Draytek VIGOR2950 Betriebsanweisung

Vigor2950 Series User’s Guide 90 Start Date (yyyy-mm-dd) Specify the starting date of the schedule. Start Time (hh:mm) Specify the starting time

Vigor2950 Series User’s Guide 9133..88..33 RRAADDIIUUSS//LLDDAAPP Remote Authentication Dial-In User Service (RADIUS) is a security authentication

Vigor2950 Series User’s Guide 92 Common Name Identifier Type or edit the common name identifier for the LDAP server. The common name identifier for

Vigor2950 Series User’s Guide 93The UPnP facility on the router enables UPnP aware applications such as MSN Messenger to discover what are behind a N

Vigor2950 Series User’s Guide 94 Wake by Two types provide for you to wake up the binded IP. If you choose Wake by MAC Address, you have to type th

Vigor2950 Series User’s Guide 9533..99 VVPPNN aanndd RReemmoottee AAcccceessss A Virtual Private Network (VPN) is the extension of a private net

Vigor2950 Series User’s Guide 96 Please choose a LAN-to-LAN Profile There are 32 VPN profiles for users to set. When you finish the mode and prof

Vigor2950 Series User’s Guide 97the choices for the client profile, please click Next. You will see different configurations based on the selection(s

Vigor2950 Series User’s Guide 98 z When you choose L2TP over IPSec (Nice to Have), you will see the following graphic: z When you choose L2TP o

Vigor2950 Series User’s Guide 99 Profile Name Type a name for such profile. The length of the file is limited to 10 characters. VPN Dial-Out Thr

Vigor2950 Series User’s Guide 11 PPrreeffaaccee The Vigor2950 series router provides Dual-WAN interface (which is a configuration second WAN) for I

Vigor2950 Series User’s Guide 100such as L2TP over IPSec and IPSec tunnel. Pre-Shared Key- Specify a key for IKE authentication Confirm Pre-Shared

Vigor2950 Series User’s Guide 101 Go to the VPN Connection Management Click this radio button to access VPN and Remote Access>>Connection Manag

Vigor2950 Series User’s Guide 102Selection Site to Site VPN/Remote Dial-in User – To set a LAN-to-LAN profile automatically, please choose Site to Si

Vigor2950 Series User’s Guide 103page. After making the choices for the server profile, please click Next. You will see different configurations base

Vigor2950 Series User’s Guide 104 Profile Name Type a name for such profile. The length of the file is limited to 10 characters. User Name This

Vigor2950 Series User’s Guide 105Remote Network IP Please type one LAN IP address (according to the real location of the remote host) for building V

Vigor2950 Series User’s Guide 106 The Vigor router will not accept the ISDN dial-in connection if the box of Enable ISDN Dial-in is not checked. 33..

Vigor2950 Series User’s Guide 107use 40-bit to perform encryption prior to using 128-bit for encryption. In other words, if 128-bit MPPE encryption m

Vigor2950 Series User’s Guide 108 IKE Authentication Method This usually applies to those are remote dial-in user or node (LAN-to-LAN) which uses d

Vigor2950 Series User’s Guide 10933..99..66 IIPPSSeecc PPeeeerr IIddeennttiittyy To use digital certificate for peer authentication in either LAN

Vigor2950 Series User’s Guide 2 11..22..11 FFoorr VViiggoorr22995500 LED Status Explanation Blinking The router is powered on and running norm

Vigor2950 Series User’s Guide 110 Profile Name Type in a name in this file. Accept Any Peer ID Click to accept any peer regardless of its identity.

Vigor2950 Series User’s Guide 11133..99..77 RReemmoottee DDiiaall--iinn UUsseerr You can manage remote access by maintaining a table of remote us

Vigor2950 Series User’s Guide 112 Enable this account Check the box to enable this function. Idle Timeout- If the dial-in user is idle over the limi

Vigor2950 Series User’s Guide 113SSL Tunnel It allows the remote dial-in user to make an SSL VPN Tunnel connection through Internet, suitable for th

Vigor2950 Series User’s Guide 114VPN>> SSL Web Proxy to set profiles. If you have set several profiles beforehand, you can check SSL Web Pro

Vigor2950 Series User’s Guide 115remote node. The only exception is Digital Signature (X.509) can be set when you select IPSec tunnel either with or

Vigor2950 Series User’s Guide 11633..99..88 LLAANN ttoo LLAANN Here you can manage LAN-to-LAN connections by maintaining a table of connection pr

Vigor2950 Series User’s Guide 117 Profile Name Specify a name for the profile of the LAN-to-LAN connection. Enable this profile Check here to activ

Vigor2950 Series User’s Guide 118WAN2 First - While connecting, the router will use WAN2 as the first channel for VPN connection. If WAN2 fails, the

Vigor2950 Series User’s Guide 119further set up Callback (CBCP) function below. This feature is useful for i model only. PPTP Build a PPTP VPN conne

Vigor2950 Series User’s Guide 311..22..22 FFoorr VViiggoorr22995500GG LED Status Explanation Blinking The router is powered on and running nor

Vigor2950 Series User’s Guide 120authenticated, but not be encrypted. By default, this option is active. High (ESP-Encapsulating Security Payload)- m

Vigor2950 Series User’s Guide 121 IKE phase 2 proposal-To propose the local available algorithms to the VPN peers, and get its feedback to find a mat

Vigor2950 Series User’s Guide 122here to allow the Vigor router to send the ISDN number to the remote router. This feature is useful for i model only

Vigor2950 Series User’s Guide 123None - Do not apply the IPSec policy. Accordingly, the VPN connection employed the L2TP without IPSec policy can be

Vigor2950 Series User’s Guide 124Callback number-The option is for extra security. Once enabled, the router will ONLY call back to the specified Call

Vigor2950 Series User’s Guide 125find there are several subnets behind the remote VPN router. RIP Direction - The option specifies the direction o

Vigor2950 Series User’s Guide 126¾ Specific ERD (Environment Recovery Detection) mechanism which can be operated by using Telnet command VPN TRUNK

Vigor2950 Series User’s Guide 127 Backup Profile List Set to Factory Default - Click to clear all VPN TRUNK-VPN Backup mechanism profile. No -The

Vigor2950 Series User’s Guide 128Advanced – This button is only available when there is one profile (or more) created in this page. Detailed informa

Vigor2950 Series User’s Guide 129 Detailed information for this dialog, see later section - Advanced Load Balance and Backup. General Setup Status

Vigor2950 Series User’s Guide 4 11..22..33 FFoorr VViiggoorr22995500ii LED Status Explanation Blinking The router is powered on and running no

Vigor2950 Series User’s Guide 130Delete Click this button to delete the selected VPN TRUNK profile. The corresponding members (LAN-to-LAN profiles)

Vigor2950 Series User’s Guide 131expressed in black. HHooww ccaann yyoouu sseett aa GGRREE oovveerr IIPPSSeecc pprrooffiillee?? 1. Please

Vigor2950 Series User’s Guide 132AAddvvaanncceedd LLooaadd BBaallaannccee aanndd BBaacckkuupp After setting profiles for load balance, you can c

Vigor2950 Series User’s Guide 133binding tunnel table. Tunnel Bind Table Index- 400 binding tunnel tables are provided by this device. Choose any one

Vigor2950 Series User’s Guide 134Detail Information This field will display detailed information for Binding Tunnel Policy. Below shows a successful

Vigor2950 Series User’s Guide 135periodically and type the value for it (the unit is second). If VPN server for Member 1 has completed the network co

Vigor2950 Series User’s Guide 13633..99..1100 CCoonnnneeccttiioonn MMaannaaggeemmeenntt You can find the summary table of all VPN connections. You

Vigor2950 Series User’s Guide 137VPN Load Balance function. Dial Click this button to execute dial out function under General Mode, Backup Mode or

Vigor2950 Series User’s Guide 138GENERATE Click this button to open Generate Certificate Signing Request window. Type in all the information that the

Vigor2950 Series User’s Guide 139IMPORT Vigor router allows you to generate a certificate request and submit it the CA server, then import it as “Loc

Vigor2950 Series User’s Guide 511..22..44 FFoorr VViiggoorr22995500GGii LED Status Explanation Blinking The router is powered on and running n

Vigor2950 Series User’s Guide 140Upload Certificate and Private Key It is useful when users have separated certificates and private keys. And the pas

Vigor2950 Series User’s Guide 141imported will be listed on the Trusted CA Certificate window. Then click Import to use the pre-saved file. For view

Vigor2950 Series User’s Guide 14233..1100..33 CCeerrttiiffiiccaattee BBaacckkuupp Local certificate and Trusted CA certificate for this router can

Vigor2950 Series User’s Guide 14333..1111..22 GGeenneerraall SSeettttiinnggss This web page allows you to enable wireless LAN function. ISDN Port

Vigor2950 Series User’s Guide 14433..1111..33 DDiiaall ttoo aa SSiinnggllee IISSPP//DDiiaall ttoo DDuuaall IISSPPss Select Dialing to a Sing

Vigor2950 Series User’s Guide 145IP Address Assignment Method (IPCP) In most environments, you should not change these settings as most ISPs provide

Vigor2950 Series User’s Guide 146Primary ISP Setup ISP Name - Enter your ISP name. Dial Number -Enter the ISDN access number provided by your ISP. U

Vigor2950 Series User’s Guide 147 33..1111..44 VViirrttuuaall TTAA Virtual TA means the local hosts or PCs in the network that uses popular CAPI-b

Vigor2950 Series User’s Guide 148z The Virtual TA client only supports the CAPI 2.0 protocol and has no built-in FAX engine. z One ISDN BRI interf

Vigor2950 Series User’s Guide 149CCoonnffiigguurree aa VViirrttuuaall TTAA CClliieenntt// SSeerrvveerr Since the Virtual TA application is a cl

Vigor2950 Series User’s Guide 6 11..33 HHaarrddwwaarree IInnssttaallllaattiioonn Before starting to configure the router, you have to connect you

Vigor2950 Series User’s Guide 150Suppose that you could assign the MSN number 123 to the client “alan”. Type the specified MSN number in the CAPI-ba

Vigor2950 Series User’s Guide 151Note that Dialing to a Single ISP should be pre-configured properly. Basic Setup Link Type - Because ISDN has two B

Vigor2950 Series User’s Guide 15233..1122 WWiirreelleessss LLAANN This function is used for G models only. 33..1122..11 BBaassiicc CCoonncceeppt

Vigor2950 Series User’s Guide 153WEP (Wired Equivalent Privacy) is a legacy method to encrypt each frame transmitted via radio using either a 64-bit

Vigor2950 Series User’s Guide 154Separate the Wireless and the Wired LAN- WLAN Isolation enables you to isolate your wireless LAN from wired LAN for

Vigor2950 Series User’s Guide 15511b only - The radio only supports IEEE802.11b. Index(1-15) Set the wireless LAN to work at certain time interval

Vigor2950 Series User’s Guide 15633..1122..33 SSeeccuurriittyy By clicking the Security Settings, a new web page will appear so that you could conf

Vigor2950 Series User’s Guide 157either Mixed or WPA2 only in the field below. Since the key will be auto-negotiated during authentication, the field

Vigor2950 Series User’s Guide 15833..1122..44 AAcccceessss CCoonnttrrooll For additional security of wireless access, the Access Control facility

Vigor2950 Series User’s Guide 15933..1122..55 WWDDSS WDS means Wireless Distribution System. It is a protocol for connecting two access points (AP)

Vigor2950 Series User’s Guide 72 CCoonnffiigguurriinngg BBaassiicc SSeettttiinnggss For use the router properly, it is necessary for you to chang

Vigor2950 Series User’s Guide 160In the following examples, hosts connected to Bridge 1 or 3 can communicate with hosts connected to Bridge 2 through

Vigor2950 Series User’s Guide 161Security There are three types for security, Disable, WEP and Pre-shared key. The setting you choose here will make

Vigor2950 Series User’s Guide 162 If you want the found AP applying the WDS settings, please type in the AP’s MAC address on the bottom of the page a

Vigor2950 Series User’s Guide 16333..1122..88 SSttaattiioonn RRaattee CCoonnttrrooll This page allows you to control the upload and download rate

Vigor2950 Series User’s Guide 164 Enable Check this box to enable this function (for VLAN Configuration). P1 – P4 Check the box to make the compute

Vigor2950 Series User’s Guide 165 The VLAN >> Wireless VALN allows you to configure Wireless VLAN settings through wireless connection to achie

Vigor2950 Series User’s Guide 166Details Click this button to set additional attributes settings for W_VLAN. Activated Date – Use the drop down lis

Vigor2950 Series User’s Guide 1674. When the accessing is successful, the following screen will appear. Note: The floating window with connection

Vigor2950 Series User’s Guide 16833..1133..33 VVLLAANN CCrroossss SSeettuupp This function allows the router to integrate VLAN and W_VLAN for man

Vigor2950 Series User’s Guide 169Enable Check this box to invoke VLAN Cross Setup function. VLAN0-3 It represents the groups of virtual LAN connect

Vigor2950 Series User’s Guide 8 3. Now, the Main Screen will pop up. Home Page for Vigor2950 Series 4. 4Go to System Maintenance page and choose

Vigor2950 Series User’s Guide 17033..1144 SSSSLL VVPPNN An SSL VPN (Secure Sockets Layer virtual private network) is a form of VPN that can be u

Vigor2950 Series User’s Guide 17133..1144..22 SSSSLL WWeebb PPrrooxxyy SSL Web Proxy will allow the remote users to access the internal web sites

Vigor2950 Series User’s Guide 172SSL – if you choose such selection, web proxy over SSL will be applied for VPN. 33..1144..33 SSSSLL AApppplliiccaa

Vigor2950 Series User’s Guide 173 Different application type will lead different web pages. Refer to the following: z Virtual Network Computing – Ch

Vigor2950 Series User’s Guide 174z Samba Application - Any remote user can upload/download/delete certain files on a local samba server through web

Vigor2950 Series User’s Guide 175 However, if you have set several SSL Web Proxy Profiles in SSL VPN>> SSL Web Proxy web page: The SSL Web P

Vigor2950 Series User’s Guide 17633..1144..55 OOnnlliinnee UUsseerr SSttaattuuss If you have finished the configuration of SSL Web Proxy (server)

Vigor2950 Series User’s Guide 17733..1155..11 SSyysstteemm SSttaattuuss The System Status provides basic network settings of Vigor router. It incl

Vigor2950 Series User’s Guide 178Wireless LAN --- MAC Address Display the MAC address of the wireless LAN. Frequency Domain It can be Europe (13

Vigor2950 Series User’s Guide 179set URL as the following and type username and password for VigorACS server: http://{IP address of VigorACS}:8080/AC

Vigor2950 Series User’s Guide 922..22 QQuuiicckk SSttaarrtt WWiizzaarrdd If your router can be under an environment with high speed NAT, the conf

Vigor2950 Series User’s Guide 18033..1155..33 AAddmmiinniissttrraattoorr PPaasssswwoorrdd This page allows you to set new password. Old Password

Vigor2950 Series User’s Guide 181 3. In Save As dialog, the default filename is config.cfg. You could give it another name by yourself. 4. Click S

Vigor2950 Series User’s Guide 182RReessttoorree CCoonnffiigguurraattiioonn 1. Go to System Maintenance >> Configuration Backup. The followin

Vigor2950 Series User’s Guide 183Mail To Assign a mail address for sending mails out. Return-Path Assign a path for receiving the mail from outside

Vigor2950 Series User’s Guide 18433..1155..66 TTiimmee aanndd DDaattee It allows you to specify where the time of the router should be inquired f

Vigor2950 Series User’s Guide 18533..1155..77 MMaannaaggeemmeenntt This page allows you to manage the settings for access control, access list, por

Vigor2950 Series User’s Guide 186Set Community Set community by typing a proper name. The default setting is private. Manager Host IP Set one host

Vigor2950 Series User’s Guide 18733..1155..99 FFiirrmmwwaarree UUppggrraaddee Before upgrading your router firmware, you need to install the Rou

Vigor2950 Series User’s Guide 18833..1166 DDiiaaggnnoossttiiccss Diagnostic Tools provide a useful way to view or diagnose the status of your Vigor

Vigor2950 Series User’s Guide 18933..1166..22 RRoouuttiinngg TTaabbllee Click Diagnostics and click Routing Table to open the web page. Refresh

Vigor2950 Series User’s Guide ii

Vigor2950 Series User’s Guide 10 In the Quick Start Wizard, you can configure the router to access the Internet with different protocol/modes such a

Vigor2950 Series User’s Guide 19033..1166..44 DDHHCCPP TTaabbllee The facility provides information on IP address assignments. This information is

Vigor2950 Series User’s Guide 191#Pseudo Port It indicates the temporary port of the router used for NAT. Peer IP:Port It indicates the destination

Vigor2950 Series User’s Guide 19233..1166..77 DDaattaa FFllooww MMoonniittoorr This page displays the running procedure for the IP address moni

Vigor2950 Series User’s Guide 193TX rate (kbps) Display the transmission speed of the monitored device. RX rate (kbps) Display the receiving speed

Vigor2950 Series User’s Guide 194 The horizontal axis represents time. Yet the vertical axis has different meanings. For WAN1/WAN2 Bandwidth chart, t

Vigor2950 Series User’s Guide 19533..1166..99 PPiinngg DDiiaaggnnoossiiss Click Diagnostics and click Ping Diagnosis to pen the web page. Ping

Vigor2950 Series User’s Guide 19633..1166..1100 TTrraaccee RRoouuttee Click Diagnostics and click Trace Route to open the web page. This page allo

Vigor2950 Series User’s Guide 19733..1177 SSuuppppoorrtt AArreeaa When you click the menu item under Support Area, you will be guided to visit www

Vigor2950 Series User’s Guide 198

Vigor2950 Series User’s Guide 1994 AApppplliiccaattiioonn aanndd EExxaammpplleess 44..11 CCrreeaattee aa LLAANN--ttoo--LLAANN CCoonnnneecctti

Vigor2950 Series User’s Guide 11Password Assign a valid password provided by the ISP. Confirm Password Retype the password to confirm it. Click N

Vigor2950 Series User’s Guide 200 For using IPSec-based service, such as IPSec or L2TP with IPSec Policy, you have to set general settings in IPSec G

Vigor2950 Series User’s Guide 201connection. If a PPP-based service is selected, you should further specify the remote peer IP Address, Username,

Vigor2950 Series User’s Guide 202connection. Otherwise, it will apply the settings defined in IPSec General Setup above. If a PPP-based service is

Vigor2950 Series User’s Guide 203 Settings in Router B in the remote office: 1. Go to VPN and Remote Access and select Remote Access Control to ena

Vigor2950 Series User’s Guide 2043. Go to LAN-to-LAN. Click on one index number to edit a profile. 4. Set Common Settings as shown below. You shoul

Vigor2950 Series User’s Guide 205Dial-Out connection. 6. Set Dial-In settings to as shown below to allow Router A dial-in to build VPN connection.

Vigor2950 Series User’s Guide 206 7. At last, set the remote network IP/subnet in TCP/IP Network Settings so that Router B can direct the packets d

Vigor2950 Series User’s Guide 20744..22 CCrreeaattee aa RReemmoottee DDiiaall--iinn UUsseerr CCoonnnneeccttiioonn BBeettwweeeenn tthhee TTee

Vigor2950 Series User’s Guide 208 3. Go to Remote Dial-In Users. Click on one index number to edit a profile. 4. Set Dial-In settings to as shown

Vigor2950 Series User’s Guide 209 Settings in the remote host: 1. For Win98/ME, you may use "Dial-up Networking" to create the PPTP tunnel

Vigor2950 Series User’s Guide 12 22..22..22 PPPPTTPP Click PPTP as the protocol. Type in all the information that your ISP provides for this protoc

Vigor2950 Series User’s Guide 210 You may further specify the method you use to get IP, the security method, and authentication method. If the Pre-S

Vigor2950 Series User’s Guide 211 4. Click Connect button to build connection. When the connection is successful, you will find a green light on th

Vigor2950 Series User’s Guide 2123. Enter the Name of Index Class 2 by clicking Edit link. In this index, the user will set reserve bandwidth for HT

Vigor2950 Series User’s Guide 21344..44 LLAANN –– CCrreeaatteedd bbyy UUssiinngg NNAATT An example of default setting and the corresponding de

Vigor2950 Series User’s Guide 214 You can just set the settings wrapped inside the red rectangles to fit the request of NAT usage.

Vigor2950 Series User’s Guide 21544..55 UUppggrraaddee FFiirrmmwwaarree ffoorr YYoouurr RRoouutteerr Before upgrading your router firmware, you

Vigor2950 Series User’s Guide 2165. Double click on the router tool icon. The setup wizard will appear. 6. Follow the onscreen instructions to i

Vigor2950 Series User’s Guide 21710. Click Send. 11. Now the firmware update is finished. 44..66 RReeqquueesstt aa cceerrttiiffiiccaattee ffrro

Vigor2950 Series User’s Guide 2181. Go to Certificate Management and choose Local Certificate. 2. You can click GENERATE button to start to edit

Vigor2950 Series User’s Guide 2194. Connect to CA server via web browser. Follow the instruction to submit the request. Below we take a Windows 2000

Vigor2950 Series User’s Guide 1322..22..33 LL22TTPP Click L2TP as the protocol. Type in all the information that your ISP provides for this protoco

Vigor2950 Series User’s Guide 220 Then you have done the request and the server now issues you a certificate. Select Base 64 encoded certificate and

Vigor2950 Series User’s Guide 22144..77 RReeqquueesstt aa CCAA CCeerrttiiffiiccaattee aanndd SSeett aass TTrruusstteedd oonn WWiinnddoowwss

Vigor2950 Series User’s Guide 2222. In Choose file to download, click CA Certificate Current and Base 64 encoded, and Download CA certificate to sav

Vigor2950 Series User’s Guide 22344..88 EERRDD MMeecchhaanniissmm ffoorr VVPPNN TTRRUUNNKK To use ERD (Environment Recovery Detection) mechanis

Vigor2950 Series User’s Guide 224When VPN connection breaks down, Member1 is a top priority for the system to do VPN connection again. Request Back

Vigor2950 Series User’s Guide 22544..99 VVPPNN LLooaadd BBaallaannccee AApppplliiccaattiioonn Here provides two situations that you can take adv

Vigor2950 Series User’s Guide 226¾ Finish Member2 LAN-to-LAN Dial out Profile with GRE over IPSec configuration. Check Enable IPSec Dial-Out functio

Vigor2950 Series User’s Guide 227(3) Dialing from VPN Client site

Vigor2950 Series User’s Guide 228 This page is left blank.

Vigor2950 Series User’s Guide 2295 TTrroouubbllee SShhoooottiinngg This section will guide you to solve abnormal situations if you cannot access i

Vigor2950 Series User’s Guide 14 22..22..44 SSttaattiicc IIPP Click Static IP as the protocol. Type in all the information that your ISP provides

Vigor2950 Series User’s Guide 230FFoorr WWiinnddoowwss  The example is based on Windows XP. As to the examples for other operation systems, please

Vigor2950 Series User’s Guide 2314. Select Obtain an IP address automatically and Obtain DNS server address automatically. FFoorr MMaaccOOss 1.

Vigor2950 Series User’s Guide 23255..33 PPiinnggiinngg tthhee RRoouutteerr ffrroomm YYoouurr CCoommppuutteerr The default gateway IP address o

Vigor2950 Series User’s Guide 233

Vigor2950 Series User’s Guide 23455..44 CChheecckkiinngg IIff tthhee IISSPP SSeettttiinnggss aarree OOKK oorr NNoott Click WAN>> Inte

Vigor2950 Series User’s Guide 235 FFoorr PPPPTTPP//LL22TTPP UUsseerrss 1. Check if the Enable option for PPTP Link is selected. 2. Check if S

Vigor2950 Series User’s Guide 23655..55 BBaacckkiinngg ttoo FFaaccttoorryy DDeeffaauulltt SSeettttiinngg IIff NNeecceessssaarryy Sometimes, a

Vigor2950 Series User’s Guide 23755..66 CCoonnttaaccttiinngg YYoouurr DDeeaalleerr If the router still cannot work correctly after trying many ef

Vigor2950 Series User’s Guide 1522..22..55 DDHHCCPP Click DHCP as the protocol. Type in all the information that your ISP provides for this protoco

Vigor2950 Series User’s Guide 16 22..33 OOnnlliinnee SSttaattuuss The online status shows the system status, WAN status, ADSL Information and ot

Vigor2950 Series User’s Guide 17Online status for DHCP Detailed explanation is shown below: Primary DNS Display the IP address of the primary DNS.

Vigor2950 Series User’s Guide 18 Drop B1/B2 Allows you to drop B1 or B2 connection. Note: The words in green mean that the WAN connection of that in

Vigor2950 Series User’s Guide 193AAddvvaanncceedd WWeebb CCoonnffiigguurraattiioonn After finished basic configuration of the router, you can acce

Vigor2950 Series User’s Guide iii Vigor2950 Series Dual-WAN SSL VPN Appliance User’s Guide Version: 4.1 Date: 30/10/2009 Copyright 2

Vigor2950 Series User’s Guide 20 Below shows the menu items for Internet Access. 33..11..22 GGeenneerraall SSeettuupp This section will introduce

Vigor2950 Series User’s Guide 21Physical Type You can change the physical type for WAN2 or choose Auto negotiation for determined by the system. Lo

Vigor2950 Series User’s Guide 22 33..11..33 IInntteerrnneett AAcccceessss For the router supports dual WAN function, the users can set different W

Vigor2950 Series User’s Guide 23DDeettaaiillss PPaaggee ffoorr PPPPPPooEE To use PPPoE as the accessing protocol of the internet, please choose I

Vigor2950 Series User’s Guide 24 Ping IP – If you choose Ping Detect as detection mode, you have to type IP address in this field for pinging. TTL (T

Vigor2950 Series User’s Guide 25DDeettaaiillss PPaaggee ffoorr SSttaattiicc oorr DDyynnaammiicc IIPP For static IP mode, you usually receive a

Vigor2950 Series User’s Guide 26 PING Interval - Enter the interval for the system to execute the PING operation. WAN Connection Detection Such funct

Vigor2950 Series User’s Guide 27Gateway IP Address: Type the gateway IP address. Default MAC Address : Click this radio button to use default MAC add

Vigor2950 Series User’s Guide 28 DDeettaaiillss PPaaggee ffoorr PPPPTTPP//LL22TTPP To use PPTP/L2TP as the accessing protocol of the internet, pl

Vigor2950 Series User’s Guide 29MTU Mean maximum transmission unit of one packet. The default value is 1442. PPP Setup PPP Authentication - Select

Vigor2950 Series User’s Guide iv Copyright Information Copyright Declarations Copyright 2009 All rights reserved. This publication contains informat

Vigor2950 Series User’s Guide 30 IP Address – Type the IP address. Subnet Mask – Type the subnet mask. 33..11..44 LLooaadd--BBaallaannccee PPoollii

Vigor2950 Series User’s Guide 31Dest Port End Display the IP address for the end of the destination port. Move UP/Move Down Use Up or Down link to

Vigor2950 Series User’s Guide 32 Dest Port End Type the destination port end for the destination IP. If this field is blank, it means that all the d

Vigor2950 Series User’s Guide 33 WWhhaatt iiss RRoouuttiinngg IInnffoorrmmaattiioonn PPrroottooccooll ((RRIIPP)) Vigor router will exchange rou

Vigor2950 Series User’s Guide 34 33..22..22 GGeenneerraall SSeettuupp This page provides you the general settings for LAN. Click LAN to open the L

Vigor2950 Series User’s Guide 35 Start IP Address: Enter a value of the IP address pool for the DHCP server to start with when issuing IP addresses.

Vigor2950 Series User’s Guide 36 of the router, which means the router is the default gateway. DHCP Server IP Address for Relay Agent - Set the IP ad

Vigor2950 Series User’s Guide 37Index The number (1 to 10) under Index allows you to open next page to set up static route. Destination Address

Vigor2950 Series User’s Guide 38 Note: There are two reasons that we have to apply RIP Protocol Control on 1st Subnet. The first is that the LAN inte

Vigor2950 Series User’s Guide 3933..22..44 VVLLAANN PCs connected to Ethernet ports of the router can be divided into different groups and formed V

Vigor2950 Series User’s Guide vEuropean Community Declarations Manufacturer: DrayTek Corp. Address: No. 26, Fu Shing Road, HuKou Township, HsinCh

Vigor2950 Series User’s Guide 40 33..22..55 BBiinndd IIPP ttoo MMAACC This function is used to bind the IP and MAC address in LAN to have a stre

Vigor2950 Series User’s Guide 41Add It allows you to add the one you choose from the ARP table or the IP/MAC address typed in Add and Edit to the ta

Vigor2950 Series User’s Guide 42 33..33..11 PPoorrtt RReeddiirreeccttiioonn Port Redirection is usually set up for server related service inside t

Vigor2950 Series User’s Guide 43 Enable Check this box to enable such port redirection setting. Mode Two options (Single and Range) are provided he

Vigor2950 Series User’s Guide 44 33..33..22 DDMMZZ HHoosstt As mentioned above, Port Redirection can redirect incoming TCP/UDP or other traffic o

Vigor2950 Series User’s Guide 45 For WAN 1 WAN Selection In WAN 1, DMZ host can be specified with Private IP or Active True IP. Choose the one you w

Vigor2950 Series User’s Guide 46 save the setting. For WAN 2 Click WAN2 tab to open the following page: Enable Check to enable the DMZ Host functi

Vigor2950 Series User’s Guide 47save the setting. Note: If you previously have set up WAN Alias in Internet Access>>PPPoE/Static IP/PPTP, you

Vigor2950 Series User’s Guide 48 33..33..33 OOppeenn PPoorrttss Open Ports allows you to open a range of ports for the traffic of special applicat

Vigor2950 Series User’s Guide 49 Enable Open Ports Check to enable this entry. Comment Make a name for the defined network application/service. W

Vigor2950 Series User’s Guide vi TTaabbllee ooff CCoonntteennttss 1 Preface ...

Vigor2950 Series User’s Guide 50 33..33..44 AAddddrreessss MMaappppiinngg This page is used to map specific private IP to specific WAN IP alias. I

Vigor2950 Series User’s Guide 51Protocol Specify the transport layer protocol. It could be TCP, UDP, or ALL for selection. WAN Interface Specify

Vigor2950 Series User’s Guide 52 The following illustrations are flow charts explaining how router will treat incoming traffic and outgoing traffic r

Vigor2950 Series User’s Guide 53The below shows the attack types that DoS/DDoS defense function can detect: 1. SYN flood attack 2. UDP flood attack 3

Vigor2950 Series User’s Guide 54 APP Enforcement Select one of the APP Enforcement Profile settings (created in CSM>> APP Enforcement Profile)

Vigor2950 Series User’s Guide 55Move Up/Down Use Up or Down link to move the order of the filter rules. Next Filter Set Set the link to the next fil

Vigor2950 Series User’s Guide 56 To set the IP address manually, please choose Any Address/Single Address/Range Address/Subnet Address as the Addre

Vigor2950 Series User’s Guide 57choose Group and Objects as the Service Type. Protocol - Specify the protocol(s) which this filter rule will apply t

Vigor2950 Series User’s Guide 58 EExxaammppllee As stated before, all the traffic will be separated and arbitrated using on of two IP filters: call

Vigor2950 Series User’s Guide 5933..44..44 DDooSS DDeeffeennssee As a sub-functionality of IP Filter/Firewall, there are 15 types of detect/ defen

Vigor2950 Series User’s Guide vii3.4.2 General Setup...

Vigor2950 Series User’s Guide 60 port-scanning Threshold rate, the Vigor router will send out a warning. By default, the Vigor router sets the thresh

Vigor2950 Series User’s Guide 61SYN packets with the identical source and destination addresses, as well as the port number to victims. Block Unknown

Vigor2950 Series User’s Guide 62 33..55 OObbjjeeccttss SSeettttiinnggss For IPs in a range and service ports in a limited range usually will be ap

Vigor2950 Series User’s Guide 63Name Type a name for this profile. Maximum 15 characters are allowed. Interface Choose a proper interface (WAN, LAN

Vigor2950 Series User’s Guide 64 33..55..22 IIPP GGrroouupp This page allows you to bind several IP objects into one IP group. Set to Factory D

Vigor2950 Series User’s Guide 6533..55..33 SSeerrvviiccee TTyyppee OObbjjeecctt You can set up to 96 sets of Service Type Objects with differen

Vigor2950 Series User’s Guide 66 (!=) – when the first and last value are the same, it indicates all the ports except the port defined here; when the

Vigor2950 Series User’s Guide 67 Name Type a name for this profile. Available Service Type Objects You can add IP objects from IP Objects page. All

Vigor2950 Series User’s Guide 68 Profile Name Type a name for this profile. Type a name for such profile and check all the items that not allowed t

Vigor2950 Series User’s Guide 6933..55..66 PP22PP OObbjjeecctt This page allows you to set 32 profiles for peer-to-peer application. These profile

Vigor2950 Series User’s Guide viii 3.12.5 WDS...

Vigor2950 Series User’s Guide 70 Type a name for such profile and check all the protocols that not allowed to be used in the host. Finally, click OK

Vigor2950 Series User’s Guide 7133..55..88 MMiisscc OObbjjeecctt This page allows you to set 32 profiles for miscellaneous applications. These pro

Vigor2950 Series User’s Guide 72 Profile Name Type a name for this profile. Type a name for such profile and check all the protocols that not allow

Vigor2950 Series User’s Guide 73checks the URL strings or some of HTTP data hiding in the payload of TCP packets while legacy firewall inspects packe

Vigor2950 Series User’s Guide 74 33..66..11 AAPPPP EEnnffoorrcceemmeenntt PPrrooffiillee You can define policy profiles for different policy of I

Vigor2950 Series User’s Guide 7533..66..22 UURRLL CCoonntteenntt FFiilltteerr PPrrooffiillee Click CSM and click URL Content Filter Profile to o

Vigor2950 Series User’s Guide 76 You must clear your browser cache first so that the URL content filtering facility operates properly on a web page

Vigor2950 Series User’s Guide 7733..66..33 WWeebb CCoonntteenntt FFiilltteerr PPrrooffiillee We all know that the content on the Internet just l

Vigor2950 Series User’s Guide 78 33..77 BBaannddwwiiddtthh MMaannaaggeemmeenntt Below shows the menu items for Bandwidth Management. 33..77..11

Vigor2950 Series User’s Guide 79Maximum Sessions Defines the available session number for each host in the specific range of IP addresses. If you do

Vigor2950 Series User’s Guide ix5 Trouble Shooting ...229 5.1

Vigor2950 Series User’s Guide 80 Default TX limit Define the default speed of the upstream for each computer in LAN. Default RX limit Define the de

Vigor2950 Series User’s Guide 81the overcrowded network. This is especially essential to those are low tolerant of loss, delay or jitter (delay varia

Vigor2950 Series User’s Guide 82 This page displays the QoS settings result of the WAN interface. Click the Setup link to access into next page for

Vigor2950 Series User’s Guide 83Check this box and click OK, then click Setup link again. You will see the Online Statistics link appearing on this p

Vigor2950 Series User’s Guide 84 After you click the Edit link, you will see the following page. Now you can define the name for that Class. In this

Vigor2950 Series User’s Guide 85Edit It allows you to edit source address information. Address Type – Determine the address type for the source

Vigor2950 Series User’s Guide 86 After you click the Edit link, you will see the following page. For adding a new service type, click Add to open

Vigor2950 Series User’s Guide 8733..88 AApppplliiccaattiioonnss Below shows the menu items for Applications. 33..88..11 DDyynnaammiicc DDNNSS T

Vigor2950 Series User’s Guide 88 Active Display if this account is active or inactive. View Log Display DDNS log status. Force Update Force the ro

Vigor2950 Series User’s Guide 8933..88..22 SScchheedduullee The Vigor router has a built-in real time clock which can update itself manually or aut