Draytek VigorIPPBX 3510
Contents
1. FAQ Basic FAQ 01 What are the differences among these firmware file formats Basic 02 How could get the telnet command for routers Advanced 03 How can backup restore my configuration settings VPN 04 How do reset clear the router s password DHCP 05 How to bring back my router to its default value ale VoIP D6 How do tell the type of my Vigor Router is AnnexA or AnnexB For ADSL model only QoS 07 Ways for firmware upgrade ISDN 08 Why is SNMP removed in firmware 2 3 6 and above for Vigor2200 Series routers Firewall IP Filter 09 failed to upgrade Vigor Router s firmware fram my Mac machine constantly what should do 10 How to upgrade firmware of Vigor Router remotely IISR FAQ Printer Server 01 How do configure LPR printing on Windows2000 xP 02 How do configure LPR printing on Windows96 Me 03 How do configure LPR printing on Linux boxes 04 Why there are some strange print out when try to print my documents through Vigor210 AP 2300 s print server 05 What types of printers are compatible with Vigor router 06 What are the limitations in the USB Printer Port of Vigor Router 07 What is the printing buffer size of Vigor Router 08 How do configure LPR printing on Mac OSX 09 How do configure LPR printing on My Windows Vista Note 2 Vigor router supports printing request from computers via2. p g gh A ij E ae 2 i lt V ASES f p T gt pa Ae W aii i 7 ia POR e wi f ad F 7 t i oF A Zs A 1 A Y j Doge ig E ma is k EAF y J E Z J d l i ai A n i i Sear Ar r s f d a J E sP A ere i i 9 ek 3510 pray gigol cr Your reliable networking solutions partner User s Guide V 2 31 Vigor PPBX 3510 Series User s Guide Version 2 31 Firmware Version V3 5 5 2 Date 06 08 2011 VigorIPPBX 3510 Series User s Guide ii Dray Tek Copyright Information Copyright Declarations Trademarks Copyright 2011 All rights reserved This publication contains information that is protected by copyright No part may be reproduced transmitted transcribed stored in a retrieval system or translated into any language without written permission from the copyright holders The following trademarks are used in this document Microsoft is a registered trademark of Microsoft Corp Windows Windows 95 98 Me NT 2000 XP Vista and Explorer are trademarks of Microsoft Corp Apple and Mac OS are registered trademarks of Apple Inc Other products may be trademarks or registered trademarks of their respective manufacturers Safety Instructions and Approval Safety Instructions Warranty Be a Registered Owner Firmware amp Tools Updates Dray Tek Read the installation guide thoroughly before you set up
3. private 0 0 0 0 0 0 0 0 via 172 16 3 4 WaN2 C 192 168 1 0 255 255 255 0 is directly connected LAN C 172 16 0 0 255 255 0 0 is directly connected WAN2 Add Static Routes to Private and Public Networks Here is an example of setting Static Route in Main Router so that user A and B locating in different subnet can talk to each other via the router Assuming the Internet access has been configured and the router works properly use the Main Router to surf the Internet Dray Tek 153 VigorlPPBX 3510 Series User s Guide create a private subnet 192 168 10 0 using an internal Router A 192 168 1 2 create a public subnet 211 100 88 0 via an internal Router B 192 168 1 3 have set Main Router 192 168 1 1 as the default gateway for the Router A 192 168 1 2 Before setting Static Route user A cannot talk to user B for Router A can only forward recognized packets to its default gateway Main Router Internet Set Static Route Router 192 168 1 2 Gateway 192 168 1 Prive 192 1 Goto LAN page and click General Setup select 1st Subnet as the RIP Protocol Control Then click the OK button Note There are two reasons that we have to apply RIP Protocol Control on Ist Subnet The first is that the LAN interface can exchange RIP packets with the neighboring routers via the Ist subnet 192 168 1 0 24 The second is that those hosts on the internal private subnets ex 192 168 10 0 24 can access the
4. Open f x eg My Documents 4 My Computer Cm Network Places C Firmware pgrade 3 1 6 2 My Recent Documents m 35 oipModule_20101119 cFg FS 3510_20101119 chq My Documents hy Computer im a File name W35VoipModule_20101119 v 7 Next click Import Dray Tek L Firmware Upgrade Utility 3 6 2 Router IP mies A A Select Router Config C Documents and Settings Carrie Desktop v3510 70101119 crg m Select VoIP Config C Documents and Settings Carrie Desktop ys5voipModule 20101 Operation Mode Password Backup Setting O Restore Time GubiSec 63 VigorIPPBX 3510 Series User s Guide 8 When it is finished the following dialog will appear _ Firmware Upgrade Utility 3 6 2 Router IP 192 168 1 1 Select Router Config C Documents and Setting aiid 1 20101119 crg Message x Select VoIP Config C Documents and Settings Process success fJoipModule 70101 Operation Mode Upgrade Backup Setting Time uke Sec Sending router config file Import 9 Now the configuration files have been restored to your router VigorIPPBX 3510 Series User s Guide 64 Dray Tek 3 12 Request a certificate from a CA server on Windows CA Server CAServerA CA Server B ee User imports the certificate as local certificate to Vigor Router via Web GUI User requests a certificate issued by CA Server A and Saves it 1 Go to Certificat
5. 666 Change the number if you want For example you want to use ISDN Trunk 1 for dialing out After pressing the ISDN Trunk number for ISDN Trunk 1 the system will inform you that ISDN Trunk 1 is busy for someone is used for dialing out You can wait until the line is available or simply dialing the number specified here to make the system choosing an available line to dial out The Global MSN Number configured here can be applied to all of the ISDN lines Such feature is useful when every ISDN Trunk Line would apply the same MSN mapping rule However when the Global MSN Number is set the same as the MSN numbers for the router for ISDN Trunk ISDN Trunk settings will be applied by the router first For the detailed information of setting ISDN Global MSN mapping and router please refer to the section later Specify which ISDN TE port s would be applied with the settings of ISDN global MSN mapping and route All ISDN TE Global MSN mapping and route rule will be applied to all of the ISDN TE ports ISDN TE1 ISDN TE4 Check the box to apply the Global MSN mapping and route rule to the selected ISDN TE port Please click any number under Index to set detailed configuration for ISDN trunk Dray Tek 105 VigorlIPPBX 3510 Series User s Guide IP PBX gt gt ISDN Trunk List ISDN Trunk Index 1 Answer Mode Office hours answer mode Non Office hours answer mode Own Number Auto Attendant Auto Attendant ka
6. Auto Attendant Foward To Extension Foward To Group There are several outside lines SIP accounts for you to specify for such extension Please check the one s you want The available boxes listed here will be changed according to the FXS FXO module inserted to VigorIPPBX 3510 This page allows you to set profiles for ISDN lines ISDN TE port respectively In addition the new function of ISDN Global MSN mapping and route is provided which can be applied to all of the ISDN Trunk lines or to the selected ISDN lines with the same rule IP PBX gt gt ISDN Trunk List ISDN Trunk List Index ee i ISON Trunk Auto Hunt Trunk Number Active 905 Y 906 Y g r Wi 908 Y MSN numbers map to ALL ISDN TE ISON TE1L ISDN TE2 ISDH TES ISDN TE4 Warning The trunk checkbox must be selected before the trunk can be chosen as the Default Trunk Index Trunk Number Active VigorIPPBX 3510 Series User s Guide Display the number that you can click to edit the trunk profile Display the default trunk number of each entry V means current trunk number is available Dray Tek ISDN Trunk Auto Hunt ISDN Global MSN mapping and route MSN numbers map to This function is useful when both ISDN ports set to TE mode When a user wants to dial ISDN number out he can dial the number specified here e g 666 to make the router automatically hunting an available ISDN line for it The default number is
7. Real Estate Shopping cults L Network Errors L Uncategorised Sites Type a name for such profile 208 Gambling Nudity Weapons Tasteless Cl Sports Fashion amp Beauty Web based Mail Computers LJ Phishing amp Fraud Spam Sites L Hacking Peer to Peer L Transportation J Education Health amp Medicine Personal Sites Cl Religion Translators Greeting cards Parked Domains Dray Tek Log White Black List Action Dray Tek None There is no log file will be recorded for this profile Pass Only the log about Pass will be recorded in Syslog Block Only the log about Block will be recorded in Syslog All All the actions Pass and Block will be recorded in Syslog Block Enable Activate white black list function for such profile Group Object Selections Type the characters here as the content of white black list Pass allow accessing into the corresponding webpage with the characters listed on Group Object Selections If the web pages do not match with the specified feature set here they will be processed with the categories listed on the box below Block restrict accessing into the corresponding webpage with the characters listed on Group Object Selections If the web pages do not match with the specified feature set here they will be processed with the categories listed on the box below Pass allow accessing into the corr
8. Yes No Dynamic IP Index 1 15 in Schedule Setup Fixed IP Address E Default MAC Address WAN Connection Detection Specify a MAC Address Maide MAC Address TTL OK Dray Tek 279 VigorlPPBX 3510 Series User s Guide For Static Dynamic IP Users 1 Check if the Enable option is selected 2 Check if Obtain an IP address automatically for Dynamic IP setting is selected Or check if IP address Subnet Mask and Gateway are entered with correct values for Static IP setting that you got from your ISP WAN gt Internet Access WAN IP Network Settings WAN IP Alias Obtain an IP address automatically Keep WAN Connection Router Name iY z LJ Enable PING to keep alive Domain Name Doo 7 ees en Required for some ISPs Specify an IP address PING Interval jo minute s IP Address WAN Connection Detection Subnet Mask Mode ARP Detect Gateway IP Address TTL DNS Server IP Address Ol O RIP Protocol Secondary IP Address oOo C Enable RIP Default MAC Address Specify a MAC Address MAC Address 00 50 zF Hoo foo ot For PPTP L2TP Users 1 Check if the Enable option for PPTP Link is selected 2 Check if PPTP Server Username Password and WAN IP address are set correctly must identify with the values from your ISP WAN gt Internet Access WAN 1 PPTP L2TP Client Mode PPP Setup Enable PPTP Enable L2TP Disable PPP Authentication P
9. LAN And WAN Both LAN and WAN users can access samba server of the router NetBios Name Service For the NetBios service of USB diskette you have to specify a workgroup name and a host name A workgroup name must not be the same as the host name The workgroup name can have as many as 15 characters and the host name can have as many as 23 characters Both them cannot contain any of the following 5 lt gt 1 Workgroup Name Type a name for the workgroup Host Name Type the host name for the router VigorIPPBX 351 s Gui 24 igor 3510 Series User s Guide 8 Dray Tek 5 9 2 USB User Management This page allows you to set profiles for FTP Samba users Any user who wants to access into the USB storage disk must type the same username and password configured in this page Before adding or modifying settings in this page please insert a USB storage disk first Otherwise an error message will appear to warn you USB Application gt gt USB User Management USB User Management Index Username een ee i i i i Setto Factory Default Home Folder Index Username Home Folder i k k k k k io PEE RE it Click index number to access into configuration page USE Application gt gt USB User Management Profile Index 1 FTP Samba User Username Password Confirm Password Home Folder 4ccess Rule Enable Disable tain 11 Characters P File LJRead write Delete Directory
10. VigorIPPBX 3510 gers f Toli Wel i EJ apaan NN Phone 4 Switch ee ss NA Phone 4 D oe e ce IP Phone Switch pE IP Phone VigorIPPBX 3510 Series User s Guide 4 Dray Tek 1 3 1 Introduction for FXS FXO ISDN TE ISDN NT Module VigorIPPBX 3510 has two expansion slots each slot can be plugged into 4 port PSTN card ISDN NTTE or ISDN TE card The PSTN card involves two kinds of interface FXS and FXO The ISDN NTTE card involves two kinds of interface NT for port 1 and 3 TE or NT user configurable for port 2 and 4 And ISDN TE card involves 4 port TE mode You can deploy different PSTN ISDN applications according to the requirements FXS and FXO FXS Foreign eXchange Station and FXO Foreign eXchange Office are assembled with a pair A telecommunications line from an FXO device must be connected to an FXS device Similarly an FXS device must be connected to an FXO device For example PSTN is FXS equipment and a telephone is FXO equipment As for VigorIPPBX 3510 it is more special because it has both FXS and FXO devices at the same time It can connect to the phone line to act as FXO equipment and it can connect to telephones to act as FXS equipment FXS card This card can connect to the telephone FAX machine DECT Phone and so on FXS Card Telephone FAX DECT Phone FXO card This card can connect to PSTN lines and extension lines of PBX PSTN Dray
11. VigorlPPBX 3510 Series User s Guide 14 Dray Tek 2 2 Quick Start Wizard If your router can be under an environment with high speed NAT the configuration provide here can help you to deploy and use the router quickly Dray Tek www draytek com Vigor PPBX 3510 System Status O Quick Start Wizard Model Name VigorlPPBX 3510 Firmware Version 3552 Build Date Time Apr 27 2011 10 23 18 LAN WAN 1 MAC Address 00 50 7F 39 7F 0E Link Status Connected ist IP Address 192 168 1 1 MAC Address OO 50 7F 39 7F OF ist Subnet Mask 255 255 255 0 Connection Static IP DHCP Server Yes IP Address 172 16 3 131 DNS 168 95 1 1 Default Gateway i 172 16 1 1 SIP Trunk PBX SYSTEM Profile Status Product Registration w N side registration Disable Yoip Module Information Firmware Version 2 6 4 EN Hardware Yersion 1 0 Build Date Time 2011 05 05 11 49 25 IP Address 192 168 1 249 he The first screen of Quick Start Wizard is entering login password After typing the password please click Next Quick Start Wizard Enter login password Please enter an alpha numeric string as your Password Max 23 characters _ lt Back Finish Dray Tek 15 VigorIPPBX 3510 Series User s Guide On the next page as shown below please select the WAN interface that you use Choose Auto negotiation as the physical type for your router Then click Next for next step Quick Start Wizard WA
12. 143 VigorlIPPBX 3510 Series User s Guide DNS Server IP Address Type in the primary IP address for the router if you want to use Static IP mode If necessary type in secondary IP address for necessity in the future Details Page for PPTP L2TP To use PPTP L2TP as the accessing protocol of the internet please choose PPTP L2TP from Internet Access menu The following web page will be shown WAN gt gt Internet Access WAN 1 PPTP L2TP Client Mode Enable PPTP Enable L2TP Disable Server Address Specify Gateway IP Address a ISP Access Setup Username Password PPTP L2TP Client Mode ISP Access Setup PPP Setup IP Address Assignment Method IPCP VigorIPPBX 3510 Series User s Guide Index 1 15 in Schedule Setup LL IL IL PPP Setup PPP Authentication PAP or CHAP 1 second s IP Address Assignment Method WAN IP Alias Idle Timeout IPCP Fixed IP Yes No Dynamic IP Fixed IP Address fe WAN IP Network Settings Obtain an IP address automatically Specify an IP address Subnet Mask Cancel Enable PPTP Click this radio button to enable a PPTP client to establish a tunnel on the WAN interface Enable L2TP Click this radio button to enable a L2TP client to establish a tunnel on the WAN interface Disable Click this radio button to close the connection through PPTP or L2TP Server Address Specify the IP address of the PPTP L2TP
13. Build a L2TP VPN connection through the Internet You can select to use L2TP alone or with IPSec Select from below None Do not apply the IPSec policy Accordingly the VPN connection employed the L2TP without IPSec policy can be E Dray Tek User Name Password PPP Authentication VJ compression IKE Authentication Method IPSec Security Method Medium Advanced Dray Tek viewed as one pure L2TP connection Nice to Have Apply the IPSec policy first if it is applicable during negotiation Otherwise the dial out VPN connection becomes one pure L2TP connection Must Specify the IPSec policy to be definitely applied on the L2TP connection This field is applicable when you select PPTP or L2TP with or without IPSec policy above This field is applicable when you select PPTP or L2TP with or without IPSec policy above This field is applicable when you select ISDN PPTP or L2TP with or without IPSec policy above PAP CHAP is the most common selection due to wild compatibility This field is applicable when you select PPTP or L2TP with or without IPSec policy above VJ Compression is used for TCP IP protocol header compression Normally set to Yes to improve bandwidth utilization This group of fields is applicable for IPSec Tunnels and L2TP with IPSec Policy Pre Shared Key Input 1 63 characters as pre shared key Digital Signature X 509 Select one predefined Profiles set in the VPN and Remote Access gt gt
14. Class Class Class Setto Factory Default oe Online Bandwidth ete Statistics Control Inactive Status Setup Inactive Status Setup Rule Service Type Edit dit VigorIPPBX 3510 Series User s Guide 2 Click Setup link of WAN 1 Make sure the QoS Control on the left corner is checked And select BOTH in Direction Bandwidth Management gt gt Quality of Service General Setup Enable the QoS Control our F WAN Inbound 1001 WAN Outbound EO H oth 100 Index Class Name Class 1 3 Return to previous page Enter the Name of Index Class 1 by clicking Edit link Type the name E mail for Class 1 Bandwidth Management gt gt Quality of Service Class Index 1 NO Status Local Address Remote Address DiffServ CodePoint Service Type 1 Empty z 5 4 For this index the user will set reserved bandwidth e g 25 for E mail using protocol POP3 and SMTP Bandwidth Management gt gt Quality of Service General Setup Enable the QoS Control BOTH WAN Inbound Bandwidth Kbps WAN Outbound Bandwidth Kbps Index Class Name Reserved bandwidth Ratio Class 1 E mail s W of Class 2 25 lm Class 3 25 lo 25 O Enable UDP Bandwidth Control Limited_bandwidth Ratio 25 C Outbound TCP ACK Prioritize Online Statistics VigorIPPBX 3510 Series User s Guide 50 Dray Tek 5 Return to previous page Enter the Name of Index Class 2 by clicking Edit link In this index the user will s
15. DES Triple DES 3DES and AES 5 7 4 IPSec Peer Identity To use digital certificate for peer authentication in either LAN to LAN connection or Remote User Dial In connection here you may edit a table of peer certificate for selection As shown below the router provides 32 entries of digital certificates for peer dial in users VPN and Remote Access gt gt IPSec Peer Identity 909 Peer ID Accounts Setto Factory Default Index Name Status Index Name Status 1L 777 s ire 777 s 2 777 x 18 777 x 3 777 s 19 277 4 777 s 20 777 s 5 277 x 21 277 s 6 777 x 22 777 x l 777 s 23 777 s 8 777 s 24 777 s 9 295 oe 25 riir s 10 277 x 26 777 x 11 777 s 27 777 s 12 T77 s 28 777 s 13 277 x 29 777 x 14 277 x 30 77 x 15 777 s 31 777 s 16 777 s 32 777 s Set to Factory Default Click it to clear all indexes Index Click the number below Index to access into the setting page of IPSec Peer Identity Name Display the profile name of that index Click each index to edit one peer digital certificate There are three security levels of digital signature authentication Fill each necessary field to authenticate the remote peer The following explanation will guide you to fill all the necessary fields Dray Te k 231 VigorIPPBX 3510 Series User s Guide VPN and Remote Access gt gt PSec Peer Identity Profile Index 1 Profile Name rf Enable this account Accept Any Peer ID Accept Subject Alt
16. It is very convenient for an administrator to manage a TR 069 device through an Auto Configuration Server e g VigorACS System Maintenance gt gt TR 069 Setting ACS and CPE Settings ACS Server On ACS Server UEL Username Password CPE Client Internet PO Enable Disable UEL Fort Username Password Periodic Inform Settings O Disable Enable Interval Time ACS Server On ACS Server CPE Client Periodic Inform Settings VigorIPPBX 3510 Series User s Guide hitp t61 216 228 226 8069 ewm CRNAtn o9 figor o SS eoeeee0e _ _ _ _ second s Choose the interface for the router connecting to ACS server URL Username Password Such data must be typed according to the ACS Auto Configuration Server you want to link Please refer to Auto Configuration Server user s manual for detailed information Such information is useful for Auto Configuration Server Enable Disable Allow Deny the CPE Client to connect with Auto Configuration Server Port Sometimes port conflict might be occurred To solve such problem you might change port number for CPE The default setting is Enable Please set interval time or schedule time for the router to send notification to CPE Or click Disable to close the mechanism of notification 256 Dray Tek 5 10 3 Administrator Password This page allows you to set new password system Maintenance gt gt Administrator Passwor
17. SIP server Mode Mone Add Strip Fe The front number you type here is the first part of the account number that you want to execute special function according to the chosen mode by using the prefix number Set the minimal length of the dial number for applying the prefix number settings Take the above picture Prefix Table Setup web page as an example if the dial number is between 7 and 9 that number can apply the prefix number settings here Set the maximum length of the dial number for applying the prefix number settings Choose the one that you want to enable the match prefix settings from the saved SIP accounts Please set up one SIP account first to make this route available This item will be changed according to the port settings configured in IP PBX gt gt PBX System gt gt Phone Settings and IP PBX gt gt Trunks gt gt SIP Trunk IPF PBX gt gt PBX System Phone List Index Type Call Feature Ext 1 FMS CW 2 FAS Wy 3 FS CW 4 Fas CY us Dray Tek 2sh Seconds ls Refresh Account nber Name Trunk Number Status 001 002 003 004 005 006 Backup Trunk It will be triggered when the original route is not registered or receives failed response 4 1 3 2 Speed Dial In this section you can set your VoIP contacts in the phonebook It can help you to make calls quickly and easily by using Speed Dial Number There are total 20 index entries in the phonebook for you to
18. The example is based on Windows XP As to the examples for other operation systems please refer to the similar steps or find support notes in www draytek com 1 Goto Control Panel and then double click on Network Connections Webwork Connections 2 Right click on Local Area Connection and click on Properties Disable Status Repair Bridge Connections Create Sharkcut Rename Properties 3 Select Internet Protocol TCP IP and then click Properties ethO Properties General Authentication Advanced Connect using BS ASUSTek Broadcom 440 10 100 Ir Configure This connection uses the following items El Client tor Microsoft Networks a File and Printer Sharing for Microsoft Networks fm 0s Packet Scheduler Internet Protocol TCP IP Description Transmission Control Protocol lnternet Protocol The default wide area network protocol that provides communication across diverse interconnected networks Show icon in notification area when connected Notify me when this connection has limited or no connectivity VigorIPPBX 3510 Seri s Gui 2 igor 3510 Series User s Guide 76 Dr ay Tek 4 Select Obtain an IP address automatically and Obtain DNS server address automatically Internet Protocol TCP IP Properties General Alternate Configuration You can get IP settings assigned automatically if your network supports thie capability Otherwise you need to ask your network adminis
19. This chapter offers you general web configuration for IPPBX WAN LAN and NAT You can get detailed information to adjust setting for suiting your request 4 1 IPPBX IP PBX IP Private Branch eXchange is a private telephone network used within an enterprise Users of the PBX can share a certain number of outside lines for making telephone calls external to the PBX IP PBX integrates the benefits of VoIP PSTN ISDN and transfers the message from IP phone into the data that can be accepted by traditional PBX through IP network It is a new platform that enterprises can use data network to deliver voice Additionally to move the IP phone set s users just need to plug into another network connector Such thing simplifies the procedure of moving increasing changing and deleting phone settings also it can join with other system such as CALL center to be a multi functional communication platform Moreover it can save large cost in communication for the enterprise This menu can assist users to configure most of settings in IP PBX Below shows menu items for IP PBX Dray Tek 93 VigorIPPBX 3510 Series User s Guide 4 1 1 Extension The system allows you to set 100 extension numbers Please open IP PBX gt gt Extension to get the following pages IP PBX gt gt Extension Internal Phone Extension Index Ext Mame Email Address Outgoing Call Status aoe aoe x are ee fee 1 ee gE l i l i En Eaa ean mia Eaa Eaa Ea Eaa Eaa
20. server if you enable PPTP L2TP client mode Specify Gateway IP Address Specify the gateway IP address for DHCP server Username Type in the username provided by ISP in this field Password Type in the password provided by ISP in this field Index 1 15 in Schedule Setup You can type in four sets of time schedule for your request All the schedules can be set previously in Application Schedule web page and you can use the number that you have set in that web page PPP Authentication Select PAP only or PAP or CHAP for PPP Idle Timeout Set the timeout for breaking down the Internet after passing through the time without any action Fixed IP Usually ISP dynamically assigns IP address to you each time you connect to it and request In some case your ISP provides service to always assign you the same IP address whenever you request In this case you can fill in this IP address in the Fixed IP field Please contact your ISP before you want to use this function 144 Dray Tek Click Yes to use this function and type in a fixed IP address in the box Fixed IP Address Type a fixed IP address WAN IP Network Obtain an IP address automatically Click this button to obtain Settings the IP address automatically Specify an IP address Click this radio button to specify some data IP Address Type the IP address Subnet Mask Type the subnet mask Details Page for PPP To use PPP for 3G USB Modem as
21. the USB storage disk In addition if the user types here he she can access into all of the disk folders and files in USB storage disk Note When write protect status for the USB storage disk is ON you cannot type any new folder name in this field Only P can be used in such case You can click to open the following dialog to add any new folder which can be specified as the Home Folder 3 http 192 168_ 1 5 doc ftpuserfolder htm Microsoft Internet Explorer USB User Management Choose Folder Folder Name Create New Home Folder Folder Name test Create Note The folder name can only contain the following characters A Z a z 0 9 _ and space Only 11 characters are allowed Access Rule It determines the authority for such profile Any user who uses such profile for accessing into USB storage disk must follow the rule specified here File Check the items Read Write and Delete for such profile Directory Check the items List Create and Remove for such profile Before you click OK you have to insert a USB storage disk into the USB interface of the Vigor router Otherwise you cannot save the configuration VigorIPPBX 3510 Seri s Gui 2 igor 3510 Series User s Guide 50 Dr ay Tek 5 9 3 File Explorer File Explorer offers an easy way for users to review and manage the content of USB storage disk connected on Vigor router USB Application gt gt File Explorer File
22. 1 Agreement Gerson al Information Draytek provides MyVigor my vigor draytek com service according to this agreement When you use MyYigor service it means that you have read understand and agree to accept the items listed in this agreement Draytek can modify or change the content of the items without any reasons It is suggested for you to notice the medications or changes at any time If you still use MyVigor service E Preferences 33 d 5 7 ii after knowing the modifications and changes of this service it means you have read understand and agree to accept the modifications and changes If you do not agree the content of this agreement A please stop using My igor service completion 2 Registration To use this service you have to agree the following conditions a Provide your complete and correct information according to the registration steps of this service by Ld BIT Ove AL O68 66 18 Se ake Information here bre i be DS TAT A Beare Or Peer rr Weal Mi have read and understand the above Agreement Use the scroll barto view the entire agreement 5 Type your personal information in this page and then click Continue Register Create an account Please enter personal profile Fiekds marked by are required Account Information Gasreement Uioara Mary _ Check Account 3 20 chatacters i eaea Password Cee 4 20 characters Do not set the same as the username Confirm Password cec
23. 128 bit for encryption In other words if 128 bit MPPE encryption method is not available then 40 bit encryption scheme will be applied to encrypt the data Maximum MPPE This option indicates that the router will use the MPPE encryption scheme with maximum bits 128 bit to encrypt the data The Mutual Authentication function is mainly used to PAP communicate with other routers or clients who need Dray Tek bi directional authentication in order to provide stronger security for example Cisco routers So you should enable this function when your peer router requires mutual authentication You should further specify the User Name and Password of the mutual authentication peer 229 VigorlIPPBX 3510 Series User s Guide This option represents that the MPPE encryption method will be optionally employed in the router for the remote dial in user If the remote dial in user does not support the MPPE encryption algorithm the router will transmit no MPPE encrypted packets Otherwise the MPPE encryption scheme Start IP Address Enter a start IP address for the dial in PPP connection You should choose an IP address from the local private network For example if the local private network is 192 168 1 0 255 255 255 0 you could choose 192 168 1 200 as the Start IP Address But you have to notice that the first two IP addresses of 192 168 1 200 and 192 168 1 201 are reserved for ISDN remote dial in user 5 7 3 IPSec
24. 21 30 3140 41 50 5160 61 70 71 80 81 90 91 100 gt ca 2 ye i D A z oe Pad There are 100 groups of extension numbers that you can configure Please click any number under Index to set detailed configuration VigorlPPBX 3510 Series User s Guide 94 Dray Tek IP PBX gt gt Extension Profile Internal Phone Extension Index 1 Internal Phone Extension Active Allow Remote Registration from Type Extension Number Display Name Authentication Disable CI VePN Enable CIWAN e L Use Display Name as authentication ID Password C Enable PPTP PN Dial In for this Number Passward E mail Address Yolce mail Password OO Canes era Mw Message Waiting Indications Notify User who Subscribed Allow to access these Trunks Force Notify User Osii Osie Osips Osips Osips Osips CO PsSTNi O PSTN O PSTN3 CIPSTN4 O ISON TE1 ISCN TE2 LJ ISON TE3 ISDN TE4 Default Trunk Answer Hode No answer after Busy then Not on line Internal Phone Extension Active Allow Registration from Type Extension Number Display Name Authentication Dray Tek 60 sec then Keep Ring 4 Do Mothing v Do Nothing v Click Enable to invoke such profile If Disable registration from WAN in IP PBX gt gt PBX System gt gt SIP Proxy Setting page is unchecked there are two options offered here WAN VPN for extension registration For ge
25. 240 208 Username vJ Compression Password PAF CHAP n off PPP Authentication IKE Authentication Method Pre Shared Key Digital Signature X 509 IPSec Security Method Medium AH High ESP Index 1 15 in Schedule Setup Set Dial In settings to as shown below to allow Router A dial in to build VPN connection If an PSec based service is selected you may further specify the remote peer IP Address IKE Authentication Method and IPSec Security Method for this Dial In connection Otherwise it will apply the settings defined in IPSec General Setup above VigorIPPBX 3510 Series User s Guide 3 Dial In Settings Allowed Dial In Type C PPTP IPSec Tunnel Cl L2TP with IPSec Policy ic Specify Remote VPN Gateway Peer VPN Server IP 220 155 240 206 orPeerID O Username draytek on off VJ Compression IKE Authentication Method L Pre Shared Key a a T LF raa eTo_Snaren Bei a hi I tal Fat Fail T e y k Digital Signature X 509 None IPSec Security Method Medium AH High ESP DES 3DES V AES If a PPP based service is selected you should further specify the remote peer IP Address Username Password and VJ Compression for this Dial In connection 3 Dial In Settings Allowed Dial In Type PPTP L IPSec Tunnel C L2TP with IPSec Policy Mic Specify Remote VPN Gateway Peer VPN Server IP 240 135 240 206 orPeerID i Username on off
26. 3 Set a suitable range for the length fields 4 Select a specific Trunk for this rule For example set Operand Number and Prefix Number to 1 and set the Trunk to VoIP1 When an extension dial 12345 PBX will dial 2345 to the Trunk of YoIP1 5 Backup Trunk will trigger when defalut Trunk not registed or receive fail response Enable Check this box to invoke this setting Match Prefix It is used to match with the number you dialed and can be modified with the Operand Number by the mode add strip or replace Dray Tek 109 VigorIPPBX 3510 Series User s Guide Mode Operand Number Min Len Max Len Trunk VigorIPPBX 3510 Series User s Guide None No action Add When you choose this mode the Operand number will be added before the prefix number for calling out through the specific route Strip When you choose this mode partial or the whole prefix number will be deleted according to the Operand number Take the above picture Prefix Table Setup web page as an example the Operand number of 886 will be deleted completely for the prefix number is set with 886 Replace When you choose this mode the Operand number will be replaced by the prefix number for calling out through the specific VoIP interface Take the above picture Prefix Table Setup web page as an example the prefix number of 03 will be replaced by 8863 For example dial number of 031111111 will be changed to 88631111111 and sent to
27. 3510 Series User s Guide Dray Tek 5 4 1 APP Enforcement Profile You can define policy profiles for IM Instant Messenger P2P Peer to Peer Protocol application This page allows you to set 32 profiles for different requirements The APP Enforcement Profile will be applied in Default Rule of Firewall gt gt General Setup for filtering CSM gt gt APP Enforcement Profile APP Enforcement Profile Table Setto Factory Default Profile Name Profile Name FREEBRBEFEYEPR PP eee e Set to Factory Default Clear all profiles Profile Display the number of the profile which allows you to click to set different policy Name Display the name of the APP Enforcement Profile Click the number under Index column for settings in detail There are four tabs IM P2P Protocol and Misc displayed on this page Each tab will bring out different items that you can choose to disallow people using Dray Tek 197 VigorlPPBX 3510 Series User s Guide Below shows the items which are categorized under IM CSM gt APP Enforcement Profile Profile Index 1 Profile Name fs Il P2P Protocol Misc Select All Clear All Advanced Management Activity Application MSNM YahooIM AIMGac v5 9 Ica Login d d LI d Message Ll L L File Transfer O C d F Game E LI d LI Conference ideo Voice L F Other Activities F IM Application VoIP AIM6 7 LJac Tm Jichat Jabber GoogleTalk L Googlechat U Fire L GaduGadu L Paltalk Cisky
28. 7HbNOdYn88p1ixRrOF gk8nkbMLda qh10o0c 1s YN smGb4N Pbho4VMO1VO aKiyaPfp 202 0WsCddxh Hz23 Ys8m60CAwE AAAAANAOGCS GS Ib3 DOEBBOUAASGB AGNBSO 1V 44sqgkiwillnXkXHJvdaF LDOdweOo1ZLixRn 0Vdhed JvalSCgiqzJocKaDo nacBqEc lWOchKzESOdyDcsmt If7k 10455euY7nxswxkvPI0On3 LUMIGNZvoOsvrTYu sOvJIGBHHwKSkUblLRAZLSxvH DoNxlb6czTlybedZssrdw 4 Connect to CA server via web browser Follow the instruction to submit the request Below we take a Windows 2000 CA server for example Select Request a Certificate Microsoft Certificate Services vigor Welcome You use this web site to request a certificate for your web browser e mail client or other secure program Once you acquire a certificate you will be able to securely identify yourself to other people over the web sign your e mail messages encrypt your e mail messages and more depending upon the type of certificate you request Select a task ORetrieve the CA certificate or certificate revocation list Request a certificate O Check on a pending certificate VigorIPPBX 3510 Series User s Guide 66 Dray Tek Dray Tek Select Advanced request Microsoft Certificate Services vigor Choose Request Type Please select the type of request you would like to make User certificate request Advanced request Select Submit a certificate request a base64 encoded PKCS 10 file or a renewal request using a base64 encoded PKCS 7 file Microsoft C
29. AON aa R EE EEEE 247 5 9 T USB General Seting saresti aiiin a E a a 247 5 9 2 USB User Manageme n ccccccccccccecscsesseseceeceeeeeeeeseeeeeessueeaeeeeeeeeseaaaeseeeeeesssseaesss 249 IIS FIS OVC eere E ETO T E T E ET 251 Doa USE DIER Sl UNS e E 252 5 9 5 Web Syslog Syslog Explorer ccccccccceeccceeeeeeeeeseeeeeeeeeeeeeeceeeeesseaeaeeeeeeeesssaaaeses 252 5 10 System MaintenanCce sssussnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn nnmnnn mnnn 254 Dray Te K vii VigorIPPBX 3510 Series User s Guide 510 1 OyStem pte 0 S ae ee eee eee eee 254 WO I OOF i ssscartiny sans tansnininsdaysaciensisgcevatina nines A E A 256 9 103 AAMIMISHAlOrL PAS SWOlGwecascinmnathiaaenviaccamalantenanatdionmistndunmaiseanueniuatennolitannaannenmcuets 25 7 5 10 4 Configuration Backup cccccccccceecceaeeseeeeeeeeeeeeeeseceeeeesaeeeseeeeeesssueaaaeeeeeeeessaaageses 257 5 10 5 Syslog Mail Alert cccccccccsssseeeceeeeeeeeeeeeeceeeseeeeeeeeeeeeeesseeeaeeeeeeeessueaseeeeeeesssagesss 258 5 106 Time and Dale ircen aad lansiieuiontuniddanesdiatiamnaddionsidanecounitess 261 SLOE EEEE E E A EE E E E E E E E E E 262 5 10 6 REDOOL SYSIOM senesine E EE EEE E 263 5 10 9 Firmware Upgrade ccccccccseescececeeeeeeeeeeeeeeeeeeeeeeeseeeeseeeeeeeeseeeseeeeesseaeeeeesssaeseeeeeeas 264 MOC LV NO Ul o E E uahencasmniwatsnsecanidh yedutieaeona nies 264 SI DONOSO S eE EE AEE 266 Bil Vell Oaou TI e E E E E eames aaaeuudnaets 26
30. Address 192 168 1 1 7508 175019 If both the Primary IP and Secondary IP Address fields are left empty the router will assign its own IP address to local users as a DNS proxy server and maintain a DNS cache If the IP address of a domain name is already in the DNS cache the router will resolve the domain name immediately Otherwise the router forwards the DNS query packet to the external DNS server by establishing a WAN e g Cable connection There are two common scenarios of LAN settings that stated in Chapter 4 For the configuration examples please refer to that chapter to get more information for your necessity 4 3 3 Static Route Go to LAN to open setting page and choose Static Route LAN gt gt Static Route Setup Static Route Configuration Setto Factory Default View Routing Table Index Destination Address Status Index Destination Address Status 1 777 6 777 i TTE T f TTT 7 3 TT a TTF 7 4 TTT 9 TEF T 5 TTT T i TEF 7 Status v Active x Inactive 7 Empty Index The number 1 to 10 under Index allows you to open next page to set up Static route Destination Address Displays the destination address of the static route Status Displays the status of the static route Viewing Routing Table Displays the routing table for your reference Diagnostics gt gt View Routing Table Current Running Routing Table Refresh Key C connected S5 static R RIP default
31. Attendant ka Auto Attendant Osii Osip Osips Osipa Osips Osips C PSTNi O PSTN O FPSTN3 O FPSTN4 Allow to access these Trunks Cisip1 Osie Osipa Osips Osips CIsir6 CIPSTNi O PSTN O PSTN3 COI PSTN4 C ISDN TE1 LJISDN TE2 l ISON TE3 LJISDN TE4 Phone Extension Active Trunk Number Manual Disconnection PIN Code Mode Dray Tek Click Enable to invoke this setting The default setting will be shown here 901 908 according the FXO card installation You can modify it to meet the request for your PSTN environment To disconnect the PSTN trunk simply click the Disconnect button The PSTN phone call will be disconnected immediately Off Net PIN Code ID Click Enable to invoke this setting Type the PIN code number to make off net call to PSTN trunk 103 VigorlIPPBX 3510 Series User s Guide Office hours answer mode Non office hours answer mode Allow to access these Trunks 4 1 2 3 ISDN Trunk On Net PIN Code ID Click Enable to invoke this setting Type the PIN code number to make on net call to PSTN trunk Set the answering mode for such outside line in office time You can specify it with Auto Attendant AA or forward it to any Extension or Group directly Auto Attendant Auto Attendant Foward To Extension Foward To Group Set the answering mode for such outside line in non office time You can specify it with Auto Attendant AA or forward it to any Extension or Group directly Auto Attendant
32. Clear all profiles and recover to factory settings Enable Dynamic DNS Setup Check this box to enable DDNS function Dray Tek 219 VigorIPPBX 3510 Series User s Guide Auto Update interval Index WAN Interface Domain Name Active View Log Force Update Set the time for the router to perform auto update for DDNS service Click the number below Index to access into the setting page of DDNS setup to set account s Display current WAN interface used for accessing Internet Display the domain name that you set on the setting page of DDNS setup Display if this account is active or inactive Display DDNS log status Force the router updates its information to DDNS server 3 Select Index number 1 to add an account for the router Check Enable Dynamic DNS Account and choose correct Service Provider dyndns org type the registered hostname hostname and domain name suffix dyndns org in the Domain Name block Applications gt gt Dynamic DNS Setup gt gt Dynamic DNS Account Setup Index 1 Enable Dynamic DNS Account WAN Interface WAN First Service Provider dyndns org www dyndns org Service Type Domain Name Hooo Login Name __ max 64 characters Password Loo max 23 characters C1 wildcards C Backup MX Enable Dynamic DNS Account WAN Interface Service Provider Service Type Domain Name Login Name Password Check this box to enable the current account If you did ch
33. Dial tone Ringing tone Busy tone and Congestion tone will be shown automatically on the page If you cannot find out a suitable one please choose User Defined and fill out the corresponding values for dial tone ringing tone busy tone congestion tone by yourself for VoIP phone TOn1 TO TOn TO 10msec 10msec 10msec 10msec Tone Settings Region ee User Defined Canada USA Netherlands France UK Dial tone Denmark ae Norway Ringing t Poland Germany Australia Congestic gt ngapore Japan China Finland Hong Kong Taiwan VigorIPPBX 3510 Seri s Gui 12 igor 3510 Series User s Guide 6 Dray Tek Also you can specify each field for your necessity It is recommended for you to use the default settings for VoIP communication ISDN PCM Code Used to change to A law or u law for ISDN network Caller ID Type It is available only when User Defined is selected in the field of Region Select the caller ID type for setting Dial tone Ringing tone Busy tone and Congestion tone respectively Caller ID Type ETSI North America JAPAN 4 1 4 8 Phone Setting This page allows user to set phone settings for FXS ISDN module That is if there is no FXS ISDN module installed on the IP PBX this page will not be shown IP PBX gt gt PBX System Phone List Index Type Call Feature Extension Number 1 FXS CW 901 2 FXS CW 902 3 FXS CW 903 4 FXS CW 904 Or Phone List Index Type Call Feature Extension Num
34. Explorer Current Path 4 Upload File Select a file O cc Upload Note The folder can not be deleted when it is not empty Refresh Click this icon to refresh files list t Back Click this icon to return to the upper directory 2 Create Click this icon to add a new folder Current Path Display current folder Upload Click this button to upload the selected file to the USB storage Dray Tek disk The uploaded file in the USB storage disk can be shared for other user through FTP 251 VigorlIPPBX 3510 Series User s Guide 5 9 4 USB Disk Status This page is to monitor the status for the users who accessing into FTP or Samba server USB storage disk via the Vigor router If you want to remove the diskette from USB port in router please click Disconnect USB Disk first And then remove the USB storage disk later USB Application gt gt USB Disk Status USB Mass Storage Device Status Connection Status No Disk Connected Disk Capacity 0 MB Free Capacity OMB Refresh USB Disk Users Connected Refresh Index Service IP Address Port Username Note If the write protect switch of USB disk is turned on the USB disk is in READ ONLY mode No data can be written to it Connection Status If there is no USB storage disk connected to Vigor router No Disk Connected will be shown here Disk Capacity It displays the total capacity of the USB storage disk Free Capacity It displays the free
35. IGMP starts from 224 0 0 0 to 239 255 255 254 P1 to P4 It indicates the LAN port used for the multicast group Refresh Click this link to renew the working multicast group status If you check Enable IGMP Proxy you will get the following page All the multicast groups will be listed and all the LAN ports P1 to P4 are available for use VigorIPPBX 351 s Gui 22 igor 3510 Series User s Guide 6 Dray Tek 5 6 6 Wake on LAN A PC client on LAN can be woken up by the router it connects When a user wants to wake up a specified PC through the router he she must type correct MAC address of the specified PC on this web page of Wake on LAN of this router In addition such PC must have installed a network card supporting WOL function By the way WOL function must be set as Enable on the BIOS setting Application gt gt Wake on LAN Wake on LAN Wake by Mote Wake on LAN integrates with Bind IP to MAC function only binded PCs can Wake up through IP Wake by MAC Address IP Address mac aadress I Result J Two types provide for you to wake up the binded IP If you choose Wake by MAC Address you have to type the correct MAC address of the host in MAC Address boxes If you choose Wake by IP Address you have to choose the correct IP address Wake by MAC Address MAC Address IP Address IP Address The IP addresses that have been configured in Firewall gt gt Bind IP to MAC will be shown in this
36. IP Address Mac Address A 192 168 1 10 00 0E 46 24 D5 41 172 16 2 240 00 05 S5D 04 D2 co 172 16 2 194 00 S0 7F 33 31 E9 172 16 3 237 00 O0cC 6E DO Ci 63 1742 16 35 222 O00 S50 7F 14 59 11 172 16 2 209 00 07 40 82 13 77 172 16 3 1681 00 S50 7F 1i 58 cCF 172 16 2 238 O00 S50 7F CcO 29 1D 172 16 2 62 O00 S0 7F 268 6E 21 172 16 3 201 O00 S50 7F 1C 49 E5 220 130 52 220 O00 S0 7F C1i 06 4D 172 16 3 115 00 1i 92 92 E86 1D 172 16 2 114 O00 S50 7F CO 25 BD 172 16 3 134 O00 S50 7F 33 31 E3 172 16 2 229 00 50 7F FO O0 SE a Refresh Click it to reload the page Clear Click it to clear the whole table Dray Tek 267 VigorlPPBX 3510 Series User s Guide 5 11 4 DHCP Table The facility provides information on IP address assignments This information is helpful in diagnosing network problems such as IP address conflicts etc Click Diagnostics and click DHCP Table to open the web page Diagnostics gt gt View DHCP Assigned IP Addresses DHCP IP Assignment Table Refresh DHCP server Running Index IP Address Mac Address Leased Time HOST ID 1 192 1665 1 10 OO OE 46 24 D5 Al1 0 00 06 820 ok leeg yiyO7 5u a Index It displays the connection item number IP Address It displays the IP address assigned by this router for specified PC MAC Address It displays the MAC address for the specified PC that DHCP assigned IP address for it Leased Time It displays the leased time of the specified PC HOST ID It displays the host ID n
37. If the remote network only allows you to dial in with single remote network you have IP please choose NAT otherwise choose Route to do Change default route to Check this box to change the default route with this VPN this VPN tunnel tunnel Be aware that this setting 1s available only for WAN interface is enabled 5 7 7 Connection Management You can find the summary table of all VPN connections You may disconnect any VPN connection by clicking Drop button You may also aggressively Dial out by using Dial out Tool and clicking Dial button VPN and Remote Access gt gt Connection Management Dial out Tool Refresh Seconds YPN Connection Status Current Page 1 Page Nol So Virtual Tx Tx Rate Rx Rx Rate aiii THDE nema Network Pkts Bps Pkts Bps CPIE 1 IPSec Tunnel 50 101 10 72 C1 DES No Auth E 192 168 20 0 24 0 LO tS A E Drop HMHEMEEM Data is encrypted HMHEXMEEN Data isn t encrypted Dial Click this button to execute dial out function Refresh Seconds Choose the time for refresh the dial information among 5 10 and 30 Refresh Click this button to refresh the whole connection status Dray Tek 243 VigorlPPBX 3510 Series User s Guide 5 8 Certificate Management A digital certificate works as an electronic ID which is issued by a certification authority CA It contains information such as your name a serial number expiration dates etc and the digital signature of the certificate issuing
38. Internet via the router and continuously exchange of IP routing information with different subnets 2 Click the LAN Static Route and click on the Index Number 1 Check the Enable box Please add a static route as shown below which regulates all packets destined to 192 168 10 0 will be forwarded to 192 168 1 2 Click OK LAN gt gt Static Route Setup Index No 1 Enable Destination IP Address 192 168 10 0 Subnet Mask 255 255 255 0 Gateway IP Address 192 165 1 2 Network Interface ka VigorIPPBX 351 s Gui 154 igor 3510 Series User s Guide 5 Dr ay Te k 3 Return to Static Route Setup page Click on another Index Number to add another static route as show below which regulates all packets destined to 211 100 88 0 will be forwarded to 192 168 1 3 LAN gt gt Static Route Setup Index No 2 Enable Destination IP Address 211 100 58 0 Subnet Mask 755 255 255 0 Gateway IP Address 192 165 1 3 Network Interface i x 4 Go to Diagnostics and choose Routing Table to verify current routing table Diagnostics gt gt View Routing Table Current Running Routing Table Refresh Fey connected 5 static KR RIP default private 192 168 10 0 255 255 255 0 via 192 168 1 2 LAN 192 168 1 0 255 255 255 0 is directly connected LAN 211 100 88 07 255 255 255 0 wia 192 168 1 3 LAN 4 3 4 VLAN Virtual LAN function provides you a very convenient way to manage hosts by grouping them base
39. Log box It will be sent to Syslog server Please refer to section Syslog Mail Alert for more detailed information For troubleshooting needs you can specify the filter log and or CSM log here Check the corresponding box to enable the log function Then the filter log and or CSM log will be shown on Draytek Syslog window Click Edit to open the following window However it is strongly recommended to use the default settings here 3 http 59_ 115 240_ 149 docfipfedrady htm Microsoft Internet Explorer Firewall gt gt Edit Filter Set gt gt Edit Filter Rule Filter Set 1 Rule 1 Advance Setting ANSI 1252 Latin 65535 1440 DrayTek Banner Codepage Window size Session timeout Minute Strict Security Checking CI APP Enforcement Close Codepage This function is used to compare the characters among different languages Choose correct codepage can help the system obtaining correct ASCII after decoding data from 180 Dray Tek Dray Tek URL and enhance the correctness of URL Content Filter The default value for this setting is ANSI 1252 Latin I If you do not choose any codepage no decoding job of URL will be processed Please use the drop down list to choose a codepage If you do not have any idea of choosing suitable codepage please open Syslog From Codepage Information of Setup dialog you will see the recommended codepage listed on the dialog box ff DrayTek Syslog 391
40. O o o o Dray Tek 41 VigorIPPBX 3510 Series User s Guide Settings in Router B in the remote office 1 Goto VPN and Remote Access and select Remote Access Control to enable the necessary VPN service and click OK 2 Then for using PPP based services such as PPTP L2TP you have to set general settings in PPP General Setup VPN and Remote Access gt gt PPP General Setup PPP General Setup PPP MP Protocol Dial In PPP IP Address Assignment for Dial In Users When DHCP Disable set DaN PAP or CHAF Authentication Start IP Address 192 168 2 200 fe laa a MPPE Optional MPPE ka Mutual Authentication PAP ves No For using IPSec based service such as IPSec or L2TP with IPSec Policy you have to set general settings in IPSec General Setup such as the pre shared key that both parties have known VPN and Remote Access gt gt IPSec General Setup YPN IKE IPSec General Setup Dial in Set up for Remote Dial in users and Dynamic IP Client LAN ta LAN IKE Authentication Method Pre Shared Key Confirm Pre Shared Key IPSec Security Method Medium CAH Data will be authentic but will not be encrypted High ESF MIDES Mapes A4eES Data will be encrypted and authentic 3 Goto LAN to LAN Click on one index number to edit a profile 4 Set Common Settings as shown below You should enable both of VPN connections because any one of the parties may start the VPN connection VPN and Remote
41. Places of Firmmarel Inorade Wlil d F Wgt 59 VigorIPPBX 3510 Series User s Guide 9 Next click Fetch Firmware Upgrade Utility 3 6 2 Router IP sient sd Save Config to C Documents and Settings Carrie Desktop yv3510 20101119 crg VoIP Module File PO Operation Mode Password Backup Setting Time Outi5ec Restore 10 When it is finished the following dialog will appear i Firmware Upgrade Utility 3 6 2 Router IP Save Config to C Documents and Setti e r010 1193 cFg Process success x VoIP Module File keii Operation Mode Upgrade Backup Setting Time Out Sec Receiving router config 11 Now the configuration files with the file name like V3510_XXXX V35VoipMoudule_XX XX will be stored in your host VigorIPPBX 3510 Series User s Guide 60 Dray Tek 3 11 2 Restore the Configuration Settings 1 Double click on the FrmUpg icon Firmware File Doo SA VoIP Module File PO O Operation Mode Password Backup Setting Time Qut Sec Restore 3 Click the browse button of Router IP to search the IP address e g 192 168 1 1 of VigorIPPBX 3510 Click OK Select Router MIC Select 192 168 1 1 255 255 0 0 On Line Kouters MAC Address A 192 168 11 VigoriPPBX 3510 00 50 7F 21 CB C O0 50 7F 46 74 9 Ipae f3 vigori 172 16 33 250 Vigor 104 O0 50 F 42 13 3 1f2 16 3 252 vigor 1
42. Restrict web Feature Action Profile Name Priority Log VigorIPPBX 3510 Series User s Guide cookie Cl Proxy LJ Upload File Extension Profile Type the name for such profile It determines the action that this router will apply Both Pass The router will let all the packages that match with the conditions specified in URL Access Control and Web Feature below passing through When you choose this setting both configuration set in this page for URL Access Control and Web Feature will be inactive Both Block The router will block all the packages that match with the conditions specified in URL Access Control and Web Feature below When you choose this setting both configuration set in this page for URL Access Control and Web Feature will be inactive Either URL Access Control First When all the packages matching with the conditions specified in URL Access Control and Web Feature below such function can determine the priority for the actions executed For this one the router will process the packages with the conditions set below for URL first then Web feature second Either Web Feature First When all the packages matching with the conditions specified in URL Access Control and Web Feature below such function can determine the priority for the actions executed For this one the router will process the packages with the conditions set below for web feature first then URL second Both Pass
43. Status Peer Number 2010 2010 Offline 2015 2015 Offline 2040 2040 Offline 3301 3301 Offline 3302 3302 Offline 3303 33053 Offline Offline Offline Offline lt lt 110 11 40 21 30 31 40 4150 5160 61 70 71 80 81 90 91 100 101 108 gt ext gt gt p z 3 4 5 6 wo OO 3 Ifthe registration is successful related information will be displayed on the screen Dray Tek 85 VigorIPPBX 3510 Series User s Guide VigorIPPBX 3510 Series User s Guide 86 D ray Tek 3 17 How to set up VigorPhone 350 with Vigor PPBX3510 series by using Auto Provisioning DrayTek Vigor PPBX 3510 supports the function of auto provisioning VigorPhone 350 is also capable of auto provisioning it can get a configuration text file from the Vigor PPBX 3510 series The configuration file contains SIP settings that the SIP devices can register with Vigor PPBX 3510 series Vigor PPBX 3510 L zT E Internet VigorSwitch P2260 PoE Switch VigorPhone 350 at VigorPhone 350 oo _ 1 Configure the extension number and password for each IP phone on Vigor PPBX 3510 You can configure extensions from IP PBX Wizard IPPBX Wizard Extension amp Groups Setup Index 1 Extension Group Name Dray Tek 87 VigorIPPBX 3510 Series User s Guide 2 Click IPPBX Wizard to get the first screen as shown below IPPBX Wizard Extension amp Groups Setup Index 1 Extens
44. Tek 5 VigorIPPBX 3510 Series User s Guide ISDN NT S0 and TE NT means Network Terminal The ISDN port in NT mode is a port that used to connect general ISDN phones And TE means Terminal Equipment The ISDN port in TE mode is a port that used to connect ISDN line or ISDN PBX As for the Private Branch Exchange PBX it is more special because it has both ISDN NT and ISDN TE devices at the same time It can connect to the ISDN line to act as ISDN TE equipment and it can connect to ISDN telephones to act as ISDN NT equipment 4 ISDN TE Ports 2 ISDN TE 2 ISDN NT Ports ISDN Phone Based on the characteristics described above that the ISDN NT equipment and the ISDN TE equipment must connect with each other please pay special attention when you use ISDN NT card and ISDN TE card VigorIPPBX 3510 Series User s Guide 6 Dray Te k 1 4 Printer Installation You can install a printer onto the router for sharing printing All the PCs connected this router can print documents via the router The example provided here is made based on Windows XP 2000 For Windows 98 SE please visit www draytek com Internet Before using it please follow the steps below to configure settings for connected computers 1 Connect the printer with the router through USB parallel port 2 Open Start gt Settings gt Printer and Faxes ET Documents SEARS iG Control Panel r e Network Connections Barc Printers and Faxes of
45. The following explanations will guide you to fill all the necessary fields For the web page is too long we divide the page into several sections for explanation l 7 VigorIPPBX 3510 Series User s Guide 36 Dray Tek Profile Index 1 1 Common Settings Profile Name Enable this profile YPN Dial Out Through WANI Only Pass OO Block O Pass Block Netbios Naming Packet Multicast via YPN Cn Call Direction Both Dial Out Dial in bo second s C Enable PING to keep alive O Always on Idle Timeout PING to the IP for some IGMP IP Camera DHCP Relay etc 2 Dial Out Settings Type of Server I am calling PPTP IPSec Tunnel L2TP with IPSec Policy Server IP Host Name for VPN Wsername Password PPP Authentication VI Compression On IKE 4uthentication Method such as draytek caom or 123 45 67 89 220 132 146 7 2 Profile Name Enable this profile VPN Dial Out Through Netbios Naming Packet Dray Tek Pre Shared Key Digital Signature x 509 IPSec Security Method Mediurm 4H High ESP DES without Authentication Index 1 15 in Schedule Setup Specify a name for the profile of the LAN to LAN connection Check here to activate this profile Use the drop down menu to choose a proper WAN interface for this profile This setting is useful for dial out only O WAMI First WANT Only WANZ First WANZ Onl WANI F
46. The default value is 23 Check this box to authenticate the mail server Type a name for IP PBX to authenticate the mail server automatically while connecting Type a password for IP PBX to authenticate the mail server automatically while connecting Type the e mail address used for sending the VoIP message out 119 VigorlIPPBX 3510 Series User s Guide 4 1 4 4 Office Hours You can set ten groups of office hours including starting point ending point on duty day s IP PBX gt gt PBX System Office Hours Office Hour Office Hour Index Enable Start HHMM End HHMM Weekdays 1 W Sun O Mon O Tue V Wed O Thu Fri O Sat 2 A Sun Mon Tue Wed Thu Fri Sat 3 F Sun Mon Tue wed Thu Fri Sat 4 d Sun Mon Tue Wed Thu Fri Sat 5 F Sun Mon Tue Wed Thu Fri Sat 5 d Sun Mon Tue Wed Thu Fri Sat fi d Sun Mon Tue Wed Thu Fri Sat z d Sun Mon Tue Wed Thu Fri Sat g F Sun Mon Tue wed Thu Fri Sat 10 d Sun Mon Tue Wed Thu Fri Sat Holiday Setting Month Date z SS SS T n D 12 S Office Hour Start Use the drop down menu to choose the time as the starting point Office Hour End Use the drop down menu to choose the time as the ending point Weekdays Check the day s to apply the office hour for that index Date Specify date s for applying the office hour settings in holiday for example type 2 4 6 amp 7 in the field of Date for Month 1 It means January 2 4 6 amp 7 will apply the office hour settings config
47. Type a name for this group Available Keyword You can gather keyword objects from Keyword Object page Objects within one keyword group All the available Keyword objects that you have created will be shown in this box ere Re ore Click button to add the selected Keyword objects in this box 5 3 7 File Extension Object This page allows you to set eight profiles which will be applied in CSM gt gt URL Content Filter All the files with the extension names specified in these profiles will be processed according to the chosen action Profile 1 with name of default is the default profile some files with the file extensions specified in this profile will be ignored and not be scanned by Vigor router Objects Setting gt gt File Extension Object File Extension Object Profiles Setto Factory Default Profile Name Profile Name 1 J 6 3 l 4 8 Set to Factory Default Clear all profiles Click the number under Profile column for configuration in details VigorlIPPBX 3510 Series User s Guide 194 Dray Tek Objects Setting gt gt File Extension Object Setup Profile Index 1 Categories Image select All Clear All Video Select All Clear All Audio Select All Clear All Java Select All Clear All Activex Select All Clear All Compression Select All Clear All Executation Select All Clear All Profile Name L bmp LJ pet ci C1 qt LJ aac LJ ra Ol cl
48. User s Guide 186 Dray Tek Objects Setting gt gt IP Object Profile Index 1 Name Interface Address Type Start IP Address End IP Address Subnet Mask Invert Selection Name Interface Address Type Start IP Address End IP Address Subnet Mask Invert Selection RD Department Any E Range Address M 192 168 1 64 192 168 1 75 Type a name for this profile Maximum 15 characters are allowed Choose a proper interface WAN LAN or Any Interface For example the Direction setting in Edit Filter Rule will ask you specify IP or IP range for WAN or LAN or any IP address If you choose LAN as the Interface here and choose LAN as the direction setting in Edit Filter Rule then all the IP addresses specified with LAN interface will be opened for you to choose in Edit Filter Rule page Determine the address type for the IP address Select Single Address if this object contains one IP address only Select Range Address if this object contains several IPs within a range Select Subnet Address if this object contains one subnet for IP address Select Any Address if this object contains any IP address Type the start IP address for Single Address type Type the end IP address if the Range Address type is selected Type the subnet mask if the Subnet Address type is selected If it is checked all the IP addresses except the ones listed above will be applied later while it is
49. VJ Compression IKE Authentication Method IPSec Security Method Medium AH High ESP DES M 3DES M AES 7 At last set the remote network IP subnet in TCP IP Network Settings so that Router B can direct the packets destined to the remote network to Router A via the VPN connection 4 TCP IP Network Settings My WAN IP 0 0 0 0 RIP Direction Remote Gateway IP ooon Po first subnet to remote network you hawe to Remote Network IP 192 168 1 0 Remote Network Mask 255 255 255 0 Kore Change default route to this YPN tunnel Only single WAN supports this 4 VigorIPPBX 3510 Series User s Guide 44 Dray Tek 3 7 Create a Remote Dial in User Connection Between the Teleworker and Headquarter The other common case is that you as a teleworker may want to connect to the enterprise network securely According to the network structure as shown in the below illustration you may follow the steps to create a Remote User Profile and install Smart VPN Client on the remote host VPN Router 210 135 240 208 Remote Network 192 168 1 0 Settings in VPN Router in the enterprise office 1 Goto VPN and Remote Access and select Remote Access Control to enable the necessary VPN service and click OK 2 Then for using PPP based services such as PPTP L2TP you have to set general settings in PPP General Setup VPN and Remote Access gt gt PPP General Setup PPP General Setup PPP MP Protocol IP Address Assignment for Dial In Users
50. When you use MyVigor service it means that you have read understand and agree to accept the items listed in this agreement Draytek can modify or change the content of the tems without any reasons tt is suggested for you to notice the medications or changes at any time If you still use MyVigor service after knowing the modifications and changes of this service it means you have read understand and agree to accept the modifications and changes If you do not agree the content of this agreement Ocom pletion 2 Registration please stop using My igor service To use this service you have to agree the following conditions ke Information here Lra eR UG OS NGUL LO HAYSS OF Perrine iM have read and understand the above Agreement Use the scroll barto view the entire agreement 3 Type your personal information in this page and then click Continue Register Create an account Please enter personal profile Fields marked by are required Account Information GaAareement UserName Confirm Password Personal Information First Name Last Name Company Name Email Address Tel Country Career Check Account Mary 3 20 characters LE EE 4 20 characters Do notsetthe same asthe usemame ecco Mary Ted Tech Ltd mary_ted tech com Please note that a valid E mail address is required to receive the Subscription Code You will n
51. and displayed on the ACL box above In this case 172 16 3 88 172 16 3 65 and 172 16 3 96 are added on the box That means these three IP addresses are allowed to be registered to IPPBX through WAN interface 4 1 4 2 Hunt Group This page allows you to make several extension numbers under certain group Thus when a phone call incomes all the extension numbers under such group will ring IP PBX gt gt PBX System Hunt Group Index Group Name Group Extension Hunt List Max 20 Extension 1 2 3 4 6 i 8 9 10 Index You can set 10 groups for using in different conditions Simply click the number under Index to specify detailed information Group Name Display the name of such group Group Extension Display the extension number of such group Hunt List Display the members inside the group Click any index number to display the hunt group setup page i l VigorIPPBX 3510 Series User s Guide 6 D ray Tek IP PBX gt gt PBX System Hunt Groups Index 1 Hunt Group Name Hunt Group Extension Hunt Rule Timeout Overflow Rule simultaneously 60 Seconds MUST greater than 10 seconds Hunt List Maximum Of Group Member 20 Available Hunt Group Name Hunt Group Extension Hunt Rule Timeout Overflow Rule Dray Tek Chosen Add A All Remove Remove Remove Al All Move Up Move Up Mave Down Down Type suitable na
52. authority so that a recipient can verify that the certificate is real Here Vigor router support digital certificates conforming to standard X 509 Any entity wants to utilize digital certificates should first request a certificate issued by a CA server It should also retrieve certificates of other trusted CA servers so it can authenticate the peer with certificates issued by those trusted CA servers Here you can manage generate and manage the local digital certificates and set trusted CA certificates Remember to adjust the time of Vigor router before using the certificate so that you can get the correct valid period of certificate Below shows the menu items for Certificate Management Certificate Management 5 8 1 Local Certificate Certificate Management gt gt Local Certificate X509 Local Certificate Configuration Name Subject Status Modify GENERATE IMPORT REFRESH 42509 Local Certificate Generate Click this button to open Generate Certificate Request window NP 244 VigorlPPBX 3510 Series User s Guide Dray Tek Import Refresh View Certificate Management gt gt Local Certificate Generate Certificate Request Subject Alternative Name Type IP Address IP Subject Name Country C State ST Location L Orginization 0 Orginization Unit COU v Common Name CN Email E Key Type Key Size Type in all the information that the window request Then click Generate
53. consistent with the one set up in the VPN router To use default gateway on remote network means that all the packets of remote host will be directed to VPN server then forwarded to Internet This will make the remote host seem to be working in the enterprise network VigorIPPBX 3510 Series User s Guide 48 Dray Tek Dial To TEH Session Name office VPM Server IPF HOST Namefsuch as 123 45 67 89 or draytek com 192 168 1 1 User Mame draytek_userl Password FEE Type of YPN PPTP LET IPSec Tunnel COL2TP over IPSec PPTP Encryption O Mo encryption O Maximum strength encryption Use default gateway on remote network 4 Click Connect button to build connection When the connection is successful you will find a green light on the right down corner 3 8 QoS Setting Example Assume a teleworker sometimes works at home and takes care of children When working time he would use Vigor router at home to connect to the server in the headquarter office downtown via either HTTPS or VPN to check email and access internal database Meanwhile children may chat on Skype in the restroom 1 Goto Bandwidth Management gt gt Quality of Service Bandwidth Management gt gt Quality of Service General Setup Index Status Bandwidth Direction i WANT Enable 10000Kbps 10000Kbps Outbound 25 25 25 WAN2 Enable 10000Kbps 10000Kbps Outbound 25 25 25 Class Rule Index Mame Class 1 Class 2 Class 3 Dray Tek 7
54. current time of your PC The clock will reset once if you power down or reset the router There is another way to set up time You can inquiry an NTP server a time server on the Internet to synchronize the router s clock This method can only be applied when the WAN connection has been built up Applications gt gt Schedule schedule Set to Factory Default Index Status Index Status i s Sla x 2 s 10 ae Fo TL x d s 5 A 13 6 H i4 i H 15 8 ja Status v Active s Inactive Set to Factory Default Clear all profiles and recover to factory settings Index Click the number below Index to access into the setting page of schedule Status Display if this schedule setting is active or inactive You can set up to 15 schedules Then you can apply them to your Internet Access or VPN and Remote Access gt gt LAN to LAN settings To add a schedule please click any index say Index No 1 The detailed settings of the call schedule with index are shown below Applications gt gt Schedule Index No 1 Enable Schedule Setup Start Date yyyy mm dd 2000 Jhi wilt iy Start Time hh men Jo m Duration Time hh mm Jo m Action Foceon Idle Timeout bo minutesh imax 255 0 for default How Often Once weekdays O Sun Mon Tue Wed Thu Fri J Sat Dray Te k 221 VigorIPPBX 3510 Series User s Guide Enable Schedule Setup Check to enable the schedule Start Date yyyy mm d
55. function and enter the name or number used for SIP Authorization with SIP Registrar If this setting value is the same as Account Name it is not necessary for you to check the box and set any value in this field 99 VigorIPPBX 3510 Series User s Guide Password The password provided to you when you registered with a SIP service Expiry Time It is the time duration that your SIP Registrar server keeps your registration record Before the time expires the router will send another register request to SIP Registrar again Trunk Number There are two ways to dial outside lines for an extension number First dial a short number and wait for a while When dial tone appears please dial the real outside line number Second dial a short number and then the real outside line number without waiting for dial tone The short number is defined here as Trunk Number Out going call CLI Determine which phone number will be shown to the remote end Main number Choose this item to display the SIP trunk number Alias number Choose this item to display the alias phone number that is the sub account Office hours answer mode Set the answering mode for such outside line in office time You can specify it with Auto Attendant AA or forward it to any Extension or Group directly Auto Attendant w Auto Attendant Forward To Extension Forward To Group Non office hours answer Set the answering mode for such outside line in non office
56. ial When DHCP Disable set ate PAP or CHAP v Authentication Start IP Address 192 168 1 200 cet aaa MPPE Optional MPPE ha Mutual Authentication PAF Yes No For using IPSec based service such as IPSec or L2TP with IPSec Policy you have to set general settings in IKE IPSec General Setup such as the pre shared key that both parties have known Dray Te k 45 VigorIPPBX 3510 Series User s Guide VPN and Remote Access gt gt IPSec General Setup YPN IKE IPSec General Setup Dial in Set up for Remote Dial in users and Dynamic IP Client LAN ta LAN IKE Authentication Method IPSec Security Method Medium CAH Data will be authentic but will not be encrypted High ESP VDES Mapes Maes Data will be encrypted and authentic Go to Remote Dial In User Click on one index number to edit a profile 4 Set Dial In settings to as shown below to allow the remote user dial in to build VPN connection If an PSec based service is selected you may further specify the remote peer IP Address IKE Authentication Method and IPSec Security Method for this Dial In connection Otherwise it will apply the settings defined in IPSec General Setup above VPN and Remote Access gt gt Remote Dial in User Index No 1 User account and Authentication Enable this account Password Idle Timeout second s IKE Authentication Method Pre Shared Key F IPSec Tunne EESE l IPSec Tunnel Cl Digital Signature X 509 Usernam
57. inbound outbound as 80 85 of physical network speed provided by ISP to maximize the QoS performance Reserved Bandwidth Ratio It is reserved for the group index in the form of ratio of reserved bandwidth to upstream speed and reserved bandwidth to downstream speed Enable UDP Bandwidth Check this and set the limited bandwidth ratio on the right Control field This is a protection of TCP application traffic since UDP application traffic such as streaming video will exhaust lots of bandwidth Outbound TCP ACK For the download speed might be impacted by the uploading Prioritize TCP ACK you can check this box to push ACK of upload faster to speed the network traffic Dray Tek 215 VigorIPPBX 3510 Series User s Guide Limited_bandwidth Ratio The ratio typed here is reserved for limited bandwidth of UDP application Edit the Class Rule for QoS The first three Class 1 to Class 3 class rules can be adjusted for your necessity To add edit or delete the class rule please click the Edit link of that one Bandwidth Management gt gt Quality of Service General Setup Setto Factory Default UDP i Index Status Bandwidth Direction Glass Class Class Others Bandwidth Online 1 2 3 Control Statistics WAHT Enable 10000Kbps 10000Kbps Outbound 2595 25 25 25 Inactive Status Setup WAN2 Enable 10000Kbps 10000Kbps Outbound 259 25 25 25 Inactive Status Setup Class Rule Index Name Rule Service Type Class 1 Edit Class 2 Edit Ed
58. into the Internet after installing the router and finishing the web configuration Please follow sections below to check your basic installation status stage by stage Checking if the hardware status is OK or not Checking if the network connection settings on your computer are OK or not Pinging the router from your computer Checking if the ISP settings are OK or not Backing to factory default setting if necessary If all above stages are done and the router still cannot run normally it is the time for you to contact your dealer for advanced help 6 1 Checking If the Hardware Status Is OK or Not Follow the steps below to verify the hardware status 1 Check the power line and LAN cable connections Refer to 1 3 Hardware Installation for details 2 Turn on the router Make sure the ACT LED blink once per second and the correspondent LAN LED is bright 3 If not it means that there is something wrong with the hardware status Simply back to 1 3 Hardware Installation to execute the hardware installation again And then try again Dray Tek 275 VigorlPPBX 3510 Series User s Guide 6 2 Checking If the Network Connection Settings on Your Computer Is OK or Not Sometimes the link failure occurs due to the wrong network connection settings After trying the above section if the link is stilled failed please do the steps listed below to make sure the network connection settings is OK For Windows
59. is provided by router firmware Upload System Prompt file is provided by router firmware To use such audio file you have to upload it to flash memory of the router after finishing firmware update Click this Browse button to browse and choose other audio files Restore Click this button to save the file to the router Next time the audio file will be played in IP PBX system Upload prompts to your router You can modify and customize the default system prompt by using the following steps Please follow the steps below to upload System Prompt to your router 1 Please use DOS BOX FTP client Windows built in FTP client utility to login VigorIPPBX FTP server 2 Press Enter to pass authentication 3 Type put v3510_sysprompt ivr 4 Wait for a while The message of 226 System prompts file has been uploaded successfully will appear 5 Type put v3510_ 729_sysprompt ivr 6 Wait for a while The message of 226 System prompts G7 729 file has been uploaded successfully will appear 7 Type quit to close FTP client 221 Goodbye Router will be reboot now will appear and the router will reboot VigorIPPBX 351 j j 124 igor 3510 Series User s Guide Dray Tek Please follow the steps below to upload G 729 user Prompts to your router l Please use DOS BOX FTP client Windows built in FTP chent utility to login VigorIPPBX FTP server Press Enter to pass authentication Type put v3510_ 729_userprompt ivr Wait for a wh
60. limit session Disable Click this button to close the function of limit session Default session limit Defines the default session number used for each computer in LAN Limitation List Displays a list of specific limitations that you set on this web page VigorIPPBX 351 j f 210 a igor 3510 Series User s Guide Dray Tek Start IP Defines the start IP address for limit session End IP Defines the end IP address for limit session Maximum Sessions Defines the available session number for each host in the specific range of IP addresses If you do not set the session number in this field the system will use the default session limit for the specific limitation you set for each index Add Adds the specific session limitation onto the list above Edit Allows you to edit the settings for the selected limitation Delete Remove the selected settings existing on the limitation list Index 1 15 in Schedule You can type in four sets of time schedule for your request Setup All the schedules can be set previously in Application Schedule web page and you can use the number that you have set in that web page 5 5 2 Bandwidth Limit The downstream or upstream from FTP HTTP or some P2P applications will occupy large of bandwidth and affect the applications for other programs Please use Limit Bandwidth to make the bandwidth usage more efficient In the Bandwidth Management menu click Bandwidth Limit to open the web page Bandwidth Manag
61. listed on this web page to send the corresponding message of firewall VPN User Access Call WAN Router information to Syslog Check Enable to activate function of mail alert Make a simple test for the e mail address specified in this page Please assign the mail address first and click this button to execute a test for verify the mail address is available or not The IP address of the SMTP server Assign a mail address for sending mails out Assign a path for receiving the mail from outside Check this box to activate this function while using e mail application Type the user name for authentication Type the password for authentication Check the box to send alert message to the e mail box while the router detecting the item s you specify here Click OK to save these settings For viewing the Syslog please do the following 1 Just set your monitor PC s IP address in the field of Server IP Address 2 Install the Router Tools in the Utility within provided CD After installation click on the Router Tools gt gt Syslog from program menu fay Router Tools V3 5 Dray Tek Au About Router Tools bi Firmware Upgrade Utility fy pyalog i gt Uninstall Router Tools 3 5 1 Visit DrayTek Web Site 259 VigorlIPPBX 3510 Series User s Guide 3 From the Syslog screen select the router you want to monitor Be reminded that in Network Information select the network adapter used to connect to the rou
62. mOTP function PIN Code Type the code for authentication e g 1234 Secret Use the 32 digit secret number generated by mOTP in the mobile phone e g e759bb6f0e94c7ab4fe6 This group of fields is applicable for IPSec Tunnels and L2TP with IPSec Policy when you specify the IP address of the remote node The only exception is Digital Signature X 509 can be set when you select IPSec tunnel either with or without specify the IP address of the remote node Pre Shared Key Check the box of Pre Shared Key to invoke this function and type in the required characters 1 63 as the pre shared key Digital Signature X 509 Check the box of Digital Signature to invoke this function and Select one predefined Profiles set in the VPN and Remote Access gt gt IPSec Peer Identity This group of fields is a must for IPSec Tunnels and L2TP with IPSec Policy when you specify the remote node Check the Medium DES 3DES or AES box as the security method Medium Authentication Header AH means data will be authenticated but not be encrypted By default this option is invoked You can uncheck it to disable it High Encapsulating Security Payload ESP means payload data will be encrypted and authenticated You may select encryption algorithm from Data Encryption Standard DES Triple DES 3DES and AES Local ID Specify a local ID to be used for Dial in setting in the LAN to LAN Profile setup This item is optional and can
63. mappings on behalf of some UPnP aware applications When the applications terminate abnormally these mappings may not be removed Dray Tek 225 VigorlPPBX 3510 Series User s Guide 5 6 5 IGMP IGMP is the abbreviation of Internet Group Management Protocol It is a communication protocol which is mainly used for managing the membership of Internet Protocol multicast groups For invoking IGMP Snooping function you have to check the Enable IGMP Proxy box first for activating the IGMP proxy function Applications gt gt IGMP IGMP Cl Enable IGMP Proxy WANT IGMP Proxy is to act as a multicast proxy for hosts on the LAN side Enable IGMP Proxy If you will access any multicast group But this function take no affect when Bridge Mode is enabled LJ Enable IGMP Snooping Enable IGMP Snooping multicast traffic is only forwarded to ports that have members of that group Disable IGMP snooping multicast traffic is treated in the same manner as broadcast traffic Refresh Working Multicast Groups Index Group ID Pi P P3 P4 Enable IGMP Proxy Check this box to enable this function The application of multicast will be executed through the selected WAN port In addition such function is available in NAT mode Enable IGMP Snooping Check this box to enable this function The application of multicast will be executed for the clients in LAN Group ID This field displays the ID port for the multicast group The available range for
64. mitigate the DoS attack The attacks are usually categorized into two types the flooding type attacks and the vulnerability attacks The flooding type attacks will attempt to exhaust all your system s resource while the vulnerability attacks will try to paralyze the system by offending the vulnerabilities of the protocol or operation system The DoS Defense function enables the Vigor router to inspect every incoming packet based on the attack signature database Any malicious packet that might duplicate itself to paralyze the host in the secure LAN will be strictly blocked and a Syslog message will be sent as warning if you set up Syslog server Also the Vigor router monitors the traffic Any abnormal traffic flow violating the pre defined parameter such as the number of thresholds is identified as an attack and the Vigor router will activate its defense mechanism to mitigate in a real time manner The below shows the attack types that DoS DDoS defense function can detect 1 SYN flood attack 9 SYN fragment 2 UDP flood attack 10 Fraggle attack 3 ICMP flood attack 11 TCP flag scan 4 Port Scan attack 12 Tear drop attack 5 IP options 13 Ping of Death attack 6 Land attack 14 ICMP fragment 7 Smurf attack 15 Unknown protocol 8 Trace route Below shows the menu items for Firewall Firewall Dray Tek 173 VigorlPPBX 3510 Series User s Guide 5 2 2 General Setup General Setup allows you to adjust settings of IP Fi
65. page Please specify office hours including starting point and ending point on duty day s Then click Finish to save the settings and exit the wizard IPPBX Wizard Office Hours Setup Now You can make the work time schedule of your office Hour Min When do you start working in the morning o8 00 x When do you have a rest at noon 12 00 f gt When do you start working in the afternoon 13 00 When do you leave the office 17 30 Is this schedule available at weekend O Yes No 5 After finishing the Wizard please go to IPPBX gt Extension to configure the Extension Number and the Password settings If you see the following message simply wait for a moment IP PBX gt gt Error Ay voip module not ready please wait 6 Next when the following screen appears choose one of the index numbers to configure the profile settings IP PBX gt gt Extension Internal Phone Extension Index Ext Name Email Address Outgoing Call Status SIP1 SIP2 SIP3 1 911 ke SIP4 SIPS SIP6 Y ISDN1 TE ISDN2 TE SIPI SIP2 SIP3 912 aa SIP4 SIPS SIP6 Y ISDN1 TE ISDN2 TE SIP1 SIP2 SIP3 913 rA SIP4 SIPS SIP6 Y ISDN1 TE ISDN2 TE SIP1 SIP2 SIP3 914 oe SIP4 SIPS SIPG Y ISDN1 TE ISDN2 TE SIP1 SIP2 SIP3 915 Re SIP4 SIPS SIPG Y ISDN1 TE ISDN2 TE p gt pe gt pn Dray Tek 89 VigoriPPBX 3510 Series User s Guide 7 Here Index 1 is selected The detailed settings are shown a
66. respectively Note In default WAN1 is enabled WAN2 is optional WAN gt gt General Setup General Setup WANI WAN2 Enable Enable Physical Mode Ethernet 3G USB Modem Physical Type Auto negotiation Physical Mode Physical Type Load Balance Mode Auto Weight Load Balance Mode Auto Weight Line Speed Kbps DownLink b Line Speed Kbps DownLink lo UpLink los UpLink lo As Made Active Mode Active on demand Active on demand WAN Fail WANT Fail WAN Upload speed exceed jo kbps WANI Upload speed exceed jo kbps WAN Download speed exceed jo kbps WONT Downnad speed skosad 0 kbps OK Enable Choose Yes to invoke the settings for this WAN interface Choose No to disable the settings for this WAN interface Display Name Type the description for the WAN1 WAN 2 interface Physical Mode For WAN1 the physical connection is done and fixed through Ethernet port yet the physical connection for WAN2 is done through an Ethernet port P4 or USB port Physical Mode Ethernet Ethernet S05 USB Modem To use 3G network connection through 3G USB Modem choose 3G USB Modem as the physical mode in WAN2 Next go to WAN gt gt Internet Access 3G USB Modem is available for WAN2 You can choose PPP as the access mode and click Details Page for further configuration Dray Tek 137 VigorlPPBX 3510 Series User s Guide Physical Type Load Balance Mode Line Speed Active Mode VigorIPP
67. risk bringing threat to your system For example an ActiveX control object is usually used for providing interactive web feature If malicious code hides inside it may occupy user s system Web Content Filter We all know that the content on the Internet just like other types of media may be inappropriate sometimes As a responsible parent or employer you should protect those in your trust against the hazards With Web filtering service of the Vigor router you can protect your business from common primary threats such as productivity legal liability network and security threats For parents you can protect your children from viewing adult websites or chat rooms Once you have activated your Web Filtering service in Vigor router and chosen the categories of website you wish to restrict each URL address requested e g www bbc co uk will be checked against our server database This database is updated as frequent as daily by a global team of Internet researchers The server will look up the URL and return a category to your router Your Vigor router will then decide whether to allow access to this site according to the categories you have selected Please note that this action will not introduce any delay in your Web surfing because each of multiple load balanced database servers can handle millions of requests for categorization Note The priority of URL Content Filter is higher than Web Content Filter VigorIPPBX 351 196 igor
68. set The following page will be shown Each filter set contains up to 7 rules Click on the rule number button to edit each rule Check Active to enable the rule VigorIPPBX 351 s Gui igor 3510 Series User s Guide 76 Dray Tek Firewall gt gt Filter Setup gt gt Edit Filter Set Filter Set 1 comments Filter Rule Active Comments Move Up Move Down Block NetBios Down O UP Down O UP Down O UP Down O UP Down 6 a UP Down m up Next Filter Set Filter Rule Click a button numbered 1 7 to edit the filter rule Click the button will open Edit Filter Rule web page For the detailed information refer to the following page Active Enable or disable the filter rule Comment Enter filter set comments description Maximum length is 23 character long Move Up Down Use Up or Down link to move the order of the filter rules Next Filter Set Set the link to the next filter set to be executed after the current filter run Do not make a loop with many filter sets To edit Filter Rule click the Filter Rule index button to enter the Filter Rule setup page Firewall gt gt Edit Filter Set gt gt Edit Filter Rule Filter Set 1 Rule 1 Check to enable the Filter Rule Comments Block NetBios Direction LAN gt WAM Index 1 15 in Schedule Setup Source IP ry Edit Destination IP ry Edit Service Type TCP UDP Port fram 137 139 to undefined Edit Fragments Dont Care ka Application Action Profile Syslo
69. store all your friends and family members phone numbers IP PBX gt gt Phone Book Setup Speed Dial Setup Enable Speed Dial Number Phone Number z a 4 Dfb ff h bf b 15 19 oO Enable Check the box to enable the entry Speed Dial Number Type the digit number maximum 6 in this field which can dial to the client with the phone number specified later Phone Number Type the complete phone number maximum 19 for the client that you want to dial out Trunk Choose the SIP account for the phone call to dial out 4 1 3 3 Call Barring Call barring is used to block phone calls coming from the one that is not welcomed Dray Te k 111 VigorIPPBX 3510 Series User s Guide IP PBX gt gt DialPlan Setup Call Barring Setup Index Call Direction SrrPerrrreree iy iy Phe w K Advanced Block Anonymous Block Unknown Domain Barring Type Setto Factory Default Route Schedule Status A Barring Number URL URI Click any index number to display the dial plan setup page IP PBX gt DialPlan Setup Call Barring Index No 1 Enable Call Direction Barring Type SIP URL Interface Indexf1 155 in Schedule Setup Enable Call Direction Barring Type Number or Prefix SIP URL Interface VigorIPPBX 3510 Series User s Guide IM ka Click this to enable this entry Determine the direction for the ph
70. the 2nd subnet http 192 168 1 1 Router Web Configurator Microsoft Internet Explorer 2nd DHCP Server Start IP Address IP Pool Counts 0 max 10 Index Matched MAC Address given IP Address MAC Address E f l Start IP Address Enter a value of the IP address pool for the DHCP server to start with when issuing IP addresses If the 2nd IP address of your router is 220 135 240 1 the starting IP address must be 220 135 240 2 or greater but smaller than 220 135 240 254 IP Pool Counts Enter the number of IP addresses in the pool The maximum is 10 For example if you type 3 and the 2nd IP address of your router is 220 135 240 1 the range of IP address by the DHCP server will be from 220 135 240 2 to 220 135 240 11 MAC Address Enter the MAC Address of the host one by one and click Add to create a list of hosts to be assigned deleted or edited IP address from above pool Set a list of MAC Address for 2 DHCP server will help router to assign the correct IP address of the correct subnet to the correct host So those hosts in 2 subnet won t get an IP address belonging to 1 subnet Disable deactivates the RIP protocol It will lead to a stoppage of the exchange of routing information between routers Default FIP Protocol Control Disable 1st Subnet 2nd subnet 151 VigorlIPPBX 3510 Series User s Guide DHCP Server Configuration DNS Server Configuration VigorIPPBX 35
71. the accessing protocol of the internet please choose Internet Access from WAN menu Then select PPP mode for WAN2 The following web page will be shown WAN gt Internet Access WAN 2 PPP Client Mode Enable Disable Modem Initial String Default AT amp FEOY1X18028C150 0 Modem Dial String Default ATDT 99 PPP Username Po Optional PPP Password Po Optional PPP Authentication Indexf1 15 in Schedule Setup PPP Client Mode Click Enable to activate this mode for WAN2 SIM PIN code Type PIN code of the SIM card that will be used to access Internet Modem Initial String Such value is used to initialize USB modem Please use the default value If you have any question please contact to your ISP APN Name APN means Access Point Name which is provided and required by some ISPs Type the name and click Apply Modem Dial String Such value is used to dial through USB mode Please use the default value If you have any question please contact to your ISP PPP Username Type the PPP username optional PPP Password Type the PPP password optional Dray Tek 145 VigorlIPPBX 3510 Series User s Guide PPP Authentication Choose PAP or CHAP PAP Only for authentication in PPP connection Index 1 15 Set the PCs on LAN to work at certain time interval only You may choose up to 4 schedules out of the 15 schedules pre defined in Applications gt gt Schedule setup The default setting of this filed is bl
72. the server My Vigor located on http myvigor draytek com However if you use the Web Content Filter Profile page to activate WCF feature it is necessary for you to access into the server MyVigor located on http myvigor draytek com Therefore you need to register an account on http myvigor draytek com for using corresponding service Please refer to section 4 8 for more information of creating My Vigor account Note If you have used Web Filter Activation to activate WCF service you can skip this section WCE adopts the mechanism developed and offered by certain service provider e g DrayTek No matter activating WCF feature or getting a new license for web content filter you have to click Activate to satisfy your request Be aware that service provider matching with VigorIPPBX 3510 currently offers a period of time for trial version for users to experiment If you want to purchase a formal edition simply contact with the channel partner or your dealer Click CSM and click Web Content Filter Profile to open the profile setting page The default setting for Setup Query Server Setup Test Server is auto selected You can choose another server for your necessity by clicking Find more to open http myvigor draytek com for searching another qualified and suitable one Next click the link of Test a site to verify whether it is categorized to do the verification Dray Tek 205 VigorlPPBX 3510 Series User s Guide CSM gt gt We
73. tone press outside line 0 and then press the PSTN number 87654321 The analog phone with VoIP number 88829 in Shanghai made a call to the remote mobile No 49 176999661 Press 888842 After getting through you will hear the dial tone press outside line 0 and then press the mobile No 49 176999661 e The mobile No 49 176999661 made a call to IP Phone with ext No 201 Press 12345678 After getting through you will hear the auto reply from the PBX then press the extension No 611 After getting through you can hear the dial tone then press ext No 201 The analog phone with ext No 602 made a call to IP phone with extension No 703 Press extension No 609 After getting through you will hear the dial tone then press the ext No 703 The analog phone with VoIP number 88829 in Shanghai made a call to the analog phone ext No 604 Press 888838 After getting through you will hear the dial tone then press the ext No 604 Device Port Phone Extension Number Number Number at PSTN PBX 3510 220 135 240 20 _ Port 1 FXO 888835 605 Pno sasase eoe Port 3 FXO 888837 607 Port 4 FXO 888838 608 Port 6 FXO 888840 Port 7 FXO 888841 a oT o ee Port 5x0 esessa eoo ee Pe a et Port 8 FXO 888842 Vigor3300V 61 31 167 135 Port 1 FXS 888829 ee VigorlPPBX 3510 Series User s Guide 34 Dray Tek 3 3 ISDN Application via ISDN Trunk cove o 4 TE Ports 2TE 2NT S30 ISDN
74. user defined class rules VigorIPPBX 351 214 igor 3510 Series User s Guide Dray Tek Bandwidth Management gt gt Quality of Service WANI General Setup Enable the QoS Control WAN Inbound Bandwidth 10000 Kbps WAN Outbound Bandwidth 10000 Kbps Index Class Name Reserved_bandwidth Ratio Class 1 25 lee Class 2 oe Class 3 25 k Others 2 k C Enable UDP Bandwidth Control Limited_bandwidth Ratio 25 7 C Outbound TCP ACK Prioritize Enable the QoS Control The factory default for this setting is checked Please also define which traffic the QoS Control settings will apply to IN apply to incoming traffic only OUT apply to outgoing traffic only BOTH apply to both incoming and outgoing traffic Check this box and click OK then click Setup link again You will see the Online Statistics link appearing on this page WAN Inbound Bandwidth It allows you to set the connecting rate of data input for WAN For example if the connection supports 1M of downstream and 256K upstream please set 10000kbps for this box The default value is 10000kbps WAN Outbound Bandwidth It allows you to set the connecting rate of data output for WAN For example if the connection supports 1M of downstream and 256K upstream please set 256kbps for this box The default value is 10000kbps Note The rate of outbound inbound must be smaller than the real bandwidth to ensure correct calculation of QoS It is suggested to set the bandwidth value for
75. will be done by the system automatically Refresh Seconds Refresh Click this link to refresh this page manually Index Display the number of the data flow IP Address Display the IP address of the monitored device TX rate kbps Display the transmission speed of the monitored device RX rate kbps Display the receiving speed of the monitored device Sessions Display the session number that you specified in Limit Session web page VigorIPPBX 351 s Gui 2 igor 3510 Series User s Guide 70 Dray Tek Action Block can prevent specified PC accessing into Internet within 5 minutes qe 11 Refresh Ss Sessions Action 7 Block Unblock the device with the IP address will be blocked in five minutes The remaining time will be shown on the session column ge 1 Refresh Sessions Action blocked 298 Unblock Current Peak Speed Current means current transmission rate and receiving rate for WAN interface Peak means the highest peak value detected by the router in data transmission Speed means line speed specified in WAN gt gt General Setup If you do not specify any rate at that page here will display Auto for instead Dray Te k 271 VigorIPPBX 3510 Series User s Guide 5 11 8 Traffic Graph Click Diagnostics and click Traffic Graph to pen the web page Choose WAN1 Bandwidth Sessions daily or weekly for viewing different traffic graph Click Refresh to renew the graph at any time Diagnostics g
76. will get the following setup page for an extension Note that the Allow Registration from option has two check boxes one for WAN and the other for VPN These two options are disabled by default which means this extension is not allowed registration from the interface you choose e g WAN VPN This is applied to all extensions by default IP PBX gt gt Extension Profile Internal Phone Extension Index 2 Internal Phone Extension Active Enable Disable Extension Number Display Name Authentication C Use Display Name as authentication ID Password O Enable PPTP VPN Dial In for this Number Password E mail Address send a test e mail Voice mail Password MVWI Notify User who Subscribed Force Notify User Outgoing Call Use Ospi Osr Oss Osipa Osis Ospe OrstNi OPpsTN2 Oestn3 OPSTN4 Answer Mode No answer after 60 sec then Keep Ring Busy then Do Nothing amp Not on line Do Nothing For getting the highest network security please check VPN only Dray Tek 79 VigorIPPBX 3510 Series User s Guide 3 16 How to use ACL to make the remote client registering extension number to VigorlPPBX through WAN interface If any voice gateway device e g VigorPhone 350 wants to register extension on VigorIPPBX 3510 through WAN interface remotely such registration can be done easily if the public IP address of the VigorIPPBX 3510 is entered into the remote device However any clients can ask for registration of extension to V
77. with reverse action Action Block E Block Group Object Selections The Vigor router provides several frames for users to define keywords and each frame supports multiple keywords The keyword could be a noun a partial noun or a complete URL string Multiple keywords within a frame are separated by space comma or semicolon In addition the maximal length of each frame is 32 character long After specifying keywords the Vigor router will decline the connection request to the website whose URL string matched to any user defined keyword It should be noticed that the more simplified the blocking 203 VigorlIPPBX 3510 Series User s Guide Web Feature VigorIPPBX 3510 Series User s Guide keyword list the more efficiently the Vigor router perform http 192 168_ 1 1 Group Object Edit Microsoft Internet Explorer Object Group Edit Keyword Object None y or Keyword Object None vi or Keyword Object None v or Keyword Object None or Keyword Object None or Keyword Object None or Keyword Object None vi or Keyword Object None v or Keyword Group None or Keyword Group None v or Keyword Group None vi or Keyword Group None v or Keyword Group None or Keyword Group None or Keyword Group None or Keyword Group None v Enable Restrict Web Feature Check this box to make the keyword being blocked or passed Action This setting is available only when Either U
78. with the requirements set forth in EN55022 Class A and EN55024 Class A The product conforms to the requirements of Low Voltage LVD Directive 2006 95 EC by complying with the requirements set forth in EN60950 1 Regulatory Information Federal Communication Commission Interference Statement This equipment has been tested and found to comply with the limits for a Class A digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference in a residential installation This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instructions may cause harmful interference to radio communications However there is no guarantee that interference will not occur in a particular installation If this equipment does cause harmful interference to radio or television reception which can be determined by turning the equipment off and on the user is encouraged to try to correct the interference by one of the following measures Reorient or relocate the receiving antenna Increase the separation between the equipment and receiver Connect the equipment into an outlet on a circuit different from that to which the receiver is connected Consult the dealer or an experienced radio TV technician for help This device complies with Part 15 of the FCC Rules Operation is subject to the following two conditions
79. you choose Bridged IP as the protocol you can check this box to invoke the function The router will work as a bridge modem This group allows you to obtain an IP address automatically and allows you type in IP address manually WAN IP Alias If you have multiple public IP addresses and would like to utilize them on the WAN interface please use WAN IP Alias You can set up to 8 public IP addresses other than the current one you are using WAROIP Alias Windows Internet Explorer E http192 168 1 1rdoci WIp bas htm ne WANO IP Alias Multi NAT Index Enable Aux WAN IP Join NAT IP Pool l v Ja Vv a E 3 d 4 LI 5 E 6 d i F B F Close Obtain an IP address automatically Click this button to obtain the IP address automatically if you want to use Dynamic IP mode Router Name Type in the router name provided by ISP Domain Name Type in the domain name that you have assigned Specify an IP address Click this radio button to specify some data if you want to use Static IP mode IP Address Type the IP address Subnet Mask Type the subnet mask Gateway IP Address Type the gateway IP address Default MAC Address Click this radio button to use default MAC address for the router Specify a MAC Address Some Cable service providers specify a specific MAC address for access authentication In such cases you need to click the Specify a MAC Address and enter the MAC address in the MAC Address field
80. 00ba Gf Window size It determines the size of TCP protocol 0 65535 The more the value is the better the performance will be However if the network is not stable small value will be proper Session timeout Setting timeout for sessions can make the best utilization of network resources However Queue timeout is configured for TCP protocol only session timeout is configured for the data flow which matched with the firewall rule Accept large incoming Some on line games for example Half Life will use lots of fragmented UDP packets to transfer game data Instinctively as a secure firewall Vigor router will reject these fragmented packets to prevent attack unless you enable Accept large incoming fragmented UDP or ICMP Packets By checking this box you can play these kinds of on line games If security concern is in higher priority you cannot enable Accept large incoming fragmented UDP or ICMP Packets Enable Strict Security For the sake of security you might want the router executing Firewall strict security checking for data transmission Check this box to enable such function 5 2 3 Filter Setup Click Firewall and click Filter Setup to open the setup page Firewall gt gt Filter Setup Filter Setup Setto Factory Default Set Comments set Comments ila Default Call Filter 2 Default Data Filter g EL J 4 10 J 11 6 12 To edit or add a filter click on the set number to edit the individual
81. 04 OU 50 F 42 14 7 172 16 2 60 vigorz z0 S 00 50 F A6 34 E irz 1 z vigorPro S300 OU 50 F C3 24 192 166 66 1 Vigor2900 series OO S0 F EE FF 1 lt Ul VigorIPPBX 3510 Series User s Guide Dray Tek 4 Choose Restore as the Operation Mode Firmware Upgrade Utility 3 6 2 Router IP niet A Select Router Config re Select VoIP Config er Operation Mode Password Backup Setting Time Qub Sec Firmware Upgrade Utility 3 6 2 Router IP 192 168 1 1 a Select Router Config Select YolF Config o M Look in 2 Desktop O e g Emy Documents My Computer leg Operation Mode Upgrade Backup Setting ii Restore My Recent my Network Places Documents 9 FirmwareUlpgrade W3 1 6 2 ee LE Router Tools 4 1 2 1 S5V oipModule_70101119 cfg Desktop melW3510 20101119 crg hy Documents hy Computer Ale aes V3510_ 20101119 v VigorIPPBX 3510 Series User s Guide 62 Dray Te k 6 Next click the browse button of Select VoIP Config to locate the module file for the router Choose the file of V3K52262_XXXXXXX and click Open Firmware Upgrade Utility 3 6 2 ToX Router IF feat CS Select Router Config C Documents and SettingsCarrie Desktopiv3510_20101119 crg Select VoIP Config Operation Mode Upgrade Backup Setting G Restore
82. 1 This device may not cause harmful interference and 2 This device may accept any interference received including interference that may cause undesired operation Please visit http www draytek com user AboutRegulatory php This product is designed for the ISDN and POTS network throughout the EC region and Switzerland Please see the user manual for the applicable networks on your product VigorlPPBX 3510 Series User s Guide iv Dray Tek Table of Contents Paper I PCAC Carcass S eae eaten on eee suaneuee ueueesndesuueuun 1 1 1 Web Configuration Buttons Explanation cccccccsssssssseeeeeeeeeceeseeseeeeeeeeeeessneeeeeeseeeoenenes 1 1 2 LED Indicators and Connectors ieieicinvvecsnssievescaesenwsesinevanwesesnvsasensnvedwceaseecsewenwsnesuassvndereneeesins 2 1 3 Hardware NIN S LANA OD sssi a ea ewe an eesesaweduiiinaededeehoanweesy 4 1 3 1 Introduction for FXS FXO ISDN TE ISDN NT Module cssssssssssssseseseseeeeeees 5 1TA Primier IS ta Wa OM sson aaa aaa 7 Chapter 2 Basic Settings for Accessing Internet ccscccssseessseecesseeeesseseeneeseenees 13 2 1 CHANGING PASSW ON Csccacicceeccssstecccesetigeesstacdexenasecevecececacesenedontaderiewasssvevauedstcuvenetucecmetaceccseenacs 13 2 2 Quick Start Wizard sisi neice cccesacesaunaesenicaanstnsisnenasnnnstsesaceurandssntusisisacenassnaitsisedceanedsnieiusdeesassantansanas 15 PE Fr a aa E E E EE N A A N E E EN 17 Fe ETP a E ceee potee eee eete ee eeteewe
83. 10 Series User s Guide 1st Subnet Select the router to change the RIP information of the Ist subnet with neighboring routers 2nd Subnet Select the router to change the RIP information of the 2nd subnet with neighboring routers DHCP stands for Dynamic Host Configuration Protocol The router by factory default acts a DHCP server for your network so it automatically dispatch related IP settings to any local user configured as a DHCP client It is highly recommended that you leave the router enabled as a DHCP server if you do not have a DHCP server for your network If you want to use another DHCP server in the network other than the Vigor Router s you can let Relay Agent help you to redirect the DHCP request to the specified location Enable Server Let the router assign IP address to every host in the LAN Disable Server Let you manually assign IP address to every host in the LAN Relay Agent 1 subnet 2 subnet Specify which subnet that DHCP server is located the relay agent should redirect the DHCP request to Start IP Address Enter a value of the IP address pool for the DHCP server to start with when issuing IP addresses If the Ist IP address of your router is 192 168 1 1 the starting IP address must be 192 168 1 2 or greater but smaller than 192 168 1 254 IP Pool Counts Enter the maximum number of PCs that you want the DHCP server to assign IP addresses to The default is 50 and the maximum is 253 Gatew
84. 10 Series User s Guide viii Dray Tek Chapter 1 Preface VigorIPPBX 3510 is a broadband router with WAN interface It provides policy based load balance fail over and BOD Bandwidth on Demand also it integrates IP layer QoS NAT session bandwidth management to help users control works well with large bandwidth By adopting hardware based VPN platform and hardware encryption of AES DES 3DS the router increases the performance of VPN greatly and offers several protocols such as IPSec PPTP L2TP with up to 32 VPN tunnels The object based design used in SPI Stateful Packet Inspection firewall allows users to set firewall policy with ease CSM Content Security Management provides users control and management in IM Instant Messenger and P2P Peer to Peer more efficiency than before By the way DoS DDoS prevention and URL Web content filter strengthen the security outside and control inside VigorIPPBX 3510 can provide up to 100 extensions setup to let all registered IP phones in LAN or remote sites around the world to have unlimited free calls through Internet Moreover VigorIPPBX 3510 is able to establish multiple networking architectures corresponding to your current desire and future needs of growing communication Its ISDN PSTN compatibility lets you move from simple VoIP solution such as IP phone and Softphone to integrate with comprehensive networking infrastructure such as ISDN and Analog phone line any time you need Object ba
85. 197 168 1 1 q WAN Information wWAMI IP Fixed 172 16 2 213 j wla LAN Status Tx Packets RY Packets wWANZ IP Fixed 28469 15285 Tool Setup Telnet Read outSetup Codepage Information Codepage To Select Windows Version 5 01 2600 RECOMMENDED CODEPAGE O50 ANSDOEM Traditional Chinese Bag O0al 21 00a6 7c 00a9 63 D0as 61 O0ad 2d 00ae 52 O0b2 32 00b3 33 00b9 31 OObaot Window size It determines the size of TCP protocol O 65535 The more the value is the better the performance will be However if the network is not stable small value will be proper Session timeout Setting timeout for sessions can make the best utilization of network resources However Queue timeout is configured for TCP protocol only session timeout is configured for the data flow which matched with the firewall rule DrayTek Banner Please uncheck this box and the following screen will not be shown for the unreachable web page The default setting is Enabled The requested Web page has been blocked by Web Content Filter Please contact your system administrator for further information Powered by Draytek Strict Security Checking All the packets while transmitting through Vigor router will be filtered by firewall settings configured by Vigor router When the resource is inadequate the packets will be blocked if Strict Security Checking is enabled If Strict Security Checking is not enabled then the packet
86. 2060 SIP Proxy Realm PBA com Parking Server Number re Call Pickup Number 1 RTP Local Port Start RTP Local Port End Limit SIP Request WAN Request Sec Range 0 64 However if it is required please untick the Disable registration from WAN option then register the extension via VPN tunnel for higher security You can achieve the following requests Disable registration from WAN and VPN for all extensions Enable registration from WAN and VPN for all extensions Enable registration from WAN and VPN for some extensions disable it for all the other extensions Enable registration from WAN for an extension disable registration from VPN for the Same extension Enable registration from VPN for an extension disable registration from WAN for the Same extension VigorIPPBX 3510 Series User s Guide 78 Dray Tek Disable registration from WAN and allow registration from VPN for specific extensions 1 Please uncheck Disable registration from WAN from the IP PBX gt gt PBX System gt gt SIP Proxy Setting page IP PBX gt gt PBX System SIP Proxy Setting SIP Local Part SIP Proxy Realm Parking Server Number Call Pickup Number RTP Local Port Start RTP Local Port End 20000 C Disable registration fram WAN Limit SIP Request WAN Request Sec Range 0 64 2 Then open IP PBX gt gt Extension Click any one of the index numbers 3 Now you
87. 235 VigorlIPPBX 3510 Series User s Guide be used only in IKE aggressive mode 5 7 6 LAN to LAN Here you can manage LAN to LAN connections by maintaining a table of connection profiles You may set parameters including specified connection direction dial in or dial out connection peer ID connection type VPN connection including PPTP IPSec Tunnel and L2TP by itself or over PSec and corresponding security methods etc The router supports up to 32 profiles simultaneously The following figure shows the summary table VPN and Remote Access gt gt LAN to LAN LAN to LAW Profiles Setto Factory Default Index Mame Status Index Mame Status T TTT A 17 TTT bis 2 TTT k 18 TTT g EET kt 19 TTT s 4 TTT K 20 TTT Ea J TTT k 1 TTT m TTT k f PET k i TTT A eae TTT kis TRR kt 24 eT oe ere ka 9 TTT A 10 TT k 2b TT m 1i PET ki fi TTT bis 1 TTT k 20 TTT k 13 TTT i 29 TTT A 14 eT ka 30 TTT A 13 TTT K 31 TTT E 1b TTT K a2 TTT E Set to Factory Default Click to clear all indexes Name Indicate the name of the LAN to LAN profile The symbol represents that the profile is empty Status Indicate the status of individual profiles The symbol V and X represent the profile to be active and inactive respectively Click each index to edit each profile and you will get the following page Each LAN to LAN profile includes 4 subgroups If the fields gray out it means you may leave it untouched
88. 351 j j 224 i igor 3510 Series User s Guide Dray Te k T JP Broadband Connection on Router Properties x Advanced Settings eee perpen opera General Services Connect to the Internet using Select the services running on your network that Internet users can access J IP Broadband Connection on A outer Ftp Example menmegr 192 168 29 11 13135 60654 UDP manmegr 192 168 29 11 7824 13251 UDP This connection allows you to connect to the Internet through a menmsgr 192 169 29 11 8729 63231 TCP shared connection on another computer Mere Show icon in notification area when connected ro Edit pels I E i al The reminder as regards concern about Firewall and UPnP Can t work with Firewall Software Enabling firewall applications on your PC may cause the UPnP function not working properly This is because these applications will block the accessing ability of some network ports Security Considerations Activating the UPnP function on your network may incur some security threats You should consider carefully these risks before activating the UPnP function gt Some Microsoft operating systems have found out the UPnP weaknesses and hence you need to ensure that you have applied the latest service packs and patches gt Non privileged users can control some router functions including removing and adding port mappings The UPnP function dynamically adds port
89. 6 511 2 R uting TaDIE een nn eee ee 267 S5S1L3AR P Cache Taler senssse eia T EEE ENE E ENER ENE 267 De eA IG FaN E n AE E A A 268 IBI NAT ESS ONS TADC en a au scnak cece Sactemeetenciasuacoceeten a lenaceeecesctncte 268 3110 PINO WAIN OS IS eere E 269 5 11 7 Data Flow MOnitOr cccccccccccccseecceeeeeceeeeseeeeeseeeeeeeeeeseaeeeseueeesaeeesaeeessaeeesseeeesaneeess 270 SLS TTE aD eE EEE E sais naedeaesecsantenseeeae asacs 272 ILS NAGS TOUS ean E E 272 5 12 SUPPOLLATE d Beane Ene eee eS nee Se ne ee ese ee eee eee AE 273 Chapter 6 Trouble SO OUN Geccc tess sececeneawccsesnewsncesuseceeesrcecccesssesusendsenueesdacsusestsenusesagecusast 275 6 1 Checking If the Hardware Status IS OK or NoOt cccceceeessseeeeseeeeeeseeeeeesneeeeeeeneeeneneeeees 275 6 2 Checking If the Network Connection Settings on Your Computer Is OK or Not 276 6 3 Pinging the Router from Your COMputel scceeeeeeeseeceenssseeeeeeeeeenseeeeeeseeoeeeneseeeees 278 6 4 Checking If the ISP Settings are OK or NoOt cccceeeessccssssseeeeeeseeeeensneeeeseeeeeeeneeeeees 279 6 5 Backing to Factory Default Setting If NeCeSSaPry ccccessseeesseeeeeeeeeeeeneeeeeeeeeneeneeeeees 281 6 6 Contacting Your Dealle sccceeeeeccesssneeeeeeseeeeeseeeeeeeeeeoenessneeeeeseoeessseeeseseeooensneeeeees 282 Appendix Hardware Specifications ccccsssccessesesseesseceseesesseeeseeeeneseeneeneneeseaeesenees 283 VigorlPPBX 35
90. 9 BO TAZ TAOS E E EA E E E E E EE E E 161 AA ODE PO a R 164 Chapter 5 Advanced Web Configuration ccccsssccssseseeesessseeeeenseeseesseeseenseeseesneeseoees 169 5 1 Web FINCH ACTIV AU ON saeia a E a a aA 169 S2 P EW aA E EEE E seats 172 5 2 1 Basics for FiIreWwall cccccccccsssceecseeeeeeeeeeeeeseseeeeeegeeeeseaseeeseaseeesseeseeseeeeeeseeeeessaaeeeens 172 5 2 2 General Se UDr eeii i i ie i 174 Seo FE e en E E A E E EE A 176 DAE DOS DE GIO eir E E ene Cann a rman eee ene 183 DS ODICCIS SENO Siia a 186 oS a eae 0 2161 eaa E E E E E E E E EE 186 VigorIPPBX 3510 Series User s Guide vi Dray Tek 59 2 UP Gru seccasscusiecsassceciacesestesceceuensuecedenstuneedesausuercassessdsnsanteucianeansuesveseuseanceusveteanondereeen 188 Oi DENICE EVDO ODEO eeso pcioceuiawesieloenincissicacieng EE A 190 SoA OSI VICS Type GOUD erae E E nas aqnacecetwessssady carnenweceades 191 5 3 5 Keyword ODISCE cscs scccicecispadaniassetecsosdecetedenesccyulsnenccted ANT a a E an a 192 5 3 6 Keyword GOUD senesrssrerinian nenaon E E ENEN 193 5 3 File Extensi n ODJEC rieniras 194 5A CSM aer See een eer Seer area eee eee eee eee eee 195 5 4 1 APP Enforcement Profile cccccccccsssseeceeseecceeseeeceeseecseaseeessaeeesaueeesseuseesssageeenes 197 5 4 2 URL Content Filter Profile cece ccccccsssseecceeeeeeeeeeeeeeeeeeeeaeeeeeeeeeeessaeaaeeeeeeeessaaaaes 201 5 4 3 Web Content Filter Profile ccc ccccccccsssseeeceeeeeceeeeeseeeeeees
91. AP or CHAP Server Address 10 0 0 138 Idle Timeout second s Specify Gateway IP Address IP Address Assignment Method ace Fixed IP Yes No Dynamic IP RECESS Setup Fixed IP Address od WAN IP Network Settings Password Obtain an IP address automatically Username Index 1 15 in Schedule Setup Specify an IP address gt IP Address Subnet Mask VigorIPPBX 351 s Gui 2 igor 3510 Series User s Guide 80 Dray Tek 6 5 Backing to Factory Default Setting If Necessary Sometimes a wrong connection can be improved by returning to the default settings Try to reset the router by software or hardware Q Warning After pressing factory default setting you will loose all settings you did f before Make sure you have recorded all useful settings before you pressing The password of factory default is null Software Reset You can reset the router to factory default via Web page Go to System Maintenance and choose Reboot System on the web page The following screen will appear Choose Using factory default configuration and click Reboot Now After few seconds the router will return all the settings to the factory settings System Maintenance gt gt Reboot System Reboot System Do you want to reboot your router Using current configuration Using factory default configuration Auto Reboot Time Schedule Index 1 15 in Schedule Setup Not
92. Access gt gt LAN to LAN Profile Index 1 1 Common Settings Profile Name VPN Connection Through WAN1 First Netbios Naming Packet Pass Block VigorIPPBX 3510 Series User s Guide 42 Call Direction Both Dial Out Dial In L Always on Idle Timeout 300 second s L Enable PING to keep alive Dray Tek Dray Tek Set Dial Out Settings as shown below to dial to connect to Router B aggressively with the selected Dial Out method If an IPSec based service is selected you should further specify the remote peer IP Address IKE Authentication Method and IPSec Security Method for this Dial Out connection 2 Dial Out Settings Type of Server I am calling PPTP IPSec Tunnel L2TP with IPSec Policy Server IP Host Name for VPN such as draytek com or 123 45 67 89 Password Username PPP Authentication VJ Compression On Off IKE Authentication Method Pre Shared Key IKE Pre Shared Key Digital Signature X 509 IPSec Security Method Medium AH High ESP Index 1 15 in Schedule Setup If a PPP based service is selected you should further specify the remote peer IP Address Username Password PPP Authentication and VJ Compression for this Dial Out connection 2 Dial Out Settings Type of Server I am calling punann nnnnn IPSec Tunnel L2TP with IPSec Policy Server IP Host Name for VPN such as draytek com or 123 45 67 89 220 135
93. Address Default Gateway mone to hI re l l l l l l WAN side registration Enable Yoip Module Information Firmware version 2 6 4 EN Hardware Versian 1 0 Build Date Time 2011 05 05 11 49 25 WAM 1 Connected D0 50 7F 39 7F 0F Static IF 172 16 3 131 172 16 1 1 WAN 2 Disconnected OO SO F 39 F 10 IP Address 192 168 1 249 MAC Address 00 50 7F 39 7F 12 Model Name Display the model name of the router Firmware Version Display the firmware version of the router Build Date Time Display the date and time of the current firmware build VigorlIPPBX 3510 Series User s Guide 254 Dray Tek LAN MAC Address Display the MAC address of the LAN Interface 1 IP Address Display the IP address of the LAN interface 1 Subnet Mask Display the subnet mask address of the LAN interface DHCP Server Display the current status of DHCP server of the LAN interface DNS Display the assigned IP address of the primary DNS WAN Link Status Display current connection status MAC Address Display the MAC address of the WAN Interface Connection Display the connection type IP Address Display the IP address of the WAN interface Default Gateway Display the assigned IP address of the default gateway SIP Trunk PBX System Index Profile Status Display current status for SIP profiles Dray Tek 255 VigorlPPBX 3510 Series User s Guide 5 10 2 TR 069 This device supports TR 069 standard
94. BX 3510 Series User s Guide WAN gt gt Internet Access Internet Access Index Display Name Physical Mode Access Mode WAN Ethernet Static or Dynamic IP v _ Details Page WAN2 3G USB Modem None vl You can change the physical type for WAN2 or choose Auto negotiation for determined by the system Auta negotiation ha Auto negotiation 10M half duplex 10M1 full duplex 100M1 half duplex 100M1 full duplex Physical Type If you know the practical bandwidth for your WAN interface please choose the setting of According to Line Speed Otherwise please choose Auto Weigh to let the router reach the best load balance Load Balance Mode Auto Weigh 3 Auto Weigh According to Line Speed If your choose According to Line Speed as the Load Balance Mode please type the line speed for downloading and uploading through WAN1 WAN2 The unit is kbps Choose Always On to make the WAN connection WANI WAN2 being activated always or choose Active on demand to make the WAN connection WANI WAN2 activated if it is necessary Active Mode Active on demand Active on demand If you choose Active on demand the Idle Timeout will be available for you to set for PPPoE and PPTP access modes in the Details Page of WAN gt gt Internet Access In addition there are three selections for you to choose for different purposes WAN I Fail It means the connection for WAN2 will be activated when WAN1 is failed WANI Upload sp
95. Below shows the successful activation of Web Content Filter VigorlIPPBX 3510 Series User s Guide 264 Dray Tek System Maintenance gt gt Activation Activate via interface Web Filter License Activate Status Commtouch Start Date 2010 11 18 Expire Date 2010 12 19 Authentication Message Note If you want to use email alert or syslog please configure the SysLog Mail Alert Setup page If you change the service provider the configuration of the function will be reset Activate via interface Use the drop down menu to choose the interface for accessing the server Status Display the mechanism represented with code number e g CT CF adopted by such router Start Date Display the starting date of WCF license activated successfully Expire Date Display the ending date of WCF license activated successfully Activate Click this link to access into http myvigor draytek com for activating WCF function Dray Tek 265 VigorlPPBX 3510 Series User s Guide 5 11 Diagnostics Diagnostic Tools provide a useful way to view or diagnose the status of your Vigor router Below shows the menu items for Diagnostics Diagnostics 5 11 1 Dial out Trigger Click Diagnostics and click Dial out Trigger to open the web page The internet connection e g ISDN PPPoE PPPoA etc is triggered by a package sending from the source IP address Diagnostics gt gt Dial out Trigger Dial out Triggered Packet Header Refresh HEX F
96. Both Block Either URL Access Control First Either Web Feature First None There is no log file will be recorded for this profile Pass Only the log about Pass will be recorded in Syslog Block Only the log about Block will be recorded in Syslog K Dray Tek URL Access Control Dray Tek All All the actions Pass and Block will be recorded in Syslog Enable URL Access Control Check the box to activate URL Access Control Note that the priority for URL Access Control is higher than Restrict Web Feature If the web content match the setting set in URL Access Control the router will execute the action specified in this field and ignore the action specified under Restrict Web Feature Prevent web access from IP address Check the box to deny any web surfing activity using IP address such as http 202 6 5 2 The reason for this is to prevent someone dodges the URL Access Control You must clear your browser cache first so that the URL content filtering facility operates properly on a web page that you visited before Action This setting is available only when Either URL Access Control First or Either Web Feature First is selected Pass Allow accessing into the corresponding webpage with the keywords listed on the box below Block Restrict accessing into the corresponding webpage with the keywords listed on the box below If the web pages do not match with the keyword set here it will be processed
97. Check to enable the Fator Rule Comments Block NetBios Index 1 15 im Schedule Setup Directian LAN gt WAN Source IP Any Eda Destination IP Any Eda Service Type TCP UDP Port from 137 139 to undefined Eda Fraqments Dont Care Application Action Profile Syslog Fitar Block Immediately a Branch to Other Filter Set APP Enforcement URL Content Filter Web Content Filter Advance Setting Edit K J cear _Cancel_ Dray Tek 5 2 4 DoS Defense As a sub functionality of IP Filter Firewall there are 15 types of detect defense function in the DoS Defense setup The DoS Defense functionality is disabled for default Click Firewall and click DoS Defense to open the setup page Firewall gt gt DoS defense Setup Dos defense Setup Enable DoS Defense Select All C Enable SYN flood defense Enable UDP flood defense C Enable ICMP flood defense C Enable Port Scan detection LJ Block IP options C Block Land C Block Smurf C Block trace route C Block S N fragment C Block Fraggle Attack Threshold so packets sec Timeout ho sec Threshold Em packets sec Timeout Ho SEC Threshold so packets sec Timeout ho sec Threshold Em packets sec LJ Block TEP flag scan C Black Tear Drop C Black Ping of Death C Block ICMP fragment COl Block UnknownProtocal S Enable Dos Defense Enable SYN flood defense Enable UDP flood defense Enable ICMP flood defense Dray
98. General Setup In IPSec General Setup there are two major parts of configuration There are two phases of IPSec gt Phase 1 negotiation of IKE parameters including encryption hash Diffie Hellman parameter values and lifetime to protect the following IKE exchange authentication of both peers using either a Pre Shared Key or Digital Signature x 509 The peer that starts the negotiation proposes all its policies to the remote peer and then remote peer tries to find a highest priority match with its policies Eventually to set up a secure tunnel for IKE Phase 2 gt Phase 2 negotiation IPSec security methods including Authentication Header AH or Encapsulating Security Payload ESP for the following IKE exchange and mutual examination of the secure tunnel establishment There are two encapsulation methods used in IPSec Transport and Tunnel The Transport mode will add the AH ESP payload and use original IP header to encapsulate the data payload only It can just apply to local packet e g L2TP over PSec The Tunnel mode will not only add the AH ESP payload but also use a new IP header Tunneled IP header to encapsulate the whole original IP packet Authentication Header AH provides data authentication and integrity for IP packets passed between VPN peers This is achieved by a keyed one way hash function to the packet to create a message digest This digest will be put in the AH and transmitted along with packets On the receiving s
99. IPSec Peer Identity This group of fields is a must for IPSec Tunnels and L2TP with IPSec Policy Authentication Header AH means data will be authenticated but not be encrypted By default this option is active High ESP Encapsulating Security Payload means payload data will be encrypted and authenticated Select from below DES without Authentication Use DES encryption algorithm and not apply any authentication scheme DES with Authentication Use DES encryption algorithm and apply MD5 or SHA 1 authentication algorithm 3DES without Authentication Use triple DES encryption algorithm and not apply any authentication scheme 3DES with Authentication Use triple DES encryption algorithm and apply MD5 or SHA 1 authentication algorithm AES without Authentication Use AES encryption algorithm and not apply any authentication scheme AES with Authentication Use AES encryption algorithm and apply MD5 or SHA 1 authentication algorithm Specify mode proposal and key life of each IKE phase Gateway etc The window of advance setup is shown as below 239 VigorlIPPBX 3510 Series User s Guide IKE advanced settings IKE phase 1 mode IKE phase 1 proposal IKE phase 2 proposal IKE phase 1 key lifetime IKE phase 2 key lifetime Perfect Forward Secret Local ID Main mode Aggressive mode Auto DES 28800 900 86400 3600 600 86400 Disable Enable Note If you sel
100. LAN ports but not WAN port Dray Tek 11 VigorIPPBX 3510 Series User s Guide This page is left blank VigorlPPBX 3510 Series User s Guide 12 Dray Tek Chapter 2 Basic Settings for Accessing Internet For use the router properly it is necessary for you to change the password of web configuration for security and adjust primary basic settings This chapter explains how to setup a password for an administrator and how to adjust basic settings for accessing Internet successfully Be aware that only the administrator can change the router configuration 2 1 Changing Password To change the password for this device you have to access into the web browse with default password first 1 Make sure your computer connects to the router correctly g Notice You may either simply set up your computer to get IP i dynamically from the router or set up the IP address of the computer to be the same subnet as the default IP address of Vigor router 192 168 1 1 For the detailed information please refer to the later section Trouble Shooting of this guide 2 Open a web browser on your PC and type http 192 168 1 1 A pop up window will open to ask for username and password Please type admin as the username and leave blank for the password on the window Next click OK for next screen Connect to 192 168 1 1 Login to the Router Web Configurator User name f admin Password _ Remember my password D P ay Te k 13 VigorIPPB
101. LDOdweool Lizkn ovdhed jvalSCgiqzJocKadbo nacBqEc lWochKeEsOodyDc bmt IE Tk i04SSeuY i nxswkveP Ons LIOMIGNevosvrTYu Ss0y7IJGBHHWESKEWhLRAZLOxVHI DONE L6ceTlyhed4zssrdy 6 You may review the detail information of the certificate by clicking View button Mame Local Issuer flsUSTCh Vvigor Subject femailAddress press iG idraytek comiCaTVvi0 Draytek ee yee hie Ie ONS draytek com Valid From Aug 30 23 08 43 2005 GMT Valid To Aug 30 23 17 47 2007 GMT VigorlPPBX 3510 Series User s Guide 68 Dray Tek 3 13 Request a CA Certificate and Set as Trusted on Windows CA Server 2 User imports the certificate Dray Tek User requests a certificate CAServerA CA Server B as local certificate to Vigor Router via Web GUI issued by CA Server A and Saves it Use web browser connecting to the CA server that you would like to retrieve its CA certificate Click Retrive the CA certificate or certificate recoring list 3 Microsoft Certificate Services Microsoft Internet Explorer efx BRO SEO HAV ROBEY IAM KAW ax Qr O MAO Aas ka Qa O 2 2B 3 v Eje se FED http 172 16 2 179 certsrv msn v PBRS PBA ANEA KAMAE 219 24 Hotmail X Mesenger Q HAI MSN Microsoft Certificate Services vigor Welcome You use this web site to request a certificate for your web browser e mail client or other secure program Once you acquire a certificate you will be able to securely id
102. LJ List create Remove Mote The folder name can only contain the folowing characters A z a z 0 9 _ 4 and space FTP Samba User Enable Click this button to activate this profile account for FTP service or Samba User service Later the user can use the username specified in this page to login into FTP server Disable Click this button to disable such profile Username Type the username for FTP Samba users for accessing into FTP Dray Tek server USB storage disk Be aware that users cannot access into USB storage disk in anonymity Later you can open FTP client software and type the username specified here for accessing into USB storage diskette Note Admin could not be typed here as username for the word is specified for accessing into web pages of Vigor router only Also it is reserved for FTP firmware upgrade usage Note FTP Passive mode is not supported by Vigor Router 249 VigorlIPPBX 3510 Series User s Guide Please disable the mode on the FTP client Password Type the password for FTP Samba users for accessing FTP server Later you can open FTP client software and type the password specified here for accessing into USB storage disk Confirm Password Type the password again to make confirmation Home Folder It determines the folder for the client to access into The user can enter a directory name in this field Then after clicking OK the router will create the specific new folder in
103. Mask Enable Check to enable this entry Protocol Specify the transport layer protocol It could be TCP UDP or ALL for selection WAN Interface Specify the WAN interface that will be used for this entry WAN IP Select an IP address the selections provided here are set in IP Alias List of Network gt gt WAN interface Local host can use this IP to connect to Internet VigorIPPBX 351 s Gui 1 igor 3510 Series User s Guide 66 Dray Tek If you want to choose any on of the Public IP settings you must specify some IP addresses in the IP Alias List of the Static DHCP Configuration page first If you did not type in any IP address in the IP Alias List the Public IP setting will be empty in this field When you click Apply a message will appear to inform you Private IP Assign an IP address e g 192 168 1 10 or a subnet to be compared with the Public IP address for incoming packets Subnet Mask Select a value of subnet mask for private IP address 4 4 5 Port Triggering Port Trigger is a variation of open ports function the difference is that the port trigger has the dynamic characteristics It is more secure comparing to open ports In Open Ports setting once we setup the ports be opened all traffic can go through these open ports into LAN device with Port Triggering function the ports will be opened only when specific application triggers the specific ports and then the needed ports will be opened automatically NAT gt g
104. N Interface WAN Interface WANT Display Name y Physical Mode Physical Type Auto negotiation WAN Interface Specify which interface you use for network connection Display Name Type the name for this router Physical Mode If you choose WAN2 you can specify Ethernet or 3G USB Modem as the physical mode Physical Type Choose the physical type you desired The default setting is Auto negotiation Auto negotiation iv Auto negotiation 10M half duplex 10M full duplex 100M half duplex 100M full duplex VigorlPPBX 3510 Series User s Guide 16 Dray Tek On the next page as shown below please select the appropriate Internet access type according to the information from your ISP For example you should select PPPoE mode if the ISP provides you PPPoE interface Then click Next for next step Quick Start Wizard Connect to Internet WAN 1 Select one of the following Internet Access types provided by your ISP PPPoE PPTP L2TP Static IP DHCP In the Quick Start Wizard you can configure the router to access the Internet with different protocol modes such as PPPoE PPTP L2TP Static IP or DHCP The router supports the WAN interface for Internet access 2 2 1 PPPoE PPPoE stands for Point to Point Protocol over Ethernet It relies on two widely accepted standards PPP and Ethernet It connects users through an Ethernet to the Internet with a common broadband medium such as a wireless devi
105. Notification Host IP Set the IP address of the host that will receive the trap community Trap Timeout The default setting is 10 seconds 5 10 8 Reboot System The Web Configurator may be used to restart your router Click Reboot System from System Maintenance to open the following page system Maintenance gt gt Reboot System Reboot System Do you want to reboot your router Using current configuration Using factory default configuration Auto Reboot Time Schedule Index 1 15 in Schedule Setup i Note Action and Idle Timeout settings will be ignored Index 1 15 in Schedule Setup You can type in four sets of time schedule for performing system reboot All the schedules can be set previously in Applications gt gt Schedule web page and you can use the number that you have set in that web page If you want to reboot the router using the current configuration check Using current configuration and click Reboot Now To reset the router settings to default values check Using factory default configuration and click Reboot Now The router will take 5 seconds to reboot the system Note When the system pops up Reboot System web page after you configure web settings please click Reboot Now to reboot your router for ensuring normal operation and preventing unexpected errors of the router in the future Dray Tek 263 VigorIPPBX 3510 Series User s Guide 5 10 9 Firmware Upgrade For the detailed i
106. P Yes No Dynamic IP Indexf1 15 in Schedule Setup Fixed IP Address fs i Default MAC Address WAN Connection Detection Specify a MAC Address Mode MAC Address Ping IP 172 16 1 1 oo Eo ze js 70 oz TIE 255 Bridge Mode C Enable Bridge Mode Enable Disable Click Enable for activating this function If you click Disable this function will be closed and all the settings that you adjusted in this page will be invalid ISP Access Setup Enter your allocated username password and authentication parameters according to the information provided by your ISP Username Type in the username provided by ISP in this field Password Type in the password provided by ISP in this field Index 1 15 in Schedule Setup You can type in four sets of time schedule for your request All the schedules can be set previously in Application Schedule web page and you can use the number that you have set in that web page WAN Connection Such function allows you to verify whether network connection Detection is alive or not through ARP Detect or Ping Detect Mode Choose ARP Detect or Ping Detect for the system to execute for WAN detection VigorIPPBX 3510 Seri s Gui in igor 3510 Series User s Guide 0 Dray Tek Bridge Mode PPP MP Setup IP Address Assignment Method IPCP Dray Tek Ping IP If you choose Ping Detect as detection mode you have to type IP address in this field for pinging TTL Time t
107. P Fragment Check the box to activate the Block ICMP fragment function Any Block Unknown Protocol Warning Messages Dray Tek ICMP packets with more fragment bit set are dropped Check the box to activate the Block Unknown Protocol function Individual IP packet has a protocol field in the datagram header to indicate the protocol type running over the upper layer However the protocol types greater than 100 are reserved and undefined at this time Therefore the router should have ability to detect and reject this kind of packets We provide Syslog function for user to retrieve message from Vigor router The user as a Syslog Server shall receive the report sending from Vigor router which is a Syslog Client All the warning messages related to DoS Defense will be sent to user and user can review it through Syslog daemon Look for the keyword DoS in the message followed by a name to indicate what kind of attacks is detected System Maintenance gt gt SysLog Mail Alert Setup SysLog Mail Alert Setup SysLog Access Setup Mail Alert Setup Enable Enable Server IP Address 192 168 1 115 SMTP Server Destination Port 514 Mail To Enable syslog message Return Path i Firewall Log O Authentication VPN Log User Name User Access Log Password Call Log Enable E Mail Alert WAN Log O Dos Attack Router DSL information C IM P2P i DrayTek Syslog 3 7 0 Controls 192 168 1 1 w lt WAN Status Gat
108. PBX 3510 Series User s Guide For Block Unknown Domain this function can block incoming calls from unrecognized domain that is not specified in SIP accounts Such controlling also can be done based on preconfigured schedules IP PBX gt gt DialPlan Setup Call Barring Block Unknown Domain Enable Index 1 15 in Schedule Setup Note If the domain of the incoming call is different from the domain found in SIP accounts the call should be blocked 4 1 4 PBX System This page allows you to set relational advanced settings for IP PBX device IP PBX gt gt PBX System PEX System SIP Proxy Setting Hunt Group Voice Mail Configuration Office Hours Auto Attendant Wizard Prompt Maintenance Tone Setting Phone Setting 4 1 4 1 SIP Proxy Setting To make the IP phone to be registered in IP PBX device successfully it is necessary for the users to configure settings in this page IP PBX gt gt PBX System SIP Proxy Setting SIP Local Port S060 SIP Proxy Realm PBs com Parking Server Number te Call Pickup Number RTP Local Port Start 15050 RTP Local Port End 20000 L Disable registration from WAN Cl Limit SIP Request WAN Request Sec Range 1 64 m JE E 7 i O Enable ACL white list for WAN IP Motel The Call Pickup Number used for both specific number pickup and group pickup Note To permit remote WAN side extensions you must enable registration from WAN option and a
109. PSec Tunnel L2TP with IPSec Policy Server IP Host Name for YPN such as 5551234 draytek com or 123 45 67 89 220 135 240 210 Link Type Ak by Password PPP Authentication YJ Compression On Off IKE Authentication Method Pre Shared Key IKE Pre Shared Key Digital Signature x 509 IPSec Security Method Medium AH High ESP Index 1 15 in Schedule Setup If a PPP based service is selected you should further specify the remote peer IP Address Username Password PPP Authentication and VJ Compression for this Dial Out connection 2 Dial Out Settings Type of Server I am calling PPTP IPSec Tunnel L2TP with IPSec Policy Server IP Host Name for VPN such as draytek com or 123 45 67 89 220 135 240 210 Username draytek Password eocccece PPP Authentication PAP CHAP v VJ Compression On O Off IKE Authentication Method Pre Shared Key Digital Signature X 509 IPSec Security Method Medium AH High ESP Index 1 15 in Schedule Setup r r 6 Set Dial In settings to as shown below to allow Router B dial in to build VPN connection 40 Dray Tek If an IPSec based service is selected you may further specify the remote peer IP Address IKE Authentication Method and IPSec Security Method for this Dial In connection Otherwise it will apply the settings defined in IPSec General Setup abov
110. Phone ISDN Phone A t Ext801 j IP Phone E SIP Trunk Pte ee pearrer Ext 307asipserver ISDN Phone Sate Ext 803 X ISDN Phone By Ext 804 Gs Registered IP phone or analog phone SIP Server lt Ext 302 sipserver 3 m aie Shanghai C The establishment of IP registration is made through WAN port Ext 307 and 302 are registered at a SIP server The remote IP based phone with ext 301 is registered at a SIP server too The ISDN Phone with ext No 801 802 803 and 804 are connected to ISDN PBX ISDN Phone with extension No 801 ISDN Phone with extension No 802 ISDN Phone with extension No 803 ISDN Phone with extension No 804 The analog phone with VoIP number 302 in Shanghai made a call to the remote ISDN Phone Ex 801 Dial to SIP trunk number 307 then dial ISDN trunk number 0 to connect to ISDN PBX After getting through you can hear the dial tone press ext No 801 Dray Tek 35 VigoriPPBX 3510 Series User s Guide 3 4 ISDN Application with All ISDN TE Ports ISDN Trunk Ext 0 4 TE Ports 4 TE Ports VigoriPPBX 3510 IP Phone Ext 301 asipserver SIP Trunk oo Ext 30r iisipserver ISDN Phone A Ext 304 Registered IP phone or analog phone SIP Server Shanghai Office The establishment of IP registration is made through WAN port Ext 307 and 302 are registered at a SIP server The remote IP based phone with ext 301 i
111. Please A Dray Tek Trunks MSN Numbers for the Router Answer mode Phone CLIR CLIP Dray Tek check the one s you want The available boxes listed here will be changed according to the FXS FXO ISDN module inserted to VigorIPPBX 3510 This is privilege settings for this trunk line When an incoming call connects to IPPBX via this line it can use other trunk line to make phone calls with the trunk line box checked here MSN Numbers mean that the router is able to accept only number matched incoming calls In addition MSN services should be supported by local ISDN network provider The router provides ten fields for MSN numbers Note that MSN services must be acquired from your local telecommunication operators By default MSN function is disabled If you leave the fields blank all incoming calls will be accepted without number matching Specify the way to process incoming phone calls which matched the MSN number for router Auto Attendant ha Auto Attendant Foward To Extension Foward To Group Auto Attendant The incoming call would be picked by router automatically You could hear IVR voice to remind you to dial extension number you want to reach Forward to Extension The incoming call would be forwarded to the extension number you setup directly Forward to Group If you have setup group extension number in web page Hunt Group the incoming call could be forwarded to the group extension number you se
112. Po Own Number means that the router will tell the remote end the ISDN number when it s placing an outgoing call Allow to access these Trunks Ospi Clsipe Osipa Osips Osips Osips CIFPSTN1i O FPSTN2 LIPSTN3 LIPSTN4 CI ISON TE1 ISON TE2 ISODN TE3 LJ ISDN TE4 ISDN MSN MSN Numbers for the router Index Phone Answer lode CLIR CLIP lt lt 4 6 Oo Auto Attendant 7 Oo Auto Attendant 5 Oo Auto Attendant g Oooo Auto Attendant 4 4 4 lt m NNN m NNN MSN Numbers means that the router is able to accept number mathed incoming calls In MSN service should be supported by the local ISON network provider Office hours answer mode Non office hours answer mode Own Number Allow to access these VigorIPPBX 3510 Series User s Guide Set the answering mode for such outside line in office time You can specify it with Auto Attendant AA or forward it to any Extension or Group directly Auto Attendant Auto Attendant Foward To Extension Foward To Group Set the answering mode for such outside line in non office time You can specify it with Auto Attendant AA or forward it to any Extension or Group directly Auto Attendant ha Auto Attendant Foward To Extension Foward To Group Enter your ISDN number Every outgoing call will carry the number to the receiver There are several settings for SIP trunks PSTN trunks and ISDN trunks for you to specify for such extension
113. Public IP Address from ISP In deployment the PPP Point to Point style authentication and authorization is required for bridging customer premises equipment CPE Point to Point Protocol over Ethernet PPPoE connects a network of hosts via an access device to a remote access concentrator or aggregation concentrator This implementation provides users with significant ease of use Meanwhile it provides access control billing and type of service according to user requirement When a router begins to connect to your ISP a serial of discovery process will occur to ask for a connection Then a session will be created Your user ID and password is authenticated via PAP or CHAP with RADIUS authentication system And your IP address DNS server and other related information will usually be assigned by your ISP 4 2 2 Network Connection by 3G USB Modem For 3G mobile communication through Access Point is popular more and more VigorIPPBX 3510 adds the function of 3G network connection for such purpose By connecting 3G USB Modem to the USB port of VigorIPPBX 3510 it can support HSDPA UMTS EDGE GPRS GSM and the future 3G standard HSUPA etc VigorIPPBX 3510 with 3G USB Modem allows you to receive 3G signals at any place such as your car or certain location holding outdoor activity and share the bandwidth for using by more people Users can use four LAN ports on the router to access Internet Mobile Cafe Hotspot AN as i H R sw Web surfi
114. RL Access Control First or Either Web Feature Firs is selected Pass allows accessing into the corresponding webpage with the keywords listed on the box below Pass Allow accessing into the corresponding webpage with the keywords listed on the box below Block Restrict accessing into the corresponding webpage with the keywords listed on the box below If the web pages do not match with the specified feature set here it will be processed with reverse action Cookie Check the box to filter out the cookie transmission from inside to outside world to protect the local user s privacy Proxy Check the box to reject any proxy transmission To control efficiently the limited bandwidth usage it will be of great value to provide the blocking mechanism that filters out the multimedia files downloading from web pages Upload Check the box to block the file upload by way of web page File Extension Profile Choose one of the profiles that you configured in Object Setting gt gt File Extension Objects previously for passing or blocking the file downloading A Dray Tek Mone we Mone 5 4 3 Web Content Filter Profile There are three ways to activate WCF on vigor router using Advanced gt gt Web Filter Activation by means of CSM gt gt Web Content Filter Profile or via System Maintenance gt gt Activation Web Filter Activation allows you to use trial version or update the license of WCF directly without accessing into
115. S LAN Status VigoriPPBX 3510 Series User s Guide 28 Dray Tek IP Address TX Packets RX Packets WAN 1 2 Status Enable Line Name Mode Up Time IP GW IP TX Packets TX Rate RX Packets RX Rate Display the IP address of the LAN interface Display the total transmitted packets at the LAN interface Display the total number of received packets at the LAN interface Display if such WAN interface is enabled or not Display the physical connection Ethernet of this interface Display the name set in WAN page Display the type of WAN connection e g PPPoE Display the total uptime of the interface Display the IP address of the WAN interface Display the IP address of the default gateway Display the total transmitted packets at the WAN interface Display the speed of transmitted octets at the WAN interface Display the total number of received packets at the WAN interface Display the speed of received octets at the WAN interface Note The words in green mean that the WAN connection of that interface is ready for accessing Internet the words in red mean that the WAN connection of that interface is not ready for accessing Internet 2 5 Saving Configuration Each time you click OK on the web page for saving the configuration you can find messages showing the system interaction with you Ready indicates the system is ready for you to input settings Settings Saved means your settings are saved once you click Fin
116. Select All Sort Refresh IP Bind List Select All Sort IP Address 192 168 1 10 Add and Edit IP Address fo Mac Address WoW oe Enable Disable Strict Bind ARP Table Add and Edit Refresh IP Bind List Dray Tek Mac Address O0 0OE 46 2A D5S Al Click this radio button to invoke this function However IP MAC which is not listed in IP Bind List also can connect to Internet Click this radio button to disable this function All the settings on this page will be invalid Click this radio button to block the connection of the IP MAC which is not listed in IP Bind List This table is the LAN ARP table of this router The information for IP and MAC will be displayed in this field Each pair of IP and MAC address listed in ARP table can be selected and added to IP Bind List by clicking Add below IP Address Type the IP address that will be used for the specified MAC address Mac Address Type the MAC address that is used to bind with the assigned IP address It is used to refresh the ARP table When there is one new PC added to the LAN you can click this link to obtain the newly ARP table information It displays a list for the IP bind to MAC information 157 VigorlIPPBX 3510 Series User s Guide Add It allows you to add the one you choose from the ARP table or the IP MAC address typed in Add and Edit to the table of IP Bind List Edit It allows you to edit and modify the selected IP addres
117. Taskbar and Start Menu a 3 _ Je m 5 o Help and Support 7 Run i Log OFF coco lee gt Turn OFF Computer Internet Explorer Dray Tek 7 VigorIPPBX 3510 Series User s Guide 3 Open File gt Add a New Computer A welcome dialog will appear Please click Next Add Printer Wizard Welcome to the Add Printer Q Wizard This wizard helps you install a printer or make printer connections If you have a Plug and Play printer that connects I through a USB port or any other hot pluggable port such as IEEE 1394 infrared and so on you do not need to use this wizard Click Cancel to close the wizard and then plug the printer s cable Edit View Favorites Tools into your computer or point the printer toward your Add Printer T computer s infrared port and turn the printer on Server Properties S P Sea Windows will automatically install the printer for you Set Up Faxing S Printers and Faxes To continue click Next Create Shortcut Delete Rename Properties ROR Cancel Close m 4 Click Local printer attached to this computer and click Next Add Printer Wizard Local or Network Printer The wizard needs to know which type of printer to set up Select the option that describes the printer you want to use _ Automatically detect and install my Plug and Play printer A network printer or a printer attached to another compute
118. Tek Check the box to activate the DoS Defense Functionality Select All Check this box to select all of the items listed below Check the box to activate the SYN flood defense function Once detecting the Threshold of the TCP SYN packets from the Internet has exceeded the defined value the Vigor router will start to randomly discard the subsequent TCP SYN packets for a period defined in Timeout The goal for this is prevent the TCP SYN packets attempt to exhaust the limited resource of Vigor router By default the threshold and timeout values are set to 50 packets per second and 10 seconds respectively Check the box to activate the UDP flood defense function Once detecting the Threshold of the UDP packets from the Internet has exceeded the defined value the Vigor router will start to randomly discard the subsequent UDP packets for a period defined in Timeout The default setting for threshold and timeout are 150 packets per second and 10 seconds respectively Check the box to activate the ICMP flood defense function Similar to the UDP flood defense function once if the Threshold of ICMP packets from Internet has exceeded the defined value the router will discard the ICMP echo requests coming from the Internet The 183 VigorlIPPBX 3510 Series User s Guide Enable PortScan detection Block IP options Block Land Block Smurf Block trace router Block SYN fragment Block Fraggle Attack Block TCP flag scan Bloc
119. US client function The following figure shows the summary table VPN and Remote Access gt gt Remote Dial in User Remote Access User Accounts Setto Factory Default Index User Status Index User Status 1 TT k Vf TTT k 2 777 w 18 P23 ri 3 TT a 1 TTT k 4 TT a 20 TTT E D TT k 21 TT k G ETF e 2 TTT k f TTF k 23 TT k 8 77 ri 24 p25 ri 9 oo e 25 Pia 10 TT e 26 TTT k TL TT k ff TTT k 12 TTF k 28 TT k 13 TTF k 29 TTT k id TTF k 30 TTT as 15 TT k ani TTT k 16 TT e az TTT k Set to Factory Default Click to clear all indexes Index Click the number below Index to access into the setting page of Remote Dial in User User Display the username for the specific dial in user of the LAN to LAN profile The symbol represents that the profile is empty Status Display the access state of the specific dial in user The symbol V and X represent the specific dial in user to be active and inactive respectively Click each index to edit one remote user profile Each Dial In Type requires you to fill the different corresponding fields on the right If the fields gray out it means you may leave it untouched The following explanation will guide you to fill all the necessary fields Dray Tek 333 VigorlPPBX 3510 Series User s Guide VPN and Remote Access gt gt Remote Dial in User Index No 1 User account and Authentication Username 999 C Enable this account oe eee z ER C Enable Mobile O
120. Wizard Please confirm your settings WAN Interface Physical Mode Physical Type Internet Access WANT Ethernet Auto negotiation PPTP Click Back to modify changes if necessary Otherwise click Finish to save the current settings and restart the Vigor router Click Finish A page of Quick Start Wizard Setup OK will appear Then the system status of this protocol will be shown VigorIPPBX 3510 Series User s Guide Quick Start Wizard Setup OK E Dray Tek 2 2 3 Static IP Click Static IP as the protocol Type in all the information that your ISP provides for this protocol Quick Start Wizard Static IP Client Mode WAN 1 Enter the Static IP configuration probided by your ISP WAN IP 172 16 3 229 Subnet Mask 266 255 0 0 Gateway 172 16 3 229 Primary DNS Secondary DNS optional WANIP Address Type the IP address Subnet Mask Type the subnet mask Gateway Type the gateway IP address Primary Secondary Type in the primary IP address for the router if you want to use DNS Static IP mode If necessary type in secondary IP address for necessity in the future After finishing the settings in this page click Next to see the following page Quick Start Wizard Please confirm your settings WAN Interface WAN Physical Mode Ethernet Physical Type Auto negotiation Internet Access Static IP Click Back to modify changes if necessary Otherwise click Finish to save the current se
121. X 3510 Series User s Guide 3 Now the Main Screen will pop up VigorIPPBX 3510 Dray Tek A System Status Quick Start Wizard Model Name VigorlPPBX 3510 Firmware Version 3 5 5 2 Build Date Time Apr 27 2011 10 23 18 LAN WAN 1 MAC Address 00 50 7F 39 7F 0E Link Status Connected ist IP Address 192 168 1 1 MAC Address 00 50 7F 39 7F 0F ist Subnet Mask 255 255 255 0 Connection Static IP DHCP Server Yes IP Address 172 16 3 131 DNS 168 95 1 1 Default Gateway 172 16 1 1 SIP Trunk PBX SYSTEM Index Profile Status 1 pe eam 2 nema PAR 3 maa in fan oa 4 ama ma Product Registration a B WAN side registration Disable Yoip Module Information Firmware Version 2 6 4 EN Hardware Version 1 0 Build Date Time 2011 05 05 11 49 25 lt IP Address 192 168 1 249 4 Goto Advanced page and choose System Maintenance gt gt Administrator Password System Maintenance gt gt Administrator Password Setup Administrator Password Old Password New Password Confirm Password 5 Enter the login password the default is blank on the field of Old Password Type New Password and Confirm Password Then click OK to continue 6 Now the password has been changed Next time use the new password to access the Web Configurator for this router Connect to 192 168 1 1 Login to the Router Web Configurator User name admin Password eeee C Remember my password
122. again Click this button to import a saved file as the certification information Click this button to refresh the information listed below Click this button to view the detailed settings for certificate request After clicking Generate the generated information will be displayed on the window below Certificate Management gt gt Local Certificate x509 Local Certificate Configuration Name Local Subject Status f C TWYST HS 0 Draytek OU RD Requesting GENERATE IMPORT REFRESH Dray Tek 509 Local Certificate Request 245 Modify HITBnTCCAQYC AQAWETELNARGALUEBANCVF exc zAJBQNVBAGTAKhHTMRAWDQYDVOOK EwdEcmF 5dGVr W0swCOYDVOOLEWISRDEINCAGCS qGS IbSDOEJARYTc3VweGoydEBk cmF 5dGV r LnlvbTCBnzaNbgkqhkiGowOBAQEF AAOB7OQAWwGYKCQGYEAyZELVTVBytix OTS 23 20dwlRe ltvlHnV um MFCOySx EZEWNEG4 6 7d0G 1LS avd TaduHhoOc40NWx02 MASVORt 7AbNOdYnsSpixkr OF gkonkbMLdaghi0o0c ls YN smGbh4N Pho4VMolva dKiyaPtyp 02 0WsCddeh Hef3 Ys8mb0C awE sabe AANAOGCS GS Ibs DOEBBOULASGE AGNEBSO T 1Y445sqgkiwillnkHIvdFLDOdweool zL1lzkn ovdhed jvalScgiqzeJocKabo7 nac BgEc lWOchKEZsEsSOdyDcemt f7R 1045SeuTinxswave ons LIMIGHSyosvrTYu sOvJIGBHHWESEWhLREASZLOxvVH Donk l ceTlybedsssrdyw VigorIPPBX 3510 Series User s Guide 5 8 2 Trusted CA Certificate Trusted CA certificate lists three sets of trusted CA certificate Certificate Management gt gt Trusted CA Certificate X509 Trusted CA Certificate Configuration Name Subjec
123. ail nD Am Aan 46 47 48 49 50 lt 1 50 51 100 101 150 151 200 201 250 251 300 301 350 351400 401450 451 500 507 550 551 600 6017 650 651 700 701 750 751 800 801 950 851 900 901 950 951 1000 gt gt CDR Export Click the Export button to export the call detail records as a file Refresh Click it to reload the page VigorIPPBX 3510 Seri s Gui 134 igor 3510 Series User s Guide 3 Dray Tek 4 1 5 2 Extension Monitor This page displays owner s name IP address status and peer ID for each extension number IP PBX gt gt PBX Status Extension Monitor Pefresh Seconds 10 Refresh Index Mame Extension IP Status Peer ID 1 101 101 192 168 1 16 Online 2 102 102 Offline 3 H S55 Offline 4 aig eo Offline 5 Se a Offline E ane aa Offline 7 aie Offline a en Offline g o Offline 10 Offline lt lt 1 10 11 20 21 30 31 40 41 50 51 60 61 70 71 80 81 90 91 100 101 108 gt gt Next gt gt Refresh Click it to reload the page 4 2 WAN Quick Start Wizard offers user an easy method to quick setup the connection mode for the router Moreover if you want to adjust more settings for different WAN modes please go to WAN group and click the Internet Access link 4 2 1 Basics of Internet Protocol IP Network IP means Internet Protocol Every device in an IP based Network including routers print server and host PCs needs an IP address to identify its
124. alias function to record these IPs first Then use address mapping function to map specific private IP to specific WAN IP alias For example you have IP addresses ranging from 86 123 123 1 86 123 123 8 However your router uses 86 123 123 1 and the rest of the IPs are recorded in WAN IP alias You want that private IP 192 168 1 10 can use 86 123 123 2 as source IP when it sends packet out to Internet You can use address mapping function to achieve this demand Simply type 192 168 1 10 as the Private IP and type 86 123 123 2 as the WAN IP Dray Tek 165 VigorlPPBX 3510 Series User s Guide NAT gt gt Address Mapping Address Mapping Setup Setto Factory Default Index Protocol Public IP Private IP Mask Status L ALL 0 0 0 0 32 x PA ALL 0 0 0 0 32 x 3 ALL 0 0 0 0 32 x 4 ALL 0 0 0 0 32 x 5 ALL 0 0 0 0 32 x 6 ALL 0 0 0 0 32 x T ALL 0 0 0 0 32 x 8 ALL 0 0 0 0 32 x 9 ALL 0 0 0 0 32 x 10 ALL 0 0 0 0 32 x Protocol Display the protocol used for this address mapping Public IP Display the public IP address selected for this entry e g 86 123 123 2 Private IP Display the private IP set for this address mapping e g 192 168 1 10 Mask Display the subnet mask selected fro this address mapping Status Display the status for the entry enable or disable Click the index number link to open the configuration page NAT gt gt Address Mapping Index No 1 C Enable Protocol WAN Interface WAN IP Subnet
125. ally equivalent product of equal value and will be offered solely at our discretion This warranty will not apply if the product is modified misused tampered with damaged by an act of God or subjected to abnormal working conditions The warranty does not cover the bundled or licensed software of other vendors Defects which do not significantly affect the usability of the product will not be covered by the warranty We reserve the right to revise the manual and online documentation and to make changes from time to time in the contents hereof without obligation to notify any person of such revision or changes Web registration is preferred You can register your Vigor router via http www draytek com Due to the continuous evolution of DrayTek technology all routers will be regularly upgraded Please consult the DrayTek web site for more information on newest firmware tools and documents http www draytek com iii VigorlIPPBX 3510 Series User s Guide European Community Declarations Manufacturer DrayTek Corp Address No 26 Fu Shing Road HuKou Township HsinChu Industrial Park Hsin Chu County Taiwan 303 Product VigorIPPBX 3510 DrayTek Corp declares that VigorIPPBX 3510 of routers are in compliance with the following essential requirements and other relevant provisions of R amp TTE Directive 1999 5 EEC The product conforms to the requirements of Electro Magnetic Compatibility EMC Directive 2004 108 EC by complying
126. ame of the specified PC Refresh Click it to reload the page 9 11 5 NAT Sessions Table Click Diagnostics and click NAT Sessions Table to open the setup page Diagnostics gt gt NAT Sessions Table WAT Active Sessions Table Refresh Private IP Port It indicates the source IP address and port of local PC Pseudo Port It indicates the temporary port of the router used for NAT a VigorlPPBX 3510 Series User s Guide 68 Dray Tek Peer IP Port It indicates the destination IP address and port of remote host Interface It displays the representing number for different interface Refresh Click it to reload the page 5 11 6 Ping Diagnosis Click Diagnostics and click Ping Diagnosis to pen the web page Diagnostics gt gt Ping Diagnosis Ping Diagnosis Mote If you want to ping a LAN PC or you don t want to specify which WAR to ping through please select Unspecified Ping through Unspecified Ping to Host IP V 1P Address oooO Run Result Clear Ping through Use the drop down list to choose the WAN interface that you want to ping through or choose Unspecified to be determined by the router automatically Ping to Use the drop down list to choose the destination that you want to ping IP Address Type in the IP address of the Host IP that you want to ping Run Click this button to start the ping work The result will be displayed on the screen Clear Click this link to remove the result o
127. ank it means that all the destination IPs will be passed through the WAN interface Dest Port Start Type the destination port start for the destination IP Dest Port End Type the destination port end for the destination IP If this field is blank it means that all the destination ports will be passed through the WAN interface 4 3 LAN Local Area Network LAN is a group of subnets regulated and ruled by router The design of network structure is related to what type of public IP addresses coming from your ISP 4 3 1 Basics of LAN The most generic function of Vigor router is NAT It creates a private subnet of your own As mentioned previously the router will talk to other public hosts on the Internet by using public IP address and talking to local hosts by using its private IP address What NAT does is to translate the packets from public IP address to private IP address to forward the right packets to the right host and vice versa Besides Vigor router has a built in DHCP server that assigns private IP address to each local host See the following diagram for a briefly understanding Internet CR DHCP Server Public IP Address Private Subnet Router IP Addre VigorIPPBX 3510 Series User s Guide 148 Dray Tek In some special case you may have a public IP subnet from your ISP such as 220 135 240 0 24 This means that you can set up a public subnet or call second subnet that each host is equipped with a public IP a
128. ank and the function will always work 4 2 5 Load Balance Policy This router supports the function of load balancing It can assign traffic with protocol type IP address for specific host a subnet of hosts and port range to be allocated in WANI or WAN2 interface The user can assign traffic category and force it to go to dedicate network interface based on the following web page setup Twenty policies of load balance are supported by this router Note Load Balance Policy is running only when both WAN and WAN2 are activated WAN gt Load Balance Policy Load Balance Policy Dest Dest src IP SrcIP DestIP Dest IP Move Move Index Enable Protocol WAN Start End Start End Port Port Up Down Start End 1 oo Down 2 D UP Down 2 oO UP Down soo UP Down 5 oo UP Down so UP Down ro UP Down s oo UP Down 2 D UP Down 0 oO UP Down lt lt 1 40 11 20 gt gt Next gt gt Index Click the number of index to access into the load balance policy configuration web page Enable Check this box to enable this policy Protocol Use the drop down menu to change the protocol for the WAN interface WAN Use the drop down menu to change the WAN interface Src IP Start Displays the IP address for the start of the source IP Src IP End Displays the IP address for the end of the source IP l 14 VigorlPPBX 3510 Series User s Guide 6 Dray Tek Dest IP Start Dest IP End Dest Port Start Dest Port End Displays the IP address for the sta
129. artners Contact Us Home gt Support gt Downloads Downloads Firmware Downloads Model Name Firmware Version Release Date Firmware Vigor120 series 3 2 2 1 26 06 2009 Vigor2100 series 2 6 2 26 02 2008 Vigor2104 series p Aa a 13 02 2008 Vigor2110 series 3 3 0 25 06 2009 Datasheet Vigor2200 X W E 2 3 11 22 09 2004 R amp TTE Certification Vigor2200Eplus 2 5 7 18 02 2009 Vigor2200USB 2 3 10 16 03 2005 3 Click on the link of Firmware Upgrade Utility to download the tool After downloading the file please decompressed it onto your host About DrayTek Products Support Education Partners Contact Us Home gt Support gt Utility Utility Downloads Tools Name Release Date Version os Release Note Introduction Firmware DialPlan 2007 12 24 3 5 Lite MS Wind Driver ows pw SS Utility DrayTek IPPBX Voic 2010 09 06 1 0 0 Windows p e Prompt Utility XP Introduction Windows 7 Character sets USB dis c DrayTek Softphone 2010 08 31 1 0 0 Windows y l XP as Datasheet ON Product Matrix Vista Windows R amp TTE Certification 7 Firmware Upgrade U f 2010 07 27 3 6 2 Windows y tility XP Windows Vista Windows 7 Dray Te k 37 VigorIPPBX 3510 Series User s Guide 4 Double click on the FrmUpg icon Firmware File Po VoIP Module File ee Operation Mode Password Backup Setting Time Qut Sec Restore 6 Cl
130. as DrayTek s portal site for O Product the latest products and services in network security including Anti UserName My Information virus Anti Spam Web Content Filter etc The products and functions Password VigorPro that are supported in this site include pers VigorPro Unified Security Firewall series Qbk aVd e Activation of Commtouch GiobalView Web Content Filter If you can t read the AuthCode click here license key e Activation of DT Anti Virus license key e Activation of Kaspersky Anti Virus license key b Forget password uL e Activation of Commtouch membership Anti Spam license key and Not registered yet Click here Vigor routers for models that support Commtouch e Activation of Commtouch GiobalView Web Content Filter license key The MyVigor website contains a trail version of Commtouch GlobalView Web Content Filter which allows the users to set filters to block out undesirable web pages in the Internet jungle Please use IE 5 0 or above resolution 1024 768 for best More customer oriented services are planned for MyVigor site for the display DrayTek Corp near future VigorlPPBX 3510 Series User s Guide 74 Dray Tek 2 Check to confirm that you accept the Agreement and click Accept Create an account Please enter personal profile Personal Information P etferences 1 Agreement Draytek provides Myvigor myvigor draytek com service according to this agreement
131. ask 255 255 0 0 Gateway IP Address 172 16 1 1 DNS Server IP Address Primary IP Address 172 16 3 15 Secondary IP Address 172 156 2 16 Default MAC Address Specify a MAC Address MAT Address o 6o fre 5 Click Enable for activating this function If you click Disable this function will be closed and all the settings that you adjusted in this page will be invalid Normally this function is designed for Dynamic IP environments because some ISPs will drop connections 1f there is no traffic within certain periods of time Check Enable PING to keep alive box to activate this function PING to the IP If you enable the PING function please specify the IP address for the system to PING it for keeping alive PING Interval Enter the interval for the system to execute the PING operation Such function allows you to verify whether network connection is alive or not through ARP Detect or Ping Detect Mode Choose ARP Detect or Ping Detect for the system to execute for WAN detection Ping IP If you choose Ping Detect as detection mode you have 142 Dray Tek RIP Protocol Bridge Mode WAN IP Network Settings Dray Tek to type IP address in this field for pinging TTL Time to Live Type a value for connection time to live Routing Information Protocol is abbreviated as RIP RFC1058 specifying how routers exchange routing tables information Click Enable RIP for activating this function If
132. ass Ol jse Ol alx Cl viv ace rar J bas Cl ser CI dib LJ pex Lavi orm Pipa Cl ram LJ jad Ll jsp Ol apb C vrm Aar B bat LI gif Ol pic Cl mow Lo wri Cau C1 vox LJ jar C jtk F ass C bzip2 LJ zip L corm LI jpeg Cl pict L mpe Ll 3gp LJ mp3 C way LJ jav ocx LJ bz2 exe File Extensions LI jpg L png Cl mpeg Ll 3gpp Cl m4a Cl wma C java Cl olb Ol cab Cl inf Type a name for this profile LI jpg2 C tif mpg Ll 3gpp2 LJ m4p L jem ole C pif CO jp2 C1 tiff LI mp4 L 3g2 C ogg LJ js C1 tlb L gzip LJ reg Type a name for such profile and check all the items of file extension that will be processed in the router Finally click OK to save this profile 5 4 CSM CSM is an abbreviation of Content Security Management which is used to control IM P2P usage filter the web content and URL content to reach a goal of security management APP Enforcement As the popularity of all kinds of instant messenger application arises communication cannot become much easier Nevertheless while some industry may leverage this as a great tool to connect with their customers some industry may take reserve attitude in order to reduce employee misusage during office hour or prevent unknown security leak It is similar situation for corporation towards peer to peer ap
133. ave selected one private IP from the above dialog the IP address will be shown on the following screen Click OK to save the setting NAT gt gt DMZ Host Setup DMZ Host Setup WAN 1 Index Enable Aux WAN IP Private IP 1 192 168 5 20 192 168 1249 2 o 192 168 1 25 Dray Tek le VigorIPPBX 3510 Series User s Guide 4 4 3 Open Ports Open Ports allows you to open a range of ports for the traffic of special applications Common application of Open Ports includes P2P application e g BT KaZaA Gnutella WinMX eMule and others Internet Camera etc Ensure that you keep the application involved up to date to avoid falling victim to any security exploits Click Open Ports to open the following page NAT gt gt Open Ports Open Ports Setup Setto Factory Default Index Comment WAN Interface Local IP Address Status i 7 2 ne 3 4 5 2 w 6 W w 8 W Si H 10 H lt lt 1 10 11 20 gt gt Next gt gt Index Indicate the relative number for the particular entry that you want to offer service in a local host You should click the appropriate index number to edit or clear the corresponding entry Comment Specify the name for the defined network service WAN Interface Display the WAN interface for the entry Local IP Address Display the private IP address of the local host offering the service Status Display the state for the corresponding entry X or V is to represent the Inactive or Act
134. ay IP Address Enter a value of the gateway IP address for the DHCP server The value is usually as same as the Ist IP address of the router which means the router is the default gateway DHCP Server IP Address for Relay Agent Set the IP address of the DHCP server you are going to use so the Relay Agent can help to forward the DHCP request to the DHCP server DNS stands for Domain Name System Every Internet host must have a unique IP address also they may have a human friendly easy to remember name such as www yahoo com The DNS server converts the user friendly name into its equivalent IP address Force DNS manual setting Force Vigor router to use DNS servers in this page instead of DNS servers given by the Internet Access server PPPoE PPTP L2TP or DHCP server Primary IP Address You must specify a DNS server IP address here because your ISP should provide you with usually more than one DNS Server If your ISP does not provide it the router will automatically apply default DNS Server IP address 194 109 6 66 to this field Secondary IP Address You can specify secondary DNS server IP address here because your ISP often provides you more than one DNS Server If your ISP does not provide it the router will automatically apply default secondary DNS Server IP address 194 98 0 1 to this field The default DNS Server IP address can be found via Online Status 152 Dray Tek System Status System Uptime 2 10 17 LAN Status IP
135. b Content Filter Profile Web Filter License Activate Status Not Activated Setup Query Server auto selected Find more Setup Test Server autoa selected Find more Web Content Filter Profile Table Setto Factory Default Profile Name Profile Name LL Default a f G EL LE 4 g Administration Message Max 255 characters Cache L1 L Cache lt hody gt lt center gt lt hr gt lt br gt lt hrs lt p gt The requested Web page lt br gt from 51Ps lt br gt toa URLS lt hbr gt that is categorized with CLS lt br gt has been blocked by RNAMES Web Content Filter lt p gt Please contact your system administrator for further information lt center gt lt body gt Activate Setup Query Server Setup Test Server Find more Test a site to verify whether it is categorized Set to Factory Default Cache VigorIPPBX 3510 Series User s Guide Click it to access into My Vigor for activating WCF service It is recommended for you to use the default setting auto selected You need to specify a server for categorize searching when you type URL in browser based on the web content filter profile It is recommended for you to use the default setting auto selected By the way you can click the link of Test a site to verify whether it is categorized to access into the test server selected Click it to open http myvigor draytek com for searching another qualified and suitable server Click this link to do the verifi
136. ber 1 905 Z 906 3 90 4 908 Dray Tek od DTMF Relay OutBand OutBand OutBand OutBand DTMF Relay QutBand OutBand OutBand OutBand Codec G 729A B G 729A B G 729A B G 729A B Codec a 7114 7114 7114 G lla VigorIPPBX 3510 Series User s Guide Click the index number link to open the following page for configuration Below shows the phone setting with FXS type IP PBX gt gt PBX System Phone Index 1 Call Feature Phone Extension Active Enable Disable Hotline fF Extension Number 901 Call Waiting E mail Address FAx Mode Yoice mail FAX Bypass Codec eee oe FAs Bypass Codec Rate DTMF DTMF Mode OutBand RF C2833 w Codec Prefer Codec G 7114 b4kKbps COl Single Codec Code Rate Hotline Call Waiting FAX Mode VigorIPPBX 3510 Series User s Guide Cl Codec VAD Allow to access these Trunks istPi Osie Osia Osipa Osips Osips Default Trunk Disable Answer ode No answer after sec then Keep Ring ha Busy then Oo Nothing ha Check the box to enable it Type in the SIP URL in the field for dialing automatically when you pick up the phone set Check this box to invoke this function A notice sound will appear to tell the user new phone call is waiting for your response Click hook flash to pick up the waiting phone call The FAX function mode There are several options Transparent Transparent T 36 Relay By By ypas Transparent FAX will be trans
137. bove figure to perform the operation 5 10 5 Syslog Mail Alert SysLog function is provided for users to monitor router There is no bother to directly get into the Web Configurator of the router or borrow debug equipments system Maintenance gt gt SysLog Mail Alert Setup SysLog Mail Alert Setup SysLog Access Setup Mail Alert Setup H Enable LJ Enable oe SMTP Server Syslog Server fae Mail To Muse Disk BouieeName fC Return Path Destination Port Enable syslog message Password y Firewall Log Enable E Mail Alert YPN Log DoS Attack User Access Log IMl P2P Call Log WAN Log Router DSL information Enable Check Enable to activate function of syslog Syslog Save to Check Syslog Server to save the log to Syslog directly VigorIPPBX 351 j 2 igor 3510 Series User s Guide 58 D ray Tek Syslog Server USB Disk Router Name Syslog Server IP Destination Port Enable syslog message Enable Alert Setup Send a test e mail SMTP Server Mail To Return Path Authentication User Name Password Enable E mail Alert Check USB Disk to save the log to the attached USB diskette Check it to make the syslog saved to the specified server Check it to make the syslog saved to the attached USB disk Click the link to get the router name configured in System Maintenance gt gt Management The IP address of the Syslog server Assign a port for the Syslog protocol Check the box
138. button to move the selected item to the lower place VigorIPPBX 351 s Gui 11 i igor 3510 Series User s Guide 8 Dray Tek 4 1 4 3 Voice Mail Configuration This page allows users to set actions for voices mails IP PBX gt gt PBX System Yoice Mail Configuration Extension for checking messages COl Send voice Message by Email 888 20 65535 Delete Voice Message after Sending Mail Day for keeping voice mail Maximum messages time Email Server Setup SMTP Server SMTP Port C Authentication Iser Name Password Mail From Extension for checking messages Send Voice Message by Email Days for keeping voice mail Maximum message time SMTP Server SMTP Port Authentication User Name Password Mail From Dray Tek pie P optinoal 63 char max Example 1230 draytek com The number specified here is used for the user to listen personal voice mail from IP PBX device IP PBX can send the voice mail to the specified e mail address for the incoming call if you check this box Delete Voice Message after Sending Mail IP PBX can send the voice mail to the specified e mail address for the incoming call directly and delete the temporary file in IP PBX if you check this box Type the days for keeping each voice mail Type the recording length for each voice mail Type IP address or domain name for the server specified for receiving voice messages Type the port number for the server
139. c DNS feature lets you assign a domain name to a dynamic WAN IP address It allows the router to update its online WAN IP address mappings on the specified Dynamic DNS server Once the router is online you will be able to use the registered domain name to access the router or internal virtual servers from the Internet It is particularly helpful if you host a web server FTP server or other server behind the router Before you use the Dynamic DNS feature you have to apply for free DDNS service to the DDNS service providers The router provides up to three accounts from three different DDNS service providers Basically Vigor routers are compatible with the DDNS services supplied by most popular DDNS service providers such as www dyndns org Www no ip com www dtdns com www changeip com www dynamic nameserver com You should visit their websites to register your own domain name for the router Enable the Function and Add a Dynamic DNS Account 1 Assume you have a registered domain name from the DDNS provider say hostname dyndns org and an account with username test and password test 2 Inthe DDNS setup menu check Enable Dynamic DNS Setup Applications gt gt Dynamic DNS Setup Dynamic DNS Setup Setto Factory Default C Enable Dynamic DNS Setup A4uta Update interval 14400 Minfs 1 14400 Accounts Index WAN Interface Domain Name Active L WANI First i n 2 WANI First Fs 3 wWANI First i w Clear All Set to Factory Default
140. cation Click this link to retrieve the factory settings None the router will check the URL that the user wants to access via WCF precisely however the processing rate is normal Such item can provide the most accurate URL matching L1 the router will check the URL that the user wants to access via WCE If the URL has been accessed previously it will be stored for a short time about 1 second in the router to be accessed quickly if required Such item can provide accurate URL matching with faster rate L2 the router will check the URL that the user wants to access via WCF If the data has been accessed previously the IP addresses of source and destination IDs will be memorized for a short time about 1 second in the router When the user tries to a Dray Tek access the same destination ID the router will check it by comparing the record stored If it matches the page will be retrieved quickly Such item can provide URL matching with the fastest rate L1 L2 Cache the router will check the URL with fast processing rate combining the feature of L1 and L2 Dray Tek 207 VigorlPPBX 3510 Series User s Guide Eight profiles are provided here as Web content filters Simply click the index number under Profile to open the following web page The items listed in Categories will be changed according to the different service providers If you have and activate another web content filter license the items will be changed s
141. ce Type Object Profiles Index Name FoREBR EB rer rPrPEeeee fh i ok an M tad a om J T an wo K M Set to Factory Default Index fb joo PS PS PS JP PS Pe PO JP PS PR fee fee le Bi ee Ce A Clear all profiles Setto Factory Default Name Click the number under Index column for settings in detail Objects Setting gt gt Service Type Object Setup Profile Index 1 Destination Port w vO sa Name Type a name for this profile Protocol Specify the protocol s which this profile will apply to Source Destination Port VigorIPPBX 3510 Series User s Guide Source Port and the Destination Port column are available for TCP UDP protocol It can be ignored for other protocols The filter rule will filter out any port number 190 Dray Tek when the first and last value are the same it indicates one port when the first and last values are different it indicates a range for the port and available for this profile when the first and last value are the same it indicates all the ports except the port defined here when the first and last values are different it indicates that all the ports except the range defined here are available for this service type gt the port number greater than this value is available lt the port number less than this value is available for this profile Below is an example of service type objects settings Servi
142. ce Type Object Profiles Index Name L SIP 2 RTP 3 5 3 4 Service Type Group This page allows you to bind several service types into one group Objects Setting gt gt Service Type Group Service Type Group Table Setto Factory Default Group Name Group Name Ti FeEEePREBrPePrePrPFeErePe ee e e Dd SFFEBBREBEBRBEBEE Set to Factory Default Clear all profiles Click the number under Index column for settings in detail Dray Te k 191 VigorIPPBX 3510 Series User s Guide Objects Setting gt gt Service Type Group Setup Profile Index 1 Available Service Type Objects Selected Service Type Objects 1 SIP 2 RTP Name Type a name for this profile Available Service Type All the available service objects that you have added on Objects Objects Setting gt gt Service Type Object will be shown in this box Selected Service Type Click gt gt button to add the selected IP objects in this box Objects 5 3 5 Keyword Object You can set 200 keyword object profiles for choosing as black white list in CSM gt gt URL Web Content Filter Profile Objects Setting gt gt Keyword Object Keyword Object Profiles Setto Factory Default Index Name Index Mame a a E B RB EBEF a e e N e ki e e e e e a A a a a a A u j i SBEFEPEREBEBRBEBEEBER fy my k oa Pot 33 64 65 96 97 128 129 160 161 197 193 200 gt Next gt gt Set to Factory Default Clear all profiles Click the number
143. ce or cable modem All the users over the Ethernet can share a common connection PPPoE is used for most of modem users All local users can share one PPPoE connection for accessing the Internet Your service provider will provide you information about user name password and authentication mode Dray Tek 17 VigorIPPBX 3510 Series User s Guide If your ISP provides you the PPPoE connection please select PPPoE for this router The following page will be shown Quick Start Wizard PPPoE Client Mode WAN 1 Enter the user name and password provided by your ISP User Name 64005 755 hinet_net Password User Name Assign a specific valid user name maximum 63 characters provided by the ISP Password Assign a valid password provided by the ISP Confirm Password Retype the password Click Next for viewing summary of such connection Quick Start Wizard Please confirm your settings WAN Interface WAN Physical Mode Ethernet Physical Type Auto negotiation Internet Access PPPoE Click Back to modify changes if necessary Otherwise click Finish to save the current settings and restart the Vigor router Click Finish A page of Quick Start Wizard Setup OK will appear Then the system status of this protocol will be shown Quick Start Wizard Setup OK VigorlPPBX 3510 Series User s Guide 18 Dray Tek 2 2 2 PPTP L2TP Click PPTP L2TP as the protocol Type in all the information that your ISP provides for t
144. ceeeeaeeeee 19 BO i E eae E genic saan ere csusae E E E E E A PE A E AEE A A 21 BAe POP a EE E E 22 2S IPPBX Wiza daone E 24 2 92 EXTCNSION e Group SO UD eases E E 24 UNM UNIO a E E E EE EEEE 26 23 3 Olic Fours SEU scienee nenna niie i iin 27 24 ONNE Stali S sone AE EEA Ea REE EAE OEE a EEE 28 2 5 Saving C nfig uratiO IN siasi a aaia aa 29 Chapter 3 Applications and Tutorialls cccccsssseecssseecesseecsseecenseecenseseenseseeseeseenees 31 3 1 Versatile PSTN and VolP TRUK wis iesscsusesvctewtenwcssneravessvceeavedawdasunsauasertdowdsensmdsudeawssueveurtiertewsoun 31 3 2 Cost effective Extendability by Integrated Analog telephone Adapter for 24 Conventional Analog Phones amp POE switch for IP based phones cccssssssesseeeees 33 3 3 ISDN Application Via ISDN THUNK vivsivevessdsscneccasessrectuactvicereteeiwesesseretuetivesaveudocsssaneweceussdvnccess 35 3 4 ISDN Application with All ISDN TE Ports csssssseeeeeeeeeeeeeeeeeessssssseseeeeseseeeeeeeees 36 3 5 ISDN Application with 4 ISDN TE and 2 ISDN TE 2 ISDN NT Ports 005 37 3 6 Create a LAN to LAN Connection Between Remote Office and Headquarter 38 3 7 Create a Remote Dial in User Connection Between the Teleworker and Headquarter 45 38 GOs Seling EWAN sossarna a a aaa a aTa 49 3 9 LAN Created by Using NAT ccccssssssssssssssssesssssssssssseesssssssssessssssssssssessessesseeeeeeees 53 3 10 Upg
145. ch as the pre shared key that both parties have known VigorlPPBX 3510 Series User s Guide 38 Dray Tek VPN and Remote Access gt gt IPSec General Setup YPN IKE IPSec General Setup Dial in Set up for Remote Dial in users and Dynamic IP Client LAN to LAN IKE Authentication Method Pre Shared Key Confirm Pre Shared Key IPSec Security Method Medium 4H Data will be authentic but will not be encrypted High ESP Mipes Mapes Macs Data will be encrypted and authentic Go to LAN to LAN Click on one index number to edit a profile Set Common Settings as shown below You should enable both of VPN connections because any one of the parties may start the VPN connection VPN and Remote Access gt gt LAN to LAN Profile Index 1 1 Common Settings Profile Name Call Direction Both Dial Out Dial In L Always on Idle Timeout 300 second s VPN Connection Through WAN First Netbios Naming Packet Pass Block C Enable PING to keep alive Dray Tek VigorIPPBX 3510 Series User s Guide VigorIPPBX 3510 Series User s Guide 5 Set Dial Out Settings as shown below to dial to connect to Router B aggressively with the selected Dial Out method If an PSec based service is selected you should further specify the remote peer IP Address IKE Authentication Method and IPSec Security Method for this Dial Out connection 2 Dial Out Settings Type of Server I am calling PPTP I
146. chosen Below is an example of IP objects settings Dray Tek 187 VigorlIPPBX 3510 Series User s Guide Objects Setting gt gt IP Object IP Object Profiles Index Name RO Department Finanical Dept HFE Department foe fee a 5 3 2 IP Group This page allows you to bind several IP objects into one IP group Objects Setting gt gt IP Group IP Group Table Setto Factory Default 1 2 3 4 J 6 f a 9 10 1i 12 13 14 15 16 Set to Factory Default Clear all profiles Click the number under Index column for settings in detail VigorIPPBX 351 s Gui igor 3510 Series User s Guide 88 Dr ay Te k Objects Setting gt gt IP Group Protile Index 1 Name Interface Available IP Objects 1 RD Department 2 Finanical Dept 3 HR Department Name Interface Available IP Objects Selected IP Objects Dray Tek Selected IP Objects Type a name for this profile Maximum 15 characters are allowed Choose WAN LAN or Any to display all the available IP objects with the specified interface All the available IP objects with the specified interface chosen above will be shown in this box Click gt gt button to add the selected IP objects in this box 189 VigorlIPPBX 3510 Series User s Guide 5 3 3 Service Type Object You can set up to 96 sets of Service Type Objects with different conditions Objects Setting gt gt Service Type Object Servi
147. d Specify the starting date of the schedule Start Time hh mm Specify the starting time of the schedule Duration Time hh mm Specify the duration or period for the schedule Action Specify which action Call Schedule should apply during the period of the schedule Force On Force the connection to be always on Force Down Force the connection to be always down Enable Dial On Demand Specify the connection to be dial on demand and the value of idle timeout should be specified in Idle Timeout field Disable Dial On Demand Specify the connection to be up when it has traffic on the line Once there is no traffic over idle timeout the connection will be down and never up again during the schedule Idle Timeout Specify the duration or period for the schedule How often Specify how often the schedule will be applied Once The schedule will be applied just once Weekdays Specify which days in one week should perform the schedule Example Suppose you want to control the PPPoE Internet access connection to be always on Force On from 9 00 to 18 00 for whole week Other time the Internet access connection should be disconnected Force Down Office ou 21 E 21 A Hour a 3 Force On i sj 6 sj Mon Sun 9 00 am to 6 00 pm Make sure the PPPoE connection and Time Setup is working properly Configure the PPPoE always on from 9 00 to 18 00 for whole week Configure the Force Down from 18 00 to next day 9 00 for whole
148. d Setup Administrator Password Old Password Type in the old password The factory default setting for password is blank New Password Type in new password in this filed Confirm Password Type in the new password again When you click OK the login window will appear Please use the new password to access into the web configurator again 5 10 4 Configuration Backup This page allows you to backup current configuration as a file System Maintenance gt gt Configuration Backup Configuration Backup Restoration Restoration Backup Please use Firmware Upgrade Utility to backup or restore the router and voip module configuration simultaneously Click Backup to just download the 3510PB current running configuration as a file not include the voip module To backup or restore the configuration of the router please download the Firmware Upgrade Utility from DrayTek website first Run the firmware upgrade utility You will see a dialog as the following figure Dray Tek 257 VigorlPPBX 3510 Series User s Guide Firmware Upgrade Utility 3 6 2 Router IP 194 168 1 1 Firmware File Doo SA VoIP Module File re Operation Mode Password Backup Setting Time Qut Sec Restore Click the browse button to get the IP address of VigorIPPBX 3510 Then you can specify which operation Upgrade Backup Setting or Restore you want to perform for the router Finally click the bottom right button e g Send in the a
149. d on the physical port Go to LAN page and select VLAN The following page will appear Click Enable to invoke VLAN function LAN gt gt VLAN Configuration YLAN Configuration P1 P2 P3 P4 LANO YLANI YLAN 2 YLANG Dray Tek 155 VigorlPPBX 3510 Series User s Guide To add or remove a VLAN please refer to the following example 1 If VLAN 0 is consisted of hosts linked to P1 and P2 and VLAN 1 is consisted of hosts linked to P3 and P4 2 After checking the box to enable VLAN function you will check the table according to the needs as shown below LAN gt gt VLAN Configuration LAN Configuration Enable Pi P2 P3 P4 LANO F E LANI O d LAN2 F O O O LANS O d d L To remove VLAN uncheck the needed box and click OK to save the results a 1 VigorIPPBX 3510 Series User s Guide 56 D ray Tek 4 3 5 Bind IP to MAC This function is used to bind the IP and MAC address in LAN to have a strengthening control in network When this function is enabled all the assigned IP and MAC address binding together cannot be changed If you modified the binding IP or MAC address it might cause you not access into the Internet Click LAN and click Bind IP to MAC to open the setup page LAN gt gt Bind IP to MAC Bind IP to MAC Note IP MAC binding presets DHCP Allocations If you select Strict Bind unspecified LAN clients cannot access the Internet Enable Disable Strict Bind ARP Table
150. ddress As a part of the public subnet the Vigor router will serve for IP routing to help hosts in the public subnet to communicate with other public hosts or servers outside Therefore the router should be set as the gateway for public hosts Internet Public IP Address 220 135 240 207 Private Subn What is Routing Information Protocol RIP Vigor router will exchange routing information with neighboring routers using the RIP to accomplish IP routing This allows users to change the information of the router such as IP address and the routers will automatically inform for each other What is Static Route When you have several subnets in your LAN sometimes a more effective and quicker way for connection is the Static routes function rather than other method You may simply set rules to forward data from one specified subnet to another specified subnet without the presence of RIP What are Virtual LANs You can group local hosts by physical ports and create up to 4 virtual LANs To manage the communication between different groups please set up rules in Virtual LAN VLAN function and the rate of each Dray Te k 149 VigorIPPBX 3510 Series User s Guide Internet 4 3 2 General Setup _ P41 P2 P3 P4 This page provides you the general settings for LAN Click LAN to open the LAN settings page and choose General Setup LAN gt gt General Setup Ethernet TCP IP and DHCP Setup LAN IP Network Configuration Fo
151. dial in connection with different types Allow the remote dial in user to make a PPTP VPN connection through the Internet You should set the User Name and Password of remote dial in user below Allow the remote dial in user to trigger an IPSec VPN connection through Internet Allow the remote dial in user to make a L2TP VPN connection through the Internet You can select to use L2TP alone or with IPSec Select from below None Do not apply the IPSec policy Accordingly the VPN connection employed the L2TP without IPSec policy can be viewed as one pure L2TP connection Nice to Have Apply the PSec policy first if it is applicable during negotiation Otherwise the dial in VPN connection becomes one pure L2TP connection Must Specify the IPSec policy to be definitely applied on the L2TP connection You can specify the IP address of the remote dial in user or peer ID should be the same with the ID setting in dial in type by checking the box Enter Peer ISDN number if you select ISDN above Also you should further specify the corresponding security methods on the right side If you uncheck the checkbox the connection type you select above will apply the authentication methods and security methods in the general settings This field is applicable when you select PPTP or L2TP with or without IPSec policy above 241 VigorlIPPBX 3510 Series User s Guide Password VJ Compression IKE Authentication Method IPSec Secu
152. dition Select the service type that you want to activate This wizard is used for activating Web Content Filter Please choose the edition you need Free Formal edition with license key Free trial edition it offers a period of trial for you to get acquainted with WCF function Formal edition with license key you can extend the license valid time manually Dray Tek 169 VigorlPPBX 3510 Series User s Guide 3 In the following page please check the box of I have read and accept the above agreement When you finish the selection please click Next Select the service type that you want to activate This product provides 30 days of free trial please choose the item s you want to use WCF service Web Content Filter Commtouch License Agreement Commtouch is the web content filter based on Commtouch operated in the worldwide There is a 30 day trial period After trial you can purchase DrayTek s prepared Commtouch GlobalView WCF package from retailing outlets Activation Date JI have read and accept the above Agreement Please check this box Note The activation date is brought out by the server automatically and cannot be changed 4 Setting confirmation page will be displayed as follows please click Next Please confirm your settings Sevice Type Trial version Sevice Activated Web Content Filter Commtouch j Please click Back to re select service type you to activate 5 Wait
153. drop down list Choose the IP address from the drop down list that you want to wake up MAC Address Type any one of the MAC address of the binded PCs Wake Up Click this button to wake up the selected IP See the following figure The result will be shown on the box Application gt gt Wake on LAN Wake on LAN Dray Tek Note Wake on LAN integrates with Bind IP to MAC function only binded PCs can wake up through IF Wake by MAC Address IP Address MAC Address Yeo oe a Result Send command to client done 227 VigorlIPPBX 3510 Series User s Guide 5 7 VPN and Remote Access A Virtual Private Network VPN is the extension of a private network that encompasses links across shared or public networks like the Internet In short by VPN technology you can send data between two computers across a shared or public network in a manner that emulates the properties of a point to point private link Below shows the menu items for VPN and Remote Access VPN and Remote Access 5 7 1 Remote Access Control Enable the necessary VPN service as you need If you intend to run a VPN server inside your LAN you should disable the VPN service of Vigor Router to allow VPN tunnel pass through as well as the appropriate NAT settings such as DMZ or open port VPN and Remote Access gt gt Remote Access Control Setup Remote Access Control Setup Enable PPTP VPN Service Enable IPSec VPN Service Enable L2TP VPN Service No
154. e Personal Information E Preterences First Name Mary Last Name Ted EScomptetion Company Name Tech Ltd Email Address mary_ted tech com Please note that a valid E mail address is required to receive the Subscription Code You will need this code to activate your account Tel 0 a Country SWITZERLAND v Career Supervisor v 6 Choose proper selection and click Continue Create an account Please enter personal profile How did you find out about this website Gaareement What kind of anti virus do you use Antivir vv would like to subscribe to the MyVigor e letter v Personal yeg Information would like to receive DrayTek product news Please select the mail server for receiving the Scompteion VigorlPPBX 3510 Series User s Guide 72 Dray Tek 7 Now you have created an account successfully Click START Create an account Please enter personal profile Completion EAsreement A confirmation email has been sent to mary_ted tech com Please click on the activation link in the email Personal Information to activate your account E Preferences START 8 Check to see the confirmation email with the title of New Account Confirmation Letter from myvigor draytek com wkk This is an automated message trom myvigor draytek com Thank you Mary for creating an account Please click on the activation lnk below to activa
155. e 3 Dial In Settings Allowed Dial In Type C PPTP Username vr E L2TP with IPSec Policy Mice to Haw VJ Compression on Off Specify Remote VPN Gateway IKE Authentication Method Peer VPN Server IP Pre Shared Key IKEPre SharedKey J lor Peer ID fs C Digital Signature X 509 220 135 240 210 IPSec Security Method Medium AH High ESP DES 3DES M AES If a PPP based service is selected you should further specify the remote peer IP Address Username Password and VJ Compression for this Dial In connection 3 Dial In Settings Allowed Dial In Type Z PPTP i F IPSec Tunnel Password E L2TP with IPSec Policy Mice to Haw VJ Compression On Off Specify Remote VPN Gateway IKE Authentication Method Peer VPN Server IP Pre Shared Key 220 135 240 210 EAE EES O or Peer ID OoOo Digital Signature x 509 IPSec Security Method Medium AH High ESP DES 3DES V AES 7 At last set the remote network IP subnet in TCP IP Network Settings so that Router A can direct the packets destined to the remote network to Router B via the VPN connection 4 TCP IP Network Settings My WAN IP RIF Direction From first subnet to remote network you have to do Remote Network IP 192 168 2 0 Remote Network Mask 255 255 255 0 Remote Gateway IP lore Change default route to this YPN tunnel Only single WAN supports this co eee Cen O oO Oy oO
156. e Action and Idle Timeout settings will be ignored Hardware Reset While the router is running ACT LED blinking press the Factory Reset button and hold for more than 5 seconds When you see the ACT LED blinks rapidly please release the button Then the router will restart with the default configuration Factory Reset After restore the factory default setting you can configure the settings for the router again to fit your personal request VigorIPPBX 3510 Series User s Guide Dray Tek 6 6 Contacting Your Dealer If the router still cannot work correctly after trying many efforts please contact your dealer for further help right away For any questions please feel free to send e mail to support draytek com l s Gui 282 VigorIPPBX 3510 Series User s Guide 8 Dray Tek Appendix Hardware Specifications Temperature Operating 0 C 45 C Storage 25 C 70 C Humidity 10 90 non condensing Max Power Consumption 50 Watt Max Dimension L443 W280 5 H44 mm Power 100 240V 50 60Hz 1 0 0 5A Dray Te k 283 VigorIPPBX 3510 Series User s Guide
157. e Backup Certificate Backup Restoration Backup Encrypt password fs Confirm password fe Click to download certificates to your local PC as a file Restoration Select a backup file to restore OoOo Decrypt password Click to upload the file 5 9 USB Application USB storage disk connected on Vigor router can be regarded as a server By way of Vigor router clients on LAN can access write and read data stored in USB storage disk with different applications After setting the configuration in USB Application you can type the IP address of the Vigor router and username password created in USB Application gt gt USB User Management on the client software Then the client can use the FTP site USB storage disk or share the Samba service through Vigor router USB Apphcaton 5 9 1 USB General Settings This page will determine the number of concurrent FTP connection default charset for FTP server and enable Samba service At present the Vigor router can support USB storage disk with formats of FAT16 and FAT32 only Therefore before connecting the USB diskette into the Vigor router please make sure the memory format for the USB storage disk is FAT16 or FAT32 It is recommended for you to use FAT32 for viewing the filename completely FAT16 cannot support long filename Dray Tek 247 VigorlPPBX 3510 Series User s Guide USB Application gt gt USB General Settings USB General Settings General Settings Simultan
158. e Management and choose Local Certificate Certificate Management gt gt Local Certificate X509 Local Certificate Configuration Name Subject Status Modify Local GENERATE IMPORT REFRESH x509 Local Certificate Dray Tek 65 VigorIPPBX 3510 Series User s Guide 2 You can click GENERATE button to start to edit a certificate request Enter the information in the certificate request Certificate Management gt gt Local Certificate Generate Certificate Request Subject Alternative Name Type Domain Name IP draytek com Subject Name Country C g State ST Location L Orginization 0 Draytek Orginization Unit OU Common Name CN Email E press draytek com Key Type RSA Key Size 1024 Bit Generate 3 Copy and save the X509 Local Certificate Requet as a text file and save it for later use Certificate Management gt gt Local Certificate X509 Local Certificate Configuration Name Subject Status Modify Local C TW ST HS O Draytek OU RD Requesting GENERATE IMPORT REFRESH X509 Local Certificate Request NIIBnTCCAQYC AQAWETELMNARGALUEBHNCVF cxC za BGNVBAgTAkKhTHRAwDgYDVOOK EwdEcmF 5dGVr NOs wCOYDVOOLEWISRDEINCAGCS qGS Ibs DOEJARYTc3 ucG9ydEBk cmF SAGV VrLyaNvhTCBnzanbBokqhkiGoOwOBAQEF AAOBOAWGYKCGYEAYZELVTVBytix OTSZSZQdw1lReltyvlHnVim MFCOy9x XEwNKG46jdGY1LSavJ TduHH90z40NUx026G mASVORt j
159. e at If such schedule will be available in the weekend simply the weekend click Yes otherwise click No Dray Tek 27 VigorIPPBX 3510 Series User s Guide Below shows an example for your reference work time schedule of your office Hour Min ng in the morning 00 t at noon 17 00 w ng in the afternoon office 17 30 at weekend O Yes No Next gt When you finish the settings click Finish to save the settings and exit the wizard IPPBX Wizard IPPBX Wizard Setup OK System reboot now 2 4 Online Status The online status shows the system status WAN status LAN status and other status related to this router within one page If you select PPPoE as the protocol you will find out a link of Dial PPPoE or Drop PPPoE in the Online Status web page Online Status system Status System Uptime 143 36 41 LAN Status Primary DNS 168 95 192 1 Secondary DNS 168 95 1 1 IP Address TX Packets RX Packets Lore alee ieee 249681 gz28586 WAN 1 Status gt gt Drop PPPoE Enable Line Mame Mode Up Time Yes Ethernet PPPoE E SE IP GW IP TX Packets TX Rate Bps RX Packets RX Rate Bps 59 115 245 92 166 95 98 254 1708 2195 435373 Daf WAN 2 Status Enable Line Mame Mode Up Time No Ethernet s 00 00 00 IP GW IP TX Packets TX Rate Bps RX Packets RX Rate Bps aoe 0 0 T Detailed explanation is shown below Primary DNS Display the IP address of the primary DNS Secondary DNS Display the IP address of the secondary DN
160. e box The log will be displayed on Draytek Syslog window Click Edit to open the following window However it 1s strongly recommended to use the default settings here J hitp 192 168_ 1 1 docfipfgenady htm Microsoft Internet Explorer Firewall gt gt General Setup Advance Setting Codepage ANSI 1253 Greek Window size 65535 Session timeout 1440 Minute Codepage This function is used to compare the characters among different languages Choose correct codepage can help the system obtaining correct ASCII after decoding data from URL and enhance the correctness of URL Content Filter The default value for this setting is ANSI 1252 Latin I If you do not choose any codepage no decoding job of URL will be processed Please use the drop down list to choose a codepage If you do not have any idea of choosing suitable codepage please open Syslog From Codepage Information of Setup dialog you will see the recommended codepage listed on the dialog box 175 VigorlIPPBX 3510 Series User s Guide ES DrayTek Syslog 3 9 1 197 169 1 1 s wan Information WAMI IF Fixed 1l72 16 2 213 LAN Status Te Packets RY Packets wWANZ IP Fixed 26459 15265 Tool Setup Telnet Fead out Setup Codepage Information Codepage To Select Windows Version 5 01 2600 RECOMMENDED CODEPAGE O50 ANSTOEM Traditional Chinese Bighi O0al 21 00a6 7c O0a9 63 0Qas 6l O0ads2d Ose 2 O0b2 32 00bS 33 00b9 31
161. e re Allowed Dial In Type C L2TP with IPSec Policy IPSec Security Method Medium AH High ESP DES 3DES vV AES Local ID optional fe If a PPP based service is selected you should further specify the remote peer IP Address Username Password and VJ Compression for this Dial In connection VigorIPPBX 3510 Series User s Guide 46 Dray Tek VPN and Remote Access gt gt Remote Dial in User Index No 1 User account and Authentication Enable this account Idle Timeout 300 second s Allowed Dial In Type PPTP LJ IPSec Tunnel C L2TP with IPSec Policy OK Settings in the remote host l 3 Dray Tek Username draytek IKE Authentication Method Pre Shared Key Digital Signature X 509 IPSec Security Method Medium AH High ESF DES 3DES AES Local ID optional Cancel For Win98 ME you may use Dial up Networking to create the PPTP tunnel to Vigor router For Win2000 XP please use Network and Dial up connections or Smart VPN Client complimentary software to help you create PPTP L2TP and L2TP over IPSec tunnel You can find it in CD ROM in the package or go to www draytek com download center Install as instructed After successful installation for the first time user you should click on the Step 0 Configure button Reboot the host Ja Smart FPN Client 3 2 2 WinZP Step d This step will add the ProhibitlpSec registry value to computer in order to confi
162. e router correctly For Windows L 2 4 Open the Command Prompt window from Start menu gt Run Type command for Windows 95 98 ME or cmd for Windows NT 2000 XP Vista The DOS command dialog will appear w Command Prompt Microsoft Windows AFP Version 5 1 2688 lt C gt Copyright 1985 2001 Microsoft Corp D Documents and Settings fae ping 192 168 1 1 Pinging 192 168 1 1 with 32 bytes of data Reply from 192 168 1 1 bytes 32 time lt ims TTL 255 Reply from 192 168 1 1 bytes 32 time lt ims Reply from 192 168 1 1 bytes 32 time lt ims Reply from 192 168 1 1 bytes 32 time lt ims TTL 255 Ping statistics for 192 168 1 1 Packets Sent 4 Received 4 Lost A loss Approximate round trip times in milli seconds Minimum ms Maximum ms Average Ams D Documents and Settings fae gt _ Type ping 192 168 1 1 and press Enter If the link is OK the line of Reply from 192 168 1 1 bytes 32 time lt Ims TTL 255 will appear If the line does not appear please check the IP address setting of your computer For Mac OS Terminal ao i i Double click on the current used Mac OS on the desktop Open the Application folder and get into Utilities Double click Terminal The Terminal window will appear Type ping 192 168 1 1 and press Enter If the link is OK the line of 64 bytes from 192 168 1 1 icmp_seq 0 ttl 255 time xxxx ms will appear VigorIPPBX 351 s Gui 2 igor 3510 Series Us
163. e system will use the default speed for the specific limitation you set for each index Add Add the specific speed limitation onto the list above Edit Allows you to edit the settings for the selected limitation Delete Remove the selected settings existing on the limitation list Index 1 15 in Schedule Setup 5 5 3 Quality of Service You can type in four sets of time schedule for your request All the schedules can be set previously in Application Schedule web page and you can use the number that you have set in that web page Deploying QoS Quality of Service management to guarantee that all applications receive the service levels required and sufficient bandwidth to meet performance expectations is indeed one important aspect of modern enterprise network One reason for QoS is that numerous TCP based applications tend to continually increase their transmission rate and consume all available bandwidth which is called TCP slow start If other applications are not protected by QoS it will detract much from their performance in the overcrowded network This is especially essential to those are low tolerant of loss delay or jitter delay variation Another reason is due to congestions at network intersections where speeds of interconnected circuits mismatch or traffic aggregates packets will queue up and traffic can be throttled back to a lower speed If there s no defined priority to specify which packets should be discard
164. eck the box you will see a check mark appeared on the Active column of the previous web page in step 2 Select the WAN interface order to apply settings here Select the service provider for the DDNS account Select a service type Dynamic Custom or Static If you choose Custom you can modify the domain that is chosen in the Domain Name field Type in one domain name that you applied previously Use the drop down list to choose the desired domain Type in the login name that you set for applying domain Type in the password that you set for applying domain 4 Click OK button to activate the settings You will see your setting has been saved The Wildcard and Backup MX features are not supported for all Dynamic DNS providers You could get more detailed information from their websites VigorIPPBX 3510 Series User s Guide E Dray Tek 5 6 2 Schedule The Vigor router has a built in real time clock which can update itself manually or automatically by means of Network Time Protocols NTP As a result you can not only schedule the router to dialup to the Internet at a specified time but also restrict Internet access to certain hours so that users can connect to the Internet only during certain hours say business hours The schedule is also applicable to other functions You have to set your time before set schedule In System Maintenance gt gt Time and Date menu press Inquire Time button to set the Vigor router s clock to
165. eck the box to enforce the Vigor router not to forward any trace route packets Check the box to activate the Block SYN fragment function The Vigor router will drop any packets having SYN flag and more fragment bit set Check the box to activate the Block fraggle Attack function Any broadcast UDP packets received from the Internet is blocked Activating the DoS DDoS defense functionality might block some legal packets For example when you activate the fraggle attack defense all broadcast UDP packets coming from the Internet are blocked Therefore the RIP packets from the Internet might be dropped Check the box to activate the Block TCP flag scan function Any TCP packet with anomaly flag setting is dropped Those scanning activities include no flag scan FIN without ACK scan SYN FINscan Xmas scan and full Xmas scan Check the box to activate the Block Tear Drop function Many machines may crash when receiving ICMP datagrams packets that exceed the maximum length To avoid this type of attack the Vigor router is designed to be capable of discarding any fragmented ICMP packets with a length greater than 1024 octets Check the box to activate the Block Ping of Death function This attack involves the perpetrator sending overlapping packets to the target hosts so that those target hosts will hang once they re construct the packets The Vigor routers will block any packets realizing this attacking activity we Dray Tek Block ICM
166. ect Auto in IKE phase 1 proposal the router will send the following proposals to negotiate with the remote site The proposals include DES_ MDS SHA _G1 3DES_MD5_G1 3DES_MD5_G2 3DES_ MD5 SHA _GS5 4ES128_MD5S_ G2 G5 AES256_SHA_ G2 G5 4ES256_SHA_G14 Index 1 15 in Schedule VigorIPPBX 3510 Series User s Guide OK Close IKE phase 1 mode Select from Main mode and Aggressive mode The ultimate outcome is to exchange security proposals to create a protected secure channel Main mode is more secure than Aggressive mode since more exchanges are done in a secure channel to set up the IPSec session However the Aggressive mode is faster The default value in Vigor router is Main mode IKE phase 1 proposal To propose the local available authentication schemes and encryption algorithms to the VPN peers and get its feedback to find a match Two combinations are available for Aggressive mode and nine for Main mode We suggest you select the combination that covers the most schemes IKE phase 2 proposal To propose the local available algorithms to the VPN peers and get its feedback to find a match Three combinations are available for both modes We suggest you select the combination that covers the most algorithms IKE phase 1 key lifetime For security reason the lifetime of key should be defined The default value is 28800 seconds You may specify a value in between 900 and 86400 seconds IKE phase 2 key lifetime For security reas
167. ed The NAT Traversal of UPnP enables the multimedia features of your applications to operate This has to manually set up port mappings or use other similar methods The screenshots below show examples of this facility Address S Network Connections IP Broadband Connection on Router Status PIE z General Internet Gateway Broadband Network Tasks z J hinet E Create a new connection ra Disconnected Set up a home or small WAN Miniport PPPOE office network Status Connected _ Dial up Duration 00 19 06 See Al z ee Also J test Speed 100 0 Mbps i Network Troubleshooter SA bs dhes a Tek ISDN PP Activity Internet Internet Gateway My Computer Other Places Internet Gateway w iy G Control Panel IP Broadband Connection on gt 58 E My Network Places save Packets L My Documents dans Sent 404 fad Received 1 115 BEE My Computer 3 pais __LAN or High Speed Internet Local 4rea Connection Enabled Ves ih Realtek RTLG139 810x Family Properties _ Details Network Connections System Folder Close The UPnP facility on the router enables UPnP aware applications such as MSN Messenger to discover what are behind a NAT router The application will also learn the external IP address and configure port mappings on the router Subsequently such a facility forwards packets from the external ports of the router to the internal ports used by the application VigorIPPBX
168. ed or in another term dropped from an overflowing queue packets of sensitive applications mentioned above might be the ones to drop off How this will affect application performance There are two components within Primary configuration of QoS deployment Classification Identifying low latency or crucial applications and marking them for high priority service level enforcement throughout the network Scheduling Based on classification of service level to assign packets to queues and associated service types VigorIPPBX 3510 Series User s Guide 212 Dray Tek The basic QoS implementation in Vigor routers is to classify and schedule packets based on the service type information in the IP header For instance to ensure the connection with the headquarter a teleworker may enforce an index of QoS Control to reserve bandwidth for HTTPS connection while using lots of application at the same time One more larger scale implementation of QoS network is to apply DSCP Differentiated Service Code Point and IP Precedence disciplines at Layer 3 Compared with legacy IP Precedence that uses Type of Service ToS field in the IP header to define 8 service classes DSCP is a successor creating 64 classes possible with backward IP Precedence compatibility In a QoS enabled network or Differentiated Service DiffServ or DS framework a DS domain owner should sign a Service License Agreement SLA with other DS domain owners to def
169. ed bandwidth for 1 VPN tunnel VPN Tunnel Private Network 192 168 1 0 erat Ta Bandwidth Management gt gt Quality of Service Class Index 3 Name WPN MO Status Local Address Remote Address pial Service Type CodePoint 10 Inactive Any Ary ANY 9 Click Edit to open the following window Check the ACT box first Undefined Bandwidth Management gt gt Quality of Service Rule Edit ACT Local Address Any Remote Address any DiffServ CodePoint ANY Service Type ANY Note Please choose setup the Service Type first 10 Then click Edit of Local Address to set a worker s subnet address Click Edit of Remote Address to set headquarter s IP address Leave other fields and click OK Dray Tek 3 9 LAN Created by Using NAT An example of default setting and the corresponding deployment are shown below The default Vigor router private IP address Subnet Mask is 192 168 1 1 255 255 255 0 The built in DHCP server is enabled so it assigns every local NATed host an IP address of 192 168 1 x starting from 192 168 1 10 Internet CR DHCP Server Public IP Address Private Subnet Router IP Addre You can just set the settings wrapped inside the red rectangles to fit the request of NAT usage LAN gt gt General Setup Ethernet TCP IP and DHCP Setup LAN IP Network Configuration DHCP Server Configuration For NAT Usage Enable Server Disable Server ist IP Address 132 166 1 1 Relay Agent O ist S
170. eed exceed XX kbps It means the connection for WAN2 will be activated when WAN1 Upload speed exceed certain value that you set in this box for 15 seconds WANI Download speed exceed XX kbps It means the connection for WAN2 will be activated when WANI1 Download speed exceed certain value that you set in this box for 15 seconds WAN2 Fail It means the connection for WAN1 will be activated when WAN2 is failed WAN2 Upload speed exceed XX kbps It means the connection for WAN will be activated when WAN2 Upload speed exceed certain value that you set in this box for 15 seconds a Dray Tek WAN2 Download speed exceed XX kbps It means the connection for WAN will be activated when WAN2 Download speed exceed certain value that you set in this box for 15 seconds 4 2 4 Internet Access For the router supports dual WAN function the users can set different WAN settings for WANI WAN2 for Internet Access Due to different Physical Mode for WAN1 and WAN2 the Access Mode for these two connections also varies slightly WAN gt gt Internet Access Internet Access Index Display Name Physical Mode Access Mode WANT Ethernet Static or Dynamic IP_ Details Page WAN 3G USB Modem WAN gt gt Internet Access Internet Access Index Display Name Physical Mode Access Mode WANI Ethernet Static or Dynamic IP Details Page WAN Ethernet PPPoE Static or Dynamic IP PPTP L2TP Index It shows the WAN modes that this router suppo
171. eed this code to activate your account o F SWITZERLAND i Supervisor v 4 Choose proper selection and click Continue Create an account Please enter personal profile How did you find out about this website Internet he Gasreement What kind of anti virus do you use Antivir h erential would like to subscribe to the MyVigor e letter Information would like to receive DrayTek product news Please select the mail server for receiving the Sdcomptetion Global Server W 5 Now you have created an account successfully Click START Dray Tek 75 VigorIPPBX 3510 Series User s Guide Create an account Please enter personal profile Completion EFAsreement A confirmation email has been sent to mary_ted tech com Please click on the activation link in the email Personal Information to activate your account E Preferences START 6 Check to see the confirmation email with the title of New Account Confirmation Letter from myvigor draytek com REE This is an automated message trom myvigor draytek com Thank you Mary for creating an account Please click on the activation link below to activate your account Link Actrrate my Account 7 Click the Activate my Account link to enable the account that you created The following screen will be shown to verify the register process is finished Please click Login Register Search for this site Register Confirm The Confi
172. eeeseeeeeeeessuaaeeeeeeesessaaaaes 205 5 9 Bandwidth Managements sisusse AE aE 210 OO SSIS E a E E cates atee age staeeneseuecanee aoeeeeseseaasuastneedesaieces 210 5 5 2 Bandwidth Limit ccecisiecctoysauetdienstacciescensiaminsartinestacemavarcosurteciissastennciedcneelsenamenereings 211 55 3 Quality Or o CVICO eoe EE ee A 212 S6 APPC IUN Soe a EE E eee eee eee nee taeee reeeeee 219 Er DYNI DN aera a T E E atenaceecesiccanete 219 3O CNEUEN EE EE T A E EE 221 Oo RADIU perne E A E E 223 SoA LM a a A A A 224 OM a E A 226 3 O VV SO EIN araea R EEA EE EE sameness 227 Dl VPN nd Remote ACCESS nississniusoe EO E 228 5 7 1 Remote Access Control ccccccccsceccccccceeeseeeceeseeeeaeeseseceeeeeeeesseeceeesessuaaaseeeeeeesssaaaaes 228 LL PPF ONET EU ae E E EEA ERR 229 So WCC CMC Al eD aea a a 230 5 4 4 IP S6e P r denti eiccne a ee 231 5 7 5 Remote Dial in User cccccecccccseseecceeseeeceeseccneuseeessaseeceeseeeseaseeessageeesanseesssgseeenes 233 5 7 0 LANTO LAN eeren e A a 236 5 7 7 CONNECTION MANAGEMENL cceeeccccecccceseeseeceeeeeceaeeseseceeesseeeaseeceeeeessueaseeeeeeeeessaaases 243 5 8 Certificate ManageMent ccseeeeessccssssseeeeeeseeceensseeeeeeeeoeesseseeeeeeeeoonssnseeeeseeeooansneeees 244 5 8 1 LOCA COMIC AlS a ssscinciniccnsapeescskeessie deed nsin a Eni cuessdne in EEEE EEE EEEE 244 5 8 2 Trusted CA Certificate oisein na E a aaea A 246 5 83 eM NICAL BACKUP dsrin oaaae E ERNE a ONR E 247 SI SB APP
173. elect Router choose VigorIPPBX 3510 and click OK Select Router Select router Interface IP A IF address MAC address FW version i 192 168 1 11 255 255 255 0 Wigo PPE 3510 O0 50 7F 39 70 01 3 5 5 ACSH Vigors500 serie 192 168 1 249 00 50 7F 39 7D 05 cat ok 6 Inthe Confirm Password dialog please type the password that you use to login Vigor router and click OK If there is no password needed click OK directly Confirm Password Model Name WigorlPPBX 3510 0 IP Address 3216811 0000 subnet Mask 255 255 2550 0 MAC Address 00 50 7F 39 7D 01 Current Firmware Y ersior B55 ACG Password 7 Next the system will start to upgrade the firmware for the router automatically pending Tole Module file Progress 142 VigorIPPBX 3510 Series User s Guide 56 Dray Tek 8 Please wait for several minutes When the following dialog appear please click OK Messaze Eg Waiting for router active Y Router i active now l P Wating for router rebog ff router during waiting 9 Now the firmware upgrade has been finished 3 11 Backup and Restore Settings for VigorlPPBX 3510 3 11 1 Backup the Configuration Settings 1 Go to www draytek com 2 Access into Support gt gt Downloads Please find out Utility menu and click it Search the model you have 1 e VigorI PPBX 3510 and click on it to download the newly update firmware for your router About DrayTek Products Support Education P
174. ement gt gt Bandwidth Limit Bandwidth Limit Default TX Limit Kbps Default Rx Limit Kbps Limitation List Index Start IF TH limit RE limit Specific Limitation Start end O TX Limit kbps Res Limit Kbps Time Schedule Index 1 153 in Schedule Setup Mote Action and Idle Timeout settings will be ignored To activate the function of limit bandwidth simply click Enable and set the default upstream and downstream limit Enable Click this button to activate the function of limit bandwidth Dray Te k 211 VigorIPPBX 3510 Series User s Guide Apply to 2 Subnet if bandwidth limit function is enabled please check this box to apply to second subnet Disable Click this button to close the function of limit bandwidth Default TX limit Define the default speed of the upstream for each computer in LAN Default RX limit Define the default speed of the downstream for each computer Limitation List in LAN Display a list of specific limitations that you set on this web page Start IP Define the start IP address for limit bandwidth End IP Define the end IP address for limit bandwidth TX limit Define the limitation for the speed of the upstream If you do not set the limit in this field the system will use the default speed for the specific limitation you set for each index RX limit Define the limitation for the speed of the downstream If you do not set the limit in this field th
175. en SIP Accounts After typing the settings refer to the following figure VigorPhoe 350 can register the extension to VigorIPPBX through WAN interface GJ 61 216 231 101fmainform cgi Set_Service_Domain htm 1068 1697 10 1295853122 1 draytek_swm Welcom Intemet Connectivity draytek_swm Vigor21 draytek_swm 2110 0 ftp O A igor2910 Firnware Call History Phone Book Phone Settings Calendar System Settings General SIP Settings SIP Accounts Network VigorIPPBX 3510 Series User s Guide SIP Account Settings This page allows you to set SIP account for this device SIP Account 1 Registration Enable Disable Registration ID Display Name ACL_Test Password Registration Server 61 216 230 25 Expire Time 360 wv DTMF Type RFC2833 Authentication Name il Proxy Server 61 216 230 25 Realm Address Voice Mail 1888 Pickup Code Send KeepAlive on off Mv Overlap dial Disable w Status registered Dray Tek Check the Registration Status Whether the registration is successful or not can be reviewed from the web configurator of VigorIPPBX 1 Open IP PBX gt gt PBX Status of VigorIPPBX device IP PBX gt gt PBX Status PBX Status Call Detail Records Extension Monitor 2 Click the link of Extension Monitor IP PBX gt gt PBX Status ST Extension Monitor Refresh Seconds 10 Refresh Name Extension
176. entify yourself to other people over the web sign your e mail messages encrypt your e mail messages and more depending upon the type of certificate you request Select a task oesecoseesesseessescesecssceeosoesesccossecoscesesecocseseesesoscecesosoecesossesocsesesscoesesseocsossesessssesesoeseesosoeeseceesessescsessesesssseccssssesessssesssesssssessesssesesg O Request a certificate O Check on a pending certificate 69 VigorIPPBX 3510 Series User s Guide 2 In Choose file to download click CA Certificate Current and Base 64 encoded and Download CA certificate to save the cer file Microsoft Certificate Services Microsoft Internet Explorer BRO RED HAO BORE IAM HAW a Or O HAO Axe kam Que O Lea FED http 172 16 2 179 certsrvicertcare asp yrz ta msn v ORI A ERRET ADEA MHRS G19 a Hotmail QB Messenger Q HAI MSN Microsoft Certificate Services vigor Retrieve The CA Certificate Or Certificate Revocation List Install this CA certification path to allow your computer to trust certificates issued from this certification authority tis not necessary to manually install the CA certification path if you request and install a certificate from this certification authority because the CA certification path will be installed for you automatically Choose file to download CA Certificate Previous vigor ODER encoded or Base 64 encoded Download CA certificate Download CA certificati
177. eous FTP Connections 5 Maximum 6 Default Charset Default Samba Service Settings Network Neighborhood Enable Disable Access Mode LAN Only OLAN And WAN NetBios Name Service Workgroup Name WORKGROUP Note 1 If Charset is set to default only English long file name is supported 2 Multi session ftp download will be banned by Router FTP server If your ftp client hawe multi connection mechanism such as Filezilla you may limit client connections setting ta 1 ta get better performance 3 4 workgroup name must not be the same as the hast name The workgroup name and the hast name can have as many as 15 characters and a host name can have as many as 23 characters but both cannot contain any of the following lt gt 4 7 General Settings Simultaneous FTP Connection This field is used to specify the quantity of the FTP sessions The router allows up to 6 FTP sessions connecting to USB storage disk at one time Default Charset At present Vigor router supports three types of character sets default GB2312 and BIGS Default ha Detault GB2312 BIGGS Default Charset is for English based file name For Simplified Chinese file directory names please choose GB2312 for Traditional Chinese file directory names choose BIGS Samba Service Settings Click Enable to invoke samba service via the router Access Mode LAN Only Users coming from internet cannot connect to the samba server of the router
178. er s Guide 78 Dray Te k ane Terminal bash 80x24 Last login Sat Jan 3 B2 24 16 on ttypi Welcome ta Darwin Vigorla draytekd ping 192 168 1 1 PING 192 168 1 1 192 168 1 1 56 data bytes 64 bytes from 192 165 1 1 tcomp_seq 6 ttl 255 times8 755 ms 64 bytes from 192 165 1 1 icmp_seg 1 ttl 255 times8 697 ms t bytes from 192 165 1 1 icmp_seg 2 ttl 255 times6 716 ms 64 bytes from 192 165 1 1 icmp_seg 3 ttl 255 timesh 731 ms 64 bytes from 192 168 1 1 tcmp_seq 4 ttl 255 timesh 72 ms AE 192 168 1 1 ping statistics EF packets transmitted 5 packets received 6 packet loss round trip minfgaygemax 0 697 6 7236 755 ms Vigoria draytekd fj 6 4 Checking If the ISP Settings are OK or Not Open Internet Access page and then check whether the ISP settings are set correctly WAN gt gt Internet Access Internet Access Index Display Name Physical Mode Access Mode WANI Ethernet Static or Dynamic IP Details Page WAN Ethernet Static or Dynamic P PPTP L2TP For PPPoE Users 1 Check if the Enable option is selected 2 Check if Username and Password are entered with correct values that you got from your ISP WAN gt gt Internet Access WAN 1 PPPoE Client Mode PPP MP Setup Enable Disable PPP Authentication PAP or CHAP Idle Timeout Ea second s IP Address Assignment Method IPCP WAN IP Alias ISP Access Setup Username 64005755 hinet_net Password Fixed IP
179. ernative Name Type IP Accept Subject Name Country C State ST Location L Orginizatian 0 Orginizatian Unit OU Common Name Ch4 Email E IP Address ka Profile Name Accept Any Peer ID Accept Subject Alternative Name Accept Subject Name VigorIPPBX 3510 Series User s Guide Type in a name in this file Click to accept any peer regardless of its identity Click to check one specific field of digital signature to accept the peer with matching value The field can be IP Address Domain or E mail Address The box under the Type will appear according to the type you select and ask you to fill in corresponding setting Click to check the specific fields of digital signature to accept the peer with matching value The field includes Country C State ST Location L Organization O Organization Unit OU Common Name CN and Email E 232 Dray Tek 5 7 5 Remote Dial in User You can manage remote access by maintaining a table of remote user profile so that users can be authenticated to dial in via ISDN or build the VPN connection You may set parameters including specified connection peer ID connection type ISDN Dial In connection VPN connection including PPTP IPSec Tunnel and L2TP by itself or over IPSec and corresponding security methods etc The router provides 32 access accounts for dial in users Besides you can extend the user accounts to the RADIUS server through the built in RADI
180. ertificate Services vigo Advanced Certificate Requests You can request a certificate for yourself another user or a computer using one of the following methods Note that the policy of the certification authority CA will determine the certificates that you can obtain Submit a certificate request to this CA using a form Submit a certificate request using a base64 encoded PKCS 10 file or a renewal request using a base64 encoded PKCS 7 file Request a certificate for a smart card on behalf of another user using the Smart Card Enrollment Station You must have an enroliment agent certificate to submit a request for another user Import the X509 Local Certificate Requet text file Select Router Offline request or IPSec Offline request below Microsoft Certificate Services vigor Submit A Saved Request Paste a base64 encoded PKCS 10 certificate request or PKCS 7 renewal request generated by an external application such as a web server into the request field to submit the request to the certification authority CA Saved Request pcre BEGIN CERTIFICATE REQUEST N MIIBg CCARMCAQAwWOTELMAKGAIUEBhMCVWFCXEDAO Baseb4 Encoded BgkahkiG9vOBCQEWEXByZXNZOGRYYX 1OZWsuY29t Certificate Request A4GNADCBiQKBGQODOYB7 wmZFf FhHNG IeQnGO3 Xk PKCS 10 or 7 h 4bp89c UF Sa LO ACGGiIM tc BOckdcZdPFFvIxXcP3 x GOATCTvVO OzpxroCwlJIT ILS4S50 Bn9v50951G v lt gt Lam Browse for a file to i
181. es one pure L2TP connection Must Specify the IPSec policy to be definitely applied on the L2TP connection Specify Remote Node Check the checkbox You can specify the IP address of the remote dial in user ISDN number or peer ID used in IKE aggressive mode Uncheck the checkbox This means the connection type you select above will apply the authentication methods and security methods in the general settings VigorIPPBX 351 s Gui 234 igor 3510 Series User s Guide 3 Dray Tek IKE Authentication Method IPSec Security Method Dray Tek Netbios Naming Packet Pass Click it to have an inquiry for data transmission between the hosts located on both sides of VPN Tunnel while connecting Block When there is conflict occurred between the hosts on both sides of VPN Tunnel in connecting such function can block data transmission of Netbios Naming Packet inside the tunnel Multicast via VPN Some programs might send multicast packets via VPN connection Pass Click this button to let multicast packets pass through the router Block This is default setting Click this button to let multicast packets be blocked by the router User Name This field is applicable when you select PPTP or L2TP with or without IPSec policy above Password This field is applicable when you select PPTP or L2TP with or without IPSec policy above Enable Mobile One Time Passwords mOTP Check this box to make the authentication with
182. esponding webpage with the categories listed on the box below Block restrict accessing into the corresponding webpage with the categories listed on the box below If the web pages do not match with the specified feature set here it will be processed with reverse action 209 VigorlIPPBX 3510 Series User s Guide 5 5 Bandwidth Management Below shows the menu items for Bandwidth Management Bandwidth Management 5 5 1 Sessions Limit A PC with private IP address can access to the Internet via NAT router The router will generate the records of NAT sessions for such connection The P2P Peer to Peer applications e g BitTorrent always need many sessions for procession and also they will occupy over resources which might result in important accesses impacted To solve the problem you can use limit session to limit the session procession for specified Hosts In the Bandwidth Management menu click Sessions Limit to open the web page Bandwidth Management gt gt Sessions Limit Sessions Limit Enable Disable Default Max Sessions Limitation List Index Start IP Max Sessions Specific Limitation starte E Maximum Sessions Time Schedule Index 1 15 in Schedule Setup Note Action and Idle Timeout settings will be ignored To activate the function of limit session simply click Enable and set the default session limit Enable Click this button to activate the function of
183. estion occurs and it still can remain the accuracy of DTMF tone SIP INFO Choose this one then the Vigor will capture the DTMF tone and transfer it into SIP form Then it will be sent to the remote end with SIP message OTF mode InBand InBand QutBand RF C2833 SIP INFO cisco format SIP IMFO nortel format OutBand rfc2833 Choose a number from 96 to 127 the default value was 101 This setting 1s available for the OutBand RFC2833 mode Select one of three codecs as the default for your VoIP calls The codec used for each call will be negotiated with the peer party before each session and so may not be your default choice The default codec is G 729A B it occupies little bandwidth while maintaining good voice quality Single Codec If the box is checked only the selected Codec will be applied The amount of data contained in a single packet The default value is 20 ms which means the data packet will contain 20 ms voice information This function can detect if the voice on both sides 1s active or not If not the router will do something to save the 7 Dray Tek bandwidth for other using Check it to invoke this function 4 1 4 9 SIP Trunk and Extension Configuration Backup This page allows you to backup or restore SIP Trunk and Extension Configuration to the host and restore them to the router if required IP PBX gt gt SIP Trunk and Extension Configuration Backup SIP Trunk Setting Backup Res
184. et OfficeLive L Peaddle Storage LJ Dropbox VigorIPPBX 351 s Gui 2 igor 3510 Series User s Guide 00 Dr ay Te k 5 4 2 URL Content Filter Profile To provide an appropriate cyberspace to users Vigor router equips with URL Content Filter not only to limit illegal traffic from to the inappropriate web sites but also prohibit other web feature where malicious code may conceal Once a user type in or click on an URL with objectionable keywords URL keyword blocking facility will decline the HTTP request to that web page thus can limit user s access to the website You may imagine URL Content Filter as a well trained convenience store clerk who won t sell adult magazines to teenagers At office URL Content Filter can also provide a job related only environment hence to increase the employee work efficiency How can URL Content Filter work better than traditional firewall in the field of filtering Because it checks the URL strings or some of HTTP data hiding in the payload of TCP packets while legacy firewall inspects packets based on the fields of TCP IP headers only On the other hand Vigor router can prevent user from accidentally downloading malicious codes from web pages It s very common that malicious codes conceal in the executable objects such as ActiveX Java Applet compressed files and other executable files Once downloading these types of files from websites you may risk bringing threat to your system For example an Ac
185. et Destined to 220 135 240 207 Port 213 The port redirection can only apply to incoming traffic To use this function please go to NAT page and choose Port Redirection web page The Port Redirection Table provides 20 port mapping entries for the internal hosts NAT gt Port Redirection Port Redirection Setto Factory Default Service Name Public Port Private IP Status a 1E 2 Be 4 ae 6 i 8 g 10 ao Pes s Pees Pes se Pee 2 lt lt 110 11 20 gt gt Next gt gt Press any number under Index to access into next page for configuring port redirection Dray Te k 159 VigorIPPBX 3510 Series User s Guide NAT gt gt Port Redirection Index No 1 Enable Mode Service Name Protocal WHAT IP Public Port Private IP Private Port Note In Range Mode the End IP will be calculated automatically once the Public Port and Start IP have been entered Enable Mode Service Name Protocol WAN IP Public Port Private IP Private Port Check this box to enable such port redirection setting Two options Single and Range are provided here for you to choose To set a range for the specific service select Range In Range mode if the public port start port and end port and the starting IP of private IP had been entered the system will calculate and display the ending IP of private IP automatically Enter the description of the specific network service Select the transport
186. et reserved bandwidth for HTTPS And click OK Bandwidth Management gt gt Quality of Service Class Index 2 Hame HTTPS DiffServ MO Status Local Address Remote Address CodePoint Service Type 10 Active Any Any ANY ANY 6 Click Setup link for WAN1 Bandwidth Management gt gt Quality of Service General Setup Setto Factory Default Class Class Class a Online Index Status Bandwidth Direction Others Bandwidth rere 1 a o Control Statistics WANT Enable 10000Kbps 10000Kbps Outbound 2595 259 259 2596 Inactive Status Setup WAN2 Enable 10000Kbps 10000Kbps Outbound 2595 2595 25 2596 Inactive Status Setup Class Rule Index Service Type Class 1 Class 2 i Edit Class 3 7 Check Enable UDP Bandwidth Control on the bottom to prevent enormous UDP traffic of VoIP influent other application Click OK Bandwidth Management gt gt Quality of Service General Setup Enable the QoS Control BOTH WAN Inbound Bandwidth Kbps WAN Outbound Bandwidth 10000 Kbps Class Name Reserved_bandwidth Ratio E mail 25 a 03 z k bs j Limited_bandwidth Ratio 2 Outbound TCP ACK Prioritize 8 If the worker has connected to the headquarter using host to host VPN tunnel Please refer to Chapter 3 VPN for detail instruction he may set up an index for it Enter the Dray Tek 51 VigorIPPBX 3510 Series User s Guide VigorIPPBX 3510 Series User s Guide 52 Class Name of Index 3 In this index he will set reserv
187. eway IP Fixed TX Packets TX Rate Vigor2820 Series e164 a LAN Status TX Packets RX Packets WAN IP Fixed RX Packets RX Rate 4175 3666 172 16 3 229 2556 126 Firewall Log VPN Log User Access Log CallLog WAN Log Others Network Information NetState Traffic Graph Time Host Message Jan 1 00 00 42 Vigor Dos syn_flood Block 10s 192 168 1 115 10605 gt 192 168 1 1 23 PR 6 tep len 20 40 394375 Jan 1 00 00 34 Vigor DoS icmp_flood Block 10s 192 168 1 115 gt 192 168 1 1 PR 1Gemp len 20 60 icmp 0 8 lt ADSL Status 185 VigorlIPPBX 3510 Series User s Guide 5 3 Objects Settings For IPs in a range and service ports in a limited range usually will be applied in configuring router s settings therefore we can define them with objects and bind them with groups for using conveniently Later we can select that object group that can apply it For example all the IPs in the same department can be defined with an IP object a range of IP address Objects Setting 5 3 1 IP Object You can set up to 192 sets of IP Objects with different conditions Objects Setting gt gt IP Object IP Object Profiles Setto Factory Default Index Name Index Name ww Iw IR IR IR IR MR IR IR N IR N ju EFPEBBRBBEEFBRBEBEER e ele epee epp pep Ne Set to Factory Default Clear all profiles Click the number under Index column for settings in detail VigorlPPBX 3510 Series
188. ext filter rule will branch to the specified filter set Select next filter rule to branch from the drop down menu Be aware that the router will apply the specified filter rule for ever and will not return to previous filter rule any more Select one of the APP Enforcement Profile settings created in CSM gt gt APP Enforcement Profile for applying with this router Please set at least one profile for choosing in CSM gt gt APP Enforcement Profile web page first For troubleshooting needs you can specify to record information for APP Enforcement Profile by checking the Log box It will be sent to Syslog server Please refer to section Syslog Mail Alert for more detailed information Select one of the URL Content Filter profile settings created in CSM gt gt URL Content Filter for applying with this router Please set at least one profile for choosing in CSM gt gt URL Content Filter web page first For troubleshooting needs you can specify to record information for URL Content Filter by checking the Log box It will be sent to Syslog server Please refer to section Syslog Mail Alert for more detailed information Select one of the Web Content Filter profile settings created in CSM gt gt Web Content Filter for applying with this router Please set at least one profile for anti virus in CSM gt gt Web Content Filter web page first For troubleshooting needs you can specify to record information for Web Content Filter by checking the
189. fora moment till the following page appears Connection Succeeded Please check the following item s to enable the AL AY or WCF or AS services on your router Enable Web Content Filter When such page appears you can enable or disable these services for your necessity Then click Finish Note The service will be activated and applied as the default rule configured in Firewall gt gt General Setup VigorIPPBX 351 s Gui 1 l igor 3510 Series User s Guide 70 Dray Tek 6 Now the web page will display the service that you have activated according to your selection The valid time for the free trial of these services 1s one month Server Enabled DrayTek Service Activation Service Name Start Date Expire Date Status Web Content filter 2010 11 18 2010 12 19 Commtouch Please check if the license fits with the service provider of your signature To ensure normal operation for your router update your signature again is recommended Copyright amp DrayTek Corp All Rights Reserved Later if you need to extend the license valid time you can also use the Web Filter Activation again to reach your goal by clicking the radio button of Formal edition with license key and clicking Next Select the service type that you want to activate This wizard is used for activating Web Content Filter Please choose the edition you need Free trial edition Formal edition with license key Service Activation Wizard Se
190. from WAN option and also check the setting within the profile of each extension required 8 Finally set an extension number to be registered by remote device Open IP PBX gt Extension and click any index number for setting the profile In the field of Internal Phone Extension Active click Enable In the field of Allow Remote Registration From check the box of WAN Re ternal Phone Extension Index 7 Internal Phone Extension Active Enable Disable Allow Remote Registration from Mlwan LIVEN Type SIP kd Extension Number 180 Display Name ACL_TEST Authentication L Use Display Name as authentication ID Password Cl Enable PPTP VPN Dial In for this Number Password E mail Address Send atest e mail Voice mail Password fo Mw Message Waiting Indication Notify User who Subscribed Force Notify User Allow to access these Trunks Msiri Msie Misipa lsipa Misis Ml sips PSTN1 MIPSTN2 MIPSTNS Ml PSTN4 ISDN TE1 M ISON TE M ISON TES Il ISDN TE4 Default Trunk Disable i Answer Mode MHo answer after 60 sec then Keep Ring Busy then Do Nothing f Not on line Do Nothing v 9 After finishing the settings click OK Dray Tek 83 VigorlPPBX 3510 Series User s Guide Configuration on Remote Device Now take a look at the remote device In this case VigorPhone 350 is selected as an example 1 Open the web configruator of VigorPhone 350 2 Op
191. g Filter Block Immediately v d Branch to Other Filter Set APP Enforcement URL Content Filter Web Content Filter Advance Setting Edit Check to enable the Check this box to enable the filter rule Filter Rule Dray Tek 177 VigorIPPBX 3510 Series User s Guide Comments Index 1 15 Direction Source Destination IP Service Type VigorIPPBX 3510 Series User s Guide Enter filter set comments description Maximum length is 14 character long Set PCs on LAN to work at certain time interval only You may choose up to 4 schedules out of the 15 schedules pre defined in Applications gt gt Schedule setup The default setting of this filed is blank and the function will always work Set the direction of packet flow LAN gt WAN WAN gt SLAN It is for Data Filter only For the Call Filter this setting is not available since Call Filter is only applied to outgoing traffic Click Edit to access into the following dialog to choose the source destination IP or IP ranges e http 192 168 1 1 IP Address Edit Microsoft Internet Explorer IP Address Edit Address Type Group and Objects v Start IP Address End IP Address Subnet Mask Invert Selection IP Group None xi or IP Object None vi or IP Object None 1 RD Department 2 Finanical Dept or IP Object 3 HR Department To set the IP address manually please choose Any Address Single Address Range Address Subnet Addres
192. g through you will hear the dial tone press outside line O and then press the mobile number 49 176999661 The IP phone with ext No 201 made a call to remote analog phone No 87654321 Press 888835 After getting through you will hear the dial tone press outside line O and then press the PSTN number 87654321 Dray Tek 31 VigorIPPBX 3510 Series User s Guide The mobile No 49 176999661 made a call to IP Phone with ext No 201 Press 12345678 After getting through you will hear the auto reply from the PBX then press the extension No 605 After getting through you can hear the dial tone then press ext No 201 The analog phone with ext No 602 made a call to IP phone with extension No 301 Press extension No 605 After getting through you will hear the dial tone then press the ext No 301 VigorIPPBX 3510 Series User s Guide 32 Dray Tek 3 2 Cost effective Extendability by Integrated Analog telephone Adapter for 24 Conventional Analog Phones amp POE switch for IP based phones pr e Extension Number at PSTN PBX Analog Phone O eaee35 Port 1 FXO 888835 605 a Port 2 FXO BaS836 606 Sresas21 Internet Migor3300V eam seen Port 3 FXO 888837 B07 Ta Port 4 FXO BERIE BOE Port 5 FXO 885839 609 1244 5678 Port 6 FXO itatni a 610 Port 7 FXO 868841 611 12348678 FXO Ports Port 8 FXO 888842 612 E PSTN i PER saee3s Vietnam gE Vigor PPBX 3510 P Fone SIP Server ex
193. gure a L TPIPSec connection using a pre shared key or a L2TP connection For more information please read the article O 40262 in the Microsoft Knowledgement Base Configure Step 1 Dial to ISP IF vou have already gotten a public IP you can skip this step Step 2 Connect to YPN Server Remove FPTF Status Mo connection ISP amp VPN amp Eoi In Step 2 Connect to VPN Server click Insert button to add a new entry If an IPSec based service is selected as shown below 47 VigorIPPBX 3510 Series User s Guide Dial To TEN P YPN Server IP HOST Nametsuch as 123 45 67 89 or draytek com 192 166 1 1 Password Type of VPN LTR COL2TP over IPSec PPTP Encryption C Use default gateway on remote network You may further specify the method you use to get IP the security method and authentication method If the Pre Shared Key is selected it should be consistent with the one set in VPN router IPSec Policy Sethng My IF i72 16 3 100 ka Type of IPSec Standard IPSec Tunnel Virture IP DrayTek Virture Interface ka Obtain an IP address automatically DHCP over IPSec Specify an IP address meea a Subnet Mask Security Method Medium AH Authority Method Certification Authority If a PPP based service is selected you should further specify the remote VPN server IP address Username Password and encryption method The User Name and Password should be
194. his protocol PPTP Setting Quick Start Wizard PPTP Client Mode WAN 1 Enter the user name password WAN IP configuration and PPTP server IP provided by your ISP User Name Password Confirm Password WAN IP Configuration Obtain an IP address automatically Specify an IP address IP Address Subnet Mask Gateway Primary DNS Second DNS PPTP Server L2TP Setting Quick Start Wizard L2TP Client Mode WAN 1 Enter the user name password WAN IP configuration and L2TP server IP provided by your ISP User Name Password Confirm Password WAN IP Configuration Obtain an IP address automatically Specify an IP address IP Address Subnet Mask Gateway Primary DNS Second DNS L2TP Server User Name Assign a specific valid user name provided by the ISP Password Assign a valid password provided by the ISP Confirm Password Retype the password Dray Tek 19 VigorlPPBX 3510 Series User s Guide Obtain an IP address automatically Specify an IP address Click it to obtain the IP address automatically Click it to specify some data manually IP Address Type the IP address Subnet Mask Type the subnet mask Gateway Type the gateway of the router Primary DNS Type the primary DNS address Secondary DNS Type the secondary DNS if required PPTP L2TP Server Type the IP address of the PPTP L2TP Server Click Next for viewing summary of such connection Quick Start
195. ia Vigor Router 1 Click CSM gt gt Web Content Filter Profile The following page will appear Web Filter License Status Not Activated Activate Setup Query Server auto selected Find more Setup Test Server lauto selected Find more Web Content Filter Profile Table Profile Name Default Profile et ae Or Setto Factory Default Name Click System Maintenance gt gt lt Activation to open the following page System Maintenance gt gt Activation Web Filter License Status Not Activated Authentication Message Activate via interface WAN 1 vi Activate WebFilter service not activate 2000 01 01 00 00 17 2 Click the Activate link A login page for MyVigor web site will pop up automatically This service is available for MyVigor member only Please login to access MyVigor If you are not one of the members of MyVigor please create an account first LOGIN Auth Code OOO O AYi GXZ If vou cannot read the word Click here Forget password Don t have a MyViger Account If you are having difficulty logging in contact cur customer service Customer Service BBG 3 597 2727 oF email to Wwebmastenadraytek com 3 Click the link of Create an account now Create an account now 4 Check to confirm that you accept the Agreement and click Accept Dray Tek a VigorIPPBX 3510 Series User s Guide Create an account Please enter personal profile
196. ication of this rule Select the protocol TCP UDP or TCP UDP for such triggering profile Type the port or port range for such triggering profile When the trigger packets received it is expected the incoming packets will use the selected protocol Select the protocol TCP UDP or TCP UDP for the incoming data of such triggering profile Type the port or port range for the incoming packets a Dray Tek Chapter 5 Advanced Web Configuration This chapter provides more advanced features for you to configure for VigorIPPBX router 5 1 Web Filter Activation Web Filter Activation can guide you to set WCF Web Content Feature feature with a quick way Note There are three ways to activate WCF on vigor router using Web Filter Activation by means of CSM gt gt Web Content Filter Profile or via System Maintenance gt gt Activation Web Filter Activation is a tool which allows you to use trial version or update the license of WCE directly without accessing into the server My Vigor located on http myvigor draytek com For using Web Content Filter Profile please refer to section 5 4 3 Web Content Filter Profile for detailed information Now please follow the steps listed below to activate WCF feature for your router 1 Open Advanced gt gt Web Filter Activation 2 The screen of Web Filter Activation will be shown as follows Choose the one you need and click Next In this case we choose to activate free trail e
197. ick the browse button of Router IP to search the IP address e g 192 168 1 1 of VigorIPPBX 3510 Click OK Select Router On Line Routers MIC Select MAC Address A 192 168 1 1 255 255 0 0 IF Ad i 192 165 1 1 igorlPPAs 3510 O0 50 F 21 CB C TEME 7 J 00 50 7F 46 78 9 72 163 250 Vigorz104 00 50 7F 42 13 3 i72 163 252 vigor i 4 OO S0 F 42 14 7 1 2 16 2 00 igorze2Z0 5 O0 50 F 46 34 E 1 2 16 2 4 igorProa 3300 O0 50 F 4 24 192 166 661 Vigor2900 series OO S0 F EE FF 1 lt iili gt Note Do not type the IP address in the field of Router IP directly VigorlPPBX 3510 Series User s Guide 58 Dray Tek 7 Choose Backup Setting as the Operation Mode L Firmware Upgrade Utility 3 6 2 Router IP sais id Save Config to Po VoIP Module File PO Operation Mode Password Time GubiSec 8 Next click the browse button of Save Config to for specifying the place that the Dray Tek configuration file stored Click OK L Firmware Upgrade Utility 3 6 2 kouter IP wait dG Save Config ta I VoIP Module File Operation Mode Please select a Folder Upgrade Backup Setting O Restore E Ej Desktop ai Ty Documents A My Music Stl My Pictures at My Computer E H 34 Floppy 4 4 E Se Local Disk C1 fa Local Disk 0 24 DYD Drive Es aS j Shared Documents Carrie s Documents 5 2 My Network
198. ide the peer will perform the same one way hash on the packet and compare the value with the one in the AH it receives Encapsulating Security Payload ESP is a security protocol that provides data confidentiality and protection with optional authentication and replay detection service VPN and Remote Access gt gt IPSec General Setup YPN IKE IPSec General Setup Dial in Set up for Remote Dial in users and Dynamic IP Client LAN to LAN IKE Authentication Method Pre Shared Key Confirm Pre Shared Key IPSec Security Method Medium 4H Data will be authentic but will not be encrypted High ESF MIDES l3apES MAES Data will be encrypted and authentic IKE Authentication Method This usually applies to those are remote dial in user or node LAN to LAN which uses dynamic IP address and IPSec related VPN connections such as L2TP over IPSec Dp VigorlPPBX 3510 Series User s Guide 30 Dray Tek and IPSec tunnel Pre Shared Key Currently only support Pre Shared Key authentication Pre Shared Key Specify a key for IKE authentication Confirm Pre Shared Key Retype the characters to confirm the pre shared key IPSec Security Method Medium Authentication Header AH means data will be authenticated but not be encrypted By default this option is active High Encapsulating Security Payload ESP means payload data will be encrypted and authenticated You may select encryption algorithm from Data Encryption Standard
199. igorIPPBX 3510 easily Therefore it is not safe due to the low security and the network shall be the object that hackers attack To enhance the security of the extension registration through WAN interface a new function of ACL is supported by VigorIPPBX 3510 The purpose of this function is to type the public IP of the remote device on VigorIPPBX 3510 Later such remote device can register the extension on VigorIPPBX 3510 through WAN interface That is only the specified IP address can register the extension on VigorIPPBX 3510 The network architecture can be described as follows Internet WAN IP 61 216 230 181 WAN IP 61 216 230 25 WAN IP 671 216 230 101 5 VigorTalk ATA24 VigorPhone 350 gt Analog Phone Hence when you want the remote device registering the extension to VigorIPPBX through WAN interface you can use ACL function to finish it VigorIPPBX 3510 Series User s Guide 80 Dray Tek Dray Tek Configuration on VigorIPPBX 1 First open the web user interface of VigorIPPBX router e g VigorIPPBX 3510 2 Open IP PBX gt gt PBX System gt gt SIP Proxy Setting Do not check Disable registration from WAN It means that VigorIPPBX allows to register extension through WAN interface IP PBX gt gt PBX System SIP Proxy Setting SIP Local Port s060 SIP Proxy Realm PBs com Parking Server Number ff Call Pickup Number ETF Local Fort Start 15050 RTP Local Port End 20000 L Disable
200. ile The message of 226 user prompts G 729 file has been uploaded successfully will appear Type quit to close FTP client 221 Goodbye Router will be reboot now will appear and the router will reboot Please follow the steps below to download G 729 user Prompts to your computer Dray Tek 1 oy a a Please use DOS BOX FTP client Windows built in FTP client utility to login VigorIPPBX FTP server Press Enter to pass authentication Type get v3510_ 729_userprompt ivr Wait for a while The message of 226 File sent OK will appear Type quit to close FTP client 125 VigorlIPPBX 3510 Series User s Guide 4 1 4 7 Tone Setting Tone setting is provided for fitting the telecommunication custom for the local area of the router installed Wrong tone setting might cause inconvenience for users To set the sound pattern of the phone set simply choose a proper region to let the system find out the preset tone settings and caller ID type automatically Or you can adjust tone settings manually if you choose User Defined TOn1 TOff1 TOn2 and TOff2 mean the cadence of the tone pattern TOn1 and TOn2 represent sound on TOffl and TOff2 represent the sound off IP PBX gt gt Tone Tone Settings Region UK 4 ISDN PCM Codec Caller ID Type Note The Router will reboot after changing ISDN PCN Codec Lov High Frequency Frequency Hz Hz Region Select the proper region which you are located The common settings of Caller ID Type
201. imultaneously All of the configuration made for web content filter will be deleted automatically Therefore please backup your data before you change the web content filter license Profile Index 1 Profile Name Default Black White List C Enable Action Block Action Groups Child Protection Select All Clear All Leisure Select All Clear All Business Select All Clear All Chating Select All Clear All Computer Internet select All Clear All Select All D er p Clear All Profile Name VigorIPPBX 3510 Series User s Guide Group Object Selections Log Block E Categories W Alcohol amp Tobacco Hate amp Intolerance V Porn amp Sexually School Cheating V Child Abuse Images Entertainment eeeeeneeens Business chat l Anonymizers Download Sites Search Engine Portals Malware illegal Software C Adv amp Pop Ups Compromised Finance News Politics Restaurants amp Dining General Image Sharing Private IP Addresses Criminal Activity Illegal Drug M violence V Sex Education Games Leisure amp Recreation C Job Search JInstant Messaging Forums amp Newsgroups Cl Streaming Downloads Cl Social Networking Botnets Jinformation Security Arts Dating amp Personals Government Non profits amp NGOs
202. ine the service level provided toward traffic from different domains Then each DS node in these domains will perform the priority treatment This is called per hop behavior PHB The definition of PHB includes Expedited Forwarding EF Assured Forwarding AF and Best Effort BE AF defines the four classes of delivery or forwarding classes and three levels of drop precedence in each class Vigor routers as edge routers of DS domain shall check the marked DSCP value in the IP header of bypassing traffic thus to allocate certain amount of resource execute appropriate policing classification or scheduling The core routers in the backbone will do the same checking before executing treatments in order to ensure service level consistency throughout the whole QoS enabled network Private Network DS domain 1 DS domain 2 However each node may take different attitude toward packets with high priority marking since it may bind with the business deal of SLA among different DS domain owners It s not easy to achieve deterministic and consistent high priority QoS traffic throughout the whole network with merely Vigor router s effort In the Bandwidth Management menu click Quality of Service to open the web page Bandwidth Management gt gt Quality of Service General Setup Setto Factory Default UDP 3 Index Status Bandwidth Direction Class Class Class Others Bandwidth Online 1 2 3 Control Statistics WANI Enable 10000Kbps 10000Kb
203. ion Password in this group Extension Group Name igarPhone for example sales Extension Group Number for example 100 Start Number of the extension Group for example 101 Number of extensions in this group for example 10 max 20 Index Group Name Group Extension Hunt List Max 20 Extension VigorPhone 910 911 920 in as i ee e Type the extension group name group number start number and number of extension fields Click OK to save them The new added group will be displayed on the screen Then click Next to access into next web page 3 Inthe SIP Trunk Setup page you can set up to six SIP profiles outside lines at one time IPPBX Wizard Sip Trunk Setup Index 1 Profle Name SalesMarket 11 characters max Poman panim 192 168 14 55 63 characters max Proxy nat draytel org 5065 63 characters max Account Number Name salesgroup 63 characters max Password oon 63 characters max Trunk number 001 3 characters max Index Profile Name Domain Realm Proxy Account Number Name Trunk Number SalesMarket 192 168 1 55 nat draytel org 5065 salesgqroup 00i 002 003 004 005 006 Type the profile name domain realm proxy account number name password and trunk number fields then click OK to save them The new added profile will be displayed on the screen tee ee flees te ee ee VigorlPPBX 3510 Series User s Guide 88 Dray Tek 4 Click Next to access into office hour setup
204. irmation 223 VigorlIPPBX 3510 Series User s Guide 5 6 4 UPnP The UPnP Universal Plug and Play protocol is supported to bring to network connected devices the ease of installation and configuration which is already available for directly connected PC peripherals with the existing Windows Plug and Play system For NAT routers the major feature of UPnP on the router is NAT Traversal This enables applications inside the firewall to automatically open the ports that they need to pass through a router It is more reliable than requiring a router to work out by itself which ports need to be opened Further the user does not have to manually set up port mappings or a DMZ UPnP is available on Windows XP and the router provide the associated support for MSN Messenger to allow full use of the voice video and messaging features Applications gt gt UPnP UPnP Enable UPnP Service C Enable Connection control Service C Enable Connection Status Service Note If you intend running UPnP service inside your LAN you should check the appropriate service above to allow control as well as the appropriate UPnP settings Enable UPNP Service Accordingly you can enable either the Connection Control Service or Connection Status Service After setting Enable UPNP Service setting an icon of IP Broadband Connection on Router on Windows XP Network Connections will appear The connection status and control status will be able to be activat
205. irst While connecting the router will use WAN1 as the first channel for VPN connection If WAN1 fails the router will use another WAN interface instead WANI Only While connecting the router will use WAN1 as the only channel for VPN connection WAN2 First While connecting the router will use WAN2 as the first channel for VPN connection If WAN2 fails the router will use another WAN interface instead WAN2 Only While connecting the router will use WAN2 as the only channel for VPN connection Pass click it to have an inquiry for data transmission between the hosts located on both sides of VPN Tunnel while connecting 237 VigorlIPPBX 3510 Series User s Guide Multicast via VPN Call Direction Always On or Idle Timeout Enable PING to Keep alive PING to the IP PPTP IPSec Tunnel L2TP with IPSec Policy VigorIPPBX 3510 Series User s Guide Block When there is conflict occurred between the hosts on both sides of VPN Tunnel in connecting such function can block data transmission of Netbios Naming Packet inside the tunnel Some programs might send multicast packets via VPN connection Pass Click this button to let multicast packets pass through the router Block This is default setting Click this button to let multicast packets be blocked by the router Specify the allowed call direction of this LAN to LAN profile Both initiator responder Dial Out initiator only Dial In responder
206. irst free checked port Port Description Printer O 3 250 Standard TCP IP Port Epson Stylus COLOR 1160 O P_1 Standard TCP IP Port O IP_1 Standard TCP IP Port HP Laserdet 1300 O P_1 Standard TCP IP Port O IP_1 Standard TCP IP Port M IP_1 Standard TCP IP Port Brother HL 1070 O POF LocalPort PDF995 Cx mm rmm 4 Apply sam 11 Select LPR on Protocol type p1 number 1 as Queue Name Then click OK Next please refer to the red rectangle for choosing the correct protocol and LPR name Configure Standard TCP IP Port Monitor Port Settings Port Name P_ 192 168 1 1 i Printer Name or IP Address 192 168 1 1 Protocol Raw LPR Raw Settings LPR Settings Queue Name CILPR Byte Counting Enabled C SNMP Status Enabled The printer can be used for printing now Most of the printers with different manufacturers are compatible with vigor router VigorlPPBX 3510 Series User s Guide 10 Dray Tek Note 1 Some printers with the fax scanning or other additional functions are not supported If you do not know whether your printer is supported or not please visit www draytek com to find out the printer list Open Support gt FAQ find out the link of Printer Server and click it then click the What types of printers are compatible with Vigor router link About DrayTek Products Support Partners Contact Us Home gt Support gt FAQ
207. ish or OK button Dray Tek 29 VigorlIPPBX 3510 Series User s Guide This page is left blank VigorlPPBX 3510 Series User s Guide 30 Dray Tek Chapter 3 Applications and Tutorials This chapter shows several scenarios for your reference to configure IP PBX for different purposes 3 1 Versatile PSTN and VolP Trunk SS Mobile in Germany 49 17699966561 Analog Phone 87654321 PSTN PEX FXO Sassi Vigor PPBX 3510 ys ee 888833 N D IP Phone is Analog Phone Ext 30 1 sipserver ed LAN AN Fax Internet y N Server W A SSS Analog Phone E _ on Anai i Analog Phone E t603 PC T pi nalog Phone 602 Y Ext601 RIP Camera The establishment of IP registration is made through WAN port The remote IP based phone with ext 301 is registered at a SIP server The remote IP based phone with ext 201 is registered at remote site The analog phone or fax machine is connected to FXS module The said VoIP No is 888833 The PSTN PBX is with PSTN line No 12345678 The remote analog phone line is No 87654321 The remote mobile phone is with No 49 176999661 The analog phones with ext No 601 602 603 604 are connected to PSTN PBX Connect one FXO port to PSTN PBX s inside line The extension No 605 line is assigned to the FXO port on FXO module The analog phone connected to FXS module made a call to remote mobile 49 176999661 Press 888835 After gettin
208. it Class 3 dit After you click the Edit link you will see the following page Now you can define the name for that Class In this case Test is used as the name of Class Index 1 Bandwidth Management gt gt Quality of Service Class Index 1 Name NO Status Local Address Remote Address DiffServ CodePoint 1 Empty S For adding a new rule click Add to open the following page Service Type Bandwidth Management gt gt Quality of Service Rule Edit ACT Remote Address any O OE DiffServ CodePoint ANY Service Type ANY w Mote Please choose setup the Service Type first ACT Check this box to invoke these settings Local Address Click the Edit button to set the local IP address on LAN for the rule VigorIPPBX 3510 Seri s Gui igor 3510 Series User s Guide 6 Dray Tek Remote Address Click the Edit button to set the remote IP address on LAN WAN for the rule Edit It allows you to edit source address information J http 192_168_1_1l doc QosIpEdt htm Microsoft Internet Explorer Address Type Subnet Address m Start IP Address 0 0 0 0 End IP Address Subnet Mask 0 0 0 0 Address Type Determine the address type for the source address For Single Address you have to fill in Start IP address For Range Address you have to fill in Start IP address and End IP address For Subnet Address you have to fill in Start IP address and Subnet Mask DiffServ CodePoint All the packet
209. it indicates all the ports except the port defined here when the first and last values are different it indicates that all the ports except the range defined here are available for this service type gt the port number greater than this value is available lt the port number less than this value is available for this profile Service Group Object Use the drop down list to choose the one that you want Specify the action for fragmented packets And it is used for Data Filter only Don t care No action will be taken towards fragmented packets Unfragmented Apply the rule to unfragmented packets Fragmented Apply the rule to fragmented packets Too Short Apply the rule only to packets that are too short to contain a complete header Specifies the action to be taken when packets match the rule Block Immediately Packets matching the rule will be dropped immediately Pass Immediately Packets matching the rule will be passed immediately Block If No Further Match A packet matching the rule and that does not match further rules will be dropped 179 VigorlIPPBX 3510 Series User s Guide Branch to other Filter Set APP Enforcement URL Content Filter Web Content Filter SysLog Advance Setting VigorIPPBX 3510 Series User s Guide Pass If No Further Match A packet matching the rule and that does not match further rules will be passed through If the packet matches the filter rule the n
210. ive state To add or edit port settings click one index number on the page The index entry setup page will pop up In each index entry you can specify 10 port ranges for diverse services SG 164 VigorlPPBX 3510 Series User s Guide 6 Dray Tek NAT gt gt Open Ports gt gt Edit Open Ports Index No 1 Enable Open Forts WAN Interface WANI w Local Computer 192 168 1 10 Choose PC Protocol Start Port End Port Protocol Start Port End Port iL 4500 4500 ie s 3 Enable Open Ports Check to enable this entry ne Hit UU CULL O A Comment Make a name for the defined network application service WAN Interface Specify the WAN interface that will be used for this entry Local Computer Enter the private IP address of the local host or click Choose PC to select one Choose PC Click this button and subsequently a window having a list of private IP addresses of local hosts will automatically pop up Select the appropriate IP address of the local host in the list Protocol Specify the transport layer protocol It could be TCP UDP or none for selection Start Port Specify the starting port number of the service offered by the local host End Port Specify the ending port number of the service offered by the local host 4 4 4 Address Mapping This page is used to map specific private IP to specific WAN IP alias If you have a group of IP Addresses and want to apply to the router please use WAN IP
211. k Tear Drop Block Ping of Death VigorIPPBX 3510 Series User s Guide default setting for threshold and timeout are 50 packets per second and 10 seconds respectively Port Scan attacks the Vigor router by sending lots of packets to many ports in an attempt to find ignorant services would respond Check the box to activate the Port Scan detection Whenever detecting this malicious exploration behavior by monitoring the port scanning Threshold rate the Vigor router will send out a warning By default the Vigor router sets the threshold as 150 packets per second Check the box to activate the Block IP options function The Vigor router will ignore any IP packets with IP option field in the datagram header The reason for limitation is IP option appears to be a vulnerability of the security for the LAN because it will carry significant information such as security TCC closed user group parameters a series of Internet addresses routing messages etc An eavesdropper outside might learn the details of your private networks Check the box to enforce the Vigor router to defense the Land attacks The Land attack combines the SYN attack technology with IP spoofing A Land attack occurs when an attacker sends spoofed SYN packets with the identical source and destination addresses as well as the port number to victims Check the box to activate the Block Smurf function The Vigor router will ignore any broadcasting ICMP echo request Ch
212. l applications such as Netmeeting or Internet Games etc Dray Tek Internet 161 Destined to 220 135 240 207 Protocol Any Port Any VigorIPPBX 3510 Series User s Guide The inherent security properties of NAT are somewhat bypassed if you set up DMZ host We suggest you to add additional filter rules or a secondary firewall Click DMZ Host to open the following page NAT gt gt DMZ Host Setup DMZ Host Setup WAN 1 Private IP fs Ch MAC Address of the True IP DMZ Host oo oo oo loo oo foo Note When a True IP DMZ host is turned on it will force the router s WAN connection to be always on WAN 2 Enable Private IP OK If you previously have set up WAN Alias for PPPoE or Static or Dynamic IP mode you will find them in Aux WAN IP for your selection NAT gt gt DMZ Host Setup DMZ Host Setup WAN 1 Index Enable Aux WAN IP Private IP 1 E 192 168 5 20 oOo e Enable Check to enable the DMZ Host function Private IP Enter the private IP address of the DMZ host or click Choose PC to select one Choose PC Click this button and then a window will automatically pop up as depicted below The window consists of a list of private IP addresses of all hosts in your LAN network Select one private IP address in the list to be the DMZ host VigorIPPBX 3510 Seri s Gui Sn igor 3510 Series User s Guide 6 Dray Tek 5 F niao a OX 13 168 1 10 1s 168 118 When you h
213. layer protocol TCP or UDP Select the WAN IP used for port redirection There are eight WAN IP alias that can be selected and used for port redirection The default setting is All which means all the incoming data from any port will be redirected to specified range of IP address and port Specify which port can be redirected to the specified Private IP and Port of the internal host If you choose Range as the port redirection mode you will see two boxes on this field Simply type the required number on the first box The second one will be assigned automatically later Specify the private IP address of the internal host providing the service If you choose Range as the port redirection mode you will see two boxes on this field Type a complete IP address in the first box as the starting point and the fourth digits in the second box as the end point Specify the private port number of the service offered by the internal host Note that the router has its own built in services servers such as Telnet HTTP and FTP etc Since the common port numbers of these services servers are all the same you may need to reset the router in order to avoid confliction For example the built in web configurator in the router is with default port 80 which may conflict with the web server in the local network http 192 168 1 13 80 Therefore you need to change the router s http port to any one other than the default port 80 to avoid conflict
214. le Index Name Rule Service Type Class 1 Edit Class 2 Edit Edit Class 3 dit After you click the Edit link you will see the following page Bandwidth Management gt gt Quality of Service User Defined Service Type NO Name Protocol Port 1 Empty For adding a new service type click Add to open the following page Bandwidth Management gt gt Quality of Service Service Type Edit Port Configuration Type Single Range Port Number boo z bo Service Name Type in a new service for your request Service Type Choose the type TCP UDP or TCP UDP for the new service Port Configuration Click Single or Range as the Type If you select Range you have to type in the starting port number and the end porting number on the boxes below Port Number Type in the starting port number and the end porting number here if you choose Range as the type By the way you can set up to 10 service types If you want to edit delete an existed service type please select the radio button of that one and click Edit Delete for modification VigorIPPBX 3510 Seri s Gui z igor 3510 Series User s Guide 8 Dray Tek 5 6 Applications Below shows the menu items for Applications 3 Applications 5 6 1 Dynamic DNS The ISP often provides you with a dynamic IP address when you connect to the Internet via your ISP It means that the public IP address assigned to your router changes each time you access the Internet The Dynami
215. lect the service type that you want to activate Please choose the item you want to use WCF service Web Content Filter Commtouch License Agreement Commtouch is the web content filter based on Commtouch operated in the worldwide Enter your License key Activation Date 2011 05 11 select JI have read and accept the above Agreement Please check this box Note The activation date is brought out by the server automatically and cannot be changed Dray Te k 171 VigorIPPBX 3510 Series User s Guide 5 2 Firewall 5 2 1 Basics for Firewall While the broadband users demand more bandwidth for multimedia interactive applications or distance learning security has been always the most concerned The firewall of the Vigor router helps to protect your local network against attack from unauthorized outsiders It also restricts users in the local network from accessing the Internet Furthermore it can filter out specific packets that trigger the router to build an unwanted outgoing connection Firewall Facilities The users on the LAN are provided with secured protection by the following firewall facilities User configurable IP filter Call Filter Data Filter Stateful Packet Inspection SPI tracks packets and denies unsolicited incoming data Selectable Denial of Service DoS Distributed DoS DDoS attacks protection IP Filters Depending on whether there is an existing Internet connection or in othe
216. lected Check this box to hide or present the caller ID to remote user CLIR Calling Line Identification Restriction hides the caller ID CLIP Calling Line Identification Presentation presents the caller ID 107 VigorlIPPBX 3510 Series User s Guide ISDN Global MSN mapping and route There are 50 rules of global MSN numbers which can be applied to all of the ISDN Trunk lines IP PBX gt gt ISDN Trunk List ISDN Global MSN mapping and route Index Global MSN Number Answer Mode Phone CLIR CLIP no gt no gt C4 oo s C4 no s oo s no 7 O oo 2 Oo no gt O amp S no o no lt lt 1 10 11 20 21 30 3140 41 50 gt gt Next gt gt Global MSN Number MSN Numbers mean that the router is able to accept only number matched incoming calls In addition MSN services should be supported by local ISDN network provider The router provides 50 fields for MSN numbers Note that MSN services must be acquired from your local telecommunication operators By default MSN function is disabled If you leave the fields blank all incoming calls will be accepted without number matching Answer mode Specify the way to process incoming phone calls which matched the MSN number for router Mot Used Mot Used Auto Attendant Forward To Extension Forward To Group Not Used The incoming call will be ignored if it matches with such global MSN number Auto Attendant The incoming call would be picked b
217. location on the network To avoid address conflicts IP addresses are publicly registered with the Network Information Centre NIC Having a unique IP address 1s mandatory for those devices participated in the public network but not in the private TCP IP local area networks LANs such as host PCs under the management of a router since they do not need to be accessed by the public Hence the NIC has reserved certain addresses that will never be registered publicly These are known as private IP addresses and are listed in the following ranges From 10 0 0 0 to 10 255 255 255 From 172 16 0 0 to 172 31 255 255 From 192 168 0 0 to 192 168 255 255 What are Public IP Address and Private IP Address As the router plays a role to manage and further protect its LAN it interconnects groups of host PCs Each of them has a private IP address assigned by the built in DHCP server of the Vigor router The router itself will also use the default private IP address 192 168 1 1 to communicate with the local hosts Meanwhile Vigor router will communicate with other network devices through a public IP address When the data flow passing through the Network Address Translation NAT function of the router will dedicate to translate public private addresses and the packets will be delivered to the correct host PC in the local area network Thus all the host PCs can share a common Internet connection Dray Tek 135 VigorIPPBX 3510 Series User s Guide Get Your
218. lso check the setting within the profile of each extension required a VigorIPPBX 3510 Seri s Gui He igor 3510 Series User s Guide Dray Tek SIP Local Port SIP Proxy Realm Parking Server Number Call Pickup Number RTP Local Port Start RTP Local Port End Disable registration from WAN Limit SIP Request WAN Enable ACL white list for WAN IP Edit ACL Dray Tek Set a port number as SIP local port The default setting is 5060 Type SIP service domain name In full SIP URI such is the part after symbol This number is used to communicate with the parking server and invoke the parking function The default setting number is 777 1 When you receive a phone call and need to go to the remote end to talk with the same caller you have to hold the phone call and transfer the call to this number from VoIP phone set 2 The parking sever will give you another voice number e g your parking number is XXXX Please remember it and hang up the phone set 3 Next use another phone set in remote end to communicate with that caller again by dialing the voice number X XXX Press the number specified here to pickup a call which is ringing on another extension For specific extension pickup press pickup number extension number for group pickup just press pickup number For example pickup number is 1 and 101 105 are set in the same hunt group When an incoming call rings extensio
219. lter and common options Here you can enable or disable the Call Filter or Data Filter Under some circumstance your filter set can be linked to work in a serial manner So here you assign the Start Filter Set only Also you can configure the Log Flag settings and Accept large incoming fragmented UDP or ICMP packets Click Firewall and click General Setup to open the general setup page Firewall gt gt General Setup General Setup Call Filter Data Filter Enable Start Filter Set Disable Enable Start Filter Set Disable Actions for default rule Application Filter APP Enforcement URL Content Filter Web Content Filter Advance Setting Action Profile Syslog Pass Mone Mone m o e N Mone ka LE Edit Accept large incoming fragmented UDP or ICMP packets for some games ex CS 3 Enable Strict Security Firewall Call Filter Data Filter Action Profile APP Enforcement URL Content Filter VigorIPPBX 3510 Series User s Guide Check Enable to activate the Call Filter function Assign a start filter set for the Call Filter Check Enable to activate the Data Filter function Assign a start filter set for the Data Filter Select Pass or Block for the packets that do not match with the filter rules Select one of the APP Enforcement Profile settings created in CSM gt gt APP Enforcement Profile for applying with this router Please set at least one profile for choo
220. max Call without Registration 5070 iptelorg O e 63 char mas iptelorg O o 63 char mas 23 char mas 63 char mas 63 char mas 63 char max O01 3 char max Main number Alias number Auto Attendant Auto Attendant Note SIP Local Port can not be equal ta PBX Proxy Port Profile Name Register via SIP Local Port Domain Realm Proxy Proxy Port Display Name Account Number Name Authentication ID Dray Tek Assign a name for this profile for identifying You can type similar name with the domain For example if the domain name is draytel org then you might set draytel in this field If you want to make VoIP call without register personal information please choose None and check the box to achieve the goal Some SIP server allows user to use VoIP function without registering Choosing Auto is recommended Set the port number for sending receiving SIP message for building a session The default value is 5070 Set the domain name or IP address of the SIP Registrar server Set domain name or IP address of SIP proxy server By the time you can type port number after the domain name to specify that port as the destination of data transmission e g nat draytel org 5065 Set port number for the proxy server The caller ID that you want it to be displayed on your friend s screen Enter your account name of SIP Address e g every text before Check the box to invoke this
221. me Use Browser Time Select this option to use the browser time from the remote administrator PC host as router s system time Use Internet Time Select to inquire time information from Time Server on the Internet using assigned protocol Time Protocol Select a time protocol Server IP Address Type the IP address of the time server Time Zone Select the time zone where the router is located Automatically Update Interval Select a time interval for updating from the NTP server Click OK to save these settings Dray Te k 261 VigorIPPBX 3510 Series User s Guide 5 10 7 Management This page allows you to manage the settings for access control access list port setup and SMP setup For example as to management access control the port number is used to send receive SIP message for building a session The default value is 5060 and this must match with the peer Registrar when making VoIP calls system Maintenance gt gt Management Management Setup Management Access Control Allow management from the Internet C FTP Server HTTP Server HTTPS Server Telnet Server C SSH Server Disable PING from the Internet Access List User Define Ports gt Default Ports Telnet Port Default 23 HTTP Port Default 80 HTTPS Port Default 443 FTP Port Default 21 SSH Fort Default 22 SNMP Setup C Enable SNMP Agent E Trap Community Notification Host IF Oooo e Router Name Allow management from the Inter
222. me for such group Type extension number for such group Use the drop down menu to choose rule for such group Simultaneously Choose such rule can make all the phones in the groups ring while receiving incoming calls Sequentially Choose such rule can make all the phones in the groups ring one by one while receiving incoming calls Set the timeout for such group The default setting is 60 seconds After timeout the system will execute overflow rule selected below When the hunt group does not have any response to an incoming call the call will be processed with the way chosen here such as being terminated keeping ringing forwarding to certain group forwarding to certain extension or leaving voice mail and so one If you choose Forward to Group or Forward to Extension a drop down box will appear for you to choose the extension group to transfer to 117 VigorlIPPBX 3510 Series User s Guide Terminate Terminate keep Ringing Forward to Group Forward To Extension oice lail Add gt gt Click this button to move the selected item in Available area to Chosen area Add All Click this button to move all of the items in Available area to Chosen area Remove lt lt Click this button to move the selected item in Chosen area to Available area Remove All Click this button to clear all of the selections in Chosen area Move Up Click this button to move the selected item to the upper place Move Down Click this
223. mitted via voice channel no fax relay and no Codec change will be involved T 38 Relay Use T 38 Fax Relay This is the default value Bypass Once FAX is detected the Codec will automatically switch to a high bit rate type G 711a u or G 726 to make sure FAX can transmit successfully If this option is selected the Vigor router will apply these two following settings FAX Bypass Codec and FAX Bypass Codec Rate a Dray Tek FAX Bypass Codec FAX Bypass Code Rate Phone Extension Active Extension Number E mail Address Voice mail Password DTMF Codec Dray Tek Select one option to be applied if FAX mode is configured as Bypass mode FAX Mode Pro e FAX Bypass Codec kbps FAX Bypass Codec Rate KEMMIS ANC aE G 711A PCMU 64kbps G 726 32kbps Select one option 20 or 40 to be applied if FAX mode is configured as Bypass mode The stability for the faxing result of documents with codec rate 20ms is higher than 40ms FAX Bypass Codec G 11U PCMU 64kbps FAX Bypass Codec Rate 20ms Click Enable to invoke this function If you do not check this box the extension number set here will not work Type the number of extension for such index The default number is 901 Voice mail can be sent to the specified e mail address for the user to check and listen Send a test e mail Make a simple test for the e mail address specified in this page Please assign the mail address first and click this butt
224. mode time You can specify it with Auto Attendant AA or forward it to any Extension or Group directly Auto Attendant w Auto Attendant Forward To Extension Forward To Group VigorIPPBX 351 s Gui l igor 3510 Series User s Guide 00 Dray Tek Alias List Click the Alias List link to access into the configuration page as shown below IP PBX gt gt Alias Alias List Index Profile Name Number Office Hours Non Office Hours Active Trunk 1 Auto Attendant Auto Attendant No es Auto Attendant Auto Attendant No J Auto Attendant Auto Attendant No 4 Auto Attendant Auto Attendant No 3 Auto Attendant Auto Attendant No b Auto Attendant Auto Attendant No T Auto Attendant Auto Attendant No a Auto Attendant Auto Attendant No 5 Auto Attendant Auto Attendant No 10 Auto Attendant Auto Attendant No lt lt 1 10 11 20 21 30 31 40 41 50 gt gt Next gt gt Profile Name Display the alias name for such sub account Number Display the phone number of such account Office Hours Display the selected answer mode for office hours Non Office Hours Display the selected answer mode for non office hours Active Display current activation status for such account enabled or disabled Trunk Display the SIP Trunk for such sub account attached You can set 50 profiles as alias for SIP Trunk list Click the number under Index to set detailed configuration IP PBX gt gt Alias Alias 1 Active O Enable Disable Alias Name Alias N
225. mp group setup please click Next Dray Tek Cancel 25 VigorlIPPBX 3510 Series User s Guide 2 3 2 SIP Trunk Setup This page allows you to set profiles for six SIP outside lines at one time IPPBX Wizard Sip Trunk Setup Index 1 Profile Name ee 11 characters max Domain Realm Ooo 63 characters max Proxy ee 63 characters max Account Number Name fs 63 characters max Password fs 63 characters max Trunk number 001 3 characters max Index Profile Name Domain Realm Proxy Account Number Name Trunk Number oo1 002 003 004 005 006 ee ie i i i Profile Name Type a name for this profile for identifying Domain Realm Set the domain name or IP address of the SIP Registrar server Proxy Set domain name or IP address of SIP proxy server By the time you can type port number after the domain name to specify that port as the destination of data transmission e g nat draytel org 5065 Account Number Name Enter your account name of SIP Address Password Type the password which will be used in registration for SIP service for this profile Trunk Number There are two ways to dial outside lines for an extension number First dial a short number and wait for a while When dial tone appears please dial the real outside line number Second dial a short number and then the real outside line number without waiting for dial tone The short number is defined here as Trunk Number VigorlPPBX 3510 Serie
226. n 101 the extension 102 105 can just dial 1 to pickup the call However if the extension 106 wants to pickup that call it needs to dial 1101 If your VoIP service provider gave you such information please type the port number for RTP traffic Otherwise keep the default setting For one port number used type the same port number in RTP Local Port Start and RTP Local Port End fields To set a range for port numbers type different port numbers in RTP Local Port Start and RTP Local Port End fields Check this box to disable the extension registration from WAN side It can prevent unauthorized users to use your system If this option is unticked you can enable certain extensions to register from WAN VPN on individual extension profile page Choose this item to restrict number of request per second from WAN side Such function allows the remote client registered to this IPPBX via WAN connection ACL is the abbreviation of Access Control List This function is used to add or delete the WAN IP address es of the clients who want to register extension number to IPPBX Click this link to open a pop up dialog 115 VigorlIPPBX 3510 Series User s Guide 3 http 192_ 168 1 1 Router Web Configurator Microsoft Internet Explorer ACL Index Remote WAN IP 1 172 16 3 88 2 172 16 3 55 3 172 16 3 96 Remote WAN IP In the field of Remote WAN IP type the WAN IP address of the client Click Add It will be added
227. n WAN 1 Green Off Blinking Right LED Green Off VigorIPPBX 3510 Series User s Guide Explanation The router is powered on The router is powered off The router is powered on and running normally The router is not ready or failed The WAN connection is ready It will blink while transmitting data CDR utility has been installed and is recording CDR utility has not been installed or is unable to record A USB device is connected and active The data is transmitting Storage NAND flash or USB disk is full The VPN tunnel is active The profiles of CSM Content Security Management for IM P2P URL Content Filter Web Content Filter application is enabled from Firewall gt gt General Setup These profiles can be established under CSM menu The QoS function is active The port is connected The port is disconnected The data is transmitting The port is connected with 100Mbps The port is connected with 10Mbps The port is connected The port is disconnected The data is transmitting The port is connected with 100Mbps The port is connected with 10Mbps Dray Tek Description for Connectors Interface Description Factory Reset Restore the default settings Usage Turn on the router ACT LED is blinking Press the hole and keep for more than 5 seconds When you see the ACT LED begins to blink rapidly than usual release the button Then the router will restart with the factory default c
228. n the window Dray Tek 269 VigorlPPBX 3510 Series User s Guide 5 11 7 Data Flow Monitor This page displays the running procedure for the IP address monitored and refreshes the data in an interval of several seconds The IP address listed here is configured in Bandwidth Management You have to enable IP bandwidth limit and IP session limit before invoke Data Flow Monitor If not a notification dialog box will appear to remind you enabling it Click Diagnostics and click Data Flow Monitor to open the web page You can click IP Address TX rate RX rate or Session link for arranging the data display Diagnostics gt gt Data Flow Monitor Enable Data Flow Monitor Refresh Seconds Page Refresh Index IP Address TX rate Kbps Sessions Action RX rate Kbps Current Peak Speed Current f Peak Speed Current Peak WANI 172 16 3 102 1 z 1455 Auto 6 460 Auto a WAN BS 070 Auto 070 Auto SEs Total 1 z 1455 Auto 6 460 Auto 3T f ITE Mote 1 Click Block to prevent specified PC from surfing Internet for 5 minutes 2 The IP blocked by the router will be shown in red and the session column will display the remaining time that the specified IP will be blocked 3 Kkbpsi shared bandwidth residual bandwidth used Current Peak are average Enable Data Flow Monitor Check this box to enable this function Refresh Seconds Use the drop down list to choose the time interval of refreshing data flow that
229. name as a display for this extension group Extension Group Number Type the number of extension for such group VigorIPPBX 3510 Series User s Guide 24 Dray Tek Start Number of the extension Group Number of extension in this group Extension Password in this group Type the start extension number for such group Type the total number of the extension for such group Type the password All the extensions in this group that need to register to IPPBX respectively must use such password for the registration When you finish the settings of group name group number start number number of extension fields please click OK to save them The new added group will be displayed on the screen You can set 10 groups for using in different conditions Then click Next to access into next web page Below shows an example for your reference IPPBX Wizard Extension amp Groups Setup Index 5 Extension Group Name Extension Group Number Start Number of the extension Group Number of extensions in this group Extension Password in this group So for example 2051 for example 4 hy im A for example for example sales 100 101 10 max 20 Index Group Name Group Extension Hunt List Max 20 Extension 1 SME E 201 2011 2015 2 SMB W 202 2021 2026 2 Gov C 203 2031 2037 4 Healthcare 204 2041 2043 D TSS 205 2051 2054 6 i a 9 10 After finishing the extension a
230. ncganranesesenntanystanvasnazesaaceeansanuauangaccace 93 AN as TEXAS IS IOI essers E Ea a EEEE EEEE eis 94 Te TUR e E dea Monehedadavelaaatonsvndabiensuatytieeds 97 aW SAD E a Al A E E E E EE E E E E E 109 4 1 4 PBX SYStOM o cccccccecececescssececescscecsceccevevaceueevevaceeseseceuevevaceversevavvervevacnnereevasnnentevacen 114 Me US aa A aa tase teases E E 134 A2 WAN coa E A A 135 4 2 1 Basics of Internet Protocol IP N tWOrk cceccceseseeeeseeseeeeeeseeeseeeeeeseeeeesaeeeeeens 135 4 2 2 Network Connection by 3G USB Modem ccccccccccccceeseeesseeeeeeeeessaeeeeeeeeeessaeaaeees 136 sy AC MSN hl OS NI A A E ast E E E E E E T 137 4 2 4 Internet ACCESS cccccccsssccecseeeeecceeeeeecaeeeeeeseeseeeeeaseeessaeeeeseeseeeseaeeessaneeessegeeeesseeeeneas 139 4 2 5 L0aG Balance PONCY socsccccivzicertncavasacdentdersedcendauamedsendasinet aaaea RAe Ta Ria 146 AS CAN asana EEEE EAEE OAE EE 148 ao ASICS ONEA Na E hiansmaumccoatadneatantondmunennaciatoussnnends 148 4 3 2 General SCtuP ccccccccccccceesesssseseeeeeeeeeeeeeeeeeeeeaaaeeasseeeeeeeeeeeeeeeeeeeesauaaaasseeeeeeeeeeeees 150 UC ROUTE arieni nea i E e EE i E E RES 153 CE PE E E A E AE EE A A E E E T A 155 AB SIU OMA en a E E 157 AA NAT or vow aitnes Misa cape peau dann ayaa aieswouuaie puede duedeunatuaposuadaatincaawe uengdcnwuveadnedieds 158 4 4 1 Port Redirection cccceececcccesseeeecceeeseeeecceeauceeecausseeeeessauseeeeessauseceesssaaseeeesssageeessaas 15
231. ne Time Passwords mOTP Allowed Dial In Type PIN Cade Pe PPTP Secret IPSec Tunnel l IKE Authentication Method L2TP with IPSec Policy Mone Pre Shared Key CO Specify Remote Node fs Remote Client IP DO E LI Digital Signature 509 orPeerID o Netbios Naming Packet Pass Block IPSec Security Method Multicast via VPN OPass Block Mediumi AH for some IGMP IP Camera OHCP Relay etc 4 Hight ESF DES IDES AES Local ID foptional User account and Enable this account Check the box to enable this function Authentication Idle Timeout If the dial in user is idle over the limitation of the timer the router will drop this connection By default the Idle Timeout is set to 300 seconds Allowed Dial In Type PPTP Allow the remote dial in user to make a PPTP VPN connection through the Internet You should set the User Name and Password of remote dial in user below IPSec Tunnel Allow the remote dial in user to make an IPSec VPN connection through Internet L2TP with IPSec Policy Allow the remote dial in user to make a L2TP VPN connection through the Internet You can select to use L2TP alone or with IPSec Select from below None Do not apply the IPSec policy Accordingly the VPN connection employed the L2TP without IPSec policy can be viewed as one pure L2TP connection Nice to Have Apply the PSec policy first if it 1s applicable during negotiation Otherwise the dial in VPN connection becom
232. ne calls No answer after When the incoming phone call is not picked up it will be processed by keeping ringing forwarding to certain extension or group or SIP Trunk Please specify the waiting time and determine the way you want to process keep Ring Forward To Extension Forward To Group Forward To SIP Trunk Busy then When this extension number is busy you can forward the incoming phone call to other extension number or group or SIP Trunk Do Nothing ke Do Nothing Voice Mlail Forward To Extension Forward To Group Forward To SIP Trunk Not on line When this extension number is not online you can forward the incoming phone call to other extension number or group or SIP Trunk Do Nothing o B Do Nothing oice Wlall Forward To Extension Forward To Group Forward To SIP Trunk 4 1 2 Trunks The number of PSTN and or ISDN line is determined by the VoIP FXS FXO ISDN module installed onto the device Therefore it is up to 8 PSTN lines or 8 ISDN TE lines depending on what type of card installed Besides 6 SIP accounts are provided for registering to other IPPBX device Users can set them respectively from SIP Trunk PSTN Trunk and ISDN Trunk IP PBX gt gt Line Setting Line Setting SIP Trunk PSTN Trunk ISDN Trunk D P ay Te k 97 VigorIPPBX 3510 Series User s Guide Available settings for this menu will be changed according to the ISDN module FXS module or FXO module i
233. net Disable PING from the Internet Access List Default Ports User Defined Ports VigorIPPBX 3510 Series User s Guide Trap Timeout seconds Type in the router name provided by ISP Enable the checkbox to allow system administrators to login from the Internet There are several servers provided by the system to allow you managing the router from Internet Check the box es to specify Check the checkbox to reject all PING packets from the Internet For security issue this function is enabled by default You could specify that the system administrator can only login from a specific host or network defined in the list A maximum of three Ps subnet masks is allowed List IP Indicate an IP address allowed to login to the router Subnet Mask Represent a subnet mask allowed to login to the router Check to use standard port numbers for the Telnet and HTTP servers Check to specify user defined port numbers for the Dray Tek Telnet HTTP and FTP servers Enable SNMP Agent Check it to enable this function Get Community Set the name for getting community by typing a proper character The default setting is public Set Community Set community by typing a proper name The default setting 1s private Manager Host IP Set one host as the manager to execute SNMP function Please type in IP address to specify certain host Trap Community Set trap community by typing a proper name The default setting is public
234. nformation about firmware update please refer to 4 5 Upgrade Firmware for VigorIPPBX 3510 for detailed operation 5 10 10 Activation There are three ways to activate WCF on vigor router using Advanced gt gt Web Filter Activation by means of CSM gt gt Web Content Filter Profile or via System Maintenance gt gt Activation After you have finished the setting profiles for WCF refer to the section of Web Content Filter Profile it is the time to activate the mechanism for your computer Click System Maintenance gt gt Activation to open the following page for accessing http myvigor draytek com System Maintenance gt gt Activation Activate via interface AN 1 w Web Filter License Activate Status Not Activated Authentication Message WebFilter Service not activate 2000 01 01 00 00 17 Mote If you want to use email alert or syslog please configure the SysLog Mail Alert Setup page If you change the service provider the configuration of the function will be reset Activate via Choose WAN interface used by such device for activating Web Interface Content Filter Activate via interface auto selected WAN 1 AN 2 Activate The Activate link brings you accessing into www vigorpro com to finish the activation of the account and the router Authentication As for authentication information of web filter the process of Message authenticating will be displayed on this field for your reference
235. ng E mail Instant messaging etc lt VPN mom i 3 5G HSDPAUSB Moedm After connecting into the router 3G USB Modem will be regarded as the second WAN port However the original Ethernet WAN still can be used and Load Balance can be done in the router Besides 3G USB Modem in WAN2 also can be used as backup device Therefore when WAN1 is not available the router will use 3 5G for supporting automatically The supported 3G USB Modem will be listed on Draytek web site Please visit www draytek com for more detailed information Internet Below shows the menu items for Internet Access VigorIPPBX 351 s Gui igor 3510 Series User s Guide 36 Dray Tek 4 2 3 General Setup This section will introduce some general settings of Internet and explain the connection modes for WANI and WAN2 in details This router supports dual WAN function It allows users to access Internet and combine the bandwidth of the dual WAN to speed up the transmission through the network Each WAN port WAN1 through WAN port WAN2 through LAN4 port can connect to different ISPs Even if the ISPs use different technology to provide telecommunication service such as Cable modem etc If any connection problem occurred on one of the ISP connections all the traffic will be guided and switched to the normal communication port for proper operation Please configure WANI and WAN2 settings This webpage allows you to set general setup for WAN1 and WAN
236. nk Number Active ik 5 905 v 2 6 906 V 3 7 907 Y 4 B 908 V MIPSTN Trunk Auto Hunt 555 Index Display the number that you can click to edit the trunk profile Group Display the name of each entry Trunk Number Display the default trunk number of each entry Active V means current trunk number is available PSTN Trunk Auto Hunt When a user wants to dial PSTN number out he can dial the number specified here e g 555 to make the router VigorIPPBX 351 s Gui 102 igor 3510 Series User s Guide 0 Dray Tek automatically hunting an available PSTN line for it The default number is 555 Change the number if you want For example you want to use PSTN Trunk 1 for dialing out After pressing the PSTN Trunk number for PSTN Trunk 1 the system will inform you that PSTN Trunk 1 is busy for someone is used for dialing out You can wait until the line is available or simply dialing the number specified here to make the system choosing an available line to dial out Please click any number under Index to set detailed configuration IP PBX gt gt PSTN Trunk List PSTN Trunk Index 1 Phone Extension Active Trunk Number Manual Disconnection PIN Code PIN Code Mode Off Net PIN Code On Net PIN Code Answer Mode Office hours answer mode Mon Office hours answer mode Allow to access these Trunks Enable Disable AOS 7 char mas Disconnect Enable Disable 0000 OQ Enable Disable 0000 Auto
237. nsert Certificate Template Administrator v Administrator Additional Attribu Authenticated Session Basic EFS _ EFS Recovery Agent Attributes JUser Router Offline request Subordinate Certification Authority Web Server Then you have done the request and the server now issues you a certificate Select Base 64 encoded certificate and Download CA certificate Now you should get a certificate cer file and save it 67 VigorIPPBX 3510 Series User s Guide 5 Back to Vigor router go to Local Certificate Click IMPORT button and browse the file to import the certificate cer file into Vigor router When finished click refresh and you will find the below window showing END CERTIFICATE REQUEST E Certificate Management gt gt Local Certificate 509 Local Certificate Configuration Mame Subject Status Modify Local C TW ST HS O Draytek OU RD Requesting GENERATE IMPORT REFRESH x509 Local Certificate Request HIIBnTCCAQYC AGAWETELMNAKGALIUEBHMNCVFexC za BQNVE AgGTAKhTMRAwDGYD VOOK EwdEcmF 5dGVr Mos wCOYDVOQOLEwISRDELMCAGCS GS Ib3s DORI aRYTesVwceGoydEBk cmF SdGVre Live TCRnz anbokqhkiG9 wOBAGEF AAOB OAwgYkCGYEAyZELVTVE yt ix OTS 25 20dw l Re ltvlHnivwm MFCOyox ZEwNEG464dGY1L3S AvITduHHoo240Mlx026 maSVORt 7 7HbNOd nsspixkroFgkenkbNLdaghiooc la YN smGb4N Pho4vVNolva dKiyhPip 202 0WsCddxh 4223 Ysdms60C AvE ALAN LOGCS GS Ihs DOEBBOUALIGE AGNESOT1LY445sqkwiltnibIvdadF
238. nstalled on the IP PBX PSTN Trunk is available when the FXO module is installed well ISDN Trunk is available when the ISDN module is installed well 4 1 2 1 SIP Trunk This page allows you to set profiles for six SIP trunk lines at one time IP PBX gt gt SIP Trunk List SIP Trunk List Pefresh Seconds Refresh Index Profile Name DomainfRealm Proxy Aoun Trunk Number Status Number Name iP ooi 2 002 3 003 4 004 5 005 6 006 R Success registered on SIP server Alias List Fail to register on SIP server Profile Name Display the name for such main account Domain Realm Display domain name or IP address of the SIP Registrar server Proxy Display the domain name or IP address of SIP proxy server Account Number Name Display the account name of SIP Address Trunk Number Display the short number for such account Status Display current status for the account successful registration or failed registration Alias List Allows you to set sub accounts for the main accounts in SIP Trunk VigorlPPBX 3510 Series User s Guide 98 Dray Tek Please click any number under Index to set detailed configuration IP PBX gt gt SIP Trunk List SIP Trunk Index 1 Profile Name Register via SIP Local Port Domain Reallm Proxy Proxy Port Display Name Account NumberName Authentication ID Passward Expiry Time Trunk number Qut gaing call CLI Office Hours answer mode Non Office hours answer mode 11 char
239. nt Dray Tek 23 VigorIPPBX 3510 Series User s Guide 2 3 IPPBX Wizard IPPBX Wizard can guide the user to configure the required settings for this router within several steps All the settings also can be configured by using IP PBX menu However the wizard is the most convenient and easy method for users VigorIPPBX 3510 IPPBX Wizard Dray Tek www draytek com Jf Prex wizard Extension amp Groups Se Extension Group Name Number of extensions in Advanced Product Registration aC aa e ae ae 2 3 1 Extension amp Group Setup tup Index 1 Extension Group Number Start Number of the extension Group this group Extension Password in this group Index Group Name Group Extension for example for example for example for example sales 100 101 10 max 20 Hunt List Max 20 Extension Click IPPBX Wizard You can get the first screen as shown below IPPBX Wizard Extension amp Groups Setup Index 1 Extension Group Name Extension Group Number Start Number of the extension Group Number of extensions in this group Extension Password in this group Index Group Name Group Extension a ie cE 4 3 6 i 8 E 10 lt Back Next gt Finish for example for example for example for example sales 100 101 10 max 20 Hunt List Max 20 Extension Extension Group Name Type a
240. nternal IP addresses of local hosts to be translated into one public IP address thus you can have only one IP address on behalf of the entire internal hosts Enhance security of the internal network by obscuring the IP address There are many attacks aiming victims based on the IP address Since the attacker cannot be aware of any private IP addresses the NAT function can protect the internal network On NAT page you will see the private IP address defined in RFC 1918 Usually we use the 192 168 1 0 24 subnet for the router As stated before the NAT facility can map one or more IP addresses and or service ports into different specified services In other words the NAT function can be achieved by using port mapping methods Below shows the menu items for NAT 1 VigorlPPBX 3510 Series User s Guide 58 Dray Tek 4 4 1 Port Redirection Port Redirection is usually set up for server related service inside the local network LAN such as web servers FTP servers E mail servers etc Most of the case you need a public IP address for each server and this public IP address domain name are recognized by all users Since the server is actually located inside the LAN the network well protected by NAT of the router and identified by its private IP address port the goal of Port Redirection function is to forward all access request with public IP address from external users to the mapping private IP address port of the server Intern
241. number Caller_ID Add the trunk number before caller ID Caller_ID only Only show the caller ID PIN code mode is used to do authentication for this trunk line when a caller wants to make phone call via this trunk Check for VoIP to ISDN Calls Click Enable to invoke this setting For example a caller calls from UK via SIP trunk to this IPPBX Then he wants to use ISDN trunk to 131 VigorlIPPBX 3510 Series User s Guide DTMF Mode Prefer Codec Code Rate Codec VAD VigorIPPBX 3510 Series User s Guide make a local mobile phone call Before the caller makes the call he needs to enter PIN code for authentication to make sure he can use this trunk line Check for ISDN to VoIP Calls Click Enable to invoke this setting Type the PIN code number to make on net call to PSTN trunk When A caller makes a call via ISDN to IPPBX and wants to use SIP Trunk for example draytel account to make an international phone call He must use such PIN code to control if he can use it or not There are four DTMF modes for you to choose InBand Choose this one then the Vigor will send the DTMF tone as audio directly when you press the keypad on the phone OutBand Choose this one then the Vigor will capture the keypad number you pressed and transform it to digital form then send to the other side the receiver will generate the tone according to the digital form it receive This function is very useful when the network traffic cong
242. o Live Type a value for connection time to live If you choose Bridged IP as the protocol you can check this box to invoke the function The router will work as a bridge modem PPP Authentication Select PAP only or PAP or CHAP for PPP If you want to connect to Internet all the time you can check Always On Idle Timeout Set the timeout for breaking down the Internet after passing through the time without any action Usually ISP dynamically assigns IP address to you each time you connect to it and request In some case your ISP provides service to always assign you the same IP address whenever you request In this case you can fill in this IP address in the Fixed IP field Please contact your ISP before you want to use this function WAN IP Alias If you have multiple public IP addresses and would like to utilize them on the WAN interface please use WAN IP Alias You can set up to 8 public IP addresses other than the current one you are using Notice that this setting is available for WANI only WAROIP Alias Windows Internet Explorer WANO IP Alias Multi NAT Index Enable Aux WAN IP Join NAT IP Pool 1 W ET w a d 3 d 4 d 5 P 6 LI 7 F 8 d Close Fixed IP Click Yes to use this function and type in a fixed IP address in the box of Fixed IP Address Default MAC Address You can use Default MAC Address or specify another MAC address by typing on the boxes of MAC Address for the route
243. on the lifetime of key should be defined The default value is 3600 seconds You may specify a value in between 600 and 86400 seconds Perfect Forward Secret PFS The IKE Phase 1 key will be reused to avoid the computation complexity in phase 2 The default value is inactive this function Local ID In Aggressive mode Local ID is on behalf of the IP address while identity authenticating with remote VPN server The length of the ID is limited to 47 characters Enter the index of schedule profiles to control the call barring according to the preconfigured schedules Refer to section Application gt gt Schedule for detailed configuration i Dray Tek 3 Dial In Settings Allowed Dial In Type PPTP IPSec Tunnel L2TP with IPSec Policy None COl Specify Remote VPN Gateway Peer VPN Server IP orPeerID o 4 TCP IP Network Settings My WAN IP 0 0 0 0 Remote Gateway IP 0 0 0 0 Remote Network IP 0 0 0 0 Remote Network Mask 255 255 255 0 Username 779 Password VJ Compression on off IKE Authentication Method C Digital Signature X 509 Pre Shared Key IPSec Security Method Medium AH High ESP DES SIDES AES RIP Direction From first subnet to remote network you have to do C Change default route to this VPN tunnel Only single WAN supports this Allowed Dial In Type PPTP IPSec Tunnel L2TP Specify CLID or Remote VPN Gateway User Name Dray Tek Determine the
244. on path Download latest certificate revocation list 3 Back to Vigor router go to Trusted CA Certificate Click IMPORT button and browse the file to import the certificate cer file into Vigor router When finished click refresh and you will find the below illustration Certificate Management gt gt Trusted CA Certificate 509 Trusted CA Certificate Configuration Name Subject Status Modify Trusted CA 1 ICSUSICN vigor Mot Yet Valid View Delete Trusted CA 2 lew Delete Trusted CA 3 lew Delete IMPORT REFRESH 4 You may review the detail information of the certificate by clicking View button gt Certificate Information Windows Internet Explorer Certificate Detail Information Certificate Name Trusted CA 1 Issuer MUSIC h Vvigor Subject MC USiCh vigor Subject Alternative Name DNS drayiek cam Valid From Aug 31 23 04 12 2009 GMT Valid To Aug 31 23 14 47 2010 GMT Note Before setting certificate configuration please go to System Maintenance gt gt Time and Date to reset current time of the router first VigorIPPBX 3510 Series User s Guide 70 Dray Tek 3 14 Creating an Account for MyVigor The website of My Vigor a server located on http myvigor draytek com provides useful service e g Web Content Filter to filter the web pages for protecting your system To access into MyVigor for getting more information please create an account for My Vigor first 3 14 1 Creating an Account v
245. on to execute a test for verify the mail address is available or not Type a password here When the user wants to listen the voice mail he she muse use such password to open it DTMF Mode There are four DTMF modes for you to choose InBand Choose this one then the Vigor will send the DTMF tone as audio directly when you press the keypad on the phone OutBand Choose this one then the Vigor will capture the keypad number you pressed and transform it to digital form then send to the other side the receiver will generate the tone according to the digital form it receive This function is very useful when the network traffic congestion occurs and it still can remain the accuracy of DTMF tone SIP INFO Choose this one then the Vigor will capture the DTMF tone and transfer it into SIP form Then it will be sent to the remote end with SIP message DTMF mode InBand InEand QutBand RF C2033 SIP INFO cisco format SIP IMFO nortel format Prefer Codec Select one of five codecs as the default for your VoIP calls The codec used for each call will be negotiated with the peer party before each session and so may 129 VigorlIPPBX 3510 Series User s Guide Allow to access these trunks Default Trunk Answer Mode VigorIPPBX 3510 Series User s Guide not be your default choice The default codec is G 729A B it occupies little bandwidth while maintaining good voice quality If your upstream speed is only 64Kbps do not u
246. onds the following picture will tell you that the restoration procedure is successful 133 VigorlIPPBX 3510 Series User s Guide 4 1 5 PBX Status IP PBX gt gt PBX Status PBX Status Call Detail Records Extension Monitor 4 1 5 1 Call Detail Records This page displays call records of IP PBX such as failed call successful call no answer call date of the call and the duration of each call and so on Each page will display 50 records IP PBX gt gt PBX Status CDR Export Click Export to download CDR record as a filef csv Call Detail Records Pefresh Seconds Refresh Index Date From To Result Duration 1 2010 10 15 05 29 22 102 101 Success 00 00 10 2 2010 10 14 10 40 26 903 00178333111 SUCCESS 00 00 28 3 2010 10 14 10 38 31 903 00178333111 Success 00 00 35 4 2010 10 14 10 37 10 902 00178333111 SUCCESS 00 03 10 5 2010 10 14 10 36 04 902 0017 8333111 Success 00 00 20 6 2010 10 14 10 33 00 901 001 6333111 SUCCESS 00 04 15 2010 10 14 01 58 34 102 101 SPress 00 00 07 5 2010 10 14 01 57 45 102 101 Success 00 00 11 g 2010 10 13 13 03 38 102 101 SUCCESS 00 00 03 10 2010 10 13 13 02 34 102 535 Success 00 00 21 11 2010 10 13 12 59 21 102 101 SUCCESS 00 00 13 12 2010 10 13 12 58 04 102 101 Success 00 00 13 13 2010 10 13 12 56 25 102 101 Success 00 00 14 14 2010 10 13 11 41 49 101 1001 Fail 00 00 00 15 2010 10 13 11 39 56 101 901 No answer 00 00 00 15 s3ananfinfv7sown en Ao 100 101 F
247. one call IN incoming call OUT outgoing call IN amp OUT both incoming and outgoing calls IN OWT IN amp QUT Determine the type of the VoIP phone call URI URL or number It will bring out different setting options SIP URL This field will be changed based on the type you selected for barring Type Please type numbers or URL All means all the phone calls will be blocked with such mechanism Or you can specify certain port set in IP Dray Tek Dray Tek PBX gt gt Tunks gt gt SIP Trunk to be blocked by choosing from the drop down list SIP1 8333222 v SIP2 77 SIP3 77 oIPa Y SIPS 7 olPh 7 Index 1 15 in Schedule Enter the index of schedule profiles to control the call barring according to the preconfigured schedules Refer to section Advanced gt gt Application gt gt Schedule for detailed configuration Additionally you can set advanced settings for call barring such as Block Anonymous or Block Unknown Domain Simply click the relational links to open the web page For Block Anonymous this function can block the incoming calls without caller ID on the interface specified in the following window Such controlling also can be done based on preconfigured schedules IP PBX gt gt DialPlan Setup Call Barring Block Anonymous Enable Index 1 15 in Schedule Setup O Note Block the incoming calls which do not have the caller ID 113 VigorlIP
248. onfiguration FXS Connecter for telephone set FXO Connecter for FXS interface of PABX LAN 1 4 Connecters for local networked devices WAN 2 1 Connecter for remote networked devices USB Connecter for a USB device for 3G USB Modem or printer PWR Connecter for a power adapter ON OFF Power Switch Dray Tek 3 VigorIPPBX 3510 Series User s Guide 1 3 Hardware Installation Before starting to configure the router you have to connect your devices correctly 1 Power Cable Connect the cable Modem DSL Modem Media Converter to WAN port of router with Ethernet cable RJ 45 Connect one end of an Ethernet cable RJ 45 to one of the LAN ports of the router and the other end of the cable RJ 45 into the Ethernet port on your computer Connect the telephone sets with phone lines for using PBX function For the model without phone ports skip this step Connect IP Phone s via VigorSwitch to this router Connect one end of the power adapter to the router s power port on the rear panel and the other side into a wall outlet Power on the device by pressing down the power switch on the rear panel The system starts to initiate After completing the system test the PWR and ACT LEDs will light up and start blinking For the detailed information of LED status please refer to section 1 2 Analog Phone 3 Fa p7 TE M Power Switch Cable DSL Modem _ or Media Converter Phone Line
249. only Always On Check to enable router always keep VPN connection Idle Timeout The default value is 300 seconds If the connection has been idled over the value the router will drop the connection This function is to help the router to determine the status of IPSec VPN connection especially useful in the case of abnormal VPN IPSec tunnel disruption For details please refer to the note below Check to enable the transmission of PING packets to a specified IP address Enter the IP address of the remote host that located at the other end of the VPN tunnel Enable PING to Keep Alive is used to handle abnormal IPSec VPN connection disruption It will help to provide the state of a VPN connection for router s judgment of redial Normally if any one of VPN peers wants to disconnect the connection it should follow a serial of packet exchange procedure to inform each other However if the remote peer disconnect without notice Vigor router will by no where to know this situation To resolve this dilemma by continuously sending PING packets to the remote host the Vigor router can know the true existence of this VPN connection and react accordingly This is independent of DPD dead peer detection Build a PPTP VPN connection to the server through the Internet You should set the identity like User Name and Password below for the authentication of remote server Build an IPSec VPN connection to the server through Internet
250. ormat 00 50 F 00 00 00 00 OE 46 24 05 41 08 00 45 00 00 30 89 C9 40 00 7F 06 8001 CO 480104 4136 EF 1406 44 O7 47 33 20 94 Di 00 00 00 YO O2 FF FF BY 45 00 00 02 04 05 E4 01 01 04 Ue BE Yl 80 CO OF 48 80 586 30 O9 80 19 84 68 OO 00 00 00 00 00 00 00 00 00 00 00 00 Decoded Format 192 168 1 10 2212 gt 66 54 259 20 16063 Pr tcp HLen 20 TLen 48 S Seg 857773265 Ack 0 Win 65535 Decoded Format It shows the source IP address local destination IP remote address the protocol and length of the package Refresh Click it to reload the page VigorIPPBX 351 s Gui 2 i igor 3510 Series User s Guide 66 Dray Tek 5 11 2 Routing Table Click Diagnostics and click Routing Table to open the web page Diagnostics gt gt View Routing Table Current Running Routing Table Refresh Key C connected S static R RIP default private A 0 0 0 0 0 0 0 0 via 172 16 3 4 Wan2 C 192 168 1 0 255 255 255 0 is directly connected LAN C 172 16 0 07 255 255 0 0 is directly connected WANZ Refresh Click it to reload the page 5 11 3 ARP Cache Table Click Diagnostics and click ARP Cache Table to view the content of the ARP Address Resolution Protocol cache held in the router The table shows a mapping between an Ethernet hardware address MAC Address and an IP address Diagnostics gt gt View ARP Cache Table Ethernet ARP Cache Table Clear Refresh
251. pe Kuban O Qnext Clpocoyerz6s C AresChat E AN Gizmo CISIP RTP Like L Lava Lava LJicue Lispa TelTel L TeamSpeak Jue Cl MobileMSN L BaiduHi L Fetion Web IM more than one address eMessenger WebMSN meebo eBuddy ILovelM ICO Java ICO Flash qoowy IMbaha getMessenger Ll webIM URLS MUnitive Wablet mabber MSN2G0 KoollM MessengerFX MessengerAdictos WebYahoolM Profile Name Type a name for the CSM profile Action Block All the items selected in this page will be blocked Users will not access into related web pages or use the applications Pass All the items selected in this page will not be blocked User can access into related web pages or use the applications Select All Click it to choose all of the items in this page The profiles configured here can be applied in the Firewall gt gt General Setup and Firewall gt gt Filter Setup pages as the standard for the host s to follow VigorIPPBX 3510 Seri s Gui l igor 3510 Series User s Guide 98 Dray Tek Below shows the items which are categorized under P2P CSM gt gt APP Enforcement Profile Profile Index 1 Profile Name fs Protocol Misc Ih P2P Protocol o aApplications gt C SoulSeek SoulSeek LJ eDonkey eDonkey eMule Shareaza FastTrack Kazad BearShare iMesh OpenFT KCeasy FilePipe Gnutella BearShare Limewire Shareaza Foxy KCeasy Cl OpenNap Lopster Nap WinLop C BitTorrent BitTorrent Bi
252. plications since file sharing can be convenient but insecure at the same time To address these needs we provide CSM functionality Dray Tek 195 VigorIPPBX 3510 Series User s Guide URL Content Filter To provide an appropriate cyberspace to users Vigor router equips with URL Content Filter not only to limit illegal traffic from to the inappropriate web sites but also prohibit other web feature where malicious code may conceal Once a user type in or click on an URL with objectionable keywords URL keyword blocking facility will decline the HTTP request to that web page thus can limit user s access to the website You may imagine URL Content Filter as a well trained convenience store clerk who won t sell adult magazines to teenagers At office URL Content Filter can also provide a job related only environment hence to increase the employee work efficiency How can URL Content Filter work better than traditional firewall in the field of filtering Because it checks the URL strings or some of HTTP data hiding in the payload of TCP packets while legacy firewall inspects packets based on the fields of TCP IP headers only On the other hand Vigor router can prevent user from accidentally downloading malicious codes from web pages It s very common that malicious codes conceal in the executable objects such as ActiveX Java Applet compressed files and other executable files Once downloading these types of files from websites you may
253. ps Outbound 25 25 25 25 Inactive Status Setup WAN2 Enable 10000Kbps 10000Kbps Outbound 259 25 25 25 Inactive Status Setup Class Rule Index Name Rule Service Type Class 1 Edit Class 2 Edit Edit Class 3 dit Dray Tek 213 VigorlPPBX 3510 Series User s Guide This page displays the QoS settings result of the WAN interface Click the Setup link to access into next page for the general setup of WAN 1 2 interface As to class rule simply click the Edit link to access into next for configuration You can configure general setup for the WAN interface edit the Class Rule and edit the Service Type for the Class Rule for your request Online Statistics Display an online statistics for quality of service for your reference Click the Status link under Online Statistics to show the following screen Bandwidth Management gt gt Quality of Service Online Statistics Refresh Interval seconds Refresh Index Direction Class Name Reserved bandwidth Ratio Outbound Throughput Bytes sec 1 OUT 25 0 A OUT 25 3 OUT 25 0 OUT Others 25 0 Outbound Status Others o 5 10 Bps General Setup for WAN Interface When you click Setup you can configure the bandwidth ratio for QoS of the WAN interface There are four queues allowed for QoS control The first three Class 1 to Class 3 class rules can be adjusted for your necessity Yet the last one is reserved for the packets which are not suitable for the
254. r Specify a MAC Address Type the MAC address for the router manually 141 VigorlIPPBX 3510 Series User s Guide After finishing all the settings here please click OK to activate them Details Page for Static or Dynamic IP For static IP mode you usually receive a fixed public IP address or a public subnet namely multiple public IP addresses from your DSL or Cable ISP service providers In most cases a Cable service provider will offer a fixed public IP while a DSL service provider will offer a public subnet If you have a public subnet you could assign an IP address or many IP address to the WAN interface To use Static or Dynamic IP as the accessing protocol of the internet please choose Static or Dynamic IP mode from Internet Access menu The following web page will be shown WAN gt gt Internet Access WARN 1 Static or Dynamic IP DHCP Client Enable Disable Keep WAN Connection C Enable PING to keep alive 0 Iminuters WAN Connection Detection 172 156 1 1 FING to the IF PING Interval Mode Ping IP TTL FIP Protocol Enable RIP Bridge Mode C Enable Bridge Mode Access Control Keep WAN Connection WAN Connection Detection VigorIPPBX 3510 Series User s Guide br 55 WAN IP Network Settings Obtain an IP address automatically Router Name Domain Name Reguired for some ISPs Specify an IP address IP Address 1 72 16 35 102 Subnet M
255. r e Toset up a network printer that is not attached to a print server J use the Local printer option 5 In this dialog choose Create a new port Type of port and use the drop down list to select Standard TCP IP Port Click Next Add Printer Wizard Select a Printer Port Computers communicate with printers through ports Select the port you want your printer to use If the port is not listed you can create a new port O Use the following port LPT 1 Recommended Printer Port Create a new port Type of port Standard TCP IP Port VigorIPPBX 3510 Series User s Guide 8 Dray Tek 6 Inthe following dialog type 192 168 1 1 router s LAN IP in the field of Printer Name or IP Address and type IP_192 168 1 1 as the port name Then click Next Add Standard CP IP Printer Port Wizard Add Port For which device do you want to add a port Enter the Printer Name or IP address and a port name for the desired device Printer Name or IP Address 192 168 1 1 Port Name IP_192 168 1 1 7 Click Standard and choose Generic Network Card Add Standard ICP IP Printer Port Wizard Additional Port Information Required The device could not be identified The detected device is of unknown type Be sure that 1 The device is properly configured 2 The address on the previous page is correct Either correct the address and perform another search on the network by returning to
256. r NAT Usage ist IP Address 372 168 1 1 1st Subnet Mask 255 255 255 0 voip Module Address 192 168 1 249 Notices YoIP module must be at the same subnet with ist IP address For IP Routing Usage Enable Disable 2nd IP Address 192 160 2 1 2nd Subnet Mask 255 255 255 0 2nd Subnet DHCP Server j RIF Protocol Control Disable ka DHCP Server Configuration Enable Server Disable Server Relay Agent ist Subnet 2nd Subnet Start IP Address 192 160 1 10 IP Pool Counts O Gateway IP Address 192 165 1 1 DHCP Server IP Address for Relay Agent DNS Server IP Address C Force DNS manual setting Primary IP Address Secondary IP Address 1st IP Address Type in private IP address for connecting to a local private network Default 192 168 1 1 1st Subnet Mask Type in an address code that determines the size of the network VigorIPPBX 3510 Series User s Guide Default 255 255 255 0 24 150 Dray Tek VoIP Module Address For IP Routing Usage 2 IP Address 2 Subnet Mask 2 DHCP Server RIP Protocol Control Dray Tek Type in the IP address for VoIP connection Default 192 168 1 249 Click Enable to invoke this function The default setting is Disable Type in secondary IP address for connecting to a subnet Default 192 168 2 1 24 An address code that determines the size of the network Default 255 255 255 0 24 You can configure the router to serve as a DHCP server for
257. r words the WAN link status is up or down the IP filter architecture categorizes traffic into two Call Filter and Data Filter Call Filter When there is no existing Internet connection Call Filter is applied to all traffic all of which should be outgoing It will check packets according to the filter rules If legal the packet will pass Then the router shall initiate a call to build the Internet connection and send the packet to Internet Data Filter When there is an existing Internet connection Data Filter is applied to incoming and outgoing traffic It will check packets according to the filter rules If legal the packet will pass the router The following illustrations are flow charts explaining how router will treat incoming traffic and outgoing traffic respectively Outgoing Traffic l s Gui 172 VigorlPPBX 3510 Series User s Guide 7 Dray Tek Stateful Packet Inspection SPI Stateful inspection is a firewall architecture that works at the network layer Unlike legacy static packet filtering which examines a packet based on the information in its header stateful inspection builds up a state machine to track each connection traversing all interfaces of the firewall and makes sure they are valid The stateful firewall of Vigor router not just examine the header information also monitor the state of the connection Denial of Service DoS Defense The DoS Defense functionality helps you to detect and
258. rade Firmware for VigorlPPBX 3510 ccceccseeeeeeeeeseeeeeeeaseeeeeeeeaaeeseneaaneeeeeneneeeenens 55 3 11 Backup and Restore Settings for VigorIPPBX 3510 cccceeecsssseeseeeeeeseeeeeessneeeseeees 57 3 11 1 Backup the Configuration Settings ccccccccccsssssseeceeeeeeeeeeeeeeceeeeeseueeeeeeeeessuaageses 57 3 11 2 Restore the Configuration SettingS cccccccccssssseeeeeeeeeeeeeeeeeeeeeeeeeeaeeeeeeeeessuaaeeees 61 3 12 Request a certificate from a CA server on Windows CA Server ccsssseeseeeseeeeees 65 3 13 Request a CA Certificate and Set as Trusted on Windows CA Server 2 00000 69 Dra y Tek v VigorIPPBX 3510 Series User s Guide 3 14 Creating an Account TOF MY VIGOR icscvscsiscsntenceccnviccecscmesnceematne cians daneivea vdnnnsveaednesbaxstuesasmsseecene 71 3 15 How to enhance the security for extensions registration ccseccseeeseeeseeeeeeeeeseeeeees 78 3 16 How to use ACL to make the remote client registering extension number to VigorIPPBX through WAN interface nnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn nennen nnen nnmnnn nnmnnn nnne 80 3 17 How to set up VigorPhone 350 with Vigor PPBX3510 series by using A t ProvisioNniNg 2 usuri aaia aaa adoa aa 87 Chapter 4 General Web Configuration ccccssssecssseecesseeceeseecenseeeenseseenseseeseeseenees 93 A WP PIB X inn cttscoteacanvenesansnagnnsactaanatuscapeesdancgnensneuaunngiesaauacasguseesa
259. reen of the phone Please input the extension number Press OK 13 12 05 11 Next input the password Press OK Ext Password 13 12 05 KK EE 12 VigorPhone can automatically configure itself with settings coming from Vigor PPBX 3510 Successful message will be shown as below Now all the configurations have been done Auto Configuration Ext 911 Success Dray Tek 91 VigorlPPBX 3510 Series User s Guide 13 Now the extension number has been registered by VigorPhone successfully See the number on the right side of the arrow Thursday 13 12 08 lt J 14 Check the connection status for IP Phone and VigorIPPBX 3510 Open IPPBX gt gt PBX Status gt gt Extension Monitor If the connection is successful the word Online will be shown on the filed of Status IP PBX gt gt PBX Status Extension Monitor Refresh Seconds 10 Refresh Index Name Extension IP Status Peer Number 1 911 911 1927 168 1 11 Online 2 912 912 192 168 1 13 3 aes 913 OTTine 4 sad 914 Offline 5 Soz 915 Offline 6 E 916 offline 7 4 917 Offline 8 sce 918 Offline g SR 919 Offline 10 920 Offline lt lt 1 10 11 20 21 30 31 40 41 50 51 60 61 70 71 80 81 90 91 100 101 108 gt Next gt gt VigorlPPBX 3510 Series User s Guide 92 Dray Tek Chapter 4 General Web Configuration With quick start wizard and IPPBX wizard you might have configured the router to access into Internet well
260. registration from WAN Ol Limit SIP Request WAN lit Request Sec Range 1 64 Cl Enable ACL white list for WAN IP Edit ACL Notel The Call Pickup Number used for both specific number pickup and group pickup NWote To permit remote WAN side extensions you must enable registration from WAN option and also check the setting within the profile of each extension required 3 Then set the number of Limit SIP Request WAN between 1 and 64 a IP PBX gt gt PBX System SIP Proxy Setting SIP Local Port SIP Proxy Realm Parking Server Number Call Pickup Number RTP Local Port Start RTP Local Port End C Disable registration from WAN Limit SIP Request WAN NWotel1 The Call Pickup Number used for both specific number pickup and group pickup NWote To permit remote WAN side extensions you must enable registration from WAN option and also check the setting within the profile af each extension required 81 VigorlIPPBX 3510 Series User s Guide 4 Click the link of Edit ACL IP PBX gt gt PBX System SIP Proxy Setting SIP Local Port SIP Proxy Realm Parking Server Number Call Pickup Number ETF Local Port Start 15050 RTP Local Port End OO00 CI Disable registration from WAN Limit SIP Request WAN Request Sec Range 1 64 C Enable AcL white list for WAN IP Moteli The Call Pickup Number used for both specific number pickup and group pickup Note To permit remote WAN side ex
261. rity Method My WAN IP Remote Gateway IP Remote Network IP Remote Network Mask More RIP Direction VigorIPPBX 3510 Series User s Guide This field is applicable when you select PPTP or L2TP with or without IPSec policy above VJ Compression is used for TCP IP protocol header compression This field is applicable when you select PPTP or L2TP with or without IPSec policy above This group of fields is applicable for IPSec Tunnels and L2TP with IPSec Policy when you specify the IP address of the remote node The only exception is Digital Signature X 509 can be set when you select IPSec tunnel either with or without specify the IP address of the remote node Pre Shared Key Check the box of Pre Shared Key to invoke this function and type in the required characters 1 63 as the pre shared key Digital Signature X 509 Check the box of Digital Signature to invoke this function and select one predefined Profiles set in the VPN and Remote Access gt gt IPSec Peer Identity This group of fields is a must for IPSec Tunnels and L2TP with IPSec Policy when you specify the remote node Medium Authentication Header AH means data will be authenticated but not be encrypted By default this option is active High Encapsulating Security Payload ESP means payload data will be encrypted and authenticated You may select encryption algorithm from Data Encryption Standard DES Triple DES 3DES and AES This field is onl
262. rm message of New Owner Mary maybe timeout Please try again or contact to dravtek com 8 When you see the following page please type in the account and password that you just created in the fields of UserName and Password Then type the code in the box of Auth Code according to the value displayed on the right side of it VigorlPPBX 3510 Series User s Guide 16 Dray Tek This service is available for MyVigor member only Please login to access MyVigor lf you are not one of the members of MyVigor please create an account first LOGIN Auth Code T4 he1C lf you cannot read the word click here Forget password Don t have a My ider Account 7 Create an account now If you are having difficulty lagging in contact our customer service Customer Service 889 3 597 2727 oF email to webmastena draytek com Now click Login Your account has been activated You can access into MyVigor server to activate the service e g WCF that you want Dray Tek 77 VigorIPPBX 3510 Series User s Guide 3 15 How to enhance the security for extensions registration By default VigorIPPBX 3510 does not allow registration of extensions from WAN or VPN due to security consideration You may find this option from the IP PBX gt gt PBX System gt gt SIP Proxy Setting page Note The network security will be higher for the extension registered from VPN IP PBX gt gt PBX System SIP Proxy Setting SIP Local Port
263. rt of the destination IP Displays the IP address for the end of the destination IP Displays the IP address for the start of the destination port Displays the IP address for the end of the destination port Move UP Move Down Use Up or Down link to move the order of the policy Click Index 1 to access into the following page for configuring load balance policy WAN gt gt Load Balance Policy Index 1 C Enable Protocol any w Binding WAN Interface WANI Auto failover to the other WAN src IP Start Src IP End Dest IP Start Dest IP End Dest Port Start Dest Port End Enable Protocol Binding WAN interface Src IP Start Src IP End Dest IP Start Dray Tek Check this box to enable this policy Use the drop down menu to choose a proper protocol for the WAN interface Protocol Choose the WAN interface WANI or WAN2 for binding Auto failover to other WAN Check this button to lead the data passing through other WAN automatically when the selected WAN interface is failover Type the source IP start for the specified WAN interface Type the source IP end for the specified WAN interface If this field is blank it means that all the source IPs inside the LAN will be passed through the WAN interface Type the destination IP start for the specified WAN interface 147 VigorlIPPBX 3510 Series User s Guide Dest IP End Type the destination IP end for the specified WAN interface If this field is bl
264. rts WAN1 is the default WAN interface for accessing into the Internet WAN2 is the optional WAN interface for accessing into the Internet when WAN 1 is inactive for some reason Display Name It shows the name of the WAN1 WAN2 that entered in general setup Physical Mode It shows the physical connection for WANI Ethernet WAN2 Ethernet or 3G USB Modem according to the real network connection Physical Mode Physical Mode Ethernet Ethernet 36 USB Modem Ethernet Access Mode Use the drop down list to choose a proper access mode The details page of that mode will be popped up If not click Details Page for accessing the page to configure the settings Dray Tek 139 VigorlPPBX 3510 Series User s Guide static or Dynamic IP Mone PPPoE static or Dynamic IP PRT RALATR There are three access modes provided for PPPoE Static or Dynamic IP and PPTP L2TP Details Page This button will open different web page according to the access mode that you choose in WANI or WAN2 Details Page for PPPoE To use PPPoE as the accessing protocol of the internet please choose Internet Access from WAN menu Then select PPPoE mode for WAN2 The following web page will be shown WAN gt gt Internet Access WAM 1 PPPoE Client Mode PPP MP Setup Enable Disable PPP Authentication PAP or CHAP Idle Timeout second s ISP Access Setu j IP Address Assignment Method IPCP Username 4005755 ahinet net WAN IP Alias Password Fixed I
265. rver IP Address C Force ONS manual setting 2nd Subnet DHCP Server i Primary IP Address RIP Protocol Control Disable ka Secondary IP Address VigorIPPBX 3510 Series User s Guide 54 Dray Tek 3 10 Upgrade Firmware for VigorlIPPBX 3510 Please do the following E 2 Dray Tek Go to www draytek com Access into Support gt gt Downloads Please click the model name of VigorIPPBX 3510 and click on it to download the firmware execution file About DrayTek Products Support Education Partners Contact Us Home gt Support gt Downloads Downloads Firmware Downloads Model Name Firmware Version Release Date Firmware Vigor120 series co eB 26 06 2009 Driver Vigor2100 series 2 6 2 26 02 2008 Utility Vigor2104 series 2513 13102 2008 Utiity Introduction Vigor2110 series 3 3 0 25 06 2009 j E Datasheet Vigor2200 X W E 2 3 11 22 09 2004 5 R amp TTE Certification Vigor2200Eplus 2 5 7 18 02 2009 Vigor2200USB 2 3 10 16 03 2005 Locate the AutoFwUp_V XXX file that you downloaded from the website AutoFwip v3 SS 1Opbx_255R ob Double click the execution file of AutoFwUp_V XXX to run the program The following screen will appear Click OK Vigor3510 Firmware Upgrade Version v3510pbx 355RC8b V3K52262 RC9I en Message It will upgrade Firmware of your router Ey Do you want to continue 55 VigorIPPBX 3510 Series User s Guide 5 Inthe dialog of S
266. s User s Guide 26 Dray Tek When you finish the settings of profile name domain realm proxy account number name password and trunk number fields please click OK to save them The new added profile will be displayed on the screen Index Profile Name Domain Realm Proxy Account Number Name Trunk Number SalesMarket 192 168 1 55 nat draytel org 5065 salesgroup 001 002 003 004 005 006 Ea ee i ie i You can set 6 profiles for using in different conditions Then click Next to access into next web page 2 3 3 Office Hours Setup This page allows you to set office hours including starting point ending point on duty day s IPPBX Wizard Office Hours Setup Now You can make the work time schedule of your office Hour Min When do you start working in the morning 00 w When do you have a rest at noon When do you start working in the afternoon When do you leave the office 00 w 00 w Is this schedule available at weekend O Yes No When do you start working Use the drop down menu to choose the time as the starting in the morning point in the morning When do you have a rest at Use the drop down menu to choose the time as the ending noon point in the morning When do you start working Use the drop down menu to choose the time as the starting in the afternoon point in the afternoon When do you leave the Use the drop down menu to choose the time as the ending office point in the afternoon Is this schedule availabl
267. s and MAC address that you create before Remove You can remove any item listed in IP Bind List Simply click and select the one and click Remove The selected item will be removed from the IP Bind List Note Before you select Strict Bind you have to bind one set of IP MAC address for one PC If not no one of the PCs can access into Internet And the web configurator of the router might not be accessed 4 4 NAT Usually the router serves as an NAT Network Address Translation router NAT is a mechanism that one or more private IP addresses can be mapped into a single public one Public IP address is usually assigned by your ISP for which you may get charged Private IP addresses are recognized only among internal hosts When the outgoing packets destined to some public server on the Internet reach the NAT router the router will change its source address into the public IP address of the router select the available public port and then forward it At the same time the router shall list an entry in a table to memorize this address port mapping relationship When the public server response the incoming traffic of course is destined to the router s public IP address and the router will do the inversion based on its table Therefore the internal host can communicate with external host smoothly The benefit of the NAT includes Save cost on applying public IP address and apply efficient usage of IP address NAT allows the i
268. s as the Address Type and type them in this dialog In addition if you want to use the IP range from defined groups or objects please choose Group and Objects as the Address Type Group and Objects Any Address single Address Range Address subnet Address Group and Objects From the IP Group drop down list choose the one that you want to apply Or use the IP Object drop down list to choose the object that you want Click Edit to access into the following dialog to choose a suitable service type ue Dray Tek Fragments Filter Dray Tek 3 http 192_ 168_ 1 1 Service Type Edit Microsoft Internet Explorer Service Type Edit Service Type Protocol Source Port Destination Port Service Group or Service Object or Service Object or Service Object To set the service type manually please choose User defined as the Service Type and type them in this dialog In addition if you want to use the service type from defined groups or objects please choose Group and Objects as the Service Type User defined ee User defined _ Group and Objects Protocol Specify the protocol s which this filter rule will apply to Source Destination Port when the first and last value are the same it indicates one port when the first and last values are different it indicates a range for the port and available for this service type when the first and last value are the same
269. s below Set Display Name e g 911 Password and Voice mail Password respectively Then click OK IP PBX gt gt Extension Profile Internal Phone Extension Index 1 Internal Phone Extension Active Enable Disable Allow Remote Registration from W AN VPN Always Disable Type SIP Extension Number 311 Display Name 911 Authentication C Use Display Name as authentication ID Password C Enable PPTP VPN Dial In for this Number Password E mail Address Send a test e mail Voice mail Password MWIfMessage Waiting Indication Notify User who Subscribed Force Notify User Allow to access these Trunks M sipi Msi Msia Msi Misies Msia PSTN1 PSTN2 L PSTN3 CI PSTN4 8 Check if the SIP trunk with related extension profile has been configured successfully Open IPPBX gt gt Trunks gt gt SIP Trunk If it is set successfully the character R will be shown on the filed of Status IP PBX gt gt SIP Trunk List SIP Trunk List Refresh Seconds 5 J Refresh Index Profile Name Domain Realm Proxy farate Vanes Piet Status i SalesMarket 192 168 1 55 nat draytel org 5065 salesgroup 00i Pip O02 a 003 4 004 x a 005 z 6 ogg R Success registered on SIP server Fail to register on SIP server 9 Connect VigorPhone to the network Each user of VigorPhone can get the extension number password respectively VigorlPPBX 3510 Series User s Guide 90 Dray Tek 10 The log in request will be displayed on the sc
270. s of data will be divided with different levels and will be processed according to the level type by the system Please assign one of the levels of the data for processing with QoS control Service Type It determines the service type of the data for processing with QoS control It can also be edited You can choose the predefined service type from the Service Type drop down list Those types are predefined in factory Simply choose the one that you want for using by current QoS By the way you can set up to 20 rules for one Class If you want to edit an existed rule please select the radio button of that one and click Edit to open the rule edit page for modification Bandwidth Management gt gt Quality of Service Class Index 1 NO Status Local Address Remote Address DIS ery Service Type CodePoint 10 Active Any ANY ANY 20 Active ns Any AF ae TELNET TCR 23 Edit the Service Type for Class Rule To add a new service type edit or delete an existed service type please click the Edit link under Service Type field Dray Tek 517 VigorlPPBX 3510 Series User s Guide Bandwidth Management gt gt Quality of Service General Setup Setto Factory Default UDP i Index Status Bandwidth Direction Glass Class Class Others Bandwidth Online 1 2 3 Statistics Control WAN Enable 10000Kbps 10000Kbps Outbound 25 25 25 25 Inactive Status Setup WAN2 Enable 10000Kbps 10000Kbps Outbound 259 25 25 25 Inactive Status Setup Class Ru
271. s registered at a SIP server The ISDN Phone with ext No 801 802 803 and 804 are connected to ISDN PBX ISDN Phone with extension No 801 ISDN Phone with extension No 802 ISDN Phone with extension No 803 ISDN Phone with extension No 804 The IP phone with ext 301 on Internet made a call to the remote ISDN Phone Ex 801 Dial to SIP trunk number 307 then dial ISDN trunk number 0 to connect to ISDN PBX After getting through you can hear the dial tone press ext No 801 VigorlPPBX 3510 Series User s Guide 36 Dray Tek 3 5 ISDN Application with 4 ISDN TE and 2 ISDN TE 2 ISDN NT Ports ISDN Trunk ISDN Phone AS XS 4 TE Ports 2 TE 2NT SO ISDN Phone AY Ext 801 Vigor PPBX 3510 ISDN Phone Byte Ext 803 Qs ISDN Phone B i Ext804 A Registered IP phone or analog phone SIP Server The establishment of IP registration is made through WAN port The ISDN Phone with ext No 801 802 803 and 804 are connected to ISDN PBX ISDN Phone with extension No 801 ISDN Phone with extension No 802 ISDN Phone with extension No 803 ISDN Phone with extension No 804 The ISDN phone with ext 905 with MSN No 21 on VigorIPPBX 3510 made a call to the remote ISDN Phone Ex 801 Dial ISDN trunk number 0 to connect to ISDN PBX After getting through you can hear the dial tone press ext No 801 The ISDN phone with ext 907 without MSN number on VigorIPPBX 3510 made a call to the remo
272. s will pass through the router 181 VigorlIPPBX 3510 Series User s Guide Example As stated before all the traffic will be separated and arbitrated using on of two IP filters call filter or data filter You may preset 12 call filters and data filters in Filter Setup and even link them in a serial manner Each filter set is composed by 7 filter rules which can be further defined After that in General Setup you may specify one set for call filter and one set for data filter to execute first Firewall gt gt General Setup General Setup Call Fitter Enable Disable Data Filter Enable Disable Actions for default rule Sturt Filter Set Application Action Profile Filter Pass APP Enforcement Nono URL Content Filter None Web Content Filter None Advance Setting Em Advance Setting Em w accept large incoming fragmented UDP or ICMP payer v Enable Filter Set 1 Comments Ve J Le o 7 o VigorIPPBX 3510 Series User s Guide Strict Security Firewall L K J Steer Cancel Comments Block NetBeos Start Filter Set Move Up uP up UP ue UP Next Filt 182 Firewall gt gt Filter Setup Filter Setup Set to Factory Defautt Comments Set Comments Default Call Filter L Default Data Filter 4 L 2 4 19 3 it 12 cs Firewall gt gt Edit Filter Set gt gt Edit Filter Rule Filter Set 1 Rule 1 lv
273. se G711 codec It is better for you to have at least 256Kbps upstream if you would like to use G711 Prefer Codec 11A B4kbps G 11MU b4kK bps G F 11A 64K bps G 7294 6 BkKbps G 723 6 4kbps G 726 32 22kbps Single Codec If the box is checked only the selected Codec will be applied Code Rate The amount of data contained in a single packet The default value is 20 ms which means the data packet will contain 20 ms voice information Codec VAD This function can detect if the voice on both sides is active or not If not the router will do something to save the bandwidth for other using Check it to invoke this function There are several outside lines SIP accounts for you to specify for such extension Please check the one s you want The available boxes listed here will be changed according to the FXS FXO module inserted to VigorIPPBX 3510 Choose a trunk as the default trunk setting Specify the way to process incoming phone calls No answer after When the incoming phone call is not picked up it will be processed by keeping forwarding to certain extension Please specify the waiting time and determine the way you want to process Ring CE keep Ring Voice Mail Forward To Extension Forward To Groug Busy then When this extension number is busy you can forward the incoming phone call to other extension number Do Nothing w Do Mothince oice Mlail Forward To E
274. sed firewall is flexible and allows your network be safe In addition through VoIP function the communication fee for you and remote people can be reduced 1 1 Web Configuration Buttons Explanation Several main buttons appeared on the web pages are defined as the following S Save and apply current settings cance Cancel current settings and recover to the previous saved settings Clear Clear all the selections and parameters settings including selection from drop down list All the values must be reset with factory default settings Add Add new settings for specified item Edit Edit the settings for the selected item Delete Delete the selected item with the corresponding settings Note For the other buttons shown on the web pages please refer to Chapter 4 for detailed explanation Dray Tek I VigorIPPBX 3510 Series User s Guide 1 2 LED Indicators and Connectors Before you use the Vigor router please get acquainted with the LED indicators and connectors first The displays of LED indicators and connectors for the routers are different slightly The following sections will introduce them respectively VigorlPPBX 3510 Description for LED pwr COR Oven act Ouse csm Owan MSF QoS pcan set y LED Status PWR Power ACT Activity Off WAN CDR Off USB MSF VPN i Qos LED on Connector Left LED LAN 1 2 3 4 Green Off Blinking Right LED Green Off Left LED O
275. sing in CSM gt gt APP Enforcement Profile web page first For troubleshooting needs you can specify to record information for APP Enforcement Profile by checking the Log box It will be sent to Syslog server Please refer to section System Maintenance gt gt Syslog Mail Alert for more detailed information Select one of the URL Content Filter Profile settings created in CSM gt gt URL Content Filter Profile for applying with this router Please set at least one profile for choosing in CSM gt gt URL Content Filter Profile web page first For troubleshooting needs you can specify to record information i Dray Tek Web Content Filter Syslog Advance Setting Dray Tek for URL Content Filter by checking the Log box It will be sent to Syslog server Please refer to section System Maintenance gt gt Syslog Mail Alert for more detailed information Select one of the Web Content Filter Profile settings created in CSM gt gt Web Content Filter Profile for applying with this router Please set at least one profile for anti virus in CSM gt gt Web Content Filter Profile web page first For troubleshooting needs you can specify to record information for Web Content Filter Profile by checking the Log box It will be sent to Syslog server Please refer to section System Maintenance gt gt Syslog Mail Alert for more detailed information For troubleshooting needs you can specify the filter log and or CSM log here by checking th
276. space of the USB storage disk Click Refresh at any time to get new status for free capacity Index It displays the number of the client which connecting to FTP server Service It displays the server FTP or SMB that the client wants to connect IP Address Port It displays the IP address of the user s host which connecting to the FTP server Username It displays the username that user uses to login to the FTP server When you insert USB storage disk into the Vigor router the system will start to find out such device within several seconds 5 9 5 Web Syslog Syslog Explorer Such page provides real time syslog and displays the information on the screen USB Application gt gt Syslog Explorer Web Syslog USB syslog CO Enable Web Syslog Refresh Clear Syslog Type Display Mode Stop record when fulls Time Message For Web Syslog VigorIPPBX 351 s Gui 252 igor 3510 Series User s Guide 5 Dray Tek Enable Web Syslog Syslog Type Display Mode Time Message For USB Syslog Check this box to enable the function of Web Syslog Use the drop down list to specify a type of Syslog to be displayed There are two modes for you to choose otop record when fulls w Stoo record when fulls Always record the new event Stop record when fulls when the capacity of syslog is full the system will stop recording Always record the new event only the newest events will be recorded by the system Di
277. splay the time of the event occurred Display the information for each event This page displays the syslog recorded on the USB storage disk USB Application gt gt Syslog Explorer Web Syslog Folder n a Time Time Log Type Message Dray Tek USB Syslog File n a Page na Log Type na Log Type Messaqe Display the time of the event occurred Display the type of the record Display the information for each event 253 VigorlIPPBX 3510 Series User s Guide 5 10 System Maintenance For the system setup there are several items that you have to know the way of configuration Status Administrator Password Configuration Backup Syslog Time setup Reboot System Firmware Upgrade Below shows the menu items for System Maintenance System Maintenance 5 10 1 System Status The System Status provides basic network settings of Vigor router It includes LAN and WAN interface information Also you could get the current running firmware version or firmware related information from this presentation system Status Model Name VigorlIPPBX 3510 Firmware Version 1555 2 Build Date Time Apr AT 2011 10 23 18 LAN MAC Address 00 50 7F 39 7F 0E Link Status ist IP Address 192 168 1 1 MAC Address ist Subnet Mask 255 255 255 0 Connection DHCP Server Wes IP Address DNS 168 95 1 1 Default Gateway SIP Trunk PBxX SYSTEM Index Profile Status Link Status Se MAC Address SSS 5 Connection IP
278. such as 8080 This can be set in the Advanced gt gt System Maintenance gt gt Management You then will access the admin screen of by suffixing the IP address with 8080 e g http 192 168 1 1 8080 instead of port 80 VigorIPPBX 3510 Series User s Guide a Dray Tek system Maintenance gt gt Management Management Setup Management Access Control O Allow management from the Internet FTP Server HTTP Server HTTPS Server Telnet Server SSH Server Disable PING from the Internet Access List List 4 4 2 DMZ Host Management Port Setup User Define Ports Default Ports Telnet Port Default HTTP Fort Default HTTPS Port Default FTP Port Default SSH Port Default SNMP Setup O Enable SNMP Agent Get Community Notification Host IP f Trap Timeout seconds Set Community Manager Hast IP As mentioned above Port Redirection can redirect incoming TCP UDP or other traffic on particular ports to the specific private IP address port of host in the LAN However other IP protocols for example Protocols 50 ESP and 51 AH do not travel on a fixed port Vigor router provides a facility DMZ Host that maps ALL unsolicited data on any protocol to a single host in the LAN Regular web surfing and other such Internet activities from other clients will continue to work without inappropriate interruption DMZ Host allows a defined internal user to be totally exposed to the Internet which usually helps some specia
279. t 301 esipserver P Na F Phone 2 s Analog Phone Analog Phone EMIS Analog Phone Ext 602 Ext 601 W VigorSwitch P2260 PoE Switch Shanghai Office VigorTalk ATA Analog Phorm hoe L Ext 701aippbx ae Analog Phone IP Phone Ext 702aippbx Analog Phone exe 101 mippbx fas IP Phome Main Office Ext 703mqppbx ext 102mipphx The establishment of IP registration is made through WAN port The remote IP based phone with ext 301 is registered at a SIP server The remote IP based phone with ext 201 is registered at remote site The PSTN PBX is with PSTN line No 12345678 The remote analog phone line is No 87654321 The remote mobile phone is with No 49 176999661 The analog phones with ext No 601 602 603 604 are connected to PSTN PBX Connect 8 FXO ports to PSTN PBX s inside line FXO 1 port with extension No 605 Phone No 88835 FXO 2 port with extension No 606 Phone No 88836 FXO 3 port with extension No 607 Phone No 88837 FXO 4 port with extension No 608 Phone No 88838 FXO 5 port with extension No 609 Phone No 88839 FXO 6 port with extension No 610 Phone No 88840 FXO 7 port with extension No 611 Phone No 88841 FXO 8 port with extension No 612 Phone No 88842 D F ay Te k 33 VigorIPPBX 3510 Series User s Guide The IP phone with ext No 201 made a call to remote analog phone No 87654321 Press 888835 After getting through you will hear the dial
280. t Port Triggering Port Triggering Setto Factory Default Index Comment Triggering Protocol Triggering Port Incoming Protocol Incoming Port Status A G W G ed G Ea En a A A mk mk Pose i fa 2 J Comment Display the text which memorizes the application of this rule Triggering Protocol Display the protocol of the triggered packets Triggering Port Display the port of the triggered packets Incoming Protocol Display the protocol for the incoming data of such triggering profile Incoming Port Display the port for the incoming data of such triggering profile Status Display if the rule is active or de active Click the index number link to open the configuration page Dray Tek 167 VigorlPPBX 3510 Series User s Guide NAT gt gt Port Triggering Mo 1 C Enable Service Comment User Defined Triggering Protocol Triggering Port Incoming Protocol Incoming Port Note The Triggering Port and Incoming Port should be input like this 123 456 777 789 legal 123 456 789 legal but 129 456 789 illegal Enable Service Comment Triggering Protocol Triggering Port Incoming Protocol Incoming Port VigorIPPBX 3510 Series User s Guide Check to enable this entry Choose the predefined service to apply for such triggering profile User Defined User Defined Real Player Quick Time Bit Torrent Type the text to memorize the appl
281. t gt Traffic Graph Show Chart WAN1 Bandwidth v Refresh Min s Refresh WAN Bandwidth 5 11 9 Trace Route Click Diagnostics and click Trace Route to open the web page This page allows you to trace the routes from router to the host Simply type the IP address of the host in the box and click Run The result of route trace will be shown on the screen Diagnostics gt gt Trace Route Trace Route Trace through Unspecified Protocol ICMP w Host IP Address ee L Run Result Clear Trace through Use the drop down list to choose the WAN interface that you want to ping through or choose Unspecified to be determined by the router automatically VigorIPPBX 3510 Seri s Gui eae igor 3510 Series User s Guide 7 Dray Te k Trace through Unspecified Unspecified ANI AMZ Protocol Choose a protocol ICMP or UDP for such route Host IP Address It indicates the IP address of the host Run Click this button to start route tracing work Clear Click this link to remove the result on the window 5 12 Support Area When you click the menu item under Support Area you will be guided to visit myvigor draytek com and open the corresponding pages directly ProductRegistration Dray Tek 273 VigorlPPBX 3510 Series User s Guide This page is left blank VigorIPPBX 3510 Series User s Guide 274 D ray Tek Chapter 6 Trouble Shooting This section will guide you to solve abnormal situations if you cannot access
282. t Status Modify Trusted CA 1 Trusted CA 2 Trusted CA 3 IMPORT REFRESH To import a pre saved trusted CA certificate please click IMPORT to open the following window Use Browse to find out the saved text file Then click Import The one you imported will be listed on the Trusted CA Certificate window Then click Import to use the pre saved file Certificate Management gt gt Trusted CA Certificate Import X509 Trusted CA Certificate Select a trusted CA certificate file es m Click Import ta upload the certification For viewing each trusted CA certificate click View to open the certificate detail information window If you want to delete a CA certificate choose the one and click Delete to remove all the certificate information Certificate Information Windows Intemet Explorer Certificate Detail Information Certificate Name Trusted CA 1 Issuer Valid From Valid To Close VigorIPPBX 351 s Gui 24 igor 3510 Series User s Guide 6 Dr ay Te k 5 8 3 Certificate Backup Local certificate and Trusted CA certificate for this router can be saved within one file Please click Backup on the following screen to save them If you want to set encryption password for these certificates please type characters in both fields of Encrypt password and Confirm password Also you can use Restore to retrieve these two settings to the router whenever you want Certificate Management gt gt Certificat
283. tSpirit BitComet Other P2P Applications CI Xunlei agaa LJPPp365 Jpacea Cl clubbox Ares JezPeer Pando C Huntmine Clkuwo The items categorized under Protocol CSM gt gt APP Enforcement Profile Profile Index 1 Profile Name OoOo If P2P Protocol Misc Select All Clear All Protocol COONS CIFTF LIHTTR CIMAP CIRC CINNTP Ppops CSME CI SMTP C SNMP LISSH LISSL TLS LJ TELNET CI MSSQL LI MySOL LJoracle Cl PostgreSQL Sybase CIDB Cl Informix Dray Tek 199 VigorIPPBX 3510 Series User s Guide The items categorized under Misc CSM gt gt APP Enforcement Frofile Profile Index 1 Profile Name Po IM P2P Protocol Misc Select All Clear All Tunneling L Sacks4 5 LIPGeNet LIHTTE Proxy LJ Tor LI vAN C SoftEther CIMS TEREDO O wujesultrasurf C Hamachi CIHTTF Tunnel Ping Tunnel LI Tiny PN C RealTunnel Cl OynaPass Cl ultra PN L Free Cl Skyfire Streaming Omnis CRTSP OTvants CPP Stream C PFTY L FeiBian LJuusee LINSPlayer LJPCasT LIT Koo ClSopCast U uDLivwew C TVUPlayer LImMySee LJ Joast Flash ideo SilverLight LJ Slingbox Javon LJ ooLive Remote Control LIVNc Radmin SpyAnywhere ShowMyPe LJ LogMetn Team iewer Cl Gogrok LJRemoateContralPra LJ CrossLoop O WindowsRDP Jpcanywhere 1 Timbuktu Cl WindowsLivesyne C Sharedview Web HD CIHTTP Upload CHiNet Safebox IMS SkyDrive Cl GDoc Uploader 0 ADrive LImMyothertrive O Mozy L BoxN
284. te If you intend running a VPN server inside your LAN you should uncheck the appropriate protocol above to allow pass through as well as the appropriate NAT settings VigorIPPBX 351 s Gui 22 igor 3510 Series User s Guide 8 Dray Tek 5 7 2 PPP General Setup This submenu only applies to PPP related VPN connections such as PPTP L2TP L2TP over IPSec VPN and Remote Access gt gt PPP General Setup PPP General Setup PPP MP Protocol IP Address Assignment for Dial In Users ial When DHCP Disable set ee PAP or CHAP v Authentication Start IP Address 192 168 1 200 fe Encryption Mutual Authentication PAP Yes No Username Oooo Password OoOo Dial In PPP PAP Only Select this option to force the router to Authentication authenticate dial in users with the PAP protocol Dial In PPP Encryption MPPE Optional MPPE Mutual Authentication PAP or CHAP Selecting this option means the router will attempt to authenticate dial in users with the CHAP protocol first If the dial in user does not support this protocol it will fall back to use the PAP protocol for authentication will be used to encrypt the data Optional MPPE w Optional MPPE Require MPPEMO 26 bit Maximum MPPEM128 bit Require MPPE 40 128bits Selecting this option will force the router to encrypt packets by using the MPPE encryption algorithm In addition the remote dial in user will use 40 bit to perform encryption prior to using
285. te ISDN Phone Ex 801 Dial ISDN trunk number 0 to connect to ISDN PBX After getting through you can hear the dial tone press ext No 801 Dray Tek 37 VigorIPPBX 3510 Series User s Guide 3 6 Create a LAN to LAN Connection Between Remote Office and Headquarter The most common case is that you may want to connect to network securely such as the remote branch office and headquarter According to the network structure as shown in the below illustration you may follow the steps to create a LAN to LAN profile These two networks LANs should NOT have the same network address Internet Router B POutErA 220 135 240 210 220 135 240 208 Headquarter 182 168 1 0 Remote Branch Office 192 168 2 0 Marketing Departme 192 168 Settings in Router A in headquarter 1 Goto VPN and Remote Access and select Remote Access Control to enable the necessary VPN service and click OK 2 Then For using PPP based services such as PPTP L2TP you have to set general settings in PPP General Setup VPN and Remote Access gt gt PPP General Setup PPP General Setup PPP MP Protocol IP Address Assignment for Dial In Users ial When DHCP Disable set ee PAP or CHAP v i i Authentication Start IP Address 192 166 1 200 i ill MPPE Optional MPPE ka Mutual Authentication PAF ves No For using IPSec based service such as IPSec or L2TP with IPSec Policy you have to set general settings in IPSec General Setup su
286. te your account Link Actrrate my Account 9 Click the Activate my Account link to enable the account that you created The following screen will be shown to verify the register process is finished Please click Login Register Search for this site YY Register Confirm Thank for your register in VigorPro Web Site The Register process is completed Dray Te k 73 VigorIPPBX 3510 Series User s Guide 10 When you see the following page please type in the account and password that you just created in the fields of UserName and Password This service is available for MyVigor member only Please login to access MyVigor If you are not one of the members of MyVigor please create an account first LOGIN Auth Code T4helw T4 h e 41 C lf you cannot read the word Click here Forget password Don t have a MWyVider Account Create an account now If you are having difficulty logging in contact our customer service Customer Service BEG 3 597 2727 of ek com email to webmasterna dra 11 Now click Login Your account has been activated You can access into My Vigor server to activate the service e g WCF that you want 3 14 2 Creating an Account via MyVigor Web Site 1 Access into http myvigor draytek com Find the line of Not registered yet Then click the link Click here to access into next page Dray Tek fi Home i for you About Us n s MyVigor website replaces the VigorPro site
287. tensions you must enable registration from WAN option and also check the setting within the profile of each extension required In the following window you can add the public IP of remote site to the list Type the WAN IP of the remote device in the field of Remote WAN IP and click Add ACL 5 i Index Femote WAN IP Close After pressing Add the WAN IP address e g 61 216 231 101 you typed will be shown on the list It means VigorIPPBX allows such device with the typed IP address registering the extension from WAN interface AGL 6 Remote WAN IP 1 61 216 231 101 Remote WAN IP Close VigorIPPBX 3510 Series User s Guide 82 Dray Tek 7 Next check the box of Enable ACL to activate the function of ACL VigorIPPBX now allows the device with the IP address listed on ACL to register extension from WAN interface You can refer to the description in Note2 for ACL meaning IP PBX gt gt PBX System SIP Proxy Setting SIP Local Port s060 SIP Proxy Realm Bs com Parking Serwer Number Call Pickup Number RTP Local Port Start s050 ETF Local Port End C Disable registration from WAN 4 Request Sec Range 1 64 Z 2 B a 3 e ci T 2 Enable ACLOwhite list for WAN IP Notei The Call Pickup Number used for both specific number pickup and group pickup Note To permit remote WAN side extensions you must enable registration
288. ter Otherwise you won t succeed in retrieving information from the router vif DrayTek Syslog 3 6 1 Controls 192 168 1 1 v WAN Status X Gateway IP Fixed TX Packets TX Rate YA vigor series ei o a LAN Status TX Packets RX Packets WAN IP Fixed RX Packets RX Rate Las ee e oe Firewall Log VPN Log User Access Log Cal Log WAN Log Others Network Information Net State On Line Routers Host Name vivian IP Address Mask MAC NIC Description SiS 900 Based PCI Fast Ethernet Adapter Packet Sc 192 168 1 1 255 255 2 00 50 7F 54 6 Kile iiam MAC Address 00 11 D8 E4 58 CE Default Geteway 192 168 1 1 IP Address 197 168 1 10 w DHCP Server 192 168 1 1 Subnet Mask 255 255 255 0 PEE Mon Jan 22 Lease Obtained 01 28 23 2007 1658 95 1 1 DNS Servers Lease Expires Thu Jan 25 01 28 23 2007 ADSL Status Mode State Up Speed Down Speed SNR Margin Loop tt VigorIPPBX 3510 Series User s Guide 260 Dray Tek 5 10 6 Time and Date It allows you to specify where the time of the router should be inquired from System Maintenance gt gt Time and Date Time Information Current System Time 2009 Sep 1 Tue T 48 32 Inquire Time Time Setup Use Browser Time Use Internet Time Client Server IP Address pool_ntp org Time Zone GMT Greenwich Mean Time Dublin Enable Daylight Saving Automatically Update Interval Current System Time Click Inquire Time to get the current ti
289. the previous wizard page or select the device type if you are sure the address is correct 8 Completing the Add Standard TCP IP Printer Port Wizard You have selected a port with the following characteristics SNMP No Protocol RAW Pot 9100 Device 192 163 1 1 Port Name IP_192 168 1 1 Adapter Type Generic Network Card To complete this wizard click Finish i Cancel Dray Tek 9 VigoriPPBX 3510 Series User s Guide 9 Now your system will ask you to choose right name of the printer that you installed onto the router Such step can make correct driver loaded onto your PC When you finish the selection click Next Add Printer Wizard Install Printer Software The manufacturer and model determine which printer software to use pm Select the manufacturer and model of your printer If your printer came with an installation disk click Have Disk If your printer is not listed consult your printer documentation for compatible printer software Manufacturer Eidi AST i Canon v lala sA By This driver is digitally signed Windows Update Tell me why driver signing is important 10 For the final stage you need to go back to Control Panel gt Printers and edit the property of the new printer you have added amp Brother HL 1070 Properties General Sharing Ports Advanced Device Settings 9 Sa Brother HL 1070 Print to the following port s Documents will print to the f
290. the router The router is a complicated electronic unit that may be repaired only be authorized and qualified personnel Do not try to open or repair the router yourself Do not place the router in a damp or humid place e g a bathroom The router should be used in a sheltered area within a temperature range of 5 to 40 Celsius Do not expose the router to direct sunlight or other heat sources The housing and electronic components may be damaged by direct sunlight or heat sources Do not deploy the cable for LAN connection outdoor to prevent electronic shock hazards Keep the package out of reach of children When you want to dispose of the router please follow local regulations on conservation of the environment We warrant to the original end user purchaser that the router will be free from any defects in workmanship or materials for a period of two 2 years from the date of purchase from the dealer Please keep your purchase receipt in a safe place as it serves as proof of date of purchase During the warranty period and upon proof of purchase should the product have indications of failure due to faulty workmanship and or materials we will at our discretion repair or replace the defective products or components without charge for either parts or labor to whatever extent we deem necessary tore store the product to proper operating condition Any replacement will consist of a new or re manufactured function
291. tiveX control object is usually used for providing interactive web feature If malicious code hides inside it may occupy user s system For example if you add key words such as sex Vigor router will limit web access to web 29 99 sites or web pages such as www sex com www backdoor net images sex p_386 html Or you may simply specify the full or partial URL such as www sex com or sex com Also the Vigor router will discard any request that tries to retrieve the malicious code Click CSM and click URL Content Filter Profile to open the profile setting page CSM gt gt URL Content Filter Profile URL Content Filter Profile Table Setto Factory Default Profile Name Profile Name 1 J 2 G ai 4 amp Administration Message Max 255 characters lt hody gt lt center gt lt br gt lt p gt The requested Web page has been blocked by URL Content Filter lt p gt Please contact your system administrator for further information lt center gt lt body gt You can set eight profiles as URL content filter Simply click the index number under Profile to open the following web page Dray Te k 201 VigorIPPBX 3510 Series User s Guide CSM gt gt URL Content Filter Profile Profile Index 1 Priority Both Pass Log 1 URL Access Control Enable URL Access Control Prevent web access from IP address Action Web Feature Group Object Selections OO H Enable
292. toration Restoration Select a SIPTrunk_Setting bak file Oooo 24 Click Restore to upload the file Backup Click Backup to download current running sip trunk settings as a file Extension Setting Backup Restoration Restoration Select a Ext_Setting bak file i Click Restore to upload the file Backup Click Backup to download current running extension settings as a file Backup the Configuration for SIP Trunk or Extension Settings Follow the steps below to backup your configuration L Click Backup button A dialog appears for you to confirm the settings backup Click Save button to open another dialog for saving configuration as a file In Save As dialog the default filename is v3510pbx_SIPTrunk_Setting_2010XXXX for SIP Trunk or v3510pbx_Ext_Setting_2010X XX for extension settings You could give it another name by yourself Click Save button the configuration will download automatically to your computer as a file named v3510pbx_SIPTrunk_Setting_2010X XXX for SIP Trunk or v3510pbx_Ext_Setting_2010X XX for extension settings The above example is using Windows platform for demonstrating examples The Mac or Linux platform will display different windows but the backup function is still available Restore Configuration l Dray Tek Click Browse button in the field of Restoration to choose the correct configuration file for uploading to the router Click Restore button and wait for few sec
293. trator for the appropriate IP settings Obtain an IP address automatically Use the following IP address Use the folowing ONS server addresses ees For Mac OS 1 Double click on the current used Mac OS on the desktop 2 Open the Application folder and get into Network 3 On the Network screen select Using DHCP from the drop down list of Configure Pv4 0 AO Network Show All Displays Sound Network Startup Disk Location Automatic Show Built in Ethernet IP Address 192 168 1 10 Renew DHCP Lease Subnet Mask 255 255 255 0 DHCP Client ID If required Router 192 168 1 1 DNS Servers Optional Search Domains Optional IPv6 Address fe80 0000 0000 0000 020a 95ff fe8d 72e4 Configure IPv6 Sooner re Click the lock to prevent further changes Assist me Apply Now Dray Tek 277 VigorlPPBX 3510 Series User s Guide 6 3 Pinging the Router from Your Computer The default gateway IP address of the router is 192 168 1 1 For some reason you might need to use ping command to check the link status of the router The most important thing is that the computer will receive a reply from 192 168 1 1 If not please check the IP address of your computer We suggest you setting the network connection as get IP automatically Please refer to the section 6 2 Please follow the steps below to ping th
294. tting the highest network security please check VPN only In addition refer to section 3 15 How to enhance the security for extensions registration for detailed information Determine the type for such extension profile SIP Choose this type to make such extension profile available for general IP phone Type the number of extension for such index The caller ID that you want it to be displayed on your friend s screen Check this box to make the IP PBX executing authentication while the number is dialed Use Display Name as authentication ID Check this box 95 VigorIPPBX 3510 Series User s Guide Password E mail Address Voice Mail Password MWI Message Waiting Indicator Allow to access these Trunks Default Trunk VigorIPPBX 3510 Series User s Guide to use the Display Name as the authentication ID for such extension profile Type a number for the IP PBX to execute authentication When an IP phone connects to network IP PBX will use such password for authentication Enable PPTP VPN Dial In for this Number Password Check this box to enable remote user can use this account setting as PPTP remote dial in authentication account Type an e mail address to receive media voice file sent by incoming calls Send a test e mail Click this button to send a test e mail to the mail box you typed here Type a password here When the user wants to listen the voice mail he she must use such pass
295. ttings and restart the Vigor router Dray Tek 21 VigorlPPBX 3510 Series User s Guide Click Finish A page of Quick Start Wizard Setup OK will appear Then the system status of this protocol will be shown Quick Start Wizard Setup OK 2 2 4 DHCP Click DHCP as the protocol Type in all the information that your ISP provides for this protocol Quick Start Wizard DHCP Client Mode WAM 1 If your ISP requires you ta enter a specific host name or specific MAC address please enter it in Host Name Vigor ational MAC 50 FF Jas PF OF_koptional Host Name Type the name of the host MAC Some Cable service providers specify a specific MAC address for access authentication In such cases you need to click the Specify a MAC Address and enter the MAC address in the MAC Address field After finishing the settings in this page click Next to see the following page Quick Start Wizard Please confirm your settings WAN Interface WANT Physical Mode Ethernet Physical Type Auto negotiation Internet Access DHCP Click Back to modify changes if necessary Otherwise click Finish to save the current settings and restart the Vigor router VigorlPPBX 3510 Series User s Guide 22 Dray Tek Click Finish A page of Quick Start Wizard Setup OK will appear Then the system status of this protocol will be shown Quick Start Wizard Setup OK Now the system is ready to access into Internet whenever you wa
296. ubnet 2nd Subnet ist Subnet Mask 255 255 255 0 Start IP Address 192 166 1 10 voip Module Address 192 168 1 449 Notices YoIP module must be at the same subnet with lst IP address For IP Routing Usage Enable Disable 2nd IP Address 192 165 2 1 2nd Subnet Mask 255 255 255 0 L Force ONS manual setting 2nd Subnet DHCP Server j O Primary IP Address PIP Protocol Control Disable we Secondary IP Address O IP Pool Counts 0 Gateway IP Address DHCP Server IP Address for Relay Agent DNS Server IP Address Dray Tek 53 VigorIPPBX 3510 Series User s Guide To use another DHCP server in the network rather than the built in one of Vigor Router you have to change the settings as show below Internet Public IP Address 220 135 240 207 Sa se ESE Ss az Private Subnet Router IP Addre DHCP Server You can just set the settings wrapped inside the red rectangles to fit the request of NAT usage LAN gt General Setup Ethernet TCP IP and DHCP Setup LAN IP Network Confiquration For NAT Usage ist IP Address 192 168 1 1 Relay Agent Subnet ist Subnet Mask 255 255 255 0 Start IP Address 197 166 1 10 voip Module Address 1927 160 1 244 IP Pool Counts Notices VoIP module must be at the same subnet with 1st IP address For IP Routing Usage Enable Disable 2nd IF Address 192 168 2 1 Gateway IP Address DHCP Server IP Address for Relay Agent 2nd Subnet Mask 255 255 255 0 DNS Se
297. umber Alas of SIP Trunk 77 w ll Qut going call CLI Main number Alias number Answer Mode Office hours answer mode Auto Attendant ka Non Office hours answer mode Auto Attendant Active Click Enable to activate this entry Or click Disable to inactive this entry Alias Type a name for such account Dray Te k 101 VigorIPPBX 3510 Series User s Guide Alias Number Type a number for such account Alias of SIP Trunk Choose one of the items listed in SIP Trunk List for this alias profile Out going call CLI Determine which phone number will be shown to the remote end Main number Choose this item to display the number which set in corresponding SIP TRUNK Alias number Choose this item to display the alias number Office hours answer mode Set the answering mode for such outside line in office time You can specify it with Auto Attendant AA or forward it to any Extension or Group directly Auto Attendant we Auto Attendant Foward To Extension Foward To Group Non office hours answer Set the answering mode for such outside line in non office mode time You can specify it with Auto Attendant AA or forward it to any Extension or Group directly Auto Attendant Auto Attendant Foward To Extension Foward To Group This page allows you to set profiles for PSTN outside lines via FXO module at one time 4 1 2 2 PSTN Trunk IP PBX gt gt PSTN Trunk List PSTN Trunk List Index Group Tru
298. under Index column for setting in detail VigorIPPBX 3510 Seri s Gui ne igor 3510 Series User s Guide 9 Dray Tek Objects Setting gt gt Keyword Object Setup Profile Index 3 Limit of Contents Max 3 Words and 63 Characters Each word should be separated by a single space You can replace a character with HEX Example Contents backdoo 72 virus keep 20out Result 1 backdoor 2 VIFUS 3 keep out Name Type a name for this profile e g game Contents Type the content for such profile For example type gambling as Contents When you browse the webpage the page with gambling information will be watched out and be passed blocked based on the configuration on Firewall settings 5 3 6 Keyword Group This page allows you to bind several keyword objects into one group The keyword groups set here will be chosen as black white list in CSM gt gt URL Web Content Filter Profile Objects Setting gt gt Keyword Group Keyword Group Table Setto Factory Default Index Name Index Name 1 1r 18 3 na 4 20 J a1 6 2 i 23 8 4 J 23 10 26 13 23 t4 30 15 alk 16 32 Set to Factory Default Clear all profiles Click the number under Index column for setting in detail Dray Tek 193 VigorIPPBX 3510 Series User s Guide Objects Setting gt gt Keyword Group Setup Profile Index 1 Available Keyword Objects Selected Keyword Objects Max 16 Objects Keyword 1 2 keyword 2 Name
299. ured in this page VigorIPPBX 351 s Gui 12 igor 3510 Series User s Guide 0 Dray Tek 4 1 4 5 Auto Attendant Wizard The first page is configured for phone calls in office hours IP PBX gt gt PBX System Auto Attendant Wizard Office Hours Key Action 0 Ring Extension v 1 101 v 1 Plays Prompt 2 Ring Hunt Group Auto Attendant 3 Not used w answers the Caller calls cal plays office 4 NotUsed w Auto mee hours greeting Attendant prompt Sj and 5 NotUsed v waits for caller put 6 Nosed 7 Nousee B Nouse 9 Notused Click Next The second page is configured for phone calls in non office hours IP PBX gt gt PBX System Auto Attendant Wizard Non Office Hours ral cm O Plays Prompt 1 Ring Hunt Group 2 Auto Attendant answers the 7 Caller calls cal plays non Auto office Hours E mD 4 gt greeting Attendant prompt 6 and a waits for caller 6 Not Used Input 7 NotUsed 8 Noted 9 NotUsed w Key 0 9 Key 0 9 can be set with different actions Action Drop down menu contains Ring Extension Plays Dray Tek 121 VigorlPPBX 3510 Series User s Guide Prompt Ring Hunt Group Not Used Ring Extension Ring Extensi on Plays Prompt Ring Hunt Group Mot Used Ring Extension Only the extension number selected here will ring Plays Prompt Audio file will be played automatically Ring Hunt Group Only the e
300. week o E Assign these two profiles to the PPPoE Internet access profile Now the PPPoE Internet connection will follow the schedule order to perform Force On or Force Down action according to the time plan that has been pre defined in the schedule profiles l s Gui 222 VigorIPPBX 3510 Series User s Guide Dray Tek 5 6 3 RADIUS Remote Authentication Dial In User Service RADIUS is a security authentication client server protocol that supports authentication authorization and accounting which is widely used by Internet service providers It is the most common method of authenticating and authorizing dial up and tunneled network users The built in RADIUS client feature enables the router to assist the remote dial in user and the RADIUS server in performing mutual authentication It enables centralized remote access authentication for network management Applications gt gt RADIUS RADIUS Setup Enable Destination Port 1812 Shared Secret Po Enable Server IP Address Destination Port Shared Secret Confirm Shared Secret Dray Tek Check to enable RADIUS client feature Enter the IP address of RADIUS server The UDP port number that the RADIUS server is using The default value is 1812 based on RFC 2138 The RADIUS server and client share a secret that is used to authenticate the messages sent between them Both sides must be configured to use the same shared secret Re type the Shared Secret for conf
301. word to open it There are two types of MWI for users to choose Please click the one according to the real application Notify User who Subscribed The user needs to send out SUBSCRIBE message first When IPPBX detects new voice message from some extension number or the condition of the voice message is changed it will transfer NOTIFY message to the users within the valid time subscribed Force Notify User The user does not send out SUBSCRIBE message The IPPBX will deliver NOTIFY message to the users if there is a new message or the user registers on IPPBX again There are several settings for SIP trunks PSTN trunks and ISDN trunks for you to specify for such extension Please check the one s you want The available boxes listed here will be changed according to the FXS FXO ISDN module inserted to VigorIPPBX 3510 Allow to access these Trunks Osii Osie Osia Osipy Osips Osips CIPSTNi CO FPSTN2 LI PSTN3 COI PSTN4 LJISDN TE1 LIJISDN TE LJ ISON TE3 LJ ISDN TE4 Specify a PSTN SIP ISDN Trunk as the default trunk setting Such setting will be applied in Dial Plan gt gt DigitMap as a selection of Trunk Note that only the checked trunk box es listed in Allow to access these Trunks can be selected as a default trunk a Dray Tek If you want to choose ANY_PSTN or ANY_ISDN as the default trunk you have to check all of the PSTN trunks or ISDN trunks first Answer Mode Specify the way to process incoming pho
302. x_g711_userprompt wayv ss O1 11 If G7 11 Prompt File is upload we will generate related G729 Prompt File automatically But we can not generate G711 Prompt file based on G729 Prompt file User prompt 11 is used for music on hold function Supported waw file format The length of time is 75 sec and size is 800K at mast Codec Channels Sample rate Bits Sk 11 025k Linear PCM Stereo Mona 16k 22 05k 16 amp 32k 44 1k 48k Sk 11 025k A law g il Stereo Mono 16k 22 05k 5 32k 44 1k 48k Sk 11 025k u law g7ii Stereo Mona 16k 22 05k 5 32k 44 1k 48k Download The audio file can be saved with IVR file format or WAV file format In general it will be saved in the router s memory after you record it To back up the audio file s saved in FLASH of the router to your computer please choose the one you want from the drop down menu and click Back Up Dray Tek 123 VigorlPPBX 3510 Series User s Guide Download Prompt 711 01 Prompt 6711 01 Prompt G11 02 Prompt 3711 03 Prompt G711 04 Prompt G711 05 Prompt G11 06 Prompt G11 07 Prompt G11 08 Prompt GF11 09 Prompt 717 10 Prompt 711 11 Prompt 6729 01 Prompt 6729 02 Prompt G729 03 Prompt 6729 04 Prompt 6729 05 Prompt 6729 Ob Prompt 724 07 Prompt G29 08 Prompt 6729 09 Prompt 729 10 Prompt 6729 11 system Prompt G11 system Prompt G72 Prompt 1 to prompt 10 will be used for user defined audio files file format must be WAV System Prompt file
303. xtension Forward To Group a Dray Tek Below shows the phone setting with ISDN TE type IP PBX gt gt PBX System ISDN TE Index 1 Phone Extension Active Trunk Number ISDN Type Manual Disconnection ISDN TE onnet CLIP format PIN Code FIN Code Mode Check for VoIP to ISON Calls Check for ISON to oIP Calls DThIF DTMF Mode Codec Prefer Codec Code Rate Cl Codec VAD Internal Phone Extension Active Trunk Number ISDN Type Manual Disconnection ISDN TE onnet CLIP format PIN Code Mode Dray Tek Enable Disable 7 char max P MP Disconnect Trunk_number Caller_ID Caller_ID only OEnable Disable 0000 OQ Enable Disable 0000 QutBand RFC2833 G 7114 64kbps L Single Codec Click Enable to invoke such profile There are two ways to dial outside lines for an extension number First dial a short number and wait for a while When dial tone appears please dial the real outside line number Second dial a short number and then the real outside line number without waiting for dial tone The short number is defined here as Trunk Number There are two options for ISDN setting P P means point to point mode P MP means point to multi point mode To disconnect the ISDN trunk simply click the Disconnect button The ISDN phone call will be disconnected immediately Choose the caller ID format display on extension There are two format as follow Trunk_
304. xtension number within the Hunt Group will ring Not Used Nothing will be done for the key Drop down menu 2 contains extension name ex Tom Mike or prompt Prompt 1 Prompt 10 audio files or Hunt Group Name ex Sales RD2 It will be changed according to drop down menu 1 Ring Extension Plays Prompt Ring Hunt Group Not Used v Finally the following window will appear Click OK to save the configuration IP PBX gt gt PBX System Auto Attendant Wizard Record Prompts You can record the office hours and non office hour greetings or other prompts Prompt 5 is used as office hours greeting Prompt 6 is used as non office hours greeting VigorIPPBX 351 j f j 122 igor 3510 Series User s Guide Dray Tek 4 1 4 6 Prompt Maintenance The IP PBX system provides several audio files for users to choose for playing Moreover users can upload other audio files from USB storage or hard disk or others to make the IP PBX system playing Users can record audio files and upload to router or download to PC However the file format of the audio file must follow the rule stated on the web page Users can record the audio files through a phone set connected to the router or use audio record program on PC IP PBX gt gt PBX System Prompt Maintenance Download Prompt G711 01 Back Up Upload Browse Restore Mote The file name follows a pre defined rule User Prompt File v3510pbs
305. y router automatically You could hear IVR voice to remind you to dial extension number you want to reach Forward to Extension The incoming call would be forwarded to the extension number you setup directly Forward to Group If you have setup group extension number in web page Hunt Group the incoming call could be forwarded to the group extension number you selected VigorlPPBX 3510 Series User s Guide 108 Dray Tek Phone CLIR CLIP Check this box to hide or present the caller ID to remote user CLIR Calling Line Identification Restriction hides the caller ID CLIP Calling Line Identification Presentation presents the caller ID 4 1 3 Dial Plan IP PBX gt gt Dial Plan Dial Plan Configuration Digit Map Speed Dial Call Barring 4 1 3 1 Digit Map For the convenience of user this page allows users to edit prefix number for the SIP account with adding number stripping number or replacing number It is used to help user having a quick and easy way to dial out through VoIP interface IP PBX gt gt DialPlan Setup Digit Map Setup Enable Match Prefix Method Operand Number Min Len ae Trunk Bacup Len Trunk saD e E e e a oe 20 et N Je Co A Pod a of O de d 1 The length for Min Len and Max Len fields should be between O 25 E 2 Wildcard is supported Tips for One stage dialing for trunk line 1 Set the Method to Strip 2 Let the Operand Number and Prefix Number be the same
306. y applicable when you select ISDN PPTP or L2TP with or without IPSec policy above The default value is 0 0 0 0 which means the Vigor router will get a PPP IP address from the remote router during the IPCP negotiation phase If the PPP IP address is fixed by remote side specify the fixed IP address here Do not change the default value if you do not select ISDN PPTP or L2TP This field is only applicable when you select ISDN PPTP or L2TP with or without IPSec policy above The default value is 0 0 0 0 which means the Vigor router will get a remote Gateway PPP IP address from the remote router during the IPCP negotiation phase If the PPP IP address is fixed by remote side specify the fixed IP address here Do not change the default value if you do not select ISDN PPTP or L2TP Add a static route to direct all traffic destined to this Remote Network IP Address Remote Network Mask through the VPN connection For IPSec this is the destination clients IDs of phase 2 quick mode Add a static route to direct all traffic destined to more Remote Network IP Addresses Remote Network Mask through the VPN connection This is usually used when you find there are several subnets behind the remote VPN router The option specifies the direction of RIP Routing Information Protocol packets You can enable disable one of direction Dray Tek here Herein we provide four options TX RX Both TX Only RX Only and Disable From first subnet to
Download Pdf Manuals
Related Search