Draytek 2800 Series User Manual
  1. Manuals
  2. Brands
  3. Draytek Manuals
  4. Network Router
  5. 2800 Series
  6. User manual

Draytek 2800 Series User Manual

Vigor2800 series adsl2/2+ security router
Hide thumbs
Table of Contents

Advertisement

Quick Links

Vigor2800 Series
ADSL2/2+ Security Router
User's Guide
Version: 3.1
Date: 2006/6/20
Copyright 2006 All rights reserved.
This publication contains information that is protected by copyright. No part may be reproduced, transmitted,
transcribed, stored in a retrieval system, or translated into any language without written permission from the copyright
holders. The scope of delivery and other details are subject to change without prior notice.
Microsoft is a registered trademark of Microsoft Corp.
Windows, Windows 95, 98, Me, NT, 2000, XP and Explorer are trademarks of Microsoft Corp.
Apple and Mac OS are registered trademarks of Apple Computer Inc.
Other products may be trademarks or registered trademarks of their respective manufacturers.

Advertisement

Table of Contents
loading

Related Manuals for Draytek 2800 Series

Summary of Contents for Draytek 2800 Series

  • Page 1 Vigor2800 Series ADSL2/2+ Security Router User’s Guide Version: 3.1 Date: 2006/6/20 Copyright 2006 All rights reserved. This publication contains information that is protected by copyright. No part may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language without written permission from the copyright holders.

  • Page 2: Table Of Contents

    Preface ...1 1.1 LED Indicators and Connectors ... 1 1.1.1 For Vigor2800 ... 2 1.1.2 For Vigor2800G ... 3 1.1.3 For Vigor2800i ... 4 1.1.4 For Vigor2800Gi ... 5 1.1.5 For Vigor2800V... 6 1.1.6 For Vigor2800VG... 7 1.1.7 For Vigor2800VGi ... 8 1.2 Hardware Installation ...
  • Page 3 3.4.4 IM Blocking ... 50 3.4.5 P2P Blocking ... 50 3.4.6 DoS Defense ... 51 3.4.7 URL Content Filter ... 53 3.4.8 Web Content Filter... 56 3.4.9 Bind IP to MAC ... 57 3.5 Bandwidth Management ... 58 3.5.1 Limit Session ... 58 3.5.2 Limit Bandwidth ...
  • Page 4 3.12.5 Wireless Rate Control... 140 3.13 System Maintenance... 141 3.13.1 System Status... 141 3.13.2 Administrator Password... 142 3.12.3 Configuration Backup ... 142 3.13.4 Syslog/Mail Alert ... 144 3.13.5 Time and Date ... 146 3.13.6 Management... 147 3.13.7 Reboot System ... 148 3.13.8 Firmware Upgrade ...

  • Page 5: Preface

    Targeting requirement for residential, SOHO (Small Office and Home Office) and business users, the Vigor2800 series is an ADSL2/2+ enabled integrated access device. With downstream speed up to 12Mbps (ADSL2) or 24Mbps (ADSL2+), the Vigor2800 V models provide exceptional bandwidth for Internet access. To secure your network, the Vigor2800 series provides an advanced firewall with advanced features, such as NAT with multi VPN pass-through, Stateful Packet Inspection (SPI) to offer network reliability by detecting and prohibiting malicious penetrating packets,...

  • Page 6: For Vigor2800

    Printer (Activity) Printer LAN (P1, P2, P3, P4) Interface Printer ON/OFF LAN P4 – P1 Factory Reset Printer P2P Firewall VPN Status Explanation Blinking The router is powered on and running properly. The router is powered on. The QoS function is active. The QoS function is inactive.

  • Page 7: For Vigor2800G

    Printer ACT (Activity) Firewall WLAN Printer LAN (P1, P2, P3, P4) Interface Printer ON/OFF LAN P4 – P1 Factory Reset Vigor2800 Series User’s Guide Printer P2P Firewall WLAN Status Explanation Blinking The router is powered on and running properly. The router is powered on. The QoS function is active.

  • Page 8: For Vigor2800I

    ISDN Printer (Activity) ISDN Printer LAN (P1, P2, P3, P4) Interface Printer ON/OFF LAN P4 – P1 ISDN Factory Reset P2P Firewall VPN Printer Status Explanation Blinking The router is powered on and running properly. The router is powered on. The ISDN network is correctly setup.

  • Page 9: For Vigor2800Gi

    ISDN Printer ACT (Activity) ISDN Firewall WLAN Printer LAN (P1, P2, P3, P4) Interface Printer ON/OFF LAN P4 – P1 ISDN Factory Reset Vigor2800 Series User’s Guide P2P Firewall WLAN Printer Status Explanation Blinking The router is powered on and running properly. The router is powered on.

  • Page 10: For Vigor2800V

    (Activity) FXS1/FXS2 Printer LAN (P1, P2, P3, P4) Interface Printer ON/OFF FXS2 & FXS1 LAN P4 – P1 Factory Reset Status Explanation Blinking The router is powered on and running properly. The router is powered on. The QoS function is active. The QoS function is inactive.

  • Page 11: For Vigor2800Vg

    (Activity) FXS1/FXS2 WLAN Printer LAN (P1, P2, P3, P4) Interface Printer ON/OFF FXS2 & FXS1 LAN P4 – P1 Factory Reset Vigor2800 Series User’s Guide Status Explanation Blinking The router is powered on and running properly. The router is powered on. The QoS function is active.

  • Page 12: For Vigor2800Vgi

    ISDN FXS1 FXS2 WLAN Printer ACT (Activity) ISDN FXS1/FXS2 WLAN Printer LAN (P1, P2, P3, P4) Interface Printer ON/OFF FXS2 & FXS1 LAN P4 – P1 ISDN Factory Reset Phone Printer FXS2 FXS1 Status Explanation Blinking The router is powered on and running properly. The router is powered on.

  • Page 13: Hardware Installation

    Before starting to configure the router, you have to connect your devices correctly. Connect the DSL interface to the external ADSL splitter with an ADSL line cable. Connect one port of 4-port switch to your computer with a RJ-45 cable. This device allows you to connect 4 PCs directly.
  • Page 14 This page is left blank. Vigor2800 Series User’s Guide...

  • Page 15: Configuring Basic Settings

    For use the router properly, it is necessary for you to change the password of web configuration for security and adjust primary basic settings. This chapter explains how to setup a password for an administrator and how to adjust basic settings for accessing Internet successfully.
  • Page 16 Go to System Maintenance page and choose Administrator Password. Enter the login password (the default is blank) on the field of Old Password. Type a new one in the field of New Password and retype it on the field of Retype New Password.

  • Page 17: Quick Start Wizard

    If your router can be under an environment with high speed NAT, the configuration provide here can help you to deploy and use the router quickly. The first screen of Quick Start Wizard is entering login password. After typing the password, please click Next. In the Quick Start Wizard, you can configure the router to access the Internet with different protocol/modes such as PPPoE, PPPoA, Bridged IP, or Routed IP.

  • Page 18: Pppoe/Pppoa

    Protocol/Encapsulation Fixed IP IP Address Subnet Mask Default Gateway Primary DNS Second DNS PPPoE stands for Point-to-Point Protocol over Ethernet. It relies on two widely accepted standards: PPP and Ethernet. It connects users through an Ethernet to the Internet with a common broadband medium, such as a single DSL line, wireless device or cable modem.
  • Page 19 User Name Password Confirm Password Always On Idle Timeout Click Next for viewing summary of such connection. Click Finish. The online status of this protocol will be shown as below. Vigor2800 Series User’s Guide Assign a specific valid user name provided by the ISP. Assign a valid password provided by the ISP.

  • Page 20: Bridged Ip

    Click 1483 Bridged IP as the protocol. Type in all the information that your ISP provides for this protocol. After finishing the settings in this page, click Next to see the following page. Click Finish. The online status of this protocol will be shown as below. Vigor2800 Series User’s Guide...

  • Page 21: Routed Ip

    Click 1483 Routed IP as the protocol. Type in all the information that your ISP provides for this protocol. After finishing the settings in this page, click Next to see the following page. Vigor2800 Series User’s Guide...

  • Page 22: Online Status

    Click Finish. The online status of this protocol will be shown as below. The online status shows the system status, WAN status, ADSL Information and other status related to this router within one page. If you select PPPoE or PPPoA as the protocol, you will find out a button of Dial PPPoE or Dial PPPoE in the Online Status web page.
  • Page 23 Online status for Routed IP Primary DNS Secondary DNS IP Address (in LAN) TX Packets RX Packets GW IP Addr: IP Address (in WAN) TX Rate RX Rate Up Time TX Blocks RX Blocks Corrected Blocks Uncorrected Blocks Mode State Up Speed Down Speed SNR Margin...

  • Page 24: Saving Configuration

    Each time you click OK on the web page for saving the configuration, you can find messages showing the system interaction with you. Ready indicates the system is ready for you to input settings. Settings Saved means your settings are saved once you click Finish or OK button. Vigor2800 Series User’s Guide...

  • Page 25: Advanced Web Configuration

    After finished basic configuration of the router, you can access Internet with ease. For the people who want to adjust more setting for suiting his/her request, please refer to this chapter for getting detailed information about the advanced configuration of this router. As for other examples of application, please refer to chapter 4.

  • Page 26: Pppoe/Pppoa

    Below shows the menu items for Internet Access. PPPoA, included in RFC1483, can be operated in either Logical Link Control-Subnetwork (LLC) Access Protocol or VC-Mux mode. As a CPE device, Vigor router encapsulates the PPP session based for transport across the ADSL loop and your ISP’s Digital Subscriber Line Access Multiplexer (SDLAM).
  • Page 27 PPPoE Pass-through ISP Access Setup IP Address From ISP Vigor2800 Series User’s Guide Protocol - Drop down the list to choose the one provided by ISP. If you have already used Quick Start Wizard to set the protocol, then it is not necessary for you to change any settings in this group. The router offers PPPoE dial-up connection.
  • Page 28 By checking the checkbox Join NAT IP Pool, data from NAT hosts will be round-robin forwarded on a session basis. If you do not check Join NAT IP Pool, you can still use these public IP addresses for other purpose, such as DMZ host, Open Vigor2800 Series User’s Guide...
  • Page 29 Default MAC Address Type in MAC address for the router. You can use Default MAC Index (1-15) in Schedule Setup After finishing all the settings here, please click OK to activate them. Vigor2800 Series User’s Guide Ports. Address or specify another MAC address for your necessity. MAC Address –...

  • Page 30: Mpoa (Rfc1483/2684)

    MPoA is a specification that enables ATM services to be integrated with existing LANs, which use either Ethernet, token-ring or TCP/IP protocols. The goal of MPoA is to allow different LANs to send packets to each other via an ATM backbone. To choose MPoA as the accessing protocol of the internet, please select MPoA from the Internet Access menu.
  • Page 31 Default MAC Address Type in MAC address for the router. You can use Default MAC DNS Server IP Address After finishing all the settings here, please click OK to activate them. Vigor2800 Series User’s Guide Domain Name – Type in the domain name that you have assigned. WAN IP Alias - If you have multiple public IP addresses and would like to utilize them on the WAN interface, please use WAN IP Alias.

  • Page 32: Multi-Pvcs

    This router allows you to create multi-PVCs for different data transferring for using. Simply go to Internet Access and select Multi-PVC Setup page. Enable QoS Type Protocol Encapsulation Type in the primary IP address for the router. If necessary, type Type in the value provided by your ISP.

  • Page 33: Lan

    Local Area Network (LAN) is a group of subnets regulated and ruled by router. The design of network structure is related to what type of public IP addresses coming from your ISP. The most generic function of Vigor router is NAT. It creates a private subnet of your own. As mentioned previously, the router will talk to other public hosts on the Internet by using public IP address and talking to local hosts by using its private IP address.
  • Page 34 Vigor router will exchange routing information with neighboring routers using the RIP to accomplish IP routing. This allows users to change the information of the router such as IP address and the routers will automatically inform for each other. When you have several subnets in your LAN, sometimes a more effective and quicker way for connection is the Static routes function rather than other method.

  • Page 35: General Setup

    This page provides you the general settings for LAN. Click LAN to open the LAN settings page and choose General Setup. 1st IP Address 1st Subnet Mask For IP Routing Usage Click Enable to invoke this function. The default setting is IP Address Subnet Mask DHCP Server...
  • Page 36 RIP Protocol Control DHCP Server Configuration DHCP server to start with when issuing IP addresses. If the 2nd IP address of your router is 220.135.240.1, the starting IP address must be 220.135.240.2 or greater, but smaller than 220.135.240.254. IP Pool Counts: Enter the number of IP addresses in the pool. The maximum is 10.

  • Page 37: Static Route

    DNS Server Configuration There are two common scenarios of LAN settings that stated in Chapter 4. For the configuration examples, please refer to that chapter to get more information for your necessity. Go to LAN to open setting page and choose Static Route. Index Destination Address Status...
  • Page 38 Viewing Routing Table Displays the routing table for your reference. Here is an example of setting Static Route in Main Router so that user A and B locating in different subnet can talk to each other via the router. Assuming the Internet access has been configured and the router works properly: use the Main Router to surf the Internet.
  • Page 39 Click the LAN - Static Route and click on the Index Number 1. Please add a static route as shown below, which regulates all packets destined to 192.168.10.0 will be forwarded to 192.168.1.2. Click OK. Return to Static Route Setup page. Click on another Index Number static route as show below, forwarded to 192.168.1.3.

  • Page 40: Nat

    Click the Index Number that you want to disable from the Static Route Configuration page. Select Inactive/Disable from the drop-down menu, and then click the OK button to disable the route. Usually, the router serves as an NAT (Network Address Translation) router. NAT is a mechanism that one or more private IP addresses can be mapped into a single public one.

  • Page 41: Port Redirection

    Port Redirection is usually set up for server related service inside the local network (LAN), such as web servers, FTP servers, E-mail servers etc. Most of the case, you need a public IP address for each server and this public IP address/domain name are recognized by all users. Since the server is actually located inside the LAN, the network well protected by NAT of the router, and identified by its private IP address/port, the goal of Port Redirection function is to forward all access request with public IP address from external users to the mapping...

  • Page 42: Dmz Host

    Protocol Public Port Private IP Private Port Active Note that the router has its own built-in services (servers) such as Telnet, HTTP and FTP etc. Since the common port numbers of these services (servers) are all the same, you may need to reset the router’s in order to avoid confliction.
  • Page 43 The inherent security properties of NAT are somewhat bypassed if you set up DMZ host. We suggest you to add additional filter rules or a secondary firewall. Click DMZ Host to open the following page: If you previously have set up WAN Alias in Internet Access>>PPPoE/PPPoA or Internet Access>>MPoA, you will find them in Aux.

  • Page 44: Open Ports

    Open Ports allows you to open a range of ports for the traffic of special applications. Common application of Open Ports includes P2P application (e.g., BT, KaZaA, Gnutella, WinMX, eMule and others), Internet Camera etc. Ensure that you keep the application involved up-to-date to avoid falling victim to any security exploits.
  • Page 45 Status To add or edit port settings, click one index number on the page. The index entry setup page will pop up. In each index entry, you can specify 10 port ranges for diverse services. Enable Open Ports Comment Local Computer Choose PC Protocol Start Port...

  • Page 46: Firewall

    While the broadband users demand more bandwidth for multimedia, interactive applications, or distance learning, security has been always the most concerned. The firewall of the Vigor router helps to protect your local network against attack from unauthorized outsiders. It also restricts users in the local network from accessing the Internet.
  • Page 47 Depending on whether there is an existing Internet connection, or in other words “the WAN link status is up or down”, the IP filter architecture categorizes traffic into two: Call Filter and Data Filter. Call Filter - When there is no existing Internet connection, Call Filter is applied to all traffic, all of which should be outgoing.
  • Page 48 As the popularity of all kinds of instant messenger application arises, communication cannot become much easier. Nevertheless, while some industry may leverage this as a great tool to connect with their customers, some industry may take reserve attitude in order to reduce employee misusage during office hour or prevent unknown security leak.

  • Page 49: General Setup

    We all know that the content on the Internet just like other types of media may be inappropriate sometimes. As a responsible parent or employer, you should protect those in your trust against the hazards. With Web filtering service of the Vigor router, you can protect your business from common primary threats, such as productivity, legal liability, network and security threats.

  • Page 50: Filter Setup

    Call Filter Data Filter Log Flag Some on-line games (for example: Half Life) will use lots of fragmented UDP packets to transfer game data. Instinctively as a secure firewall, Vigor router will reject these fragmented packets to prevent attack unless you enable “Accept Incoming Fragmented UDP Packets”.
  • Page 51 To edit or add a filter, click on the set number to edit the individual set. The following page will be shown. Each filter set contains up to 7 rules. Click on the rule number button to edit each rule. Check Active to enable the rule. Filter Rule Active Comment...
  • Page 52 Branch to other Filter Direction Protocol IP Address Subnet Mask Operator, Start Port and End Port Keep State Fragments immediately. Pass Immediately - Packets matching the rule will be passed immediately. Block If No Further Match - A packet matching the rule, and that does not match further rules, will be dropped.
  • Page 53 As stated before, all the traffic will be separated and arbitrated using on of two IP filters: call filter or data filter. You may preset 12 call filters and data filters in Filter Setup and even link them in a serial manner. Each filter set is composed by 7 filter rules, which can be further defined.

  • Page 54: Im Blocking

    IM Blocking means instant messenger blocking. Click Firewall and click IM Blocking to open the setup page. You will see a list of common IM (such as MSN, Yahoo, ICQ/AQL) applications. Check Enable IM Blocking and select the one(s) that you want to block. To block selected IM applications during specific periods, enter the number of the scheduler predefined in Applications>>Call Schedule.

  • Page 55: Dos Defense

    As a sub-functionality of IP Filter/Firewall, there are 15 types of detect/ defense function in the DoS Defense setup. The DoS Defense functionality is disabled for default. Click Firewall and click DoS Defense to open the setup page. Enable Dos Defense Enable SYN flood defense Enable UDP flood...
  • Page 56 Block IP options Block Land Block Smurf Block trace router Block SYN fragment Block Fraggle Attack Block TCP flag scan Block Tear Drop Block Ping of Death Block ICMP Fragment Check the box to activate the Block ICMP fragment function. Any Block Land detecting this malicious exploration behavior by monitoring the port-scanning Threshold rate, the Vigor router will send out a...

  • Page 57: Url Content Filter

    Block Unknown Protocol Warning Messages Based on the list of user defined keywords, the URL Content Filter facility in Vigor router inspects the URL string in every outgoing HTTP request. No matter the URL string is found full or partial matched with a keyword, the Vigor router will block the associated HTTP connection.
  • Page 58 Enable URL Access Control Black List (block those matching keyword) White List (pass those matching keyword) Keyword Prevent web access from IP address Check the box to activate URL Access Control. Click this button to restrict accessing into the corresponding webpage with the keywords listed on the box below.
  • Page 59 Enable Restrict Web Feature Enable Excepting Subnets Time Schedule Vigor2800 Series User’s Guide Check the box to activate the function. Java - Check the checkbox to activate the Block Java object function. The Vigor router will discard the Java objects from the Internet.

  • Page 60: Web Content Filter

    Click Firewall and click Web Content Filter to open the setup page. For this section, please refer to Web Content Filter user’s guide. Vigor2800 Series User’s Guide...

  • Page 61: Bind Ip To Mac

    This function is used to bind the IP and MAC address in LAN to have a strengthen control in network. When this function is enabled, all the assigned IP and MAC address binding together cannot be changed. If you modified the binding IP or MAC address, it might cause you not access into the Internet.

  • Page 62: Bandwidth Management

    Edit Remove Note: Before you select Strict Bind, you have to bind one set of IP/MAC address for one PC. If not, no one of the PCs can access into Internet. And the web configurator of the router might not be accessed. Below shows the menu items for Bandwidth Management.
  • Page 63 To activate the function of limit session, simply click Enable and set the default session limit. Enable Disable Default session limit Limitation List Start IP End IP Session Number Edit Remove Index (1-15) in Schedule Setup Vigor2800 Series User’s Guide Click this button to activate the function of limit session.

  • Page 64: Limit Bandwidth

    The downstream or upstream from FTP, HTTP or some P2P applications will occupy large of bandwidth and affect other normal applications. Please can use Limit Bandwidth to make the bandwidth usage more efficient. In the Bandwidth Management menu, click Limit Bandwidth to open the web page. To activate the function of limit bandwidth, simply click Enable and set the default upstream and downstream limit.

  • Page 65: Quality Of Service

    Edit Remove Index (1-15) in Schedule Setup Deploying QoS (Quality of Service) management to guarantee that all applications receive the service levels required and sufficient bandwidth to meet performance expectations is indeed one important aspect of modern enterprise network. One reason for QoS is that numerous TCP-based applications tend to continually increase their transmission rate and consume all available bandwidth, which is called TCP slow start.
  • Page 66 However, each node may take different attitude toward packets with high priority marking since it may bind with the business deal of SLA among different DS domain owners. It’s not easy to achieve deterministic and consistent high-priority QoS traffic throughout the whole network with merely Vigor router’s effort.
  • Page 67 Enable UDP Bandwidth Control Limited_bandwidth Ratio On Line Statistics Click the Basic button to open basic configuration screen for each index number. Choose one of the items from the left box and click ADD>>. The selected one will be shown on the right box.
  • Page 68 For inserting a rule, click Insert to open the following page. SrcEdit It allows you to edit source address information. Address Type – Determine the address type for the source address. For Single Address, you have to fill in Start IP address. For Range Address, you have to fill in Start IP address and End IP address.
  • Page 69 DestEdit DiffServ CodePoint Vigor2800 Series User’s Guide It allows you to edit destination address information. Address Type – Determine the address type for the destination address. For Single Address, you have to fill in Start IP address. For Range Address, you have to fill in Start IP address and End IP address.
  • Page 70 Service Type It determines the service type of the data for processing with QoS control. It can also be edited. You can choose the predefined service type from the Service Type drop down list. Those types are predefined in factory. Simply choose the one that you want for using by current QoS.

  • Page 71: Applications

    Below shows the menu items for Applications. The ISP often provides you with a dynamic IP address when you connect to the Internet via your ISP. It means that the public IP address assigned to your router changes each time you access the Internet.
  • Page 72 Active Select Index number 1 to add an account for the router. Check Enable Dynamic DNS Account, and choose correct Service Provider: dyndns.org, type the registered hostname: hostname and domain name suffix: dyndns.org in the Domain Name block. The following two blocks should be typed your account Login Name: test and Password: test.

  • Page 73: Schedule

    The Vigor router has a built-in real time clock which can update itself manually or automatically by means of Network Time Protocols (NTP). As a result, you can not only schedule the router to dialup to the Internet at a specified time, but also restrict Internet access to certain hours so that users can connect to the Internet only during certain hours, say, business hours.

  • Page 74: Radius

    Start Date (yyyy-mm-dd) Start Time (hh:mm) Duration Time (hh:mm) Action Idle Timeout Example Suppose you want to control the PPPoE Internet access connection to be always on (Force On) from 9:00 to 18:00 for whole week. Other time the Internet access connection should be disconnected (Force Down).
  • Page 75 Enable Server IP Address Destination Port Shared Secret Re-type Shared Secret Vigor2800 Series User’s Guide Check to enable RADIUS client feature Enter the IP address of RADIUS server The UDP port number that the RADIUS server is using. The default value is 1812 , based on RFC 2138. The RADIUS server and client share a secret that is used to authenticate the messages sent between them.

  • Page 76: Upnp

    The UPnP (Universal Plug and Play) protocol is supported to bring to network connected devices the ease of installation and configuration which is already available for directly connected PC peripherals with the existing Windows 'Plug and Play' system. For NAT routers, the major feature of UPnP on the router is “NAT Traversal”.
  • Page 77 The reminder as regards concern about Firewall and UPnP Can't work with Firewall Software Enabling firewall applications on your PC may cause the UPnP function not working properly. This is because these applications will block the accessing ability of some network ports. Security Considerations Activating the UPnP function on your network may incur some security threats.

  • Page 78: Wake On Lan

    A PC client on LAN can wake up specified PC through the router. Yet the specified PC must have installed a network card supporting WOL function. By the way, WOL function must be set as “Enable” on the BIOS setting of the specified PC. Wake by IP Address MAC Address...

  • Page 79: Vpn And Remote Access

    A Virtual Private Network (VPN) is the extension of a private network that encompasses links across shared or public networks like the Internet. In short, by VPN technology, you can send data between two computers across a shared or public network in a manner that emulates the properties of a point-to-point private link.
  • Page 80 Dial-In PPP Authentication PAP Only PAP or CHAP Dial-In PPP Encryption (MPPE Optional MPPE Mutual Authentication (PAP) Start IP Address Select this option to force the router to authenticate dial-in users with the PAP protocol. Selecting this option means the router will attempt to authenticate dial-in users with the CHAP protocol first.

  • Page 81: Ipsec General Setup

    In IPSec General Setup, there are two major parts of configuration. There are two phases of IPSec. Phase 1: negotiation of IKE parameters including encryption, hash, Diffie-Hellman parameter values, and lifetime to protect the following IKE exchange, authentication of both peers using either a Pre-Shared Key or Digital Signature (x.509). The peer that starts the negotiation proposes all its policies to the remote peer and then remote peer tries to find a highest-priority match with its policies.

  • Page 82: Ipsec Peer Identity

    IPSec Security Method To use digital certificate for peer authentication in either LAN-to-LAN connection or Remote User Dial-In connection, here you may edit a table of peer certificate for selection. As shown below, the router provides 32 entries of digital certificates for peer dial-in users. Set to Factory Default Index Name...
  • Page 83 Profile Name Accept Any Peer ID Accept Subject Alternative Name Accept Subject Name Vigor2800 Series User’s Guide Type in a name in this file. Click to accept any peer regardless of its identity. Click to check one specific field of digital signature to accept the peer with matching value.

  • Page 84: Remote User Profiles

    You can manage remote access by maintaining a table of remote user profile, so that users can be authenticated to dial-in or build the VPN connection. You may set parameters including specified connection peer ID, connection type (VPN including PPTP, IPSec Tunnel, and L2TP by itself or over IPSec) and corresponding security methods, etc.
  • Page 85 Enable this account ISDN PPTP IPSec Tunnel L2TP Specify Remote Node Vigor2800 Series User’s Guide Check the box to enable this function. Idle Timeout- If the dial-in user is idle over the limitation of the timer, the router will drop this connection. By default, the Idle Timeout is set to 300 seconds.
  • Page 86 User Name Password IKE Authentication Method This group of fields is applicable for IPSec Tunnels and L2TP IPSec Security Method Callback Function Uncheck the checkbox-This means the connection type you select above will apply the authentication methods and security methods in the general settings. This field is applicable when you select ISDN, PPTP or L2TP with or without IPSec policy above.

  • Page 87: Lan To Lan

    Here you can manage LAN-to-LAN connections by maintaining a table of connection profiles. You may set parameters including specified connection direction (dial-in or dial-out), connection peer ID, connection type (VPN including PPTP, IPSec Tunnel, and L2TP by itself or over IPSec) and corresponding security methods, etc. The router provides up to 32 profiles, which also means supporting 32 VPN tunnels simultaneously.
  • Page 88 Profile Name Enable this profile Call Direction Always On or Idle Timeout Always On-Check to enable router always keep VPN Enable PING to keep alive This function is to help the router to determine the status of PING to the IP Specify a name for the profile of the LAN-to-LAN connection.
  • Page 89 ISDN PPTP IPSec Tunnel L2TP with … User Name Password PPP Authentication VJ compression IKE Authentication Method IPSec Security Method Medium Vigor2800 Series User’s Guide Normally, if any one of VPN peers wants to disconnect the connection, it should follow a serial of packet exchange procedure to inform each other.
  • Page 90 High (ESP-Encapsulating Security Payload)- means payload (data) will be encrypted and authenticated. Select from below: DES without Authentication -Use DES encryption algorithm and not apply any authentication scheme. DES with Authentication-Use DES encryption algorithm and apply MD5 or SHA-1 authentication algorithm. 3DES without Authentication-Use triple DES encryption algorithm and not apply any authentication scheme.
  • Page 91 Callback Function (for I models only) Allowed Dial-In Type ISDN Vigor2800 Series User’s Guide Perfect Forward Secret (PFS)-The IKE Phase 1 key will be reused to avoid the computation complexity in phase 2. The default value is inactive this function. Local ID -In Aggressive mode, Local ID is on behalf of the IP address while identity authenticating with remote VPN server.
  • Page 92 PPTP IPSec Tunnel L2TP Specify CLID or Remote VPN Gateway User Name Password VJ Compression IKE Authentication Method IPSec Security Method Allow the remote dial-in user to make a PPTP VPN connection through the Internet. You should set the User Name and Password of remote dial-in user below.
  • Page 93 Callback Function My WAN IP Remote Gateway IP Remote Network IP/ Remote Network Mask More RIP Direction RIP Version For NAT operation, treat remote sub-net as Vigor2800 Series User’s Guide encryption algorithm from Data Encryption Standard (DES), Triple DES (3DES), and AES. The callback function provides a callback service only for the ISDNLAN-to-LAN connection (this feature is useful for i model only).

  • Page 94: Connection Management

    You can find the summary table of all VPN connections. You may disconnect any VPN connection by clicking Drop button. You may also aggressively Dial-out by using Dial-out Tool and clicking Dial button. Dial Refresh Seconds Refresh A digital certificate works as an electronic ID, which is issued by a certification authority (CA).

  • Page 95: Local Certificate

    Generate Import Refresh View After clicking Generate, the generated information will be displayed on the window below: Vigor2800 Series User’s Guide Click this button to open Generate Certificate Request window. Type in all the information that the window request. Then click Generate again.

  • Page 96: Trusted Ca Certificate

    Trusted CA certificate lists three sets of trusted CA certificate. To import a pre-saved trusted CA certificate, please click IMPORT to open the following window. Use Browse… to find out the saved text file. Then click Import. The one you imported will be listed on the Trusted CA Certificate window.
  • Page 97 For viewing each trusted CA certificate, click View to open the certificate detail information window. If you want to delete a CA certificate, choose the one and click Delete to remove all the certificate information. Vigor2800 Series User’s Guide...

  • Page 98: Voip

    Voice over IP network (VoIP) enables you to use your broadband Internet connection to make toll quality voice calls over the Internet. There are many different call signaling protocols, methods by which VoIP devices can talk to each other. The most popular protocols are SIP, MGCP, Megaco and H.323. These protocols are not all compatible with each other (except via a soft-switch server).
  • Page 99 only have to using dial plan or directly dial your friend’s account name if you are with the same SIP Registrar. Please refer to the Example 1 and 2 in the Calling Scenario. Peer-to-Peer Before calling, you have to know your friend’s IP Address. The Vigor VoIP Routers will build connection between each other.

  • Page 100: Dialplan

    User B connects a router with FXS port and accesses Internet through WAN port of that router. When B calls A, the voice signal will be sent to a remote router (C) through Internet. Then, the voice signal will be passed to switchboard (via S0 intern) and transferred to A through ISDN line (leaving Internet).
  • Page 101 Click any index number to display the dial plan setup page. Enable Phone Number Display Name SIP URL For the convenience of user, this page allows users to edit prefix number for the SIP account Vigor2800 Series User’s Guide Click this to enable this entry. The speed-dial number of this index.
  • Page 102 Enable Prefix Number Mode OP Number Check this box to invoke this setting. The phone number set here is used to add, strip, or replace the OP number. None - No action. Add - When you choose this mode, the OP number will be added with the prefix number for calling out through the specific VoIP interface.

  • Page 103: Sip Accounts

    Min Len Max Len Interface In this section, you set up your own SIP settings. When you apply for an account, your SIP service provider will give you an Account Name or user name, SIP Registrar, Proxy, and Domain name. (The last three might be the same in some case). Then you can tell your folks your SIP Address as in Account Name@ Domain name As Vigor VoIP Router is turned on, it will first register with Registrar using AuthorizationUser@Domain/Realm.
  • Page 104 SIP PING interval Status Profile Name Register via SIP Port Domain/Realm Proxy Act as Outbound Proxy The default value is 150sec. It is useful for a Nortel server NAT Traversal Support. Show the status for the corresponding SIP account. R means such account is registered on SIP server successfully.
  • Page 105 Display Name Account Number/Name Authentication ID Password Expiry Time NAT Traversal Support Ring Port Ring Pattern Vigor2800 Series User’s Guide The caller-ID that you want to be displayed on your friend’s screen. Enter your account name of SIP Address, e.g. every text before @.

  • Page 106: Phone Settings

    Below shows successful SIP accounts for your reference. This page allows user to set phone settings for VoIP 1 and VoIP 2 respectively. Note: ISDN port (Index 3) is available for the users living in Europe and using Vigor 2800VGi only. Phone List Port –...
  • Page 107 configured in the advanced settings page of Phone Index. Default SIP Account – “draytel_1” is the default SIP account. You can click the number below the Index field to change SIP account for each phone port. DTMF Relay – Display DTMF mode that configured in the advanced settings page of Phone Index.
  • Page 108 Click the number 1 or 2 link under Index column, you can access into the following page for configuring Phone settings. Hotline Session Timer T.38 Fax Function Call Forwarding DND (Do Not Disturb) mode Check the box to enable it. Type in the SIP URL in the field for dialing automatically when you pick up the phone set.
  • Page 109 Call Waiting Call Transfer Prefer Codec Default SIP Account Play dial tone only when account registered Default Call Route Vigor2800 Series User’s Guide Check this box to invoke this function. A notice sound will appear to tell the user new phone call is waiting for your response.
  • Page 110 In addition, you can press the Advanced button to configure tone settings, volume gain, MISC and DTMF mode. Advanced setting is provided for fitting the telecommunication custom for the local area of the router installed. Wrong tone settings might cause inconvenience for users.
  • Page 111 Caller ID Type Volume Gain MISC DTMF Vigor2800 Series User’s Guide Also, you can specify each field for your necessity. It is recommended for you to use the default settings for VoIP communication. There are several standards provided here for displaying the caller ID on the panel of the telephone set.
  • Page 112 Click the number 3 link under Index column, you can access into the following page for configuring Phone settings. Hotline Session Timer Call Forwarding Payload Type (rfc2833) – Choose a number from 96 to 127, the default value was 101. This setting is available for the OutBand (RFC2833) mode.
  • Page 113 DND (Do Not Disturb) mode CLIR (hide caller ID) Prefer Codec Default SIP Account Play dial tone only when Vigor2800 Series User’s Guide Time Out – Set the time out for the call forwarding. The default setting is 30 sec. Set a period of peace time without disturbing by VoIP phone call.
  • Page 114 account registered FXO Feature In addition, you can press the Advanced button to configure tone settings, volume gain, MISC and DTMF mode. Advanced setting is provided for fitting the telecommunication custom for the local area of the router installed. Wrong tone settings might cause inconvenience for users.
  • Page 115 Volume Gain MISC Authentication PIN Code DTMP Vigor2800 Series User’s Guide Also, you can specify each field for your necessity. It is recommended for you to use the default settings for VoIP communication. Mic Gain (1-10)/Speaker Gain (1-10) - Adjust the volume of microphone and speaker by entering number from 1- 10.

  • Page 116: Status

    Disallow VoIP to ISDN Calls with the Following Prefixes On VoIP call status, you can find codec, connection and other important call status for VoIP 1/2 and ISDN1/2 ports. Refresh Seconds Port Status Payload Type (rfc2833) – Choose a number from 96 to 127, the default value was 101.

  • Page 117: Isdn

    Codec PeerID Connect Time Tx Pkts Rx Pkts Rx Losts Rx Jitter In Calls Out Calls Speaker Gain ISDN web pages are only available for Vigor 2800i/2800Gi/2800VGi. For the user with other model, please skip this section. Below shows the menu items of ISDN for i models. Vigor2800 Series User’s Guide (busy tone).

  • Page 118: General Setup

    This page provides some basic ISDN settings such as enabling the ISDN port or not, MSN numbers and blocked MSN numbers, etc. ISDN Port Country Code Own Number MSN Numbers for the Router Blocked MSN Numbers for the router Click Enable to open the ISDN port and Disable to close For proper operation on your local ISDN network, you should choose the correct country code.

  • Page 119: Dialing To A Single Isp

    If you access the Internet via a single ISP, press this link. ISP Name Dial Number Username Password Require ISP Callback (CBCP) Scheduler (1-15) Link Type PPP Authentication Idle Timeout Fixed IP Vigor2800 Series User’s Guide Enter your ISP name. Enter the ISDN access number provided by your ISP.

  • Page 120: Dialing To Dual Isps

    Fixed IP Address If you have more than one ISP, press this link to configure two ISP dialup profiles. You will be able to dial to both ISPs at the same time. This is mainly for those ISPs that do not support Multiple-Link PPP (ML-PPP) function.
  • Page 121 As depicted in the above application scenario, the Virtual TA client can make an outgoing call or accept an incoming call to/from a peer FAX machine or ISDN TA, etc. Before you configure the Virtual TA (Remote CAPI) Setup, please install the virtual TA client first.
  • Page 122 Virtual TA Server Username Password MSN1/ MSN2/MSN3 Active Note that creating a single user access account will limit the access to the Virtual TA server to only the specified account holders. Assume you did not acquire any MSN service from your ISDN network provider. On the server - Click Virtual TA (Remote CAPI) Setup link, and fill in the Username and Password fields.
  • Page 123 Click the Virtual TA Login tab to launch the login box. Enter the Username/Password and then click OK. After a short time, the VT icon text will turn green. If you have applied to an MSN number service, the Virtual TA server can assign which client has the specified MSN number.

  • Page 124: Call Control

    Some applications require that the router (only for i models) be remotely activated, or be able to dial up to the ISP via the ISDN interface. Vigor routers provide this feature which allows you to make a phone call to the router and then ask it to dial up to the ISP. Note: Call Control is only available for i models equipped with the ISDN interface.

  • Page 125: Wireless Lan

    Note: If you are not sure whether your ISP can support BOD and/or ML-PPP’s features, please seek assistance from your ISP, local dealers or our website: support@draytek.com. This function is used for G models only. Over recent years, the market for wireless communications has enjoyed tremendous growth.
  • Page 126 loaded with advanced wireless technology Super G Hence, you can finally smoothly enjoy stream music and video. Note: The actual data throughput will vary according to the network conditions and environmental factors, including volume of network traffic, network overhead and building materials. In an Infrastructure Mode of wireless network, Vigor wireless router plays a role as an Access Point (AP) connecting to lots of wireless clients or Stations (STA).
  • Page 127 Example 1 Example 2 Example 3 Separate the Wireless and the Wired LAN- WLAN Isolation enables you to isolate your wireless LAN from wired LAN for either quarantine or limit access reasons. To isolate means neither of the parties can access each other. To elaborate an example for business use, you may set up a wireless LAN for visitors only so they can connect to Internet without hassle of the confidential information leakage.

  • Page 128: General Settings

    By clicking the General Settings, a new web page will appear so that you could configure the SSID and the wireless channel. Please refer to the following figure for more information. Enable Wireless LAN Mode Index(1-15) Check the box to enable wireless function. Select an appropriate wireless mode.
  • Page 129 SSID Channel Hide SSID Long Preamble Vigor2800 Series User’s Guide The default SSID is "default". We suggest you change it to a particular name. It is the identification of the wireless LAN. SSID can be any text numbers or various special characters.

  • Page 130: Security

    By clicking the Security Settings, a new web page will appear so that you could configure the settings of WEP and WPA. Mode There are several modes provided for you to choose. Disable - Turn off the encryption mechanism. WEP Only - Accepts only WEP clients and the encryption key should be entered in WEP Key.
  • Page 131 Vigor2800 Series User’s Guide authentication. Remember to select WPA type to define either Mixed or WPA2 only in the field below. Since the key will be auto-negotiated during authentication, the field of key setting below will be not available for input. The WPA encrypts each frame transmitted from the radio using the key, which either PSK entered manually in this field below or automatically negotiated via 802.1x...

  • Page 132: Access Control

    For additional security of wireless access, the Access Control facility allows you to restrict the network access right by controlling the wireless LAN MAC address of client. Only the valid MAC address that has been configured can access the wireless LAN interface. By clicking the Access Control, a new web page will appear, as depicted below, so that you could edit the clients' MAC addresses to control their access rights.

  • Page 133: Wds

    Edit Cancel Clear All WDS means Wireless Distribution System. It is a protocol for connecting two access points (AP) wirelessly. Usually, it can be used for the following application: Provide bridge traffic between two LANs through the air. Extend the coverage range of a WLAN. To meet the above requirement, two WDS modes are implemented in Vigor router.
  • Page 134 The major difference between these two modes is that: while in Repeater mode, the packets received from one peer AP can be repeated to another peer AP through WDS links. Yet in Bridge mode, packets received from a WDS link will only be forwarded to local wired or wireless hosts.

  • Page 135: Ap Discovery

    Security Settings Pre-shared Key Bridge Repeater Access Point Function Status Vigor router can scan all regulatory channels and find working APs in the neighborhood. Based on the scanning result, users will know which channel is clean for usage. Also, it can be used to facilitate finding an AP for a WDS link.

  • Page 136: Station List

    If you want the found AP applying the WDS settings, please type in the AP’s MAC address on the bottom of the page and click Add. Later, the MAC address of the AP will be added to the page of WDS setting. Station List provides the knowledge of connecting wireless clients now along with its status code.

  • Page 137: Station Rate Control

    This page allows you to control the upload and download rate of each wireless client (station). Please check the box of Enable to invoke this setting. The range for the rate is between 100 ~ 30,000 kbps. Virtual LAN function provides you a very convenient way to manage hosts by grouping them based on the physical port.

  • Page 138: Wireless Vlan

    Enable P1 – P4 VLAN0-3 PCs (equipped with wireless network cards) connected to the router through wireless interface can be divided into different groups and formed W_VLAN. PCs under the same groups can share each other information through the router and will not be peeked by other groups.
  • Page 139 Enable Login ID Password Details Vigor2800 Series User’s Guide Check this box to invoke wireless VLAN function. Type Login ID for different groups of W_VLAN with 1 to 11 characters. Type password for different groups of W_VLAN with 1 to 11 characters.
  • Page 140 After finishing the configuration of wireless VLAN, the wireless clients connecting to this router must do the following steps to access into Internet. 1. Open a browser and type http://www.draytek.vlan/login.htm or http://(vigor router’s IP address)/login.htm on the address line. 2. The following screen will appear.

  • Page 141: Vlan Cross Setup

    5. You can go to Diagnostics>>Wireless VLAN Online Station for viewing the connection status whenever you want. This function allows the router to integrate VLAN and W_VLAN for managing different computers (notebooks). See the following picture for an example. With VLAN Cross Setup, notebook A/B and PCs on VLAN0 can share resources without difficulty.
  • Page 142 The VLAN >> VALN Cross Setup allows you to set a communication bridge between computers in Wireless VLAN and wired VLAN. To achieve the intention of the above illustration, simply check the box under VLAN0 on the line of W_VLAN0. Enable VLAN0-3 W_VLAN0-15...

  • Page 143: Wired Rate Control

    Rate Control manages the transmission rate of data in and out through the router. You can also manage the in/out rate of each Ethernet port. Go to VLAN menu and select Wired Rate Control. The following page will appear. Click Enable to invoke VLAN function. For the rate control of wired connection, please open VLAN menu and choose Wired Rate Control.

  • Page 144: Wireless Rate Control

    Rate Control manages the transmission rate of data in and out through the router. You can also manage the in/out rate of each wireless VLAN. Go to VLAN menu and select Wireless Rate Control. The following page will appear. Click Enable to invoke VLAN function. For the rate control of wireless connection, please open VLAN menu and choose Wireless Rate Control.

  • Page 145: System Maintenance

    For the system setup, there are several items that you have to know the way of configuration: Status, Administrator Password, Configuration Backup, Syslog, Time setup, Reboot System, Firmware Upgrade. Below shows the menu items for System Maintenance. The System Status provides basic network settings of Vigor router. It includes LAN and WAN interface information.

  • Page 146: Administrator Password

    MAC Address IP Address Default Gateway Port SIP registrar Account ID Register Codec In Calls Out Calls MAC Address Frequency Domain Firmware Version This page allows you to set new password. Old Password New Password Retype New Password When you click OK, the login window will appear. Please use the new password to access into the web configurator again.
  • Page 147 Click Backup button to get into the following dialog. Click Save button to open another dialog for saving configuration as a file. In Save As dialog, the default filename is config.cfg. You could give it another name by yourself. Click Save button, the configuration will download automatically to your computer as a file named config.cfg.

  • Page 148: Syslog/Mail Alert

    Go to System Maintenance >> Configuration Backup. The following windows will be popped-up, as shown below. Click Browse button to choose the correct configuration file for uploading to the router. Click Restore button and wait for few seconds, the following picture will tell you that the restoration procedure is successful.
  • Page 149 Authentication User Name Password Click OK to save these settings. For viewing the Syslog, please do the following: Just set your monitor PC’s IP address in the field of Server IP Address Install the Router Tools in the Utility within provided CD. After installation, click on the Router Tools>>Syslog from program menu.

  • Page 150: Time And Date

    It allows you to specify where the time of the router should be inquired from. Current System Time Use Browser Time Use Internet Time Time Protocol Server IP Address Time Zone Enable Daylight Saving Automatically Update Interval Click OK to save these settings. Click Inquire Time to get the current time.

  • Page 151: Management

    This page allows you to manage the settings for access control, access list, port setup, and SMP setup. For example, as to management access control, the port number is used to send/receive SIP message for building a session. The default value is 5060 and this must match with the peer Registrar when making VoIP calls.

  • Page 152: Reboot System

    Set Community Manager Host IP Trap Community Notification Host IP Trap Timeout The Web Configurator may be used to restart your router. Click Reboot System from System Maintenance to open the following page. If you want to reboot the router using the current configuration, check Using current configuration and click OK.

  • Page 153: Firmware Upgrade

    Note that this example is running over Windows OS (Operating System). Download the newest firmware from DrayTek's web site or FTP site. The DrayTek web site is www.draytek.com (or local DrayTek's web site) and FTP site is ftp.draytek.com.

  • Page 154: Diagnostics

    Diagnostic Tools provide a useful way to view or diagnose the status of your Vigor router. Below shows the menu items for Diagnostics. Click Diagnostics and click WAN Connection to open the web page. Refresh Broadband Access Mode/Status Display the broadband access mode and status. If the WAN IP Address Dial PPPoE or PPPoA To obtain the latest information, click here to reload the...

  • Page 155: Dial-Out Trigger

    Click Diagnostics and click Dial-out Trigger to open the web page. The internet connection (e.g., ISDN, PPPoE, PPPoA, etc) is triggered by a package sending from the source IP address. Decoded Format Refresh Click Diagnostics and click Routing Table to open the web page. Refresh Vigor2800 Series User’s Guide It shows the source IP address (local), destination IP...

  • Page 156: Arp Cache Table

    Click Diagnostics and click ARP Cache Table to view the content of the ARP (Address Resolution Protocol) cache held in the router. The table shows a mapping between an Ethernet hardware address (MAC Address) and an IP address. Refresh Clear The facility provides information on IP address assignments.

  • Page 157: Nat Sessions Table

    Click Diagnostics and click NAT Sessions Table to open the setup page. Private IP:Port #Pseudo Port Peer IP:Port Ifno Status Refresh Vigor2800 Series User’s Guide It indicates the source IP address and port of local PC. It indicates the temporary port of the router used for NAT. It indicates the destination IP address and port of remote host.

  • Page 158: Adsl Spectrum Analysis

    Click Diagnostics and click ADSL Spectrum Analysis to open the web page. It will display the bits number status that each BIN carries for upstream/downstream. Below shows two example diagrams for different type of Vigor router. sample 1 sample 2 Refresh Click it to reload the page.

  • Page 159: Wireless Vlan Online Station Table

    Click Diagnostics and click Wireless VLAN Online Station Table to open the web page. It will display the IP address, MAC address and Login ID information for all the Wireless VLAN stations. IP Address MAC Address Login ID Click Diagnostics and click Ping Diagnosis to pen the web page. Ping to IP Address Clear...

  • Page 160: Data Flow Monitor

    This page displays the running procedure for the IP address monitored and refreshes the data in an interval of several seconds. The IP address listed here is configured in Bandwidth Management. You have to enable IP bandwidth limit and IP session limit before invoke Data Flow Monitor.

  • Page 161: Trace Route

    IP Address TX rate (kbps) RX rate (kbps) Sessions Action Click Diagnostics and click Trace Route to open the web page. This page allows you to trace the routes from router to the host. Simply type the IP address of the host in the box and click Run.
  • Page 162 This page is left blank. Vigor2800 Series User’s Guide...

  • Page 163: Application And Examples

    The most common case is that you may want to connect to network securely, such as the remote branch office and headquarter. According to the network structure as shown in the below illustration, you may follow the steps to create a LAN-to-LAN profile. These two networks (LANs) should NOT have the same network address.
  • Page 164 For using IPSec-based service, such as IPSec or L2TP with IPSec Policy, you have to set general settings in IPSec General Setup, such as the pre-shared key that both parties have known. Go to LAN-to-LAN. Click on one index number to edit a profile. Set Common Settings as shown below.
  • Page 165 If a PPP-based service is selected, you should further specify the remote peer IP Address, Username, Password, PPP Authentication and VJ Compression for this Dial-Out connection. Set Dial-In settings to as shown below to allow Router B dial-in to build VPN connection.
  • Page 166 If a PPP-based service is selected, you should further specify the remote peer IP Address, Username, Password, and VJ Compression for this Dial-In connection. At last, set the remote network IP/subnet in TCP/IP Network Settings so that Router A can direct the packets destined to the remote network to Router B via the VPN connection.
  • Page 167 Then, for using PPP based services, such as PPTP, L2TP, you have to set general settings in PPP General Setup. For using IPSec-based service, such as IPSec or L2TP with IPSec Policy, you have to set general settings in IPSec General Setup, such as the pre-shared key that both parties have known.
  • Page 168 If a PPP-based service is selected, you should further specify the remote peer IP Address, Username, Password, PPP Authentication and VJ Compression for this Dial-Out connection. Set Dial-In settings to as shown below to allow Router A dial-in to build VPN connection.
  • Page 169 If a PPP-based service is selected, you should further specify the remote peer IP Address, Username, Password, and VJ Compression for this Dial-In connection. At last, set the remote network IP/subnet in TCP/IP Network Settings so that Router B can direct the packets destined to the remote network to Router A via the VPN connection.

  • Page 170: Create A Remote Dial-In User Connection Between The Teleworker And Headquarter

    The other common case is that you, as a teleworker, may want to connect to the enterprise network securely. According to the network structure as shown in the below illustration, you may follow the steps to create a Remote User Profile and install Smart VPN Client on the remote host.
  • Page 171 Go to Remote Dial-In Users. Click on one index number to edit a profile. Set Dial-In settings to as shown below to allow the remote user dial-in to build VPN connection. If an IPSec-based service is selected, you may further specify the remote peer IP Address, IKE Authentication Method and IPSec Security Method for this Dial-In connection.
  • Page 172 For Win2000/XP, please use "Network and Dial-up connections" or “Smart VPN Client”, complimentary software to help you create PPTP, L2TP, and L2TP over IPSec tunnel. You can find it in CD-ROM in the package or go to www.draytek.com download center. Install as instructed.
  • Page 173 You may further specify the method you use to get IP, the security method, and authentication method. If the Pre-Shared Key is selected, it should be consistent with the one set in VPN router. If a PPP-based service is selected, you should further specify the remote VPN server IP address, Username, Password, and encryption method.

  • Page 174: Qos Setting Example

    Click Connect button to build connection. When the connection is successful, you will find a green light on the right down corner. Assume a teleworker sometimes works at home and takes care of children. When working time, he would use Vigor router at home to connect to the server in the headquater office downtown via either HTTPS or VPN to check email and access internal database.
  • Page 175 Enter the Class Name of Index 2. In this index, she will set reserve bandwidth for HTTPS. And click Basic button on the right. Select HTTPS in the list on the left column and click on ADD to add to right column. Click OK to exit.

  • Page 176: Lan - Created By Using Nat

    – – An example of default setting and the corresponding deployment are shown below. The default Vigor router private IP address/Subnet Mask is 192.168.1.1/255.255.255.0. The built-in DHCP server is enabled so it assigns every local NATed host an IP address of 192.168.1.x starting from 192.168.1.10.
  • Page 177 To use another DHCP server in the network rather than the built-in one of Vigor Router, you have to change the settings as show below. You can just set the settings wrapped inside the red rectangles to fit the request of NAT usage.
  • Page 178 Vigor2800 Series User’s Guide...

  • Page 179: Calling Scenario For Voip Function

    Example 1: Both John and David have SIP Addresses from different service providers. John’s SIP URL: 1234@draytel.org, David’s SIP URL: 4321@iptel.org Settings for John DialPlan index 1 Phone Number: 1111 Display Name: David SIP URL: 4321@iptel.org SIP Accounts Settings --- Profile Name: draytel1 Register via: Auto SIP Port: 5060 (default)
  • Page 180 Example 2: Both John and David have SIP Addresses from the same service provider. John’s SIP URL: 1234@draytel.org , David’s SIP URL: 4321@draytel.org Settings for John DialPlan index 1 Phone Number: 1111 Display Name: David SIP URL: 4321@draytel.org SIP Accounts Settings --- Profile Name: draytel 1 Register via: Auto SIP Port: 5060 (default)

  • Page 181: Peer-To-Peer Calling

    Example 3: Arnor and Paulin have Vigor routers respectively, they can call each other without SIP Registrar. First they must have each other’s IP address and assign an Account Name for the port used for calling. Arnor’s SIP URL: 1234@214.61.172.53 Settings for Arnor DialPlan index 1 Phone Number: 1111...

  • Page 182: Upgrade Firmware For Your Router

    4. The file RTSxxx.exe will be asked to copy onto your computer. Remember the place of storing the execution file. 5. Go to www.draytek.com to find out the newly update firmware for your router. 6. Access into Support Center >> Downloads. Find out the model name of the router and click the firmware link.
  • Page 183 9. Double click on the icon of router tool. The setup wizard will appear. 10. Follow the onscreen instructions to install the tool. Finally, click Finish to end the installation. 11. From the Start menu, open Programs and choose Router Tools XXX >> Firmware Upgrade Utility.

  • Page 184: Request A Certificate From A Ca Server On Windows Ca Server

    14. Click Send. 15. Now the firmware update is finished. Vigor2800 Series User’s Guide...
  • Page 185 Go to Certificate Management and choose Local Certificate. You can click GENERATE button to start to edit a certificate request. Enter the information in the certificate request. Copy and save the X509 Local Certificate Requet as a text file and save it for later use. Vigor2800 Series User’s Guide...
  • Page 186 Connect to CA server via web browser. Follow the instruction to submit the request. Below we take a Windows 2000 CA server for example. Select Request a Certificate. Select Advanced request. Select Submit a certificate request a base64 encoded PKCS #10 file or a renewal request using a base64 encoded PKCS #7 file Import the X509 Local Certificate Requet text file.
  • Page 187 Then you have done the request and the server now issues you a certificate. Select Base 64 encoded certificate and Download CA certificate. Now you should get a certificate (.cer file) and save it. Back to Vigor router, go to Local Certificate. Click IMPORT button and browse the file to import the certificate (.cer file) into Vigor router.

  • Page 188: Request A Ca Certificate And Set As Trusted On Windows Ca Server

    Use web browser connecting to the CA server that you would like to retrieve its CA certificate. Click Retrive the CA certificate or certificate recoring list. Vigor2800 Series User’s Guide...
  • Page 189 In Choose file to download, click CA Certificate Current and Base 64 encoded, and Download CA certificate to save the .cer. file. Back to Vigor router, go to Trusted CA Certificate. Click IMPORT button and browse the file to import the certificate (.cer file) into Vigor router. When finished, click refresh and you will find the below illustration.
  • Page 190 This page is left blank. Vigor2800 Series User’s Guide...

  • Page 191: Trouble Shooting

    This section will guide you to solve abnormal situations if you cannot access into the Internet after installing the router and finishing the web configuration. Please follow sections below to check your basic installation status stage by stage. Checking if the hardware status is OK or not. Checking if the network connection settings on your computer are OK or not.
  • Page 192 The example is based on Windows XP. As to the examples for other operation systems, please refer to the similar steps or find support notes in www.draytek.com. Go to Control Panel and then double-click on Network Connections. Right-click on Local Area Connection and click on Properties.
  • Page 193 Select Obtain an IP address automatically and Obtain DNS server address automatically. Double click on the current used MacOs on the desktop. Open the Application folder and get into Network. On the Network screen, select Using DHCP from the drop down list of Configure IPv4.

  • Page 194: Pinging The Router From Your Computer

    The default gateway IP address of the router is 192.168.1.1. For some reason, you might need to use “ping” command to check the link status of the router. The most important thing is that the computer will receive a reply from 192.168.1.1. If not, please check the IP address of your computer.
  • Page 195 Click Internet Access group and then check whether the ISP settings are set correctly. Check if the Enable option is selected. Check if Username and Password are entered with correct values that you got from your ISP. Vigor2800 Series User’s Guide...
  • Page 196 Check if the Enable option for Broadband Access is selected. Check if all parameters of DSL Modem Settings are entered with correct value that provided by your ISP. Especially, check if the encapsulation is selected properly or not (it should be the same with the setting on Quick Start Wizard). Check if IP Address, Subnet Mask and Gateway are set correctly (must identify with the values from your ISP) if you choose Specify an IP address.

  • Page 197: Backing To Factory Default Setting If Necessary

    After restore the factory default setting, you can configure the settings for the router again to fit your personal request. If the router still cannot work correctly after trying many efforts, please contact your dealer for further help right away. For any questions, please feel free to send e-mail to support@draytek.com. Vigor2800 Series User’s Guide...

This manual is also suitable for:

Vigor 2800gVigor 2800giVigor 2800vVigor 2800vgVigor 2800iVigor2800 ... Show all

Table of Contents