a re Profile IP Address Port Seali
265. ype Group Keyword Object Keyword Group File Extension Object IM Object P P Object Protocol Object Web Category Object Time Object Time Group 120 Vigor2960 Series User s Guide 4 5 1 IP Object For IPs in a limited range usually will be applied in configuring router s settings we can define them with objects and bind them with groups for using conveniently Later we can select that object group that can apply it For example all the IPs in the same department can be defined with an IP object a range of IP address This page allows you to specify certain IP address range of IP addresses or subnet mask as an object which will be applied in Firewall Dray Tek Vigor 2960 Series 14 29 45 Login Admin B 7 Objects Setting gt gt IP Object Auto Logout Off v i O Add X Edit i Delete 6 Refresh Profile Number Limit 256 geen 5 2 7 Profile Interface Address Type Start IP Address End IP Address Subnet Mask IP Group Service Type Object Service Type Group Keyword Object Keyword Group File Extension Object IM Object P2P Object Protocol Object Web Category Object Time Object Time Group Each item will be explained as follows Item Description Add Add a new profile Edit Modify the selected profile To edit a profile simply select the one you want to modify and click the Edit button The edit window will appear for you to modify the corresponding settings for the selected rule Delete Remove
Download Pdf Manuals
Related Search