Draytek Vigor2950 инструкция обслуживания

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247

Идти на страницу of

Хорошее руководство по эксплуатации

Законодательство обязывает продавца передать покупателю, вместе с товаром, руководство по эксплуатации Draytek Vigor2950. Отсутствие инструкции либо неправильная информация, переданная потребителю, составляют основание для рекламации в связи с несоответствием устройства с договором. В законодательстве допускается предоставлении руководства в другой, чем бумажная форме, что, в последнее время, часто используется, предоставляя графическую или электронную форму инструкции Draytek Vigor2950 или обучающее видео для пользователей. Условием остается четкая и понятная форма.

Что такое руководство?

Слово происходит от латинского "instructio", тоесть привести в порядок. Следовательно в инструкции Draytek Vigor2950 можно найти описание этапов поведения. Цель инструкции заключается в облегчении запуска, использования оборудования либо выполнения определенной деятельности. Инструкция является набором информации о предмете/услуге, подсказкой.

К сожалению немного пользователей находит время для чтения инструкций Draytek Vigor2950, и хорошая инструкция позволяет не только узнать ряд дополнительных функций приобретенного устройства, но и позволяет избежать возникновения большинства поломок.

Из чего должно состоять идеальное руководство по эксплуатации?

Прежде всего в инструкции Draytek Vigor2950 должна находится:
- информация относительно технических данных устройства Draytek Vigor2950
- название производителя и год производства оборудования Draytek Vigor2950
- правила обслуживания, настройки и ухода за оборудованием Draytek Vigor2950
- знаки безопасности и сертификаты, подтверждающие соответствие стандартам

Почему мы не читаем инструкций?

Как правило из-за нехватки времени и уверенности в отдельных функциональностях приобретенных устройств. К сожалению само подсоединение и запуск Draytek Vigor2950 это слишком мало. Инструкция заключает ряд отдельных указаний, касающихся функциональности, принципов безопасности, способов ухода (даже то, какие средства стоит использовать), возможных поломок Draytek Vigor2950 и способов решения проблем, возникающих во время использования. И наконец то, в инструкции можно найти адресные данные сайта Draytek, в случае отсутствия эффективности предлагаемых решений. Сейчас очень большой популярностью пользуются инструкции в форме интересных анимаций или видео материалов, которое лучше, чем брошюра воспринимаются пользователем. Такой вид инструкции позволяет пользователю просмотреть весь фильм, не пропуская спецификацию и сложные технические описания Draytek Vigor2950, как это часто бывает в случае бумажной версии.

Почему стоит читать инструкции?

Прежде всего здесь мы найдем ответы касательно конструкции, возможностей устройства Draytek Vigor2950, использования отдельных аксессуаров и ряд информации, позволяющей вполне использовать все функции и упрощения.

После удачной покупки оборудования/устройства стоит посвятить несколько минут для ознакомления с каждой частью инструкции Draytek Vigor2950. Сейчас их старательно готовят или переводят, чтобы они были не только понятными для пользователя, но и чтобы выполняли свою основную информационно-поддерживающую функцию.

Содержание руководства

  • Страница 1

    [...]

  • Страница 2

    Vigor2950 Series User’s Guide ii[...]

  • Страница 3

    Vigor2950 Series User’s Guide iii Vigor2950 Series Dual-WAN SSL VPN Appliance User’s Guide Version: 4.1 Date: 30/10 /200 9 Copyright 2009 All rights reserve d. This publication contains information th at is protected by copyright. No part may be reproduced, transmitted, transcribed, stored in a retrieval syst em, or translated into any lang u a[...]

  • Страница 4

    Vigor2950 Series User’s Guide iv Copyright Information Copyright Declarations Copyright 2009 All rights reserved. This pub licatio n contains information that is protected by copyright. No part may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language without written permission f rom the copyri ght[...]

  • Страница 5

    Vigor2950 Series User’s Guide v European Community Declarations Manufacturer: DrayTek Corp. Address: No. 26, Fu Shing Road, HuKou Town sh ip, HsinChu Industrial Park, Hsin-Chu, Taiwan 303 Product: Vigor2950 Ser ies Router DrayTek Corp. declares that Vigor295 0 series is in compliance with the following essential requirements and other relevant pr[...]

  • Страница 6

    Vigor2950 Series User’s Guide vi T T a a b b l l e e o o f f C C o o n n t t e e n n t t s s 1 Pref ace ............................................................................................................... 1 1.1 Web Conf iguration Bu ttons Explanation ................................................................................. 1 1.[...]

  • Страница 7

    Vigor2950 Series User’s Guide vii 3.4.2 Genera l Setup ............................................................................................................ ..... 53 3.4.3 Filter Setup ............................................................................................................. ........ 54 3.4.4 DoS Defense ................[...]

  • Страница 8

    Vigor2950 Series User’s Guide viii 3.12.5 WDS..................................................................................................................... ....... 159 3.12.6 AP Di scovery ............................................................................................................ .. 161 3.12.7 Stat ion List ...............[...]

  • Страница 9

    Vigor2950 Series User’s Guide ix 5 T rouble Shoot ing ........................................................................................... 229 5.1 Checking If the Hardware S tatus Is OK or No t.................................................................... 229 5.2 Checking If the Network Connection Settings on Y our Computer Is OK or [...]

  • Страница 10

    [...]

  • Страница 11

    Vigor2950 Series User’s Guide 1 1 P P r r e e f f a a c c e e The Vigor2950 series router provides Dual-WAN interface (which is a configuration second WAN) for Internet access to make the Internet connection more reliable. The wireless LAN supports more secure features and the transmission speed is up to 108Mbps (SuperG TM ). Object-oriented fire[...]

  • Страница 12

    Vigor2950 Series User’s Guide 2 1 1 . . 2 2 . . 1 1 F F o o r r V V i i g g o o r r 2 2 9 9 5 5 0 0 LED Status Explanation Blinking The router is powere d on and running no rm ally. ACT (Activity) Off The router is powe red off. DMZ On DMZ Host is specified in cert ain site. Monitor On LAN traffic monitor is active. On The VPN tun nel is launc he[...]

  • Страница 13

    Vigor2950 Series User’s Guide 3 1 1 . . 2 2 . . 2 2 F F o o r r V V i i g g o o r r 2 2 9 9 5 5 0 0 G G LED Status Explanation Blinking The router is powere d on and running no rm ally. ACT (Activity) Off The router is p owered off. DMZ On DMZ Host is specified in certain site. Monitor On LAN traffic monitor is active. On The VPN tun nel is launc[...]

  • Страница 14

    Vigor2950 Series User’s Guide 4 1 1 . . 2 2 . . 3 3 F F o o r r V V i i g g o o r r 2 2 9 9 5 5 0 0 i i LED Status Explanation Blinking The router is powe re d on and runnin g no rm ally. ACT (Activity) Off The router is powe red off. DMZ On DMZ Host is specified in cert ain site. Monitor On LAN traffic monitor is active. On The VPN t unnel is l [...]

  • Страница 15

    Vigor2950 Series User’s Guide 5 1 1 . . 2 2 . . 4 4 F F o o r r V V i i g g o o r r 2 2 9 9 5 5 0 0 G G i i LED Status Explanation Blinking The router is powere d on and running no rm ally. ACT (Activity) Off The router is p owered off. DMZ On DMZ Host is specified in certain site. Monitor On LAN traffic monitor is active. On The VPN tun nel is l[...]

  • Страница 16

    Vigor2950 Series User’s Guide 6 1 1 . . 3 3 H H a a r r d d w w a a r r e e I I n n s s t t a a l l l l a a t t i i o o n n Before starting to configure the router, you have to connect your devices correctly. 1. Connect the power cord to the router’s power port on the rear panel, and the ot her side into a wall outlet. 2. Power on the device by[...]

  • Страница 17

    Vigor2950 Series User’s Guide 7 2 C C o o n n f f i i g g u u r r i i n n g g B B a a s s i i c c S S e e t t t t i i n n g g s s For use the router properly, it is necessary for you to change the password of web configuration for security and adjust primary basic settings. This chapter explains how to setup a password fo r an administrator and h[...]

  • Страница 18

    Vigor2950 Series User’s Guide 8 3. Now, the Main Screen will pop up. Home Page for Vigor2950 Series 4. 4Go to System Maintenance page and choose Administrator Password . 5. Enter the login password (the defa ult is blank) on the field of Old Password . Type a new one in the field of New Password and retype it on the field of Confirm Password . Th[...]

  • Страница 19

    Vigor2950 Series User’s Guide 9 2 2 . . 2 2 Q Q u u i i c c k k S S t t a a r r t t W W i i z z a a r r d d If your router can be under an environment with high speed NAT, the configuration provide here can help you to deploy and use the router quickl y. The first screen of Quick Start Wizard is entering login password. After ty ping the password[...]

  • Страница 20

    Vigor2950 Series User’s Guide 10 In the Quick Start Wizard , you can configure the router to access the Internet with different protocol/modes such as PPPoE , PPTP , L2TP , Static IP or DHCP . The router supports the DSL WAN interface for Internet access. 2 2 . . 2 2 . . 1 1 P P P P P P o o E E PPPoE stands for Point-to-Point Protocol over Ethern[...]

  • Страница 21

    Vigor2950 Series User’s Guide 11 Password Assign a valid password provided by the ISP. Confirm Password Retype the password to confirm it. Click Next for viewing summary of such connection. Click Finish. A page of Quick Start Wizard Setup OK!!! will appear. Then, the system status of this protocol will be shown.[...]

  • Страница 22

    Vigor2950 Series User’s Guide 12 2 2 . . 2 2 . . 2 2 P P P P T T P P Click PPTP as the protocol. Type in all the information that your ISP provides for this protocol. Click Next for viewing summary of such connection. Click Finish. A page of Quick Start Wizard Setup OK!!! will appear. Then, the system status of this protocol will be shown.[...]

  • Страница 23

    Vigor2950 Series User’s Guide 13 2 2 . . 2 2 . . 3 3 L L 2 2 T T P P Click L2TP as the protocol. Type in all the information that your ISP provides for this protocol. After finishing the settings in this page, click Next to see the following page.[...]

  • Страница 24

    Vigor2950 Series User’s Guide 14 2 2 . . 2 2 . . 4 4 S S t t a a t t i i c c I I P P Click Static IP as the protocol. Type in all the inform ation that your ISP provides for this protocol. After finishing the settings in this page, click Next to see the following page. Click Finish. A page of Quick Start Wizard Setup OK!!! will appear. Then, the [...]

  • Страница 25

    Vigor2950 Series User’s Guide 15 2 2 . . 2 2 . . 5 5 D D H H C C P P Click DHCP as the protocol. Type in all the information that your ISP provides for this protocol. After finishing the settings in this page, click Next to see the following page. Click Finish. A page of Quick Start Wizard Setup OK!!! will appear. Then, the system status of this [...]

  • Страница 26

    Vigor2950 Series User’s Guide 16 2 2 . . 3 3 O O n n l l i i n n e e S S t t a a t t u u s s The online status shows the system status, W AN status, ADSL Information and other status related to this router within one page. If you select PPPoE/PPTP as the protocol , you will find out a link of Dial PPPoE or Drop PPPoE in the Online Status web page[...]

  • Страница 27

    Vigor2950 Series User’s Guide 17 Online status for DHCP Detailed explanation is shown below: Primary DNS Display the IP address of the primary DNS. Secondary DNS Display the IP address of the secondary DNS. LAN Status IP Address Display the IP address of the LAN interface. TX Packets Display the total transmitted packets at the LAN interface. RX [...]

  • Страница 28

    Vigor2950 Series User’s Guide 18 Drop B1/B2 Allows you to drop B1 or B2 connection. Note: The words in green mean that th e WAN connection of that interface (WAN1/WAN2) is ready for accessing Internet; the words in red mean that the WAN connection of that interface (W AN1/WAN2) is not ready for accessing Internet. 2 2 . . 4 4 S S a a v v i i n n [...]

  • Страница 29

    Vigor2950 Series User’s Guide 19 3 A A d d v v a a n n c c e e d d W W e e b b C C o o n n f f i i g g u u r r a a t t i i o o n n After finished basic configuration of the router, you can access Internet with ease. For the people who want to adjust more setting for suitin g his/her request, please refer to this chapter for getting detailed infor[...]

  • Страница 30

    Vigor2950 Series User’s Guide 20 Below shows the menu items for Internet Access. 3 3 . . 1 1 . . 2 2 G G e e n n e e r r a a l l S S e e t t u u p p This section will introduce some general settings of Internet and explain the connection modes for WAN1 and WAN2 in details. This router supports dual WAN function. It allows users to access Internet[...]

  • Страница 31

    Vigor2950 Series User’s Guide 21 Physical Type You can change the physical type for WAN2 or choose Auto negotiation for determined by the system. Load Balance Mode If you know the practical bandwidth for your WAN interface, please choose the setting of According to Line Speed . Otherwise, please choose Auto Weigh to let the router reach the best [...]

  • Страница 32

    Vigor2950 Series User’s Guide 22 3 3 . . 1 1 . . 3 3 I I n n t t e e r r n n e e t t A A c c c c e e s s s s For the router supports dual WAN function, the users can set different WAN settings (for WAN1/WAN2) for Internet Access. Due to di fferent physical mode for WAN1 and WAN2, the Access Mode for these two connections also varies slightly. Ind[...]

  • Страница 33

    Vigor2950 Series User’s Guide 23 D D e e t t a a i i l l s s P P a a g g e e f f o o r r P P P P P P o o E E To use PPPoE as the accessing protocol of the internet, please choose Internet Acce ss fro m WAN menu. Then, select PPPoE mode for WAN2. The following web page will be shown. PPPoE Client Mode Click Enable for activating this function. If [...]

  • Страница 34

    Vigor2950 Series User’s Guide 24 Ping IP – If you choose Ping Detect as detection mode, you have to type IP address in this field for pinging. TTL (Time to Live) – Display value for your reference. TTL value is set by telnet command. PPP/MP Setup PPP Authentication – Select PAP only or PAP or CHAP for PPP. Idle Timeout – Set the timeout f[...]

  • Страница 35

    Vigor2950 Series User’s Guide 25 D D e e t t a a i i l l s s P P a a g g e e f f o o r r S S t t a a t t i i c c o o r r D D y y n n a a m m i i c c I I P P For static IP mode, you usually receive a fixe d public IP address or a public subnet, nam ely multiple public IP addresses from your DSL or Cable ISP service providers. In most cases, a Cabl[...]

  • Страница 36

    Vigor2950 Series User’s Guide 26 PING Interval - Enter the interval for the system to execute the PING operation. WAN Connection Detection Such function allows you to veri fy whether network connection is alive or not through ARP Detect or Ping Detect. Mode – Choose ARP Detect or Ping Detect for the system to execute for WAN detection. Ping IP [...]

  • Страница 37

    Vigor2950 Series User’s Guide 27 Gateway IP Address : Type the gateway IP address. Default MAC Address : Click this radio button to use default MAC address for the router. Specify a MAC Address : Some Cable service providers specify a specific MAC address for access authentication. In such cases y ou need to click the Specify a MAC Address and en[...]

  • Страница 38

    Vigor2950 Series User’s Guide 28 D D e e t t a a i i l l s s P P a a g g e e f f o o r r P P P P T T P P / / L L 2 2 T T P P To use PPTP/L2TP as the accessing protocol of the internet, please choose Internet Access from WAN menu. Then, select PPTP/L2TP mode for WAN2/WAN2. The following web page will be shown. PPTP/L2TP Client Mode Click Enable PP[...]

  • Страница 39

    Vigor2950 Series User’s Guide 29 MTU Mean maximum transmission unit of one packet. The default value is 1442. PPP Setup PPP Authentication - Select PAP only or PAP or CHAP for PPP . Idle Timeout - Set the timeout for breaking down the Internet after passing through the time without any action. This setting is active only when the Active on demand[...]

  • Страница 40

    Vigor2950 Series User’s Guide 30 IP Address – Type the IP address. Subnet Mask – Type the subnet mask. 3 3 . . 1 1 . . 4 4 L L o o a a d d - - B B a a l l a a n n c c e e P P o o l l i i c c y y This router supports the function of load balanc ing. It can assign traffic with protocol t ype, IP address for specific host, a subnet of hosts, and[...]

  • Страница 41

    Vigor2950 Series User’s Guide 31 Dest Port End Display the IP address for the end of the destination port. Move UP/Move Down Use Up or Down link to move the order of the polic y. Click Index 1 to access into the following page for configuring load-balance policy. Enable Check this box to enable this policy. Protocol Use the drop-down menu to choo[...]

  • Страница 42

    Vigor2950 Series User’s Guide 32 Dest Port End Type the destination port end for the destination IP. If this field is blank, it means that all the destination ports will be passed through the WAN interface. 3 3 . . 2 2 L L A A N N Local Area Network (LAN) is a group of subnets regulated and ruled by router . The design of network structure is rel[...]

  • Страница 43

    Vigor2950 Series User’s Guide 33 W W h h a a t t i i s s R R o o u u t t i i n n g g I I n n f f o o r r m m a a t t i i o o n n P P r r o o t t o o c c o o l l ( ( R R I I P P ) ) V igor router will exchange routing informati on with neighboring routers using the RIP to accomplish IP routing. This allows users to cha nge the information of the r[...]

  • Страница 44

    Vigor2950 Series User’s Guide 34 3 3 . . 2 2 . . 2 2 G G e e n n e e r r a a l l S S e e t t u u p p This page provides you the general settings for LAN. Click LAN to open the LAN settings page and choose General Setup . 1st IP Address T ype in private IP address for connecting to a local private network (Default: 192.168.1.1). 1st Subnet Mask T [...]

  • Страница 45

    Vigor2950 Series User’s Guide 35 S tart IP Address: Enter a value of the IP address pool for the DHCP server to start with when issuing IP addresses. If the 2nd IP address of your router is 220.1 35.240.1, the starting IP address must be 220.135.240.2 or greater , but smaller than 220.135.240. 254. IP Pool Counts: Enter the number of IP addresses[...]

  • Страница 46

    Vigor2950 Series User’s Guide 36 of the router , which means the router is the default gateway . DHCP Server IP Addr ess for Relay Agent - Set the IP address of the DHCP server you are going to use so the Relay Agent can help to forward the DHCP request to the DHCP server . DNS Server Configuration DNS stands for Domain Name System. Every Interne[...]

  • Страница 47

    Vigor2950 Series User’s Guide 37 Index The number (1 to 10) unde r Index allows you to open next page to set up static route. Destination Address Display the destination address of the static route. Status Display the status of the static route. Viewing Routing Table Display the routing table for your reference. A A d d d d S S t t a a t t i i c [...]

  • Страница 48

    Vigor2950 Series User’s Guide 38 Note : There are two reasons that we have to apply RIP Protocol Control on 1st Subnet. The f irst is that the LAN inte rface can exchange RI P packets with the neighboring routers via the 1st subnet (192. 168.1.0/24). The second is that those hosts on the internal private subnets (e x. 192.168.10.0/24) can access [...]

  • Страница 49

    Vigor2950 Series User’s Guide 39 3 3 . . 2 2 . . 4 4 V V L L A A N N PCs connected to Ethernet ports of the router can be divided into different groups and formed VLAN. PCs under the same groups can share each other information through the router and will not be peeked by other groups. Note: This menu is available for the router without wireless [...]

  • Страница 50

    Vigor2950 Series User’s Guide 40 3 3 . . 2 2 . . 5 5 B B i i n n d d I I P P t t o o M M A A C C This function is used to bind the IP and MAC address in LAN to have a strengthen control i n network. When this functi on is enabled, all the assigne d IP and MAC address binding together cannot be changed. If you modified the binding IP or MAC addres[...]

  • Страница 51

    Vigor2950 Series User’s Guide 41 Add It allows you to add the one you choose from the ARP table or the IP/MAC address typed in Add and Edit to the table of IP Bind List . Edit It allows you to edit and modify the selected IP address and MAC address that you create before. Delete You can remove any item listed in IP Bind List . Simply click and se[...]

  • Страница 52

    Vigor2950 Series User’s Guide 42 3 3 . . 3 3 . . 1 1 P P o o r r t t R R e e d d i i r r e e c c t t i i o o n n Port Redirection is usually set up for server related service inside the local network (LAN), such as web servers, FTP servers, E-mail servers etc. Most of the case, you need a public IP address for each server and this public IP addre[...]

  • Страница 53

    Vigor2950 Series User’s Guide 43 Enable Check this box to enable such port redirection setting. Mode Two options (Single and Range) are provided here for you to choose. To set a range for the specific service, select Range . In Range mode, if the public port (s tart port and end port) and the starting IP of private IP had been entered, the system[...]

  • Страница 54

    Vigor2950 Series User’s Guide 44 3 3 . . 3 3 . . 2 2 D D M M Z Z H H o o s s t t As mentioned above, Port Redirection can redirect incoming TCP/UDP or othe r traffic on particular ports to the specific private IP address/port of host in the LAN. However, other IP protocols, for example Protocols 50 (ESP) and 51 (A H), do not travel on a fixed por[...]

  • Страница 55

    Vigor2950 Series User’s Guide 45 For WAN 1 WAN Selection In WAN 1, DMZ host can be specified with Private IP or Active True IP . Choose the one you want. Private IP Enter the private IP address of the DMZ host, or click Choose PC to select one. It will be available when you choose Private IP as the WAN interface. MAC Address of the True IP DMZ Ho[...]

  • Страница 56

    Vigor2950 Series User’s Guide 46 save the setting. For WAN 2 Click WAN2 tab to open the following page: Enable Check to enable the DMZ Host function. Private IP Enter the private IP address of the DMZ host, or click Choose PC to select one. Choose PC Click this button and then a window will autom atically pop up, as depicted below. The window con[...]

  • Страница 57

    Vigor2950 Series User’s Guide 47 save the setting. Note: If you previously have set up WAN Alias in Internet Access>>PPPoE/Static IP/PPTP, you will find them in Aux. WAN IP list for your selection.[...]

  • Страница 58

    Vigor2950 Series User’s Guide 48 3 3 . . 3 3 . . 3 3 O O p p e e n n P P o o r r t t s s Open Ports allows you to open a range of ports for the traffic of special applications. Common application of Open Ports includes P2 P application (e.g., BT, KaZaA, Gnutella, WinMX, eMule and others), Internet Camera etc. Ensure that you keep the application [...]

  • Страница 59

    Vigor2950 Series User’s Guide 49 Enable Open Ports Check to enable this entry. Comment Make a name for the defined network application/service. WAN Interface Specify the WAN interface that will be used for this entry. WAN IP Such drop down list will be shown only if you have entered other WAN IP address in WAN IP Alias window. Choose one of them [...]

  • Страница 60

    Vigor2950 Series User’s Guide 50 3 3 . . 3 3 . . 4 4 A A d d d d r r e e s s s s M M a a p p p p i i n n g g This page is used to map specific pr ivate IP to specific WAN IP alias. If you have "a group of IP Addresses" and want to apply to the router, please use WAN IP alias function to record these IPs first. Th en, use address mapping[...]

  • Страница 61

    Vigor2950 Series User’s Guide 51 Protocol Specify the transport layer protocol. It could be TCP , UDP , or ALL for selection. WAN Interface Specify the WAN interface that will be used for this entry. WAN IP Select an IP address (the selections provided here are set in IP Alias List of Network >>WAN interface). Local host can use this IP to [...]

  • Страница 62

    Vigor2950 Series User’s Guide 52 The following illustrations are flow charts e xplaining how router will treat incoming traffic and outgoing traffic respectively. S S t t a a t t e e f f u u l l P P a a c c k k e e t t I I n n s s p p e e c c t t i i o o n n ( ( S S P P I I ) ) Stateful inspection is a firewall architecture that works at the netw[...]

  • Страница 63

    Vigor2950 Series User’s Guide 53 The below shows the attack types that DoS/DDoS defense function can detect: 1. SYN flood attack 2. UDP flood attack 3. ICMP flood attack 4. Port Scan attack 5. IP options 6. Land attack 7. Smurf attack 8. Trace route 9. SYN fragm ent 10. Fraggle attack 11. TCP flag scan 12. Tear dro p attack 13. Ping of Death atta[...]

  • Страница 64

    Vigor2950 Series User’s Guide 54 APP Enforcement Select one of the APP Enforcement Pr ofile settings (created in CSM>> APP Enfor cement Profile ) for appl ying with this router . Please set at least one profile for choosing in CSM>> APP Enforcement Pr ofile web page first. For troubleshooting needs, you can specify to record informati[...]

  • Страница 65

    Vigor2950 Series User’s Guide 55 Move Up/Down Use Up or Down link to m ove the order of the filter rules. Next Filter Set Set the link to the next filter set to be executed after the current filter run. Do not make a loop with many filter sets. To edit Filter Rule , click the Filter Rule index button to enter the Filter Rule setup page. Check to [...]

  • Страница 66

    Vigor2950 Series User’s Guide 56 To set the IP address manually, please choose Any Address/Single Address/Range Address/Subnet Address as the Address Ty pe and type them in this dialog. In addition, if you want to use the IP range from defined groups or objects, please choose Group and Objects as the Address Type. From the IP Group drop down list[...]

  • Страница 67

    Vigor2950 Series User’s Guide 57 choose Group and Objects as the Service Type. Protocol - Specify the protocol(s) which this filter rule will apply to. Source/Destination Port - (=) – when the first and last value are the same, it indicates one port; when the first and last valu es are different, it indicates a range for the port and available [...]

  • Страница 68

    Vigor2950 Series User’s Guide 58 E E x x a a m m p p l l e e As stated before, all the traffic will be separate d and arbitrated using on of two IP filters: call filter or data filter. You may preset 12 call filters and data filters in Filter Setup and even link them in a serial manner. Each filter set is composed by 7 filter rules, which can be [...]

  • Страница 69

    Vigor2950 Series User’s Guide 59 3 3 . . 4 4 . . 4 4 D D o o S S D D e e f f e e n n s s e e As a sub-functionality of IP Filter/Firewall, th ere are 15 types of detect/ defense function in the DoS Defense setup. The DoS Defense functionality is disabled for default. Click Firewall and click DoS Defense to open the setup page. Enable Dos Defense [...]

  • Страница 70

    Vigor2950 Series User’s Guide 60 port-scanning Threshold rate, the Vigor router will send out a warning. By default, the Vigor router sets the threshold as 150 packets per second. Block IP options Check the box to activate the Block IP options function. The Vigor router will ignore any IP packets with IP option field in the datagram header. The r[...]

  • Страница 71

    Vigor2950 Series User’s Guide 61 SYN packets with the identical source and destination addresses, as well as the port number to victims. Block Unknown Protocol Check the box to activate the Block Unknown Protocol function. Individual IP packet has a protocol field in the datagram header to indicate the protocol type running over the upper layer. [...]

  • Страница 72

    Vigor2950 Series User’s Guide 62 3 3 . . 5 5 O O b b j j e e c c t t s s S S e e t t t t i i n n g g s s For IPs in a range and service ports in a limited range usually will be applied in configuri ng router’s settings, therefore we can define them with objects and bind them with groups for using conveniently. Later, we can select that object/g[...]

  • Страница 73

    Vigor2950 Series User’s Guide 63 Name Type a name for this profile. Maximum 15 characters are allowed. Interface Choose a proper interface (WAN, LAN or Any). For example, the Direction setting in Edit Filter Rule will ask you specify IP or IP range for WAN or LAN or any IP address. If you choose LAN as the Interface here, and choose LAN as the di[...]

  • Страница 74

    Vigor2950 Series User’s Guide 64 3 3 . . 5 5 . . 2 2 I I P P G G r r o o u u p p This page allows you to bind several IP objects into one IP group. Set to Factory Default Clear all profiles. Click the number under Index colu mn for settings in detail. Name Type a name for this profile. Maximum 15 characters are allowed. Interface Choose WAN, LAN [...]

  • Страница 75

    Vigor2950 Series User’s Guide 65 3 3 . . 5 5 . . 3 3 S S e e r r v v i i c c e e T T y y p p e e O O b b j j e e c c t t You can set up to 96 sets of Service Type Objects with different conditions. Set to Factory Default Clear all profiles. Click the number under Index co lumn for settings in detail. Name Type a name for this profile. Protocol Sp[...]

  • Страница 76

    Vigor2950 Series User’s Guide 66 (!=) – when the first and last value are the same, it indicates all the ports except the port defined here; when th e first and last values are different, it indicates that all the ports except the range defined here are available for this service type. (>) – the port number greater than this value is avail[...]

  • Страница 77

    Vigor2950 Series User’s Guide 67 Name Type a name for this profile. Available Service Type Objects You can add IP objects from IP Objects page. All the available IP objects will be shown in this box. Selected Service Type Objects Click >> button to add the selected IP objects in this box. 3 3 . . 5 5 . . 5 5 I I M M O O b b j j e e c c t t [...]

  • Страница 78

    Vigor2950 Series User’s Guide 68 Profile Name Type a name for this profile. Type a name for such profile and check all the ite ms that not allowed to be used in the host. Finally, click OK to save this profile.[...]

  • Страница 79

    Vigor2950 Series User’s Guide 69 3 3 . . 5 5 . . 6 6 P P 2 2 P P O O b b j j e e c c t t This page allows you to set 32 profiles for p eer-to-peer application. These profiles will be applied in CSM>>APP Enforcement Profile for filtering. Set to Factory Default Clear all profiles. Click the number under Profile column for conf iguration in d[...]

  • Страница 80

    Vigor2950 Series User’s Guide 70 Type a name for such profile and check all the protocols that not allowed to be used in the host. Finally, click OK to save this profile. 3 3 . . 5 5 . . 7 7 P P r r o o t t o o c c o o l l O O b b j j e e c c t t This page allows you to set 32 profiles for applications in protocol communication. These profiles wi[...]

  • Страница 81

    Vigor2950 Series User’s Guide 71 3 3 . . 5 5 . . 8 8 M M i i s s c c O O b b j j e e c c t t This page allows you to set 32 profiles for mi scellaneous applications. These profiles will be applied in CSM>> APP Enforcement Profile for filtering. Set to Factory Default Clear all profiles. Click the number under Profile column for c onfigurati[...]

  • Страница 82

    Vigor2950 Series User’s Guide 72 Profile Name Type a name for this profile. Type a name for such profile and check all the protocols that not allowed to be used in the host. Finally, click OK to save this profile. 3 3 . . 6 6 C C S S M M CSM is an abbreviation of Content Security Management which is used to control IM/P2P usage, filter the web co[...]

  • Страница 83

    Vigor2950 Series User’s Guide 73 checks the URL strings or some of HTTP data hiding in the pa yload of TCP packets while legacy firewall inspects packets based on the fields of TCP/IP headers only. On the other hand, Vigor router can prevent user from accidentally downloading malicious codes from web pages. It’s very common that malicious codes[...]

  • Страница 84

    Vigor2950 Series User’s Guide 74 3 3 . . 6 6 . . 1 1 A A P P P P E E n n f f o o r r c c e e m m e e n n t t P P r r o o f f i i l l e e You can define policy profiles for different policy of IM (Instant Messenger)/P2P (Peer to Peer) application. Such profile will be used in Firewall>>General Setup and Firewall>>Filter Setup pages. Se[...]

  • Страница 85

    Vigor2950 Series User’s Guide 75 3 3 . . 6 6 . . 2 2 U U R R L L C C o o n n t t e e n n t t F F i i l l t t e e r r P P r r o o f f i i l l e e Click CSM and click URL Content Filter Profile to open the profile setting page. Enable URL Access Control Check the box to activate URL Access Control. Black List (block those matching keyword) Click th[...]

  • Страница 86

    Vigor2950 Series User’s Guide 76 Y ou must clear your browser cache first so that the URL content filtering facility operates properly on a web page that you visited before. Enable Restrict Web Feature Check the box to activate the function. Java - Check the checkbox to activate the Block Java object function. The Vigor router will discard the Ja[...]

  • Страница 87

    Vigor2950 Series User’s Guide 77 3 3 . . 6 6 . . 3 3 W W e e b b C C o o n n t t e e n n t t F F i i l l t t e e r r P P r r o o f f i i l l e e We all know that the content on the Internet just like other types of media may be inappropriate sometimes. As a responsible pare nt or employer, you should protect those in your trust against the hazard[...]

  • Страница 88

    Vigor2950 Series User’s Guide 78 3 3 . . 7 7 B B a a n n d d w w i i d d t t h h M M a a n n a a g g e e m m e e n n t t Below shows the menu items for Bandwidth Management. 3 3 . . 7 7 . . 1 1 S S e e s s s s i i o o n n s s L L i i m m i i t t A PC with private IP address can access to the Internet via NAT router. The router will generate the r[...]

  • Страница 89

    Vigor2950 Series User’s Guide 79 Maximum Sessions Defines the av ailable sessi on number for each host in the specific range of IP addresses. If you do not set the session number in this field, the system will use the default session limit for the specific limitation you set for each index. Add Adds the specific session limitation onto the list a[...]

  • Страница 90

    Vigor2950 Series User’s Guide 80 Default TX limit Define the default speed of the upstream for each computer in LAN. Default RX limit Define the default speed of the downstream for each computer in LAN. Allow auto adjustment to make the best utilization of available bandwidth Router will detect if there is enough bandwidth remained for using acco[...]

  • Страница 91

    Vigor2950 Series User’s Guide 81 the overcrowded network. This is especially essen tial to those are low tolerant of loss, delay or jitter (delay variation). Another reason is due to congestions at network intersections where speeds of interconnected circuits mismatch or traffic a ggregates, packets will queue up and traffic can be throttled back[...]

  • Страница 92

    Vigor2950 Series User’s Guide 82 This page displays the QoS settings result of the WAN interface. Click the Setup link to access into next page for the general setup of WAN (1/2) interface. As to class rule, si mply click the Edit link to access into next for configuration. You can configure general setup for the WAN interface, edit the Class Rul[...]

  • Страница 93

    Vigor2950 Series User’s Guide 83 Check this box and click OK , then click Setup link again. You will see the Online Statistics link appearing on this page. Note: Before enable QoS control, you should test the real bandwidth first. QoS may not work properly if the bandwidth is not accurate. You can visit www.speedtest.net or contact with your ISP [...]

  • Страница 94

    Vigor2950 Series User’s Guide 84 After you click the Edit link, you will see the following page. Now you can define the name for that Class. In this case, “Test” is used as the name of Class Index #1. For adding a new rule, click Add to open the following page. ACT Check this box to invoke these settings. Local Address Click the Edit button t[...]

  • Страница 95

    Vigor2950 Series User’s Guide 85 Edit It allows you to edit source address information. Address Type – Determine the address type for the source address. For Single Address , you have to fill in Start IP address. For Range Address , you have to fill in Start IP address and End IP address. For Subnet Address , you have to fill in Start IP addres[...]

  • Страница 96

    Vigor2950 Series User’s Guide 86 After you click the Edit link, you will see the following page. For adding a new service type, click Add to open the following pag e. Service Name Type in a new service for your request. Service Type Choose the t ype (TCP, UDP or TCP/UDP) for the new service. Port Configuration Click Single or Range . If you selec[...]

  • Страница 97

    Vigor2950 Series User’s Guide 87 3 3 . . 8 8 A A p p p p l l i i c c a a t t i i o o n n s s Below shows the menu items for Applications. 3 3 . . 8 8 . . 1 1 D D y y n n a a m m i i c c D D N N S S The ISP often provides you with a dynamic IP address when you c onnect to the Internet via your ISP. It means that the public IP address assigned to y[...]

  • Страница 98

    Vigor2950 Series User’s Guide 88 Active Display if this account is active or inactive. View Log Display DDNS log status. Force Update Force the router updates its information to DDNS server. 3. Select Index number 1 to add an account for the router. Check Enable Dynamic DNS Account , and choose correct Service Provider: dyndns.org, type the regis[...]

  • Страница 99

    Vigor2950 Series User’s Guide 89 3 3 . . 8 8 . . 2 2 S S c c h h e e d d u u l l e e The Vigor router has a built-in real time clock which can update itself manually or automatically by means of Network Time Protocols (NTP). As a re sult, y ou can not only schedule the router to dialup to the Internet at a specified time, but also restrict Intern[...]

  • Страница 100

    Vigor2950 Series User’s Guide 90 Start Date (yyyy-mm-dd) Specify the starting date of the schedule. Start Time (hh:mm) Specify the starting time of the schedule. Duration Time (hh:mm) Specify the duration (or period) for the schedule. Action Specify which action Call Schedule should apply during the period of the schedule. Force On - Force the co[...]

  • Страница 101

    Vigor2950 Series User’s Guide 91 3 3 . . 8 8 . . 3 3 R R A A D D I I U U S S / / L L D D A A P P Remote Authentication Dial-In User Servi ce (RADIUS) is a security authentication client/server protocol that supports authenti cation, authorization and accounting, which is widely used by Internet service providers. It is the most common method of a[...]

  • Страница 102

    Vigor2950 Series User’s Guide 92 Common Name Identifier Type or edit the co mmon name identifier for the LDAP server. The common name identifier for most LDAP server is cn. Distinguished Name Type or edit the distinguished name used to look up e ntries on the LDAP server. 3 3 . . 8 8 . . 4 4 U U P P n n P P The UPnP (Universal Plug and Play) prot[...]

  • Страница 103

    Vigor2950 Series User’s Guide 93 The UPnP facility on the router enables UPnP awar e applications such as MSN Messenger to discover what are behind a NA T router . The application will also learn the external IP address and configure port mappings on the router . Subsequently , such a facility forwards packets from the external ports of the route[...]

  • Страница 104

    Vigor2950 Series User’s Guide 94 Wake by Two types provide for you to wake up the binded IP . If you choose Wake by MAC Address, you have to type the correct MAC address of the host in MAC Address boxes. If you choose Wake by IP Address, you have to choose the correct IP address. IP Address The IP addresses that have been configured in Firewall&g[...]

  • Страница 105

    Vigor2950 Series User’s Guide 95 3 3 . . 9 9 V V P P N N a a n n d d R R e e m m o o t t e e A A c c c c e e s s s s A Virtual Private Network (VPN) is the extension of a private network that encompasses links across shared or public networks like th e Internet. In short, by VPN technology, you can send data between two computers across a shared [...]

  • Страница 106

    Vigor2950 Series User’s Guide 96 Please choose a LAN-to-LAN Profile There are 32 VPN profiles for users to set. When you finish the mode and profile selection, please click Next to open the following page. In this page, you have to select suitable VPN type for the VPN client profile. There are six types provided here. Different type will lead to [...]

  • Страница 107

    Vigor2950 Series User’s Guide 97 the choices for the client profile, please click Next . You will see different configurations based on the selection(s) you made. z When you choose PPTP (None Encry ption) or PPTP (Encryption) , you will see the following graphic: z When you choose IPSec , you will see the following graphic: z When you choose L2TP[...]

  • Страница 108

    Vigor2950 Series User’s Guide 98 z When you choose L2TP over IPSec (Nice to Have), you will see the following graphic: z When you choose L2TP over IPSec (Must), you will see the following graphic:[...]

  • Страница 109

    Vigor2950 Series User’s Guide 99 Profile Name Type a name for such profile. The length of the file is limited to 10 characters. VPN Dial-Out Through Use the drop down menu to choose a proper WAN interface for this profile. This setting is useful for dial-out only. WAN1 First - While connecting, the router will use WAN1 as the first channel for VP[...]

  • Страница 110

    Vigor2950 Series User’s Guide 100 such as L2TP over IPSec and IPSec tunnel. Pre-Shared Key- Specify a key for IKE authentication Confirm Pre-Shared Key- Confirm the pre-shared key. Digital Signature (X.509) Check the box of Digital Signature to invoke this function. Peer ID – Select one predefined in the X.509 Peer ID Profiles (set from VPN and[...]

  • Страница 111

    Vigor2950 Series User’s Guide 101 Go to the VPN Connection Management Click this radio button to access VPN and Remote Access>>Connection Management for viewing VPN Connection status. Do another VPN Server Wizard Setup Click this radio button to set another profile of VPN Server through VPN Server Wizard. View more detailed configuration Cl[...]

  • Страница 112

    Vigor2950 Series User’s Guide 102 Selection Site to Site VPN/Remote Dial-in User – To set a LAN-to-LAN profile automatically, please choose Site to Site VPN. Remote Dial-in User –You can manage remote access by maintaining a table of remote user profile, so that users can be authenticated to dial-in via VPN connection. Please choose a LAN-to-[...]

  • Страница 113

    Vigor2950 Series User’s Guide 103 page. After making the choices for the server profile, please click Next . You will see different configurations based on the selection you made. z When you check PPTP/IPSec/L2TP (three types) or PPTP/IPSec (two types) or L2TP with Policy (Nice to Have/Must) , you will see the following graphic: z When you check [...]

  • Страница 114

    Vigor2950 Series User’s Guide 104 Profile Name Type a name for such profile. The length of the file is limited to 10 characters. User Name This field is used to authenticate for connection when you select PPTP or L2TP with or without IPSec policy above. Password This field is used to authenticate for connection when you select PPTP or L2TP with o[...]

  • Страница 115

    Vigor2950 Series User’s Guide 105 Remote Network IP Please type one LAN IP address (according to the real location of the remote host) for building VPN connection. Remote Network Mask Please type the network mask (according to the real location of the remote host) for building VPN connection. After finishing the configuration, please click Next. [...]

  • Страница 116

    Vigor2950 Series User’s Guide 106 The Vigor router will not accept the ISDN dial-in connection if the box of Enable ISDN Dial-in is not checked. 3 3 . . 9 9 . . 4 4 P P P P P P G G e e n n e e r r a a l l S S e e t t u u p p This submenu only applies to PPP-related VPN connections, such as PPTP, L2TP, L2TP over IPSec. Dial-In PPP Authentication P[...]

  • Страница 117

    Vigor2950 Series User’s Guide 107 use 40-bit to perform encryption prior t o using 128-bit for encryption. In other words, if 128-bit MPPE encryption method is not available, then 40-bit encryption scheme will be applied to encrypt the data. Maximum MPPE - This option indicates that the router will use the MPPE encryption scheme with maximum bits[...]

  • Страница 118

    Vigor2950 Series User’s Guide 108 IKE Authentication Method This usually applies to those are remote dial-in user or node (LAN-to-LAN) which uses dynamic IP address and IPSec-related VPN connections such as L2TP over IPSec and IPSec tunnel. Certificate for Dial in -When the client executes remote dial-in with IPSec mode, the router will transfer [...]

  • Страница 119

    Vigor2950 Series User’s Guide 109 3 3 . . 9 9 . . 6 6 I I P P S S e e c c P P e e e e r r I I d d e e n n t t i i t t y y To use digital certificate for peer authentication in either LAN-to-LAN connection or Remote User Dial-In connection, here you may edit a table of peer certificate for selection. As shown below, the router provides 200 entries[...]

  • Страница 120

    Vigor2950 Series User’s Guide 110 Profile Name Type in a name in this file. Accept Any Peer ID Click to accept any peer regardless of its identity. Accept Subject Alternative Name Click to check one specific field of digital signature to accept the peer with matching value. The field can be IP Address, Domain, or E-mail Address . The box under th[...]

  • Страница 121

    Vigor2950 Series User’s Guide 111 3 3 . . 9 9 . . 7 7 R R e e m m o o t t e e D D i i a a l l - - i i n n U U s s e e r r You can manage remote access by maintaining a table of remote user profile, so that users can be authenticated to dial-in via ISDN or build the VPN connection. You may set parameters including specified connection peer ID, con[...]

  • Страница 122

    Vigor2950 Series User’s Guide 112 Enable this account Check the box to enable this function. Idle Timeout- If the dial-in user is idle over the limitation of the timer, the router will drop this connection. By default, the Idle Timeout is set to 300 seconds. ISDN Allow the remote ISDN dial-in connection. You can further set up Callback function b[...]

  • Страница 123

    Vigor2950 Series User’s Guide 113 SSL Tunnel It allows the remote dial-in user to make an SSL VPN Tunnel connection through Internet, suitable for the application through network accessing (e.g., PPTP/L2TP/IPSec) If you check this box, the function of SS L Tunnel for this account will be activated immediately. To check if SSL Tunnel is activated [...]

  • Страница 124

    Vigor2950 Series User’s Guide 114 VPN>> SSL Web Proxy to set profiles. If you have set several profiles beforehand, you can check SSL Web Proxy and choose the one(s) you need as SSL VPN. To check if SSL Web Proxy is activated or not, please open Draytek SSL VPN portal interface. From the web page, you will see the message to indicate that y[...]

  • Страница 125

    Vigor2950 Series User’s Guide 115 remote node. The only exception is Digital Signature (X.509) can be set when you select IPSec tunnel either with or without specify the IP address of the remote node. Pre-Shared Key - Check the box of Pre-Shared Key to invoke this function and type in the required characters (1-63) as the pre-shared key. Digital [...]

  • Страница 126

    Vigor2950 Series User’s Guide 116 3 3 . . 9 9 . . 8 8 L L A A N N t t o o L L A A N N Here you can manage LAN-to-LAN connections by maintaining a table of connection profiles. You may set parameters including sp ecified connection direction (dial-in or dial-out), connection peer ID, connection type (ISDN connection, VPN connection - including PPT[...]

  • Страница 127

    Vigor2950 Series User’s Guide 117 Profile Name Specify a name for the profile of the LAN-to-LAN connection. Enable this profile Check here to activate this profile. VPN Connection Through Use the drop down menu to choose a proper WAN interface for this profile. This setting is useful for dial-out only. WAN1 First - While connecting, the router wi[...]

  • Страница 128

    Vigor2950 Series User’s Guide 118 WAN2 First - While connecting, the router will use WAN2 as the first channel for VPN connection. If WAN2 fails, the router will use another WAN interface instead. WAN2 Only - While connecting, the router will use WAN2 as the only channel for VPN connection. Netbios Naming Packet Pass – click it to have an inqui[...]

  • Страница 129

    Vigor2950 Series User’s Guide 119 further set up Callback (CBCP) function below. This feature is useful for i model only. PPTP Build a PPTP VPN connection to the server through the Internet. You should set the identity like User Name and Password below for the authentication of remote server. IPSec Tunnel Build an IPSec VPN connection to the serv[...]

  • Страница 130

    Vigor2950 Series User’s Guide 120 authenticated, but not be encrypte d. By default, this option is active. High (ESP-Encapsulating Security Payload)- means payload (data) will be encrypted and authenticated. Select from below: DES without Authentication - Use DES encryption algorithm and not apply any authentication scheme. DES with Authenticatio[...]

  • Страница 131

    Vigor2950 Series User’s Guide 121 IKE phase 2 proposal- To propose the local available algorithms to the VPN peers, and get its feedback to find a match. Three combinations are available for both modes. We suggest you select the combination that covers the most algorithms. IKE phase 1 key lifetime- For security reason, the lifetime of key should [...]

  • Страница 132

    Vigor2950 Series User’s Guide 122 here to allow the Vigor router to send the ISDN number to the remote router. This feature is useful for i model only. Allowed Dial-In Type Determine the dial-in connection with different types. ISDN - Allow the remote ISDN LAN-to-LAN connection. You should set the User Name and Password of remote dial-in user bel[...]

  • Страница 133

    Vigor2950 Series User’s Guide 123 None - Do not apply the IPSec policy. Accordingly, the VPN connection employed the L2TP without IPSec policy can be viewed as one pure L2TP connection. Nice to Have - Apply the IPSec policy first, if it is applicable during negotiation. Otherwise, the dial-in VPN connection becomes one pure L2TP connection. Must [...]

  • Страница 134

    Vigor2950 Series User’s Guide 124 Callback number -The option is for extra security. Once enabled, the router will ONLY call back to the specified Callback Number. Callback Budget (Unit: minutes) - By default, the callback function has limitation of callback period. Once the callback budget is exhausted, the function will be disabled automaticall[...]

  • Страница 135

    Vigor2950 Series User’s Guide 125 find there are several subnets behind the remote VPN router. RIP Direction - The option specifies the direction of RIP (Routing Information Protoc ol) packets. You can enable/disable one of direction here. Herein, we provide four options: TX/RX Both, TX Only, RX Only, and Disable. From first subnet to remote netw[...]

  • Страница 136

    Vigor2950 Series User’s Guide 126 ¾ Specific ERD (Environment Recovery Detecti on) mechanism which can be operated by using Telnet command V PN TRUNK-VPN Backup mechanism profile will be activated when initial connection of single VPN tunnel is off-line. Before setting VPN TRUNK -VPN Backup mechanism backup profile, please configure at least two[...]

  • Страница 137

    Vigor2950 Series User’s Guide 127 Backup Profile List Set to Factory Default - Click to clear all VPN TRUNK-VPN Backup mechanism profile. No - The order of VPN TRUNK-VPN Backup mechanism profile. Status (on Backup Profile field) - “v” means such profile is enabled; ”x” means such profile is disabled. Name (on Backup Profile field) - Displ[...]

  • Страница 138

    Vigor2950 Series User’s Guide 128 Advanced – This button is only available when there is one profile (or more) created in this page. Detailed information for this dialog, see later section - Advanced Load Balance and Backup . Load Balance Profile List Set to Factory Default - Click to clear all VPN TRUNK-VPN Load Balance mechanism profile. No -[...]

  • Страница 139

    Vigor2950 Series User’s Guide 129 Detailed information for this dialog, see later section - Advanced Load Balance and Backup . General Setup Status - After choosing one of the profile listed above, please click Enable to activate this profile. If you click Disable , the selected or current used VP N TRUNK-Backup/Load Balance mechanism profile wil[...]

  • Страница 140

    Vigor2950 Series User’s Guide 130 Delete Click this button to delete the selected VPN TRUNK profile. The corresponding members (LAN-to-LAN profiles) grouped in the deleted VPN TRUNK profile will be released and that profiles in LAN-to-LAN will be displayed in black. T T i i m m e e f f o o r r a a c c t t i i v v a a t t i i n n g g V V P P N N T[...]

  • Страница 141

    Vigor2950 Series User’s Guide 131 expressed in black. H H o o w w c c a a n n y y o o u u s s e e t t a a G G R R E E o o v v e e r r I I P P S S e e c c p p r r o o f f i i l l e e ? ? 1. Please go to LAN to LAN to set a profile with IPSec. 2. If the router will be used as the VPN Server (i.e., with virtual address 192.168.50.200). Please type 1[...]

  • Страница 142

    Vigor2950 Series User’s Guide 132 A A d d v v a a n n c c e e d d L L o o a a d d B B a a l l a a n n c c e e a a n n d d B B a a c c k k u u p p After setting profiles for load balance, you can choose any one of them and click Advance for more detailed configuration. The window s for advanced load balance and backup are different. Refer to the f[...]

  • Страница 143

    Vigor2950 Series User’s Guide 133 binding tunnel table. Tunnel Bind Table Index - 400 binding tunnel tables are provided by this device. Choose any one of them for such Load Balance profile. Active – In-active/Delete can delete this binding tunnel table. Active can activate this binding tunnel table. Binding Dial Out Index – Specify connectio[...]

  • Страница 144

    Vigor2950 Series User’s Guide 134 Detail Information This field will display detailed information for Binding Tunnel Policy. Below shows a successful binding tunnel policy for load balance: Note : To configure a successful binding tunnel, you have to: A. Type Binding Src IP range (Start and End) and Binding Des IP range (Start and End) Choose YES[...]

  • Страница 145

    Vigor2950 Series User’s Guide 135 periodically and type the value for it (the unit is second). If VPN server for Member 1 has completed the network connection, current VPN Tunne l backup connection will be off. Resume – when VPN connection breaks down or disconnects, Member 1 will be the top priority for the system to do VPN connection. Detail [...]

  • Страница 146

    Vigor2950 Series User’s Guide 136 3 3 . . 9 9 . . 1 1 0 0 C C o o n n n n e e c c t t i i o o n n M M a a n n a a g g e e m m e e n n t t You can find the summary table of all VP N connections. You may disconnect any VPN connection by clicking Drop button. You may also aggressively Dial-out by using Dial-out Tool and clicking Dial button. After a[...]

  • Страница 147

    Vigor2950 Series User’s Guide 137 VPN Load Balance function. Dial Click this button to execute dial out func tion under General Mode, Backup Mode or Load Balance Mode. Refresh Seconds Choose the time for refresh the dial information among 5, 10, and 30. Refresh Click this button to refresh the whole connection status. 3 3 . . 1 1 0 0 C C e e r r [...]

  • Страница 148

    Vigor2950 Series User’s Guide 138 GENERATE Click this button to open G enerate Certificate Signing Request window. Type in all the information that the window request such as cer tifcate name (used for identifying different certificate), subject alternative name type and relational settings for subject name. Then click GENERATE again. Note: Pleas[...]

  • Страница 149

    Vigor2950 Series User’s Guide 139 IMPORT Vigor router allows you to generate a certificate request and submit it the CA server, then import it as “Local Certificate”. If you have already gotten a certificate fro m a third party, you may import it directly. The supported t ypes are PKCS12 Certificate and Certificate with a private key. Click t[...]

  • Страница 150

    Vigor2950 Series User’s Guide 140 Upload Certificate and Private Key It is useful when users have separated certificates an d private keys. And the password is needed if the private key is encrypted. REFRESH Click this button to refresh the information listed below. View Click this button to view the detailed settings for certificate request. Not[...]

  • Страница 151

    Vigor2950 Series User’s Guide 141 imported will be listed on the Trusted CA Certificate window. Then click Import to use the pre-saved file. For viewing each trusted CA certificate, click View to open the certificate detail information window. If you want to delete a CA cer tificate, choose the one and click Delete to remove all the certificate i[...]

  • Страница 152

    Vigor2950 Series User’s Guide 142 3 3 . . 1 1 0 0 . . 3 3 C C e e r r t t i i f f i i c c a a t t e e B B a a c c k k u u p p Local certificate and Trusted CA certificate for this router can be saved within one file. Please click Backup on the following screen to save them . If you want to set encryption password for these certificates, please ty[...]

  • Страница 153

    Vigor2950 Series User’s Guide 143 3 3 . . 1 1 1 1 . . 2 2 G G e e n n e e r r a a l l S S e e t t t t i i n n g g s s This web page allows you to enable wireless LAN function. ISDN Port Click Enable to open the ISDN port and Disable to close it. Country Code For proper operation on your local ISDN network, you should choose the correct country co[...]

  • Страница 154

    Vigor2950 Series User’s Guide 144 3 3 . . 1 1 1 1 . . 3 3 D D i i a a l l t t o o a a S S i i n n g g l l e e I I S S P P / / D D i i a a l l t t o o D D u u a a l l I I S S P P s s Select Dialing to a Single ISP if you access the Internet via a single ISP. ISP Access Setup ISP Name - Enter your ISP name such as Seednet, Hinet and so on. Dial Num[...]

  • Страница 155

    Vigor2950 Series User’s Guide 145 IP Address Assignment Method (IPCP) In most environments, you should not change these settings as most ISPs provide a dynamic IP address for the router when it connects to the ISP. If your ISP provides a fixed IP address, check Yes and enter the IP address in the field of Fixed IP Address . Select Dialing to Dual[...]

  • Страница 156

    Vigor2950 Series User’s Guide 146 Primary ISP Setup ISP Name - Enter your ISP name. Dial Number - Enter the ISDN access number provided by your ISP. Username - Enter the username provided by your ISP. Password - Enter the password provided by your ISP. IP Address Assignment Method (IPCP) for primary ISP setup In most environments, you should not [...]

  • Страница 157

    Vigor2950 Series User’s Guide 147 3 3 . . 1 1 1 1 . . 4 4 V V i i r r t t u u a a l l T T A A Vi r t u a l T A means the local hosts or PCs in th e network that uses popular CAPI-based software such as R VS-CO M or BVRP to access the router as a local ISDN T A f o r sending or receiving F AX messages over the ISDN line. Basicall y , it is a clien[...]

  • Страница 158

    Vigor2950 Series User’s Guide 148 z The Virtual TA client only supports the CA PI 2.0 protocol and has no built-in FAX engine. z One ISDN BRI interface has two B channels. The maximum number of active clients is also 2. z Before you configure the V irtual T A, you must set the correct country code in ISDN Setup . Virtual TA Server Enable - Select[...]

  • Страница 159

    Vigor2950 Series User’s Guide 149 C C o o n n f f i i g g u u r r e e a a V V i i r r t t u u a a l l T T A A C C l l i i e e n n t t / / S S e e r r v v e e r r Since the V irtual T A application is a client/ server network model, you must configure it on both ends to run properly your V irtual T A application. By default, the V irtual T A serve[...]

  • Страница 160

    Vigor2950 Series User’s Guide 150 Suppose that you could assign the MSN number 123 to the client “alan”. T y pe the specified MSN number in the CAP I-based software. When the V irtual T A server sends an alert signal to the specified V irtual T A client, the CAPI-based software will also receive the action, the software will not accept the in[...]

  • Страница 161

    Vigor2950 Series User’s Guide 151 Note that Dialing to a Single ISP should be pre-configured properly . Basic Setup Link Type - Because ISDN has two B channels (64Kbps/per channel), you can specify whether you would like to have single B channel, two B channels or BOD (Bandwidth on Demand). Four options are available: Link Disable, Dialup 64Kbps,[...]

  • Страница 162

    Vigor2950 Series User’s Guide 152 3 3 . . 1 1 2 2 W W i i r r e e l l e e s s s s L L A A N N This function is used for G models only. 3 3 . . 1 1 2 2 . . 1 1 B B a a s s i i c c C C o o n n c c e e p p t t s s Over recent years, the market for wireless co mmunications has enjoyed tremendous growth. Wireless technology now reaches or is capable o[...]

  • Страница 163

    Vigor2950 Series User’s Guide 153 WEP (Wired Equivalent Privacy) is a legacy method to encrypt each frame transmitted via radio using either a 64-bit or 128-bit ke y. Usually access point will preset a set of four keys and it will communicate with each station using only one out of the four keys. WPA(Wi-Fi Protected Access), the most domina ting [...]

  • Страница 164

    Vigor2950 Series User’s Guide 154 Separate the Wireless and the Wired LAN- WLAN Isolation enables you to isolate your wireless LAN from wired LAN for either quarantine or limit access reasons. To isolate means neither of the parties can access each othe r. To elaborate an example for business use, you may set up a wireless LAN for visitors only s[...]

  • Страница 165

    Vigor2950 Series User’s Guide 155 11b only - The radio only supports IEE E802.11b. Index(1-15) Set the wireless LAN to work at certain time interval only. You may choose up to 4 schedules out of the 15 schedules pre-defined in Applications >> Schedule setup. The default setting of this filed is blank and the function will always work. SSID [...]

  • Страница 166

    Vigor2950 Series User’s Guide 156 3 3 . . 1 1 2 2 . . 3 3 S S e e c c u u r r i i t t y y By clicking the Security Settings , a new web page will appear so that you could configure the settings of WEP and WPA. Mode There are several modes provided for you to choose. Disable - Turn off the encryption mechanism. WEP Only - Accepts only WEP clients [...]

  • Страница 167

    Vigor2950 Series User’s Guide 157 either Mixed or WPA2 only in the field below. Since the key will be auto-negotiated during authentication, the field of key setting below will be not available for input. WPA The WPA encrypts each frame transmitted from the radio using the key, which either PSK entered manually in this field below or automaticall[...]

  • Страница 168

    Vigor2950 Series User’s Guide 158 3 3 . . 1 1 2 2 . . 4 4 A A c c c c e e s s s s C C o o n n t t r r o o l l For additional security of wireless access, the Access Control facility allows you to restrict the network access right by controlling the wire less LAN MAC address of client. Only the valid MAC address that has been configured can access[...]

  • Страница 169

    Vigor2950 Series User’s Guide 159 3 3 . . 1 1 2 2 . . 5 5 W W D D S S WDS means Wireless Distribution Syste m. It is a protocol for connecting two access points (AP) wirelessly. Usually, it can be used for the following application: y Provide bridge traffic between two LANs through the air. y Extend the coverage range of a WLAN. To meet the above[...]

  • Страница 170

    Vigor2950 Series User’s Guide 160 In the following examples, hosts connected to Bridge 1 or 3 can communicate with hosts connected to Bridge 2 through WDS links. Howe ver, hosts connected to Bridge 1 CANNOT communicate with hosts connected to Bridge 3 through Bridge 2. Click WDS from Wireless LAN menu. The following page will be shown. Mode Choos[...]

  • Страница 171

    Vigor2950 Series User’s Guide 161 Security There are three types for security, Disable , WEP and Pre-shared key . The setting you choose here will make the following WEP or Pre-shared key field valid or not. Choose one of the types for the router. WEP Check this box to use the same key set in Security Settings page. If you did not set any key in [...]

  • Страница 172

    Vigor2950 Series User’s Guide 162 If you want the found AP applying the WDS settings, please type in the AP’s MAC address on the bottom of the page and click Add . Later, the MAC address of the AP will be added to the page of WDS setting. 3 3 . . 1 1 2 2 . . 7 7 S S t t a a t t i i o o n n L L i i s s t t Station List provides the knowledge of [...]

  • Страница 173

    Vigor2950 Series User’s Guide 163 3 3 . . 1 1 2 2 . . 8 8 S S t t a a t t i i o o n n R R a a t t e e C C o o n n t t r r o o l l This page allows you to cont rol the upload and download rate of each wireless client (station). Please check the box of Enable to invoke this setting. The range for the rate is between 100 ~ 30,000 kbps. 3 3 . . 1 1 3[...]

  • Страница 174

    Vigor2950 Series User’s Guide 164 Enable Check this box to enable this function (for VLAN Configuration). P1 – P4 Check the box to make the com puter connecting to the port being grouped in specified VLAN. Be aware that each port can be grouped in different VLAN at the same time only if you check the box. For exam ple, if you check the boxes of[...]

  • Страница 175

    Vigor2950 Series User’s Guide 165 The VLAN >> Wireless VALN allows you to configure Wireless VLAN settings through wireless connection to achieve the above intention. Sim ply type Login ID and password with City and 1234 in the boxes of W_VLAN0. And t ype Login ID and password with Home and 7890 in the boxes of W_VLAN1. Users can conf igure[...]

  • Страница 176

    Vigor2950 Series User’s Guide 166 Details Click this button to set additional attributes settings for W_VLAN. Activated Date – Use the drop down lists to set the activated date for the wireless VLAN. The wireless VLAN function will be available when the time is arrival. Expired Date – Use the drop down lists to set the expired date for the wi[...]

  • Страница 177

    Vigor2950 Series User’s Guide 167 4. When the accessing is successful, the following screen will appear. Note: The floating window with connection tim e will be shown on the screen till you logout. 5. You can go to Diagnostics>>Wireless VLAN Online Station for viewing the connection status whenever you want.[...]

  • Страница 178

    Vigor2950 Series User’s Guide 168 3 3 . . 1 1 3 3 . . 3 3 V V L L A A N N C C r r o o s s s s S S e e t t u u p p This function allows the router to integr ate VLAN and W_VLAN for managing different computers (notebooks). See the following picture for an exam ple. With VLAN Cross Setup , notebook A/B and PCs on VLAN0 can share resources without d[...]

  • Страница 179

    Vigor2950 Series User’s Guide 169 Enable Check this box to invoke VLAN Cross Setup function. VLAN0-3 It represents the groups of virtual LAN connected by Ethernet interface. W_VLAN0-15 It represents the groups of wireless VLAN communicated by wireless interface. 3 3 . . 1 1 3 3 . . 4 4 W W i i r r e e l l e e s s s s R R a a t t e e C C o o n n t[...]

  • Страница 180

    Vigor2950 Series User’s Guide 170 3 3 . . 1 1 4 4 S S S S L L V V P P N N An SSL VPN (Secure Sockets Layer virtual private network) is a form of VPN that can be used with a standard Web browser. There are two benefits that SSL VPN provides: ¾ It is not necessary for users to preinstall VPN client software for executing SSL VPN connection. ¾ The[...]

  • Страница 181

    Vigor2950 Series User’s Guide 171 3 3 . . 1 1 4 4 . . 2 2 S S S S L L W W e e b b P P r r o o x x y y SSL Web Proxy will allow the remote users to access the intern al web sites over SSL. Name Display the name of the profile that you create. URL Display the URL. Active Display current status (active or inactive) of such profile. Click number link[...]

  • Страница 182

    Vigor2950 Series User’s Guide 172 SSL – if you choose such selection, web proxy over SSL will be applied for VPN. 3 3 . . 1 1 4 4 . . 3 3 S S S S L L A A p p p p l l i i c c a a t t i i o o n n It provides a secure and flexible solution fo r network resources, including VNC (Virtual Network Computer) /RDP (Remote Desktop Protoc ol) /SAMBA, to a[...]

  • Страница 183

    Vigor2950 Series User’s Guide 173 Different application type will lead different web pages. Refer to the following: z Virtual Network Computing – Choose this item for accessing and controlling a remote PC through VNC protocol. IP Address Type the IP address for this protocol. Port Specify the port used for this protocol. The default setting is [...]

  • Страница 184

    Vigor2950 Series User’s Guide 174 z Samba Application - Any remote user can upload/download/delete certain files on a local samba server through web browser with this application Samba Path Specify the path for this application. 3 3 . . 1 1 4 4 . . 4 4 U U s s e e r r A A c c c c o o u u n n t t For SSL VPN, identity authentication and po wer man[...]

  • Страница 185

    Vigor2950 Series User’s Guide 175 However, if you have set several SSL Web Proxy Profiles in SSL VPN>> SSL Web Proxy web page: The SSL Web Proxy profile names will be disp layed (together with check box) as shown below.[...]

  • Страница 186

    Vigor2950 Series User’s Guide 176 3 3 . . 1 1 4 4 . . 5 5 O O n n l l i i n n e e U U s s e e r r S S t t a a t t u u s s If you have finished the configuration of SSL Web Proxy (server), users can find out corresponding settings when they access in to Draytek SSL VPN portal interface. Next, users can open SSL VPN>> Online Status to view lo[...]

  • Страница 187

    Vigor2950 Series User’s Guide 177 3 3 . . 1 1 5 5 . . 1 1 S S y y s s t t e e m m S S t t a a t t u u s s The System Status provides basic network settings of Vigor router. It includes L AN and WAN interface information. Also, you could ge t the current running firmware version or firmware related information from this presentation. Model Name Di[...]

  • Страница 188

    Vigor2950 Series User’s Guide 178 Wireless LAN --- MAC Address Display the MAC address of the wireless LAN. Frequency Domain It can be Europe (13 usable channels), USA (11 usable channels) etc. The available channels supported by the wireless products in different countries are various. Firmware Version It indicates information about equipped WLA[...]

  • Страница 189

    Vigor2950 Series User’s Guide 179 set URL as the following and type username and password for VigorACS server: http://{IP address of VigorACS}:8080/ACSServer/services/ACSServlet If the connected CPE does not need to be authenticated please set URL as the following: http://{IP address of VigorACS}:8080/ACSServer/services/UnAuthACSServ let Username[...]

  • Страница 190

    Vigor2950 Series User’s Guide 180 3 3 . . 1 1 5 5 . . 3 3 A A d d m m i i n n i i s s t t r r a a t t o o r r P P a a s s s s w w o o r r d d This page allows you to set new password. Old Password Type in the old password. The factory default setting for password is blank. New Password Type in new password in this filed. Confirm New Password Type[...]

  • Страница 191

    Vigor2950 Series User’s Guide 181 3. In Save As dialog, the default filename is config.cfg . You could gi ve it another name by yourself. 4. Click Save button, the configuration will download a utomatically to your computer as a file named config.cfg . The above example is using W indows platform for dem onstrating examples. The Mac or Linux plat[...]

  • Страница 192

    Vigor2950 Series User’s Guide 182 R R e e s s t t o o r r e e C C o o n n f f i i g g u u r r a a t t i i o o n n 1. Go to System Maintenance >> Configuration Backup . The following windows will be popped-up, as shown below. 2. Click Browse button to choose the correct confi guration file for uploading to the router. 3. Click Restore button[...]

  • Страница 193

    Vigor2950 Series User’s Guide 183 Mail To Assign a mail address for sending mails out. Return-Path Assign a path for receiving the mail from outside. Authentication Check this box to activate this function while using e-mail application. User Name Type the user name for authentication. Password Type the password for authentication. Click OK to sa[...]

  • Страница 194

    Vigor2950 Series User’s Guide 184 3 3 . . 1 1 5 5 . . 6 6 T T i i m m e e a a n n d d D D a a t t e e It allows you to specify where the time of the router should be inquired from. Current System Time Click Inquire Time to get the current time. Use Browser Time Select this option to use the browser time from the remote administrator PC host as ro[...]

  • Страница 195

    Vigor2950 Series User’s Guide 185 3 3 . . 1 1 5 5 . . 7 7 M M a a n n a a g g e e m m e e n n t t This page allows you to manage the setti ngs for access control, access list, port setup, and SMP setup. For example, as to management access control, the port number is used to send/receive SIP message for building a session. The default value is 50[...]

  • Страница 196

    Vigor2950 Series User’s Guide 186 Set Community Set community b y typing a proper name. The default setting is private. Manager Host IP Set one host as the manager to execute SNMP function. Please type in IP address to specify certain host. Trap Community Set trap community by typing a pr oper name. The default setting is public. Notification Hos[...]

  • Страница 197

    Vigor2950 Series User’s Guide 187 3 3 . . 1 1 5 5 . . 9 9 F F i i r r m m w w a a r r e e U U p p g g r r a a d d e e Before upgrading your router firmware, you need to i nstall the Router Tools. The Firmware Upgrade Utility is included in the tools. The following web page will guide you to upgrade firmware by using an exam ple. Note that this ex[...]

  • Страница 198

    Vigor2950 Series User’s Guide 188 3 3 . . 1 1 6 6 D D i i a a g g n n o o s s t t i i c c s s Diagnostic Tools provide a useful way to view or diagnose the status of your Vigor router. Below shows the menu items for Diagnostics. 3 3 . . 1 1 6 6 . . 1 1 D D i i a a l l - - o o u u t t T T r r i i g g g g e e r r Click Diagnostics and click Dial-ou[...]

  • Страница 199

    Vigor2950 Series User’s Guide 189 3 3 . . 1 1 6 6 . . 2 2 R R o o u u t t i i n n g g T T a a b b l l e e Click Diagnostics and click Routing Table to open t he web page. Refresh Click it to reload the page. 3 3 . . 1 1 6 6 . . 3 3 A A R R P P C C a a c c h h e e T T a a b b l l e e Click Diagnostics and click ARP Cache Table to view the content [...]

  • Страница 200

    Vigor2950 Series User’s Guide 190 3 3 . . 1 1 6 6 . . 4 4 D D H H C C P P T T a a b b l l e e The facility provides information on IP address as signments. This information is helpful in diagnosing network problems, such as IP address conflicts, etc. Click Diagnostics and click DHCP Table to open the web page. Index It displays the connection ite[...]

  • Страница 201

    Vigor2950 Series User’s Guide 191 #Pseudo Port It indicates the temporary port of the router used for NAT. Peer IP:Port It indicates the destination IP address and port of remote host. Interface It indicates the interface of the WAN connection. Refresh Click it to reload the page. 3 3 . . 1 1 6 6 . . 6 6 W W i i r r e e l l e e s s s s V V L L A [...]

  • Страница 202

    Vigor2950 Series User’s Guide 192 3 3 . . 1 1 6 6 . . 7 7 D D a a t t a a F F l l o o w w M M o o n n i i t t o o r r This page displays the running procedure for the IP address monitored and refreshes the data in an interval of several seconds. The IP address listed here is configured in Bandwidth Management. You have to enable IP bandwidth limi[...]

  • Страница 203

    Vigor2950 Series User’s Guide 193 TX rate (kbps) Display the transmission speed of the monitored device. RX rate (kbps) Display the receiving spee d of the monitored device. Sessions Display the session number that you specified in Limit Session web page. Action Block - can prevent specified PC acce ssing into Internet within 5 minutes. Unblock ?[...]

  • Страница 204

    Vigor2950 Series User’s Guide 194 The horizontal axis represents time. Yet the vertical axis has different meanings. For WAN1/WAN2 Bandwidth chart, the numbers displayed on vertical axis represent the numbers of the transmitted and received packets in the past. For Sessions chart, the numbers displayed on vertical axis represent the numbers of th[...]

  • Страница 205

    Vigor2950 Series User’s Guide 195 3 3 . . 1 1 6 6 . . 9 9 P P i i n n g g D D i i a a g g n n o o s s i i s s Click Diagnostics and click Ping Diagnosis to pen the web page. Ping through Use the drop down list to choose the WAN interface that you want to ping through or choose Unspecified to be determined by the router automatically. Ping to Use [...]

  • Страница 206

    Vigor2950 Series User’s Guide 196 3 3 . . 1 1 6 6 . . 1 1 0 0 T T r r a a c c e e R R o o u u t t e e Click Diagnostics and click Trace Route to open the web page. This page allows you to trace the routes from router to the host. Simply type the IP address of the host in the box and click Run . The result of route trace will be shown on the scree[...]

  • Страница 207

    Vigor2950 Series User’s Guide 197 3 3 . . 1 1 7 7 S S u u p p p p o o r r t t A A r r e e a a When you click the menu item under Support Area , you will be guided to visit www.draytek.com and open the corresponding pages directly. Click Support Area>>Application Note , the following web page will be displayed. Click Support Area>>FAQ [...]

  • Страница 208

    Vigor2950 Series User’s Guide 198[...]

  • Страница 209

    Vigor2950 Series User’s Guide 199 4 A A p p p p l l i i c c a a t t i i o o n n a a n n d d E E x x a a m m p p l l e e s s 4 4 . . 1 1 C C r r e e a a t t e e a a L L A A N N - - t t o o - - L L A A N N C C o o n n n n e e c c t t i i o o n n B B e e t t w w e e e e n n R R e e m m o o t t e e O O f f f f i i c c e e a a n n d d H H e e a a d d [...]

  • Страница 210

    Vigor2950 Series User’s Guide 200 For using IPSec -based service, such as IPSec or L2 TP with IPSec Policy, you have to set general settings in IPSec General Setup , such as the pre-shared key that both parties have known. 3. Go to LAN-to-LAN . Click on one index number to edit a profile. 4. Set Common Settings as shown below. You should enable b[...]

  • Страница 211

    Vigor2950 Series User’s Guide 201 connection. If a PPP-based service is selected, you should further specify the remote peer IP Address, Username, Password, PPP Authen tication and VJ Compression for this Dial-Out connection. 6. Set Dial-In settings to as shown below to allow Router B dial-in to build VPN connection. If an IPSec-based service i s[...]

  • Страница 212

    Vigor2950 Series User’s Guide 202 connection. Otherwise, it will apply the settings defined in IPSec General Setup above. If a PPP-based service is selected, you should further specify the remote peer IP Address, Username, Password, and VJ Com p ression for this Dial-In connection. 7. At last, set the remote network IP/subnet in TCP/IP Network Se[...]

  • Страница 213

    Vigor2950 Series User’s Guide 203 Settings in Router B in the remote office: 1. Go to VPN and Remote Access and select Remote Access Cont rol to enable the necessary VPN service and click OK . 2. Then, for using PPP based services, such as PPTP, L2TP, you have to set general settings in PPP General Setup . For using IPSec-based service, such as I[...]

  • Страница 214

    Vigor2950 Series User’s Guide 204 3. Go to LAN-to-LAN . Click on one index number to edit a profile. 4. Set Common Settings as shown below. You should enable both of VPN connections because any one of the parties may start the VPN connection. 5. Set Dial-Out Settings as shown below to dial to connect to Router B aggressively with the selected Dia[...]

  • Страница 215

    Vigor2950 Series User’s Guide 205 Dial-Out connection. 6. Set Dial-In settings to as shown below to allow Router A dial-in to build VPN connection. If an IPSec-based service is selected, y ou may further specify the remote peer IP Address, IKE Authentication Method and I PSec Security Method for this Dial-In connection. Otherwise, it will apply t[...]

  • Страница 216

    Vigor2950 Series User’s Guide 206 7. At last, set the remote network IP/subnet in TCP/IP Network Settings so that Router B can direct the packets des tined to the remote network to Router A via the VPN connection.[...]

  • Страница 217

    Vigor2950 Series User’s Guide 207 4 4 . . 2 2 C C r r e e a a t t e e a a R R e e m m o o t t e e D D i i a a l l - - i i n n U U s s e e r r C C o o n n n n e e c c t t i i o o n n B B e e t t w w e e e e n n t t h h e e T T e e l l e e w w o o r r k k e e r r a a n n d d H H e e a a d d q q u u a a r r t t e e r r The other common case is that [...]

  • Страница 218

    Vigor2950 Series User’s Guide 208 3. Go to Remote Dial-In Users . Click on one index number to edit a profile. 4. Set Dial-In settings to as shown below to allow the remote user dial-in to build VPN connection. If an IPSec-based service is sele cted, you may further specify the remote peer IP Address, IKE Authentication Method and I PSec Security[...]

  • Страница 219

    Vigor2950 Series User’s Guide 209 Settings in the remote host: 1. For Win98/ME, you may use "Dial-up Networking" to create the PPTP tunnel t o Vigor router. For Win2000/XP, please use "Network and Dial-up connections" or “Smart VPN Client”, complimentary software to help you create PPTP, L2TP, and L2TP over IPSec tunnel. Y[...]

  • Страница 220

    Vigor2950 Series User’s Guide 210 You may further specify the method you use to get IP, the security method, and authentication method. If the Pre-Shared Key is selected, it should be consistent with the one set in VPN router. If a PPP-based service is selected, you should fu rther specify the remote VPN server IP address, Username, Password, and[...]

  • Страница 221

    Vigor2950 Series User’s Guide 211 4. Click Connect button to build connection. When the connection is successful, you will find a green light on the right down corner. 4 4 . . 3 3 Q Q o o S S S S e e t t t t i i n n g g E E x x a a m m p p l l e e Assume a teleworker someti mes works at hom e and takes care of children. When working time, he woul[...]

  • Страница 222

    Vigor2950 Series User’s Guide 212 3. Enter the Name of Index Class 2 by clicking Edit link. In this index, the user will set reserve bandwidth for HTTPS. And click Basic button on the right. 4. Click Setup link for W AN1. Check Enable UDP Bandwidth Control on the bottom to prevent enormous UDP traffic of V oIP influent other application. 5. If th[...]

  • Страница 223

    Vigor2950 Series User’s Guide 213 4 4 . . 4 4 L L A A N N – – C C r r e e a a t t e e d d b b y y U U s s i i n n g g N N A A T T An example of default setting and the corr esponding deplo yment are shown below . The default V igor router private IP address/ Subnet Mask is 192.1 68.1.1/255.255.255.0. The built-in DHCP server is enabled so it [...]

  • Страница 224

    Vigor2950 Series User’s Guide 214 Y ou can just set the settings wrapped inside the red rectangles to fit the request of NA T usage.[...]

  • Страница 225

    Vigor2950 Series User’s Guide 215 4 4 . . 5 5 U U p p g g r r a a d d e e F F i i r r m m w w a a r r e e f f o o r r Y Y o o u u r r R R o o u u t t e e r r Before upgrading your router firmware, you need to i nstall the Router Tools. The file RTSxxx.exe will be asked to copy onto your computer. Remember the place of storing the execution file. [...]

  • Страница 226

    Vigor2950 Series User’s Guide 216 5. Double click on the router tool icon. The setup wizard will appear. 6. Follow the onscreen instructions to install the tool. Finally, click Finish to end the installation. 7. From the Start menu, open Programs and choose Router Tools XXX >> Firmware Upgrade Utility . 8. Type in your router IP, usually 19[...]

  • Страница 227

    Vigor2950 Series User’s Guide 217 10. Click Send . 11. Now the firmware update is finished. 4 4 . . 6 6 R R e e q q u u e e s s t t a a c c e e r r t t i i f f i i c c a a t t e e f f r r o o m m a a C C A A s s e e r r v v e e r r o o n n W W i i n n d d o o w w s s C C A A S S e e r r v v e e r r[...]

  • Страница 228

    Vigor2950 Series User’s Guide 218 1. Go to Certificate Management and choose Local Certificate . 2. You can click GENERATE button to start to edit a certificate request. Enter the information in the certificate request. 3. Copy and save the X509 Local Certificate Requet as a text file and save it for later use.[...]

  • Страница 229

    Vigor2950 Series User’s Guide 219 4. Connect to CA server via web browser. Follo w the instruction to subm it the request. Below we take a Windows 2000 CA server for example. Select Request a Certificate . Select Advanced request . Select Submit a certificate request a base64 encoded PKCS #10 file or a renewal request using a base64 encoded PKCS [...]

  • Страница 230

    Vigor2950 Series User’s Guide 220 Then you have done the request and the ser ver now issues you a certificate. Select Base 64 encoded certificate and Download CA certificate . Now you should get a certificate (.cer file) and save it. 5. Back to Vigor router, go to Local Certificate . Click IMPORT button and browse the file to import the certifica[...]

  • Страница 231

    Vigor2950 Series User’s Guide 221 4 4 . . 7 7 R R e e q q u u e e s s t t a a C C A A C C e e r r t t i i f f i i c c a a t t e e a a n n d d S S e e t t a a s s T T r r u u s s t t e e d d o o n n W W i i n n d d o o w w s s C C A A S S e e r r v v e e r r 1. Use web browser connecting to the CA server that you would like to retrieve its CA cert[...]

  • Страница 232

    Vigor2950 Series User’s Guide 222 2. In Choose file to download , click CA Certificate Current and Base 64 encoded, and Download CA certificate to save the .cer. file. 3. Back to Vigor router, go to Trusted CA Certificate . Click IMPORT button and browse the file to import the certificate (.cer file) into Vigor router. When finished, click refres[...]

  • Страница 233

    Vigor2950 Series User’s Guide 223 4 4 . . 8 8 E E R R D D M M e e c c h h a a n n i i s s m m f f o o r r V V P P N N T T R R U U N N K K To use ERD (Environment Recovery Detection) mechanism for VPN TRUNK, please follow the steps listed below: 1. Click Start >> Run and type Telnet 192.168.1.1 in the Open box as below. Note that the IP addr[...]

  • Страница 234

    Vigor2950 Series User’s Guide 224 When VPN connection breaks down, Member1 is a top priorit y for the system to do VPN connection again. Request Background: Some of users hope the connection can be continuous and not breaking down (maybe they will have thousa nds of orders coming within one m inute). If the network connection breaks down, the use[...]

  • Страница 235

    Vigor2950 Series User’s Guide 225 4 4 . . 9 9 V V P P N N L L o o a a d d B B a a l l a a n n c c e e A A p p p p l l i i c c a a t t i i o o n n Here provides two situations that you can take advantages of VPN TRUNK Load Balance profile mechanism. Example 1: A VPN TRUNK profile with member 1 (GRE over IPSec type-LAN to LAN Router Mode) and Membe[...]

  • Страница 236

    Vigor2950 Series User’s Guide 226 ¾ Finish Member2 LAN-to-LAN Dial out Profile with GRE over IPSec configuration. Check Enable IPSec Dial-Out function GRE over IPSec. Type 192.168.100 .100 as My GRE IP and 192.168.100.200 as Peer GRE IP. After adding VpnLB1 under VPN TRUNK Mana gement, press Advanced for Load Balance Profile List and choose suit[...]

  • Страница 237

    Vigor2950 Series User’s Guide 227 (3) Dialing from VPN Client site[...]

  • Страница 238

    Vigor2950 Series User’s Guide 228 This page is left blank.[...]

  • Страница 239

    Vigor2950 Series User’s Guide 229 5 T T r r o o u u b b l l e e S S h h o o o o t t i i n n g g This section will guide you to solve abnormal s ituations if you cannot access into the Internet after installing the router and finishing the web configuration. Please follow sections below to check your basic installation status stage by stage. z Che[...]

  • Страница 240

    Vigor2950 Series User’s Guide 230 F F o o r r W W i i n n d d o o w w s s  The example is based on Windows XP. As to the examples for other operation systems, please refer to the si milar steps or find support notes in www.draytek.com . 1. Go to Control Panel and then double-click on Network Connection s. 2. Right-click on Local Area Connectio[...]

  • Страница 241

    Vigor2950 Series User’s Guide 231 4. Select Obtain an IP address automatically and Obtain DNS server address automatically. F F o o r r M M a a c c O O s s 1. Double click on the current used MacOs on the desktop. 2. Open the Application folder and get into Network . 3. On the Network screen, select Using DHCP from the drop down list of Configure[...]

  • Страница 242

    Vigor2950 Series User’s Guide 232 5 5 . . 3 3 P P i i n n g g i i n n g g t t h h e e R R o o u u t t e e r r f f r r o o m m Y Y o o u u r r C C o o m m p p u u t t e e r r The default gateway IP address of the router is 192.168.1.1. For so me reason, you might need to use “ping” command to check the link status of the router. The most impor[...]

  • Страница 243

    Vigor2950 Series User’s Guide 233[...]

  • Страница 244

    Vigor2950 Series User’s Guide 234 5 5 . . 4 4 C C h h e e c c k k i i n n g g I I f f t t h h e e I I S S P P S S e e t t t t i i n n g g s s a a r r e e O O K K o o r r N N o o t t Click WAN>> Internet Access and then check whether the ISP settings are set correctly. Click Details Page of WAN1/WAN2 to review the settings that you configure[...]

  • Страница 245

    Vigor2950 Series User’s Guide 235 F F o o r r P P P P T T P P / / L L 2 2 T T P P U U s s e e r r s s 1. Check if the Enable option for PPTP Link is selected. 2. Check if Server Address, Userna me, Password and WAN IP address are se t correctly (must identify with the values from your ISP).[...]

  • Страница 246

    Vigor2950 Series User’s Guide 236 5 5 . . 5 5 B B a a c c k k i i n n g g t t o o F F a a c c t t o o r r y y D D e e f f a a u u l l t t S S e e t t t t i i n n g g I I f f N N e e c c e e s s s s a a r r y y Sometimes, a wrong connection can be im proved by returning to the default settings. Try to reset the router by software or hardware. Warn[...]

  • Страница 247

    Vigor2950 Series User’s Guide 237 5 5 . . 6 6 C C o o n n t t a a c c t t i i n n g g Y Y o o u u r r D D e e a a l l e e r r If the router still cannot work correctly after trying many efforts, please contact your dealer for further help right away. For any questions, please feel free to send e-mail to support@draytek.com.[...]