Draytek Vigor 2700 User Manual

Vigor 2700 series firewall router

Hide thumbs Also See for Vigor 2700:

Quick start manual (32 pages)

Specifications (2 pages)

Declaration of conformity (1 page)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

Table of Contents

Quick Links

Vigor 2700 Series Firewall Router

User's Guide

Version: 2.5

Date: 2007/03/19

This publication contains information that is protected by copyright. No part may be reproduced, transmitted,

transcribed, stored in a retrieval system, or translated into any language without written permission from the copyright

holders. The scope of delivery and other details are subject to change without prior notice.

Microsoft is a registered trademark of Microsoft Corp.

Windows, Windows 95, 98, Me, NT, 2000, XP and Explorer are trademarks of Microsoft Corp.

Apple and Mac OS are registered trademarks of Apple Computer Inc.

Other products may be trademarks or registered trademarks of their respective manufacturers.

Please visit www.draytek.com to get the newly updated manual at any time.

Table of Contents

Summary of Contents for Draytek Vigor 2700

Page 1 Windows, Windows 95, 98, Me, NT, 2000, XP and Explorer are trademarks of Microsoft Corp. Apple and Mac OS are registered trademarks of Apple Computer Inc. Other products may be trademarks or registered trademarks of their respective manufacturers. Please visit www.draytek.com to get the newly updated manual at any time.
Page 2 This page is left blank. Vigor2700 Series User’s Guide...
Page 3: Table Of Contents
Preface ...1 1.1 LED Indicators and Connectors ... 2 1.1.1 Front and Rear View for Vigor2700 ... 2 1.1.2 Front and Rear View for Vigor2700G ... 3 1.1.3 Front and Rear View for Vigor2700Gi ... 4 1.1.4 Front and Rear View for Vigor2700V (MODULE:2S1L) ... 5 1.1.5 Front and Rear View for Vigor2700V (MODULE:2S) ...
Page 4 3.4.1 Basics for Firewall... 49 3.4.2 General Setup... 52 3.4.3 Filter Setup ... 53 3.4.4 IM Blocking ... 56 3.4.5 P2P Blocking ... 57 3.4.6 DoS Defense ... 58 3.4.7 URL Content Filter ... 60 3.4.8 Web Content Filter... 62 3.5 Bandwidth Management ...
Page 5 3.12.3 Configuration Backup ... 135 3.12.4 Syslog/Mail Alert ... 136 3.12.5 Time and Date ... 138 3.12.6 Management... 139 3.12.7 Reboot System ... 140 3.12.8 Firmware Upgrade ... 140 3.13 Diagnostics... 141 3.13.1 WAN Connection ... 141 3.13.2 Dial-out Trigger ... 142 3.13.3 Routing Table ...
Page 6 This page is left blank. Vigor2700 Series User’s Guide...
Page 7: Preface
DoS attacks, user-configurable web filtering for parental control against network abuse etc. Vigor 2700 G model is embedded with an 802.11g compliant wireless module which provides wireless LAN access with data rate as much as 54Mbps. As for data privacy of wireless network, the Vigor2700 G model can encode all transmissions data with standard WEP and industrial strength WPA2 (IEEE 802.11i) encryption.
Page 8: Led Indicators And Connectors
Status Firewall Blinking ADSL2+ On (Green) Blinking (Green) Blinking (Orange) ACT (Activity) Blinking LAN (1, 2, 3, 4) Green Blinking Interface Description Connecter for a power adapter with 12~15VDC. ON/OFF Power Switch. Factory Reset Restore the default settings. Usage: Turn on the router (ACT LED is blinking). Press the hole and keep for more than 5 seconds.
Page 9: Front And Rear View For Vigor2700
Status WLAN Blinking Firewall Blinking ADSL2+ On (Green) Blinking (Green) Blinking (Orange) ACT (Activity) Blinking LAN (1, 2, 3, 4) Green Blinking Interface Description Connecter for a power adapter with 12~15VDC. ON/OFF Power Switch. Factory Reset Restore the default settings. Usage: Turn on the router (ACT LED is blinking).
Page 10: Front And Rear View For Vigor2700Gi
Status WLAN Blinking Firewall Blinking ADSL2+ On (Green) Blinking (Green) Blinking (Orange) ACT (Activity) Blinking LAN (1, 2, 3, 4) Green Blinking Interface Description Connecter for a power adapter with 12~15VDC. ON/OFF Power Switch. ISDN Connecter for NT1 (or NT1+) box provided by ISDN service provider. Factory Reset Restore the default settings.
Page 11: Front And Rear View For Vigor2700V (Module:2S1L)
Status Phone 1 & 2 (FXS1, FXS2) Blinking ADSL2+ On (Green) Blinking (Green) Blinking (Orange) ACT (Activity) Blinking LAN (1, 2, 3, 4) Green Blinking Interface Description Connecter for a power adapter with 12~15VDC. ON/OFF Power Switch. VoIP 1/2 Connecter of analog phone for VoIP communication. Life Connector of analog phone for PSTN life line.
Page 12: Front And Rear View For Vigor2700V (Module:2S)
Status Phone 1 & 2 (FXS1, FXS2) Blinking ADSL2+ On (Green) Blinking (Green) Blinking (Orange) ACT (Activity) Blinking LAN (1, 2, 3, 4) Green Blinking Interface Description Connecter for a power adapter with 12~15VDC. ON/OFF Power Switch. VoIP 1/2 Connecter of analog phone for VoIP communication. Factory Reset Restore the default settings.
Page 13: Front And Rear View For Vigor2700Vgi
Status WLAN Blinking Phone 1 & 2 (FXS1, FXS2) Blinking ADSL2+ On (Green) Blinking (Green) Blinking (Orange) ACT (Activity) Blinking LAN (1, 2, 3, 4) Green Blinking Interface Description Connecter for a power adapter with 12~15VDC. ON/OFF Power Switch. VoIP 1/2 Connecter of analog phone for VoIP communication.
Page 14: Front And Rear View For Vigor2700Vg (Module:2S1L)
Status WLAN Blinking Phone 1 & 2 (FXS1, FXS2) Blinking ADSL2+ On (Green) Blinking (Green) Blinking (Orange) ACT (Activity) Blinking LAN (1, 2, 3, 4) Green Blinking Interface Description Connecter for a power adapter with 12~15VDC. ON/OFF Power Switch. VoIP 1/2 Connecter of analog phone for VoIP communication.
Page 15: Front And Rear View For Vigor2700Vg (Module:2S)
Status WLAN Blinking Phone 1 & 2 (FXS1, FXS2) Blinking ADSL2+ On (Green) Blinking (Green) Blinking (Orange) ACT (Activity) Blinking LAN (1, 2, 3, 4) Green Blinking Interface Description Connecter for a power adapter with 12~15VDC. ON/OFF Power Switch. VoIP 1/2 Connecter of analog phone for VoIP communication.
Page 16: Hardware Installation
Before starting to configure the router, you have to connect your devices correctly. Connect the ADSL interface to the external ADSL splitter with an ADSL line cable for all models. For the VoIP model with MODULE:2S1L (Annex A), also connect Life interface to external ADSL splitter.
Page 17 Example 2: Connect the ADSL interface to the external ADSL splitter with an ADSL line cable. For the model of Vigor2700VGi (Annex B), also connect ISDN interface to external ADSL splitter. Example 3: Connect the ADSL interface to the external ADSL splitter with an ADSL line cable and connect to ISDN wall outlet.
Page 18 This page is left blank. Vigor2700 Series User’s Guide...
Page 19: Configuring Basic Settings
For use the router properly, it is necessary for you to change the password of web configuration for security and adjust primary basic settings. This chapter explains how to setup a password for an administrator and how to adjust basic settings for accessing Internet successfully.
Page 20 Go to System Maintenance page and choose Administrator Password. Enter the login password (the default is blank) on the field of Old Password. Type a new one in the field of New Password and retype it on the field of Retype New Password. Then click OK to continue.
Page 21: Quick Start Wizard
If your router can be under an environment with high speed NAT, the configuration provide here can help you to deploy and use the router quickly. The first screen of Quick Start Wizard is entering login password. After typing the password, please click Next. In the Quick Start Wizard, you can configure the router to access the Internet with different protocol/modes such as PPPoE, PPPoA, Bridged IP, or Routed IP.
Page 22: Pppoe/Pppoa
Protocol/Encapsulation Fixed IP IP Address Subnet Mask Default Gateway Primary DNS Second DNS PPPoE stands for Point-to-Point Protocol over Ethernet. It relies on two widely accepted standards: PPP and Ethernet. It connects users through an Ethernet to the Internet with a common broadband medium, such as a single DSL line, wireless device or cable modem.
Page 23 If your ISP provides you the PPPoE or PPPoA connection, please select PPPoE or PPPoA for this router. The following page will be shown: ISP Name User Name Password Confirm Password Always On Idle Timeout Click Next for viewing summary of such connection. Vigor2700 Series User’s Guide Assign a specific name for ISP requirement.
Page 24: Bridged Ip
Click Finish. The online status of this protocol will be shown as below. Click 1483 Bridged IP as the protocol. Type in all the information that your ISP provides for this protocol. After finishing the settings in this page, click Next to see the following page. Vigor2700 Series User’s Guide...
Page 25: Routed Ip
Click Finish. The online status of this protocol will be shown as below. Click 1483 Routed IP as the protocol. Type in all the information that your ISP provides for this protocol. After finishing the settings in this page, click Next to see the following page. Vigor2700 Series User’s Guide...
Page 26: Online Status For Each Protocol
Click Finish. The online status of this protocol will be shown as below. The online status shows the system status, WAN status, ADSL Information and other status related to this router within one page. If you select PPPoE or PPPoA as the protocol, you will find out a button of Dial PPPoE or Dial PPPoE in the Online Status web page.
Page 27 Online status for Bridge Online status for Routed IP Primary DNS Secondary DNS IP Address (in LAN) TX Packets RX Packets GW IP Addr: IP Address (in WAN) TX Rate RX Rate Up Time TX Blocks RX Blocks Corrected Blocks Vigor2700 Series User’s Guide Displays the assigned IP address of the primary DNS.
Page 28: Status Bar
Uncorrected Blocks Mode State Up Speed Down Speed SNR Margin Loop Att. Each time you click OK on the web page for saving the configuration, you can find messages showing the system interaction with you. Ready indicates the system is ready for you to input settings. Settings Saved means your settings are saved once you click Finish or OK button.
Page 29: Advanced Web Configuration
After finished basic configuration of the router, you can access Internet with ease. For the people who want to adjust more settings for suiting his/her request, please refer to this chapter for getting detailed information about the advanced configuration of this router. As for other examples of application, please refer to Chapter 4.
Page 30: Pppoe/Pppoa
PPPoA, included in RFC1483, can be operated in either Logical Link Control-Subnetwork Access Protocol or VC-Mux mode. As a CPE device, Vigor router encapsulates the PPP session based for transport across the ADSL loop and your ISP’s Digital Subscriber Line Access Multiplexer (SDLAM).
Page 31 PPPoE Pass-through ISDN Dial Backup Setup ISP Access Setup IP Address From ISP Vigor2700 Series User’s Guide The router offers PPPoE dial-up connection. Besides, you also can establish the PPPoE connection directly from local clients to your ISP via the Vigor router. When PPPoA protocol is selected, the PPPoE package transmitted by PC will be transformed into PPPoA package and sent to WAN server.
Page 32 like to utilize them on the WAN interface, please use WAN IP Alias. You can set up to 8 public IP addresses other than the current one you are using. By checking the checkbox Join NAT IP Pool, data from NAT hosts will be round-robin forwarded on a session basis.
Page 33: Mpoa
Default MAC Address Type in MAC address for the router. You can use Default MAC Index (1-15) in Schedule Setup After finishing all the settings here, please click OK to activate them. MPoA is a specification that enables ATM services to be integrated with existing LANs, which use either Ethernet, token-ring or TCP/IP protocols.
Page 34 MPoA (RFC1483/2684) Click Enable for activating this function. If you click Disable, this DSL Modem Settings ISDN Dial Backup Setup function will be closed and all the settings that you adjusted in this page will be invalid. Set up the DSL parameters required by your ISP. These are vital for building DSL connection to your ISP.
Page 35 RIP Protocol Bridge Mode WAN IP Network Settings Default MAC Address Type in MAC address for the router. You can use Default MAC DNS Server IP Address After finishing all the settings here, please click OK to activate them. Vigor2700 Series User’s Guide enable this feature if you host a web server for your customers’...
Page 36: Multi-Pvcs
This router allows you to create multi-PVCs for different data transferring for using. Simply go to Internet Access and select Multi-PVC Setup page. The system allows you to set up to eight channels which are ready for choosing as the first PVC line that will be used as multi-PVCs.
Page 37 Encapsulation Such configuration is applied to upstream packets. Such information will be provided by ISP. Please contact with your ISP for detailed information. QoS Type General page lets you set the first PVC. As to set the second PVC line, please click the Bridge tab to open Bridge configuration page.
Page 38 Enable P1 to P4 Service Type Add Tag Click Clear to remove all the configurations in this page if you do not satisfy it. When you finish the configuration, please click OK to save and exit this page. Or click Cancel to abort the configuration and exit this page.
Page 39: Lan
Local Area Network (LAN) is a group of subnets regulated and ruled by router. The design of network structure is related to what type of public IP addresses coming from your ISP. The most generic function of Vigor router is NAT. It creates a private subnet of your own. As mentioned previously, the router will talk to other public hosts on the Internet by using public IP address and talking to local hosts by using its private IP address.
Page 40: General Setup
Vigor router will exchange routing information with neighboring routers using the RIP to accomplish IP routing. This allows users to change the information of the router such as IP address and the routers will automatically inform for each other. When you have several subnets in your LAN, sometimes a more effective and quicker way for connection is the Static routes function rather than other method.
Page 41 1st IP Address 1st Subnet Mask For IP Routing Usage Click Enable to invoke this function. The default setting is Disable. IP Address Subnet Mask DHCP Server RIP Protocol Control Vigor2700 Series User’s Guide Type in private IP address for connecting to a local private network (Default: 192.168.1.1).
Page 42 DHCP Server Configuration DNS Server Configuration 2nd Subnet - Select the router to change the RIP information of the 2nd subnet with neighboring routers. DHCP stands for Dynamic Host Configuration Protocol. The router by factory default acts a DHCP server for your network so it automatically dispatch related IP settings to any local user configured as a DHCP client.
Page 43: Static Route
There are two common scenarios of LAN settings that stated in Chapter 4. For the configuration examples, please refer to that Chapter to get more information for your necessity. Go to LAN to open setting page and choose Static Route. Index Destination Address Status...
Page 44 have set Main Router 192.168.1.1 as the default gateway for the Router A 192.168.1.2. Before setting Static Route, user A cannot talk to user B for Router A can only forward recognized packets to its default gateway Main Router. Go to LAN page and click General Setup, select 1st Subnet as the RIP Protocol Control.
Page 45 Go to Diagnostics and choose Routing Table to verify current routing table. Click the Index Number that you want to disable from the Static Route Configuration page. Select Inactive/Disable from the drop-down menu, and then click the OK button to disable the route.
Page 46: Vlan
Virtual LAN function provides you a very convenient way to manage hosts by grouping them based on the physical port. You can also manage the in/out rate of each port. Go to LAN menu and select VLAN. The following page will appear. Click Enable to invoke VLAN function. To add or remove a VLAN, please refer to the following example.
Page 47: Bind Ip To Mac
This function is used to bind the IP and MAC address in LAN to have a strengthen control in network. When this function is enabled, all the assigned IP and MAC address binding together cannot be changed. If you modified the binding IP or MAC address, it might cause you not access into the Internet.
Page 48: Nat
IP Bind List Edit Remove Note: Before you select Strict Bind, you have to bind one set of IP/MAC address for one PC. If not, no one of the PCs can access into Internet. And the web configurator of the router might not be accessed. Usually, the router serves as an NAT (Network Address Translation) router.
Page 49 The port redirection can only apply to incoming traffic. To use this function, please go to NAT page and choose Port Redirection web page. The Port Redirection Table provides 10 port-mapping entries for the internal hosts. Service Name Protocol Public Port Private IP Private Port Active...
Page 50: Dmz Host
For example, the built-in web configurator in the router is with default port 80, which may conflict with the web server in the local network, http://192.168.1.13:80. Therefore, you need to change the router’s http port to any one other than the default port 80 to avoid conflict, such as 8080.
Page 51 Note: The inherent security properties of NAT are somewhat bypassed if you set up DMZ host. We suggest you to add additional filter rules or a secondary firewall. Click DMZ Host to open the following page: Drop Down List Private IP MAC Address of the True IP DMZ Host If you previously have set up WAN Alias in Internet Access>>PPPoE/PPPoA or Internet...
Page 52: Open Ports
Enable Private IP Choose PC Open Ports allows you to open a range of ports for the traffic of special applications. Common application of Open Ports includes P2P application (e.g., BT, KaZaA, Gnutella, WinMX, eMule and others), Internet Camera etc. Ensure that you keep the application involved up-to-date to avoid falling victim to any security exploits.
Page 53 Index Comment Aux. WAN IP Local IP Address Status To add or edit port settings, click one index number on the page. The index entry setup page will pop up. In each index entry, you can specify 10 port ranges for diverse services. However, if you previously have set up WAN Alias in Internet Access>>PPPoE/PPPoA or Internet Access>>MPoA, you will find that WAN IP appeared for your selection.
Page 54 Choose PC Protocol Start Port End Port Click this button and, subsequently, a window having a list of private IP addresses of local hosts will automatically pop up. Select the appropriate IP address of the local host in the list. Specify the transport layer protocol.
Page 55: Well-Known Ports List
This page provides you a view of well-known ports. While the broadband users demand more bandwidth for multimedia, interactive applications, or distance learning, security has been always the most concerned. The firewall of the Vigor router helps to protect your local network against attack from unauthorized outsiders. It also restricts users in the local network from accessing the Internet.
Page 56 The users on the LAN are provided with secured protection by the following firewall facilities: User-configurable IP filter (Call Filter/ Data Filter). Stateful Packet Inspection (SPI): tracks packets and denies unsolicited incoming data Selectable Denial of Service (DoS) /Distributed DoS (DDoS) attacks protection URL Content Filter Depending on whether there is an existing Internet connection, or in other words “the WAN link status is up or down”, the IP filter architecture categorizes traffic into two: Call Filter and...
Page 57 Stateful inspection is a firewall architecture that works at the network layer. Unlike legacy static packet filtering, which examines a packet based on the information in its header, stateful inspection builds up a state machine to track each connection traversing all interfaces of the firewall and makes sure they are valid.
Page 58: General Setup
To provide an appropriate cyberspace to users, Vigor router equips with URL Content Filter not only to limit illegal traffic from/to the inappropriate web sites but also prohibit other web feature where malicious code may conceal. Once a user type in or click on an URL with objectionable keywords, URL keyword blocking facility will decline the HTTP request to that web page thus can limit user’s access to the website.
Page 59: Filter Setup
Call Filter Data Filter Log Flag Some on-line games (for example: Half Life) will use lots of fragmented UDP packets to transfer game data. Instinctively as a secure firewall, Vigor router will reject these fragmented packets to prevent attack unless you enable Accept Incoming Fragmented UDP Packets. By checking this box, you can play these kinds of on-line games.
Page 60 Filter Rule Active Comment Next Filter Set To edit Filter Rule, click the Filter Rule index button to enter the Filter Rule setup page. Comments Check to enable the Filter Rule Pass or Block Click a button numbered (1 ~ 7) to edit the filter rule. Click the button will open Edit Filter Rule web page.
Page 61 Branch to other Filter Direction Protocol IP Address Subnet Mask Operator, Start Port and End Port Keep State Fragments Vigor2700 Series User’s Guide Pass If No Further Match - A packet matching the rule, and that does not match further rules, will be passed through. Block If No Further Match - A packet matching the rule, and that does not match further rules, will be dropped.
Page 62: Im Blocking
As stated before, all the traffic will be separated and arbitrated using on of two IP filters: call filter or data filter. You may preset 12 call filters and data filters in Filter Setup and even link them in a serial manner. Each filter set is composed by 7 filter rules, which can be further defined.
Page 63: P2P Blocking
P2P is the short name of peer to peer. Click Firewall and click P2P Blocking to open the setup page. You will see a list of common P2P applications. Check Enable P2P Blocking and select the one(s) to block. To block selected P2P applications during specific periods, enter the number of the scheduler predefined in Applications >>...
Page 64: Dos Defense
As a sub-functionality of IP Filter/Firewall, there are 15 types of detect/ defense function in the DoS Defense setup. The DoS Defense functionality is disabled for default. Click Firewall and click DoS Defense to open the setup page. Enable Dos Defense Enable SYN flood defense Enable UDP flood...
Page 65 Block IP options Block Land Block Smurf Block trace router Block SYN fragment Block Fraggle Attack Block TCP flag scan Block Tear Drop Block Ping of Death Block ICMP Fragment Check the box to activate the Block ICMP fragment function. Any Block Unknown Protocol Vigor2700 Series User’s Guide...
Page 66: Url Content Filter
Warning Messages Based on the list of user defined keywords, the URL Content Filter facility in Vigor router inspects the URL string in every outgoing HTTP request. No matter the URL string is found full or partial matched with a keyword, the Vigor router will block the associated HTTP connection.
Page 67 Enable URL Access Control Black List (block those matching keyword) White List (pass those matching keyword) Keyword Prevent web access from IP address Vigor2700 Series User’s Guide Check the box to activate URL Access Control. Click this button to restrict accessing into the corresponding webpage with the keywords listed on the box below.
Page 68: Web Content Filter
Enable Restrict Web Feature Enable Excepting Subnets Time Schedule Click Firewall and click Web Content Filter to open the setup page. For this section, please refer to Web Content Filter user’s guide for detailed information. When PCs with private IP addresses try to access into the Internet via NAT router, the router will generate the record of NAT sessions for such connection.
Page 69 To activate the function of limit session, simply click Enable and set the default session limit. Enable Disable Default session limit Limitation List Start IP End IP Maximum Sessions Edit Remove Index (1-15) in Schedule Setup Vigor2700 Series User’s Guide Click this button to activate the function of limit session.
Page 70: Bandwidth Limit
The downstream or upstream from FTP, HTTP or some P2P applications will occupy large of bandwidth and affect other normal applications. You can use Limit Bandwidth to make the bandwidth usage more efficient. In the Bandwidth Management menu, click Bandwidth Limit to open the web page. To activate the function of limit bandwidth, simply click Enable and set the default upstream and downstream limit.
Page 71: Quality Of Service
Edit Remove Index (1-15) in Schedule Setup Deploying QoS (Quality of Service) management to guarantee that all applications receive the service levels required and sufficient bandwidth to meet performance expectations is indeed one important aspect of modern enterprise network. One reason for QoS is that numerous TCP-based applications tend to continually increase their transmission rate and consume all available bandwidth, which is called TCP slow start.
Page 72 However, each node may take different attitude toward packets with high priority marking since it may bind with the business deal of SLA among different DS domain owners. It’s not easy to achieve deterministic and consistent high-priority QoS traffic throughout the whole network with merely Vigor router’s effort.
Page 73 Enable UDP Bandwidth Control Outbound TCP ACK Prioritize Limited_bandwidth Ratio On Line Statistics Click the Basic button to open basic configuration screen for each index number. Choose one of the items from the left box and click ADD>>. The selected one will be shown on the right box.
Page 74 Enable UDP Bandwidth Control Outbound TCP ACK Prioritize Limited_bandwidth Ratio On Line Statistics Click the Basic button to open basic configuration screen for each index number. Choose one of the items from the left box and click ADD>>. The selected one will be shown on the right box.
Page 75 Click this button to open advanced configuration for each index number. You can insert, move, edit or delete select rule in this page. For inserting a rule, click Insert to open the following page. SrcEdit/DestEdit It allows you to edit source address information. Address Type –...
Page 76 Service Name – Type in a new service for your request. Service Type – Choose the type (TCP, UDP or TCP/UDP) for the new service. Type for Port Configuration – Click Single or Range. If you select Range, you have to type in the starting port number and the end porting number on the boxes below.
Page 77: Applications
The ISP often provides you with a dynamic IP address when you connect to the Internet via your ISP. It means that the public IP address assigned to your router changes each time you access the Internet. The Dynamic DNS feature lets you assign a domain name to a dynamic WAN IP address.
Page 78: Schedule
Service Provider Service Type Domain Name Login Name Password Click OK button to activate the settings. You will see your setting has been saved. The Wildcard and Backup MX features are not supported for all Dynamic DNS providers. You could get more detailed information from their websites. Disable the Function and Clear all Dynamic DNS Accounts In the DDNS setup menu, uncheck Enable Dynamic DNS Setup, and push Clear All button to disable the function and clear all accounts from the router.
Page 79 Enable Schedule Setup Start Date (yyyy-mm-dd) Start Time (hh:mm) Duration Time (hh:mm) Action Idle Timeout Example Suppose you want to control the PPPoE Internet access connection to be always on (Force On) from 9:00 to 18:00 for whole week. Other time the Internet access connection should be disconnected (Force Down).
Page 80: Radius
Assign these two profiles to the PPPoE Internet access profile. Now, the PPPoE Internet connection will follow the schedule order to perform Force On or Force Down action according to the time plan that has been pre-defined in the schedule profiles. Remote Authentication Dial-In User Service (RADIUS) is a security authentication client/server protocol that supports authentication, authorization and accounting, which is widely used by Internet service providers.
Page 81 Enable UPNP Service After setting Enable UPNP Service setting, an icon of IP Broadband Connection on Router on Windows XP/Network Connections will appear. The connection status and control status will be able to be activated. The NAT Traversal of UPnP enables the multimedia features of your applications to operate.
Page 82 The reminder as regards concern about Firewall and UPnP: Can't work with Firewall Software Enabling firewall applications on your PC may cause the UPnP function not working properly. This is because these applications will block the accessing ability of some network ports. Security Considerations Activating the UPnP function on your network may incur some security threats.
Page 83: Igmp
IGMP is the abbreviation of Internet Group Management Protocol. It is a protocol which is mainly used for multicast groups. For invoking IGMP Snooping function, you have to check the Enable IGMP Proxy box first for activating the IGMP proxy function. Enable IGMP Proxy Enable IGMP Snooping Group ID...
Page 84 If you check Enable IGMP Proxy only, you will get the following page. All the multicast groups will be listed and all the LAN ports (P1 to P4) are available for use. If you check Enable IGMP Snooping only, you will get the following page. Though all the multicast groups are listed, yet all the LAN ports (P1 to P4) are not available for use.
Page 85: Wake On Lan
A PC client on LAN can wake up specified PC through the router. Yet the specified PC must have installed a network card supporting WOL function. By the way, WOL function must be set as “Enable” on the BIOS setting of the specified PC. Wake by IP Address MAC Address...
Page 86: Vpn And Remote Access
A Virtual Private Network (VPN) is the extension of a private network that encompasses links across shared or public networks like the Internet. In short, by VPN technology, you can send data between two computers across a shared or public network in a manner that emulates the properties of a point-to-point private link.
Page 87: Ppp General Setup
This submenu only applies to PPP-related connections, such as PPTP, L2TP, L2TP over IPSec of VPN or ISDN. Dial-In PPP Authentication PAP Only PAP or CHAP Dial-In PPP Encryption (MPPE Optional MPPE Mutual Authentication (PAP) Vigor2700 Series User’s Guide Select this option to force the router to authenticate dial-in users with the PAP protocol.
Page 88: Ipsec General Setup
Start IP Address In IPSec General Setup, there are two major parts of configuration. There are two phases of IPSec. Phase 1: negotiation of IKE parameters including encryption, hash, Diffie-Hellman parameter values, and lifetime to protect the following IKE exchange, authentication of both peers using either a Pre-Shared Key or Digital Signature (x.509).
Page 89: Ipsec Peer Identity
IPSec Security Method To use digital certificate for peer authentication in either LAN-to-LAN connection or Remote User Dial-In connection, here you may edit a table of peer certificate for selection. As shown below, the router provides 32 entries of digital certificates for peer dial-in users. Set to Factory Default Index Name...
Page 90: Remote Dial-In User
Profile Name Accept Any Peer ID Accept Subject Alternative Name Accept Subject Name You can manage remote access by maintaining a table of remote user profile, so that users can be authenticated to dial-in or build the VPN connection. You may set parameters including specified connection peer ID, connection type (ISDN Dial-In connection, VPN connection - including PPTP, IPSec Tunnel, and L2TP by itself or over IPSec) and corresponding security methods, etc.
Page 91 Set to Factory Default Index User Status Next Click each index to edit one remote user profile. Each Dial-In Type requires you to fill the different corresponding fields on the right. If the fields gray out, it means you may leave it untouched.
Page 92 Enable this account ISDN PPTP IPSec Tunnel L2TP Specify Remote Node Check the box to enable this function. Idle Timeout- If the dial-in user is idle over the limitation of the time, the router will drop this connection. By default, the Idle Timeout is set to 300 seconds.
Page 93 User Name Password IKE Authentication Method This group of fields is applicable for IPSec Tunnels and L2TP IPSec Security Method Callback Function Vigor2700 Series User’s Guide Uncheck the checkbox-This means the connection type you select above will apply the authentication methods and security methods in the general settings.
Page 94: Lan To Lan
Here you can manage LAN-to-LAN connections by maintaining a table of connection profiles. You may set parameters including specified connection direction (dial-in or dial-out), connection peer ID, connection type (ISDN connection, VPN connection - including PPTP, IPSec Tunnel, and L2TP by itself or over IPSec) and corresponding security methods, etc. The router provides up to 32 profiles, which also means supporting 32 VPN tunnels simultaneously.
Page 95 Profile Name Enable this profile Call Direction Always On or Idle Timeout Always On-Check to enable router always keep VPN Enable PING to keep alive This function is to help the router to determine the status of PING to the IP Vigor2700 Series User’s Guide Specify a name for the profile of the LAN-to-LAN connection.
Page 96 ISDN PPTP IPSec Tunnel L2TP with … User Name Password PPP Authentication VJ compression IKE Authentication Method Enable PING to Keep Alive is used to handle abnormal IPSec VPN connection disruption. It will help to provide the state of a VPN connection for router’s judgment of redial.
Page 97 IPSec Security Method Medium Advanced Vigor2700 Series User’s Guide This group of fields is a must for IPSec Tunnels and L2TP with IPSec Policy. Authentication Header (AH)- means data will be authenticated, but not be encrypted. By default, this option is active.
Page 98 Callback Function (for I models only) IKE phase 1 key lifetime-For security reason, the lifetime of key should be defined. The default value is 28800 seconds. You may specify a value in between 900 and 86400 seconds. IKE phase 2 key lifetime-For security reason, the lifetime of key should be defined.
Page 99 Allowed Dial-In Type ISDN PPTP IPSec Tunnel L2TP Vigor2700 Series User’s Guide Determine the dial-in connection with different types. Allow the remote ISDN dial-in connection. You can further set up Callback function below. You should set the User Name and Password of remote dial-in user below.
Page 100 Specify ISDN CLID or Remote VPN Gateway Peer ISDN Number or Peer VPN Server IP User Name Password VJ Compression IKE Authentication Method IPSec Security Method Callback Function Must- Specify the IPSec policy to be definitely applied on the L2TP connection. You can specify the IP address of the remote dial-in user or peer ID (should be the same with the ID setting in dial-in type) by checking the box.
Page 101 My WAN IP Remote Gateway IP Remote Network IP/ Remote Network Mask More RIP Direction RIP Version For NAT operation, treat remote sub-net as Change default route to this VPN tunnel Vigor2700 Series User’s Guide the dial-in user. The budget will be decreased automatically per callback connection.
Page 102: Connection Management
You can find the summary table of all VPN connections. You may disconnect any VPN connection by clicking Drop button. You may also aggressively Dial-out by using Dial-out Tool and clicking Dial button. Dial Refresh Seconds Refresh Note: The status of LAN to LAN for ISDN is shown on the page of Online Status. interfaces are enabled.
Page 103: Certificate Management
A digital certificate works as an electronic ID, which is issued by a certification authority (CA). It contains information such as your name, a serial number, expiration dates etc., and the digital signature of the certificate-issuing authority so that a recipient can verify that the certificate is real.
Page 104: Trusted Ca Certificate
View After clicking Generate, the generated information will be displayed on the window below: Trusted CA certificate lists three sets of trusted CA certificate. To import a pre-saved trusted CA certificate, please click IMPORT to open the following window. Use Browse… to find out the saved text file. Then click Import. The one you imported will be listed on the Trusted CA Certificate window.
Page 105: Voip
Voice over IP network (VoIP) enables you to use your broadband Internet connection to make toll quality voice calls over the Internet. There are many different call signaling protocols, methods by which VoIP devices can talk to each other. The most popular protocols are SIP, MGCP, Megaco and H.323. These protocols are not all compatible with each other (except via a soft-switch server).
Page 106 The major benefit of this mode is that you don’t have to memorize your friend’s IP address, which might change very frequently if it’s dynamic. Instead of that, you will only have to using dial plan or directly dial your friend’s account name if you are with the same SIP Registrar.
Page 107: Dialplan
This page allows you to set phone book and digit map for the VoIP function. Click the Phone Book and Digit Map links on the page to access into next pages for dialplan settings. Note: The PSTN Setup link is available for Vigor2700V(MODULE: 2S1L) and Vigor2700VG(MODULE: 2S1L) only.
Page 108 Click any index number to display the dial plan setup page. Below is a sample page obtained from Vigor 2700V(MODUEL:2S)/2700VG(MODUEL:2S). Enable Phone Number Display Name SIP URL This page will differ for different models. Below is a sample page obtained from Vigor 2700VGi.
Page 109 Display Name SIP URL Loop through Backup Phone Number For the convenience of user, this page allows users to edit prefix number for the SIP account with adding number, stripping number or replacing number. It is used to help user having a quick and easy way to dial out through VoIP interface.
Page 110 Enable Prefix Number Mode OP Number Min Len Max Len Interface Some emergency phone (e.g., 911) or special phone cannot be dialed out by using VoIP and can be called out through PSTN line only. To solve this problem, this page allows you to set five sets of PSTN number for dialing without passing through Internet.
Page 111: Sip Accounts
Then, check the Enable box to make the PSTN number available for dial whenever you need. Note: This function is available for Vigor2700V/2700VG (MODULE 2S1L) only. In this section, you set up your own SIP settings. When you apply for an account, your SIP service provider will give you an Account Name or user name, SIP Registrar, Proxy, and Domain name.
Page 112 External IP SIP PING interval Status Profile Name Register via SIP Port Domain/Realm Proxy Act as Outbound Proxy Display Name Type in the gateway IP address. The default value is 150 (sec). It is useful for a Nortel server NAT Traversal Support. Show the status for the corresponding SIP account.
Page 113 Account Number/Name Authentication ID Password Expiry Time NAT Traversal Support Ring Port Ring Pattern Vigor2700 Series User’s Guide Enter your account name of SIP Address, e.g. every text before Check the box to invoke this function and enter the name or number used for SIP Authorization with SIP Registrar.
Page 114 Below shows successful SIP accounts for your reference. Vigor2700 Series User’s Guide...
Page 115: Phone Settings
This page allows user to set phone settings for VoIP 1 and VoIP 2 respectively. Click the number 1 or 2 link under Index column, you can access into the following page for configuring Phone settings. Vigor2700 Series User’s Guide Symmetric RTP –...
Page 116 Hotline Session Timer T.38 Fax function Call Forwarding DND (Do Not Disturb) mode Check the box to enable it. Type in the SIP URL in the field for dialing automatically when you pick up the phone set. Check the box to enable the function. In the limited time that you set in this field, if there is no response, the connecting call will be closed automatically.
Page 117 CLIR (hide caller ID) Call Waiting Call Transfer Prefer Codec Default SIP Account Default Call Route Vigor2700 Series User’s Guide Check this box to hide the caller ID on the display panel of the phone set for the remote side. Check this box to invoke this function.
Page 118 In addition, you can press the Advanced button to configure tone settings, volume gain, MISC and DTMF mode. Advanced setting is provided for fitting the telecommunication custom for the local area of the router installed. Wrong tone settings might cause inconvenience for users. To set the sound pattern of the phone set, simply choose a proper region to let the system find out the preset tone settings and caller ID type automatically.
Page 119: Status
Volume Gain MISC DTMP On VoIP call status, you can find codec, connection and other important call status for both ports of VoIP 1 and 2. Vigor2700 Series User’s Guide Also, you can specify each field for your necessity. It is recommended for you to use the default settings for VoIP communication.
Page 120 Refresh Seconds Port Status Codec PeerID Connect Time Tx Pkts Rx Pkts Rx Losts Rx Jitter In Calls Specify the interval of refresh time to obtain the latest VoIP calling information. The information will update immediately when the Refresh button is clicked. It shows current connection status for the port of VoIP1, VoIP2, ISDN1 and ISDN2.
Page 121: Isdn
Out Calls Speaker Gain ISDN stands for Integrated Services Digital Network. It is an international communications standard for sending voice, video, and data over digital telephone lines. Note: The feature is available for i models only. ISDN Port Country Code Own Number MSN Numbers for the Router Blocked MSN Numbers for the...
Page 122: Dialing To A Single Isp
If you access the Internet via a single ISP, press this link. ISP Name Dial Number Username Password Require ISP Callback (CBCP) Scheduler (1-15) Link Type PPP Authentication Idle Timeout Fixed IP Enter your ISP name. Enter the ISDN access number provided by your ISP. Enter the username provided by your ISP.
Page 123: Dialing To Dual Isps
Fixed IP Address If you have more than one ISP, press this link to configure two ISP dialup profiles. You will be able to dial to both ISPs at the same time. This is mainly for those ISPs that do not support Multiple-Link PPP (ML-PPP) function.
Page 124 As depicted in the above application scenario, the Virtual TA client can make an outgoing call or accept an incoming call to/from a peer FAX machine or ISDN TA, etc. Before you configure the Virtual TA (Remote CAPI) Setup, please install the virtual TA client first.
Page 125 Virtual TA Server Username Password MSN1/ MSN2/MSN3 Active Note that creating a single user access account will limit the access to the Virtual TA server to only the specified account holders. Assume you did not acquire any MSN service from your ISDN network provider. On the server - Click Virtual TA (Remote CAPI) Setup link, and fill in the Username and Password fields.
Page 126 Click the Virtual TA Login tab to launch the login box. Enter the Username/Password and then click OK. After a short time, the VT icon text will turn green. If you have applied to an MSN number service, the Virtual TA server can assign which client has the specified MSN number.
Page 127: Call Control
Some applications require that the router (only for i models) be remotely activated, or be able to dial up to the ISP via the ISDN interface. Vigor routers provide this feature which allows you to make a phone call to the router and then ask it to dial up to the ISP. Please set Dialing to a Single ISP first before configuring this web page.
Page 128: Wireless Lan
Water Time Note: If you are not sure whether your ISP can support BOD and/or ML-PPP’s features, please seek assistance from your ISP, local dealers or our website: support@draytek.com. Note: This function is used for G models only. Over recent years, the market for wireless communications has enjoyed tremendous growth.
Page 129 No matter which security suite you select, they all will enhance the over-the-air data protection and /or privacy on your wireless network. The Vigor wireless router is very flexible and can support multiple secure connections with both WEP and WPA at the same time.
Page 130 Example 2 Example 3 Separate the Wireless and the Wired LAN- WLAN Isolation enables you to isolate your wireless LAN from wired LAN for either quarantine or limit access reasons. To isolate means neither of the parties can access each other. To elaborate an example for business use, you may set up a wireless LAN for visitors only so they can connect to Internet without hassle of the confidential information leakage.
Page 131: General Settings
By clicking the General Settings, a new web page will appear so that you could configure the SSID and the wireless channel. Please refer to the following figure for more information. Enable Wireless LAN Check the box to enable wireless function. Mode Index(1-15) Enable...
Page 132 STAs to join your wireless LAN. Depending on the wireless utility, the user may only see the information except SSID or just cannot see any thing about Vigor wireless router while doing site survey. Means the identification of the wireless LAN. SSID can be any text numbers or various special characters.
Page 133: Security
This page allows you to set security with different modes for SSID 1, 2, 3 and 4 respectively. After configuring the correct settings, please click OK to save and invoke it. Mode Vigor2700 Series User’s Guide upload. Default value is 30,000 kbps. Download –...
Page 134: Access Control
For additional security of wireless access, the Access Control facility allows you to restrict the network access right by controlling the wireless LAN MAC address of client. Only the valid MAC address that has been configured can access the wireless LAN interface. By clicking the Access Control, a new web page will appear, as depicted below, so that you could edit the clients' MAC addresses to control their access rights.
Page 135: Wds
WDS means Wireless Distribution System. It is a protocol for connecting two access points (AP) wirelessly. Usually, it can be used for the following application: Provide bridge traffic between two LANs through the air. Extend the coverage range of a WLAN. To meet the above requirement, two WDS modes are implemented in Vigor router.
Page 136 Click WDS from Wireless LAN menu. The following page will be shown. Mode Security Choose the mode for WDS setting. Disable mode will not invoke any WDS setting. Bridge mode is designed to fulfill the first type of application. Repeater mode is for the second one. There are three types for security, Disable, WEP and Pre-shared key.
Page 137 Settings Pre-shared Key Bridge Repeater Access Point Function Status Vigor2700 Series User’s Guide Encryption Mode - If you checked the box of Use the same WEP key …, you do not need to choose 64-bit or 128-bit as the Encryption Mode. If you do not check that box, you can set the WEP key now in this page.
Page 138: Ap Discovery
Vigor router can scan all regulatory channels and find working APs in the neighborhood. Based on the scanning result, users will know which channel is clean for usage. Also, it can be used to facilitate finding an AP for a WDS link. Notice that during the scanning process (about 5 seconds), no client is allowed to connect to Vigor.
Page 139: Station List
Station List provides the knowledge of connecting wireless clients now along with its status code. There is a code summary below for explanation. For convenient Access Control, you can select a WLAN station and click Add to Access Control below. Refresh Vigor2700 Series User’s Guide Click this button to refresh the status of station list.
Page 140: System Maintenance
For the system setup, there are several items that you have to know the way of configuration: Status, Administrator Password, Configuration Backup, Syslog, Time and Date, Reboot System and Firmware Upgrade. The System Status provides basic network settings of Vigor router. It includes LAN and WAN interface information.
Page 141: Administrator Password
This page allows you to set new password. Old Password New Password Retype New Password Type in the new password again. When you click OK, the login window will appear. Please use the new password to access into the web configurator again. Follow the steps below to backup your configuration.
Page 142: Syslog/Mail Alert
In Save As dialog, the default filename is config.cfg. You could give it another name by yourself. Click Save button, the configuration will download automatically to your computer as a file named config.cfg. The above example is using Windows platform for demonstrating examples. The Mac or Linux platform will appear different windows, but the backup function is still available.
Page 143 Enable Syslog Server IP Destination Port Enable syslog message SMTP Server Mail To Return-Path Authentication User Name Password Click OK to save these settings. For viewing the Syslog, please do the following: Just set your monitor PC’s IP address in the field of Server IP Address Install the Router Tools in the Utility within provided CD.
Page 144: Time And Date
It allows you to specify where the time of the router should be inquired from. Current System Time Use Browser Time Use Internet Time Client Time Protocol Server IP Address Time Zone Enable Daylight Saving Click Inquire Time to get the current time. Select this option to use the browser time from the remote administrator PC host as router’s system time.
Page 145: Management
Automatically Update Interval Click OK to save these settings. This page allows you to manage the settings for access control, access list, port setup, and SMP setup. For example, as to management access control, the port number is used to send/receive SIP message for building a session.
Page 146: Reboot System
Note that this example is running over Windows OS (Operating System). Download the newest firmware from DrayTek's web site or FTP site. The DrayTek web site is www.draytek.com (or local DrayTek's web site) and FTP site is ftp.draytek.com.
Page 147: Diagnostics
Click System Maintenance>> Firmware Upgrade to launch the Firmware Upgrade Utility. Click OK. The following screen will appear. For the detailed information about firmware update, please go to Chapter 4. Diagnostic Tools provide a useful way to view or diagnose the status of your Vigor router. Click Diagnostics and click WAN Connection to open the web page.
Page 148: Dial-Out Trigger
Broadband Access Mode/Status WAN IP Address Dial PPPoE or PPPoA Click it to force the router to establish a PPPoE or PPPoA DropPPPoE or PPPoA Click it to force the router to cut off a PPPoE or PPPoA connection. Click Diagnostics and click Dial-out Trigger to open the web page. The internet connection (e.g., ISDN, PPPoE, PPPoA, etc) is triggered by a package sending from the source IP address.
Page 149: Arp Cache Table
Click Diagnostics and click ARP Cache Table to view the content of the ARP (Address Resolution Protocol) cache held in the router. The table shows a mapping between an Ethernet hardware address (MAC Address) and an IP address. Refresh Clear The facility provides information on IP address assignments.
Page 150: Nat Sessions Table
Refresh Click Diagnostics and click NAT Sessions Table to open the setup page. Private IP:Port #Pseudo Port Peer IP:Port Ifno Status Refresh Click it to reload the page. It indicates the source IP address and port of local PC. It indicates the temporary port of the router used for NAT. It indicates the destination IP address and port of remote host.
Page 151: Ping Diagnosis
Click Diagnostics and click Ping Diagnosis to pen the web page. Ping to IP Address Clear Vigor2700 Series User’s Guide Use the drop down list to choose the destination that you would like to ping. Type in the IP address of the Host/IP that you want to ping. Click this button to start the ping work.
Page 152: Data Flow Monitor
This page displays the running procedure for the IP address monitored and refreshes the data in an interval of several seconds. The IP address listed here is configured in Bandwidth Management. You have to enable IP bandwidth limit and IP session limit before invoke Data Flow Monitor.
Page 153: Trace Route
Index IP Address TX rate (kbps) RX rate (kbps) Sessions Action Click Diagnostics and click Trace Route to open the web page. This page allows you to trace the routes from router to the host. Simply type the IP address of the host in the box and click Run.
Page 154 This page is left blank. Vigor2700 Series User’s Guide...
Page 155: Application And Examples
The most common case is that you may want to connect to network securely, such as the remote branch office and headquarter. According to the network structure as shown in the below illustration, you may follow the steps to create a LAN-to-LAN profile. These two networks (LANs) should NOT have the same network address.
Page 156 For using IPSec-based service, such as IPSec or L2TP with IPSec Policy, you have to set general settings in IPSec General Setup, such as the pre-shared key that both parties have known. Go to LAN-to-LAN. Click on one index number to edit a profile. Set Common Settings as shown below.
Page 157 If a PPP-based service is selected, you should further specify the remote peer IP Address, Username, Password, PPP Authentication and VJ Compression for this Dial-Out connection. Set Dial-In settings to as shown below to allow Router B dial-in to build VPN connection.
Page 158 If a PPP-based service is selected, you should further specify the remote peer IP Address, Username, Password, and VJ Compression for this Dial-In connection. At last, set the remote network IP/subnet in TCP/IP Network Settings so that Router A can direct the packets destined to the remote network to Router B via the VPN connection.
Page 159 Then, for using PPP based services, such as PPTP, L2TP, you have to set general settings in PPP General Setup. For using IPSec-based service, such as IPSec or L2TP with IPSec Policy, you have to set general settings in IPSec General Setup, such as the pre-shared key that both parties have known.
Page 160 If a PPP-based service is selected, you should further specify the remote peer IP Address, Username, Password, PPP Authentication and VJ Compression for this Dial-Out connection. Set Dial-In settings to as shown below to allow Router A dial-in to build VPN connection.
Page 161 If a PPP-based service is selected, you should further specify the remote peer IP Address, Username, Password, and VJ Compression for this Dial-In connection. At last, set the remote network IP/subnet in TCP/IP Network Settings so that Router B can direct the packets destined to the remote network to Router A via the VPN connection.
Page 162: Create A Remote Dial-In User Connection Between The Teleworker And Headquarter
The other common case is that you, as a teleworker, may want to connect to the enterprise network securely. According to the network structure as shown in the below illustration, you may follow the steps to create a Remote User Profile and install Smart VPN Client on the remote host.
Page 163 Go to Remote Dial-In Users. Click on one index number to edit a profile. Set Dial-In settings to as shown below to allow the remote user dial-in to build VPN connection. If an IPSec-based service is selected, you may further specify the remote peer IP Address, IKE Authentication Method and IPSec Security Method for this Dial-In connection.
Page 164 For Win2000/XP, please use "Network and Dial-up connections" or “Smart VPN Client”, complimentary software to help you create PPTP, L2TP, and L2TP over IPSec tunnel. You can find it in CD-ROM in the package or go to www.draytek.com download center. Install as instructed.
Page 165 You may further specify the method you use to get IP, the security method, and authentication method. If the Pre-Shared Key is selected, it should be consistent with the one set in VPN router. If a PPP-based service is selected, you should further specify the remote VPN server IP address, Username, Password, and encryption method.
Page 166: Qos Setting Example
Click Connect button to build connection. When the connection is successful, you will find a green light on the right down corner. Assume a teleworker sometimes works at home and takes care of children. When working time, he would use Vigor router at home to connect to the server in the headquarter office downtown via either HTTPS or VPN to check email and access internal database.
Page 167 Select POP3 and SMTP on the left column and add to right column. Click OK to exit. Enter the Class Name of Index 2. In this index, she will set reserve bandwidth for HTTP. And click Basic on the right. Select HTTPS in the list on the left column and click on ADD to add to right column.
Page 168: Lan - Created By Using Nat
And click Advanced button on the right. Click edit to open a new window. First, check the ACT box. Then click SrcEdit to set a worker’s subnet address. Click DestEdit to set headquarter’s subnet address. Leave other fields and click OK. –...
Page 169 To use another DHCP server in the network rather than the built-in one of Vigor Router, you have to change the settings as shown below. You can just set the settings wrapped inside the red rectangles to fit the request of NAT usage. Vigor2700 Series User’s Guide...
Page 170: Calling Scenario For Voip Function
Example 1: Both John and David have SIP Addresses from different service providers. John’s SIP URL: 1234@draytel.org, David’s SIP URL: 4321@iptel.org Settings for John DialPlan index 1 Phone Number: 1111 Display Name: David SIP URL: 4321@iptel.org SIP Accounts Settings --- Profile Name: draytel1 Register via: Auto SIP Port: 5060 (default)
Page 171 Example 2: Both John and David have SIP Addresses from the same service provider. John’s SIP URL: 1234@draytel.org , David’s SIP URL: 4321@draytel.org Settings for John DialPlan index 1 Phone Number: 1111 Display Name: David SIP URL: 4321@draytel.org SIP Accounts Settings --- Profile Name: draytel 1 Register via: Auto SIP Port: 5060 (default)
Page 172: Peer-To-Peer Calling
Example 3: Arnor and Paulin have Vigor routers respectively, they can call each other without SIP Registrar. First they must have each other’s IP address and assign an Account Name for the port used for calling. Arnor’s SIP URL: 1234@214.61.172.53 Settings for Arnor DialPlan index 1 Phone Number: 1111...
Page 173: Upgrade Firmware For Your Router
4. The file RTSxxx.exe will be asked to copy onto your computer. Remember the place of storing the execution file. 5. Go to www.draytek.com to find out the newly update firmware for your router. 6. Access into Support Center >> Downloads. Find out the model name of the router and click the firmware link.
Page 174 9. Double click on the icon of router tool. The setup wizard will appear. 10. Follow the onscreen instructions to install the tool. Finally, click Finish to end the installation. 11. From the Start menu, open Programs and choose Router Tools XXX >> Firmware Upgrade Utility.
Page 175 14. Click Send. 15. Now the firmware update is finished. Vigor2700 Series User’s Guide...
Page 176: Request A Certificate From A Ca Server On Windows Ca Server
Go to Certificate Management and choose Local Certificate. You can click GENERATE button to start to edit a certificate request. Enter the information in the certificate request. Vigor2700 Series User’s Guide...
Page 177 Copy and save the X509 Local Certificate Requet as a text file and save it for later use. Connect to CA server via web browser. Follow the instruction to submit the request. Below we take a Windows 2000 CA server for example. Select Request a Certificate. Vigor2700 Series User’s Guide...
Page 178 Select Advanced request. Select Submit a certificate request a base64 encoded PKCS #10 file or a renewal request using a base64 encoded PKCS #7 file Import the X509 Local Certificate Requet text file. Select Router (Offline request) or IPSec (Offline request) below. Then you have done the request and the server now issues you a certificate.
Page 179 you will find the below window showing “------BEGIN CERTIFICATE------...” You may review the detail information of the certificate by clicking View button. Vigor2700 Series User’s Guide...
Page 180: Request A Ca Certificate And Set As Trusted On Windows Ca Server
Use web browser connecting to the CA server that you would like to retrieve its CA certificate. Click Retrive the CA certificate or certificate recoring list. Vigor2700 Series User’s Guide...
Page 181 In Choose file to download, click CA Certificate Current and Base 64 encoded, and Download CA certificate to save the .cer. file. Back to Vigor router, go to Trusted CA Certificate. Click IMPORT button and browse the file to import the certificate (.cer file) into Vigor router. When finished, click REFRESH and you will find the below illustration.
Page 182 Vigor2700 Series User’s Guide...
Page 183: Trouble Shooting
This section will guide you to solve abnormal situations if you cannot access into the Internet after installing the router and finishing the web configuration. Please follow sections below to check your basic installation status stage by stage. Checking if the hardware status is OK or not. Checking if the network connection settings on your computer are OK or not.
Page 184 The example is based on Windows XP. As to the examples for other operation systems, please refer to the similar steps or find support notes in www.draytek.com. Go to Control Panel and then double-click on Network Connections. Right-click on Local Area Connection and click on Properties.
Page 185 Select Obtain an IP address automatically and Obtain DNS server address automatically. Double click on the current used MacOs on the desktop. Open the Application folder and get into Network. On the Network screen, select Using DHCP from the drop down list of Configure IPv4. Vigor2700 Series User’s Guide...
Page 186: Pinging The Router From Your Computer
The default gateway IP address of the router is 192.168.1.1. For some reason, you might need to use “ping” command to check the link status of the router. The most important thing is that the computer will receive a reply from 192.168.1.1. If not, please check the IP address of your computer.
Page 187 Vigor2700 Series User’s Guide...
Page 188: Checking If The Isp Settings Are Ok Or Not
Click Internet Access group and then check whether the ISP settings are set correctly. Check if the Enable option is selected. Check if Username and Password are entered with correct values that you got from your ISP. Vigor2700 Series User’s Guide...
Page 189: Backing To Factory Default Setting If Necessary
Check if the Enable option for Broadband Access is selected. Check if all parameters of DSL Modem Settings are entered with correct value that provided by your ISP. Especially, check if the encapsulation is selected properly or not (it should be the same with the setting on Quick Start Wizard). Check if IP Address, Subnet Mask and Gateway are set correctly (must identify with the values from your ISP) if you choose Specify an IP address.
Page 190: Contacting Your Dealer
After restore the factory default setting, you can configure the settings for the router again to fit your personal request. If the router still cannot work correctly after trying many efforts, please contact your dealer for further help right away. For any questions, please feel free to send e-mail to support@draytek.com. F ctory Reset Factory...

This manual is also suitable for:

Vigor 2700g Vigor 2700vg 2s1l Vigor 2700gi Vigor 2700v Vigor 2700v 2s1l Vigor 2700vg ... Show all

Draytek Vigor 2700 User Manual

Preface

Configuring Basic Settings

Advanced Web Configuration

Application and Examples

Trouble Shooting

Quick Links

Related Manuals for Draytek Vigor 2700

Summary of Contents for Draytek Vigor 2700

This manual is also suitable for:

Table of Contents