Draytek Vigor2930 Series User Manual
  1. Manuals
  2. Brands
  3. Draytek Manuals
  4. Firewall
  5. Vigor2930 Series
  6. User manual

Draytek Vigor2930 Series User Manual

Dual-wan security firewall
Hide thumbs Also See for Vigor2930 Series:
Table of Contents

Advertisement

Quick Links

See also: User Manual
Vigor2930 Series
Dual-WAN Security Firewall
User's Guide
Version: 1.2
Date: 2008/03/10
Copyright 2008 All rights reserved.
This publication contains information that is protected by copyright. No part may be reproduced, transmitted,
transcribed, stored in a retrieval system, or translated into any language without written permission from the copyright
holders. The scope of delivery and other details are subject to change without prior notice.
Microsoft is a registered trademark of Microsoft Corp.
Windows, Windows 95, 98, Me, NT, 2000, XP, Vista and Explorer are trademarks of Microsoft Corp.
Apple and Mac OS are registered trademarks of Apple Inc.
Other products may be trademarks or registered trademarks of their respective manufacturers.

Advertisement

Table of Contents
loading

Related Manuals for Draytek Vigor2930 Series

Summary of Contents for Draytek Vigor2930 Series

  • Page 1 Vigor2930 Series Dual-WAN Security Firewall User’s Guide Version: 1.2 Date: 2008/03/10 Copyright 2008 All rights reserved. This publication contains information that is protected by copyright. No part may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language without written permission from the copyright holders.

  • Page 2: Copyright Information

    Web registration is preferred. You can register your Vigor router via Owner http://www.draytek.com. Firmware & Tools Due to the continuous evolution of DrayTek technology, all routers will be Updates regularly upgraded. Please consult the DrayTek web site for more information on newest firmware, tools and documents.

  • Page 3: Regulatory Information

    Product: Vigor2930 Series Router DrayTek Corp. declares that Vigor2930 Series of routers are in compliance with the following essential requirements and other relevant provisions of R&TTE Directive 1999/5/EEC. The product conforms to the requirements of Electro-Magnetic Compatibility (EMC) Directive 2004/108/EC by complying with the requirements set forth in EN55022/Class B and EN55024/Class B.

  • Page 4: Table Of Contents

    3.2.3 Static Route ........................43 3.2.4 VLAN..........................46 3.2.5 Bind IP to MAC ....................... 47 3.3 NAT ............................48 3.3.1 Port Redirection ......................49 3.3.2 DMZ Host........................51 3.3.3 Open Ports........................54 3.4 Objects Settings ........................56 Vigor2930 Series User’s Guide...
  • Page 5 3.12 ISDN..........................150 3.12.1 Basic Concept......................150 3.12.2 General Settings ......................151 3.12.3 Dial to Single/Dual ISPs....................154 3.12.4 Call Control ......................... 157 3.13 Wireless LAN ........................159 3.13.1 Basic Concepts......................159 3.13.2 General Setup......................161 Vigor2930 Series User’s Guide...
  • Page 6 5.2 Checking If the Network Connection Settings on Your Computer Is OK or Not ....222 5.3 Pinging the Router from Your Computer ................224 5.4 Checking If the ISP Settings are OK or Not ................ 225 Vigor2930 Series User’s Guide...
  • Page 7 5.5 Backing to Factory Default Setting If Necessary ..............227 5.6 Contacting Your Dealer ....................... 228 Vigor2930 Series User’s Guide...

  • Page 9: Preface

    Add new settings for specified item. Edit the settings for the selected item. Delete the selected item with the corresponding settings. Note: For the other buttons shown on the web pages, please refer to Chapter 4 for detailed explanation. Vigor2930 Series User’s Guide...

  • Page 10: Led Indicators And Connectors

    ISDN S0 intern in Germany. The ISDN S0 (1) port on Vigor2930 series is fixed to connect phone forever and the LED on the connecter will light orange always. However ISDN S0 (2) port on this device is configurable for connecting phone or accessing Internet according to the settings that you adjust on WEB UI (please refer to VoIP>>Phone Setting for detailed information).

  • Page 11: For Vigor2930

    Then the router will restart with the factory default configuration. Restart Restart the router forcefully. WAN(1/2) Connecters for remote networked devices. LAN (1-4) Connecters for local networked devices. Connecter for a power adapter. Power Switch. ON/OFF Vigor2930 Series User’s Guide...

  • Page 12: For Vigor2930N

    Then the router will restart with the factory default configuration. Restart Restart the router forcefully. Phone (1/2) Connecters for PSTN phones. WAN (1/2) Connecters for remote networked devices. Vigor2930 Series User’s Guide...
  • Page 13 LAN (1-4) Connecters for local networked devices. Connecter for a power adapter.. Power Switch. ON/OFF Vigor2930 Series User’s Guide...

  • Page 14: For Vigor2930Vn

    Then the router will restart with the factory default configuration. Restart Restart the router forcefully. Phone (1/2) Connecters for PSTN phones. WAN (1/2) Connecters for remote networked devices. Vigor2930 Series User’s Guide...
  • Page 15 LAN (1-4) Connecters for local networked devices. Connecter for a power adapter. Power Switch. ON/OFF Vigor2930 Series User’s Guide...

  • Page 16: For Vigor2930Vs

    (phone call) is transmitting. Left LED The port is connected. WAN 1/2 (Green) The port is disconnected. Blinking The data is transmitting. Right LED The port is connected with 100Mbps. (Green) The port is disconnected with 10Mbps. Vigor2930 Series User’s Guide...
  • Page 17 Connecter for ISDN line or ISDN phone adapter in particular condition. Refer to section 2.2 for more details. WAN (1/2) Connecters for remote networked devices. LAN (1-4) Connecters for local networked devices. Connecter for a power adapter. Power Switch. ON/OFF Vigor2930 Series User’s Guide...

  • Page 18: For Vigor2930Vsn

    In ISDN TE mode, it means data, fax or voice (phone call) is transmitting. Left LED The port is connected. WAN 1/2 (Green) The port is disconnected. Blinking The data is transmitting. Right LED The port is connected with 100Mbps. Vigor2930 Series User’s Guide...
  • Page 19 Connecter for ISDN line or ISDN phone adapter in particular condition. Refer to section 2.2 for more details. WAN (1/2) Connecters for remote networked devices. LAN (1-4) Connecters for local networked devices. Connecter for a power adapter. Power Switch. ON/OFF Vigor2930 Series User’s Guide...

  • Page 20: Hardware Installation

    (For the detailed information of LED status, please refer to section 1.2.) Caution: Each of the Phone ports can be connected to an analog phone only. Do not connect the phone ports to the telephone wall jack. Such connection might damage your router. Vigor2930 Series User’s Guide...

  • Page 21: Isdn Phone Adapter Installation

    However, if the user configures ISDN S0 2 as ISDN line in VoIP>> Phone Settings, the green LED will light on to indicate ISDN2-TE mode is selected. Then, the port is specified for ISDN line only. Refer to the following figure for reference. Vigor2930 Series User’s Guide...
  • Page 22 This page is left blank. Vigor2930 Series User’s Guide...

  • Page 23: Configuring Basic Settings

    Please type default values (both username and password are Null) on the window for the first time accessing and click OK for next screen. Now, the Main Screen will pop up. Vigor2930 Series User’s Guide...
  • Page 24 New Password and retype it on the field of Retype New Password. Then click OK to continue. Now, the password has been changed. Next time, use the new password to access the Web Configurator for this router. Vigor2930 Series User’s Guide...

  • Page 25: Quick Start Wizard

    On the next page as shown below, please select the appropriate Internet access type according to the information from your ISP. For example, you should select PPPoE mode if the ISP provides you PPPoE interface. Then click Next for next step. Vigor2930 Series User’s Guide...

  • Page 26: Pppoe

    User Name Assign a specific valid user name provided by the ISP. Password Assign a valid password provided by the ISP. Confirm Password Retype the password. Click Next for viewing summary of such connection. Vigor2930 Series User’s Guide...
  • Page 27 Click Finish. A page of Quick Start Wizard Setup OK!!! will appear. Then, the system status of this protocol will be shown. Vigor2930 Series User’s Guide...

  • Page 28: Pptp

    Click PPTP as the protocol. Type in all the information that your ISP provides for this protocol. Click Next for viewing summary of such connection. Click Finish. A page of Quick Start Wizard Setup OK!!! will appear. Then, the system status of this protocol will be shown. Vigor2930 Series User’s Guide...

  • Page 29: Static Ip

    After finishing the settings in this page, click Next to see the following page. Click Finish. A page of Quick Start Wizard Setup OK!!! will appear. Then, the system status of this protocol will be shown. Vigor2930 Series User’s Guide...

  • Page 30: Dhcp

    After finishing the settings in this page, click Next to see the following page. Click Finish. A page of Quick Start Wizard Setup OK!!! will appear. Then, the system status of this protocol will be shown. Vigor2930 Series User’s Guide...

  • Page 31: Online Status

    If you select PPPoE/PPTP as the protocol, you will find out a link of Dial PPPoE/PPPoA or Drop PPPoE/PPPoA in the Online Status web page. Online status for PPPoE Online status for PPTP (for WAN2) Online status for Static IP (for WAN1) Vigor2930 Series User’s Guide...
  • Page 32 Displays the total number of received packets at the ISDN interface. RX Rate Displays the speed of received octets at the ISDN interface. Up Time Displays the total uptime of the interface. Displays the charge information of the interface. Vigor2930 Series User’s Guide...

  • Page 33: Saving Configuration

    Each time you click OK on the web page for saving the configuration, you can find messages showing the system interaction with you. Ready indicates the system is ready for you to input settings. Settings Saved means your settings are saved once you click Finish or OK button. Vigor2930 Series User’s Guide...
  • Page 34 This page is left blank. Vigor2930 Series User’s Guide...

  • Page 35: Advanced Web Configuration

    Then a session will be created. Your user ID and password is authenticated via PAP or CHAP with RADIUS authentication system. And your IP address, DNS server, and other related information will usually be assigned by your ISP. Vigor2930 Series User’s Guide...

  • Page 36: General Setup

    Type the description for the WAN1/WAN2 interface. Physical Mode For WAN1, the physical connection is done through ADSL port; yet the physical connection for WAN2 is done through an Ethernet port (P1). You cannot change it. Vigor2930 Series User’s Guide...
  • Page 37 15 seconds. WAN1 Download speed exceed XX kbps– It means the connection for WAN2 will be activated when WAN1 Download speed exceed certain value that you set in this box for 15 seconds. Vigor2930 Series User’s Guide...

  • Page 38: Internet Access

    There are three access modes provided for PPPoE, Static or Dynamic IP and PPTP. Details Page This button will open different web page according to the access mode that you choose in WAN1 or WAN2. Vigor2930 Series User’s Guide...
  • Page 39 ARP Detect or Ping Detect. Mode – Choose ARP Detect or Ping Detect for the system to execute for WAN detection. Ping IP – If you choose Ping Detect as detection mode, you have Vigor2930 Series User’s Guide...
  • Page 40 After finishing all the settings here, please click OK to activate them. For static IP mode, you usually receive a fixed public IP address or a public subnet, namely multiple public IP addresses from your DSL or Cable ISP service providers. In most cases, a Vigor2930 Series User’s Guide...
  • Page 41 PING Interval - Enter the interval for the system to execute the PING operation. RIP Protocol Routing Information Protocol is abbreviated as RIP (RFC1058) specifying how routers exchange routing tables information. Click Enable RIP for activating this function. Vigor2930 Series User’s Guide...
  • Page 42 Specify a MAC Address and enter the MAC address in the MAC Address field. DNS Server IP Type in the primary IP address for the router if you want to use Address Static IP mode. If necessary, type in secondary IP address for Vigor2930 Series User’s Guide...
  • Page 43 In this case, you can fill in this IP address in the Fixed IP field. Please contact your ISP before you want to use this function. Click Yes to use this function and type in a Vigor2930 Series User’s Guide...

  • Page 44: Load-Balance Policy

    WAN2 interface. The user can assign traffic category and force it to go to dedicate network interface based on the following web page setup. Twenty policies of load-balance are supported by this router. Note: Load-Balance Policy is running only when both WAN1 and WAN2 are activated. Vigor2930 Series User’s Guide...
  • Page 45 Display the IP address for the start of the destination port. Dest Port End Display the IP address for the end of the destination port. Click Index 1 to access into the following page for configuring load-balance policy. Vigor2930 Series User’s Guide...
  • Page 46 Type the destination port start for the destination IP. Dest Port End Type the destination port end for the destination IP. If this field is blank, it means that all the destination ports will be passed through the WAN interface. Vigor2930 Series User’s Guide...

  • Page 47: Lan

    IP address. As a part of the public subnet, the Vigor router will serve for IP routing to help hosts in the public subnet to communicate with other public hosts or servers outside. Therefore, the router should be set as the gateway for public hosts. Vigor2930 Series User’s Guide...
  • Page 48 You can group local hosts by physical ports and create up to 4 virtual LANs. To manage the communication between different groups, please set up rules in Virtual LAN (VLAN) function and the rate of each. Vigor2930 Series User’s Guide...

  • Page 49: General Setup

    Type in secondary IP address for connecting to a subnet. (Default: 192.168.2.1/ 24) Subnet Mask An address code that determines the size of the network. (Default: 255.255.255.0/ 24) DHCP Server You can configure the router to serve as a DHCP server for the 2nd subnet. Vigor2930 Series User’s Guide...
  • Page 50 DHCP server to assign IP addresses to. The default is 50 and the maximum is 253. Gateway IP Address - Enter a value of the gateway IP address for the DHCP server. The value is usually as same as the 1st IP address Vigor2930 Series User’s Guide...

  • Page 51: Static Route

    There are two common scenarios of LAN settings that stated in Chapter 4. For the configuration examples, please refer to that chapter to get more information for your necessity. Go to LAN to open setting page and choose Static Route. Vigor2930 Series User’s Guide...
  • Page 52 Before setting Static Route, user A cannot talk to user B for Router A can only forward recognized packets to its default gateway Main Router. Go to LAN page and click General Setup, select 1st Subnet as the RIP Protocol Control. Then click the OK button. Vigor2930 Series User’s Guide...
  • Page 53 Return to Static Route Setup page. Click on another Index Number to add another static route as show below, which regulates all packets destined to 211.100.88.0 will be forwarded to 192.168.1.3. Go to Diagnostics and choose Routing Table to verify current routing table. Vigor2930 Series User’s Guide...

  • Page 54: Vlan

    To add or remove a VLAN, please refer to the following example. If, VLAN 0 is consisted of hosts linked to P1 and P2 and VLAN 1 is consisted of hosts linked to P3 and P4. Vigor2930 Series User’s Guide...

  • Page 55: Bind Ip To Mac

    Click this radio button to disable this function. All the settings on this page will be invalid. Strict Bind Click this radio button to block the connection of the IP/MAC which is not listed in IP Bind List. Vigor2930 Series User’s Guide...

  • Page 56: Nat

    192.168.1.0/24 subnet for the router. As stated before, the NAT facility can map one or more IP addresses and/or service ports into different specified services. In other words, the NAT function can be achieved by using port mapping methods. Vigor2930 Series User’s Guide...

  • Page 57: Port Redirection

    The port redirection can only apply to incoming traffic. To use this function, please go to NAT page and choose Port Redirection web page. The Port Redirection Table provides 20 port-mapping entries for the internal hosts. Vigor2930 Series User’s Guide...
  • Page 58 Specify which port can be redirected to the specified Private IP and Port of the internal host. If you choose Range as the port redirection mode, you will see two boxes on this field. Simply type Vigor2930 Series User’s Guide...

  • Page 59: Dmz Host

    LAN. Regular web surfing and other such Internet activities from other clients will continue to work without inappropriate interruption. DMZ Host allows a defined internal user to be totally exposed to the Internet, which usually helps some special applications such as Netmeeting or Internet Games etc. Vigor2930 Series User’s Guide...
  • Page 60 We suggest you to add additional filter rules or a secondary firewall. Click DMZ Host to open the following page: If you previously have set up WAN Alias in Internet Access>>PPPoE/PPPoA or Internet Access>>MPoA, you will find them in Aux. WAN IP list for your selection. Vigor2930 Series User’s Guide...
  • Page 61 DMZ host. When you have selected one private IP from the above dialog, the IP address will be shown on the following screen. Click OK to save the setting. Vigor2930 Series User’s Guide...

  • Page 62: Open Ports

    Inactive or Active state. To add or edit port settings, click one index number on the page. The index entry setup page will pop up. In each index entry, you can specify 10 port ranges for diverse services. Vigor2930 Series User’s Guide...
  • Page 63 Specify the transport layer protocol. It could be TCP, UDP, or ----- (none) for selection. Start Port Specify the starting port number of the service offered by the local host. End Port Specify the ending port number of the service offered by the local host. Vigor2930 Series User’s Guide...

  • Page 64: Objects Settings

    Besides, you can define object profiles for different policy of IM (Instant Messenger)/P2P (Peer to Peer)/Misc application. You can set up to 192 sets of IP Objects with different conditions. Set to Factory Default Clear all profiles. Click the number under Index column for settings in detail. Vigor2930 Series User’s Guide...
  • Page 65 Type the subnet mask if the Subnet Address type is selected. Invert Selection If it is checked, all the IP addresses except the ones listed above will be applied later while it is chosen. Below is an example of IP objects settings. Vigor2930 Series User’s Guide...

  • Page 66: Ip Group

    Available IP Objects All the available IP objects with the specified interface chosen above will be shown in this box. Selected IP Objects Click >> button to add the selected IP objects in this box. Vigor2930 Series User’s Guide...

  • Page 67: Service Type Object

    The filter rule will filter out any port number. (=) – when the first and last value are the same, it indicates one port; when the first and last values are different, it indicates a range for the port and available for this profile. Vigor2930 Series User’s Guide...

  • Page 68: Service Type Group

    Below is an example of service type objects settings. This page allows you to bind several service types into one group. Set to Factory Default Clear all profiles. Click the number under Index column for settings in detail. Vigor2930 Series User’s Guide...

  • Page 69: Csm-Im Object

    You can define policy profiles for IM (Instant Messenger) application. The object profile(s) configured here will be seen and adopted in CSM>>IM/P2P Profile page. Set to Factory Default Clear all profiles. Click the number under Index column for settings in detail. Vigor2930 Series User’s Guide...

  • Page 70: Csm-P2P Object

    Check the items that disallow to use. Any device that uses such profile might not be allowed to access into the forbidden items. You can define policy profiles for P2P (Point-to-Point) application. The object profile(s) configured here will be seen and adopted in CSM>>IM/P2P Profile page. Vigor2930 Series User’s Guide...
  • Page 71 Check the items that disallow to use. Any device that uses such profile might not be allowed to access into the forbidden items. In the above figure, BitTorrent protocol is disallowed if you apply such object profile as filtering rule (setting in Firewall). Vigor2930 Series User’s Guide...

  • Page 72: Csm-Misc Object

    Click the number under Index column for settings in detail. Profile Name Type a name for the CSM profile. Check for Disallow Check the items that disallow to use. Any device that uses such profile might not be allowed to access into the forbidden items. Vigor2930 Series User’s Guide...

  • Page 73: Csm

    Later, in the Firewall>>General Setup and Firewall>>Edit Filter Set>>Edit Filter Rule pages, you can use IM/P2P drop down list to choose the proper CSM-IM profile as the standard for the host(s) to follow. See the following example. Vigor2930 Series User’s Guide...

  • Page 74: Url Content Filter Profile

    Or you may simply specify the full or partial URL such as “www.sex.com” or “sex.com”. Also the Vigor router will discard any request that tries to retrieve the malicious code. Click CSM and click URL Content Filter Profile to open the setup page. Vigor2930 Series User’s Guide...
  • Page 75 Vigor router perform. Check the box to deny any web surfing activity using IP address, Prevent web access from IP address such as http://202.6.3.2. The reason for this is to prevent someone Vigor2930 Series User’s Guide...

  • Page 76: Web Content Filter Profile

    Please note that this action will not introduce any delay in your Web surfing because each of multiple load balanced database servers can handle millions of requests for categorization. Vigor2930 Series User’s Guide...
  • Page 77 Click CSM and click Web Content Filter to open the setup page. For this section, please refer to Web Content Filter user’s guide. Vigor2930 Series User’s Guide...

  • Page 78: Firewall

    The users on the LAN are provided with secured protection by the following firewall facilities: User-configurable IP filter (Call Filter/ Data Filter). Stateful Packet Inspection (SPI): tracks packets and denies unsolicited incoming data Selectable Denial of Service (DoS) /Distributed DoS (DDoS) attacks protection Vigor2930 Series User’s Guide...
  • Page 79 The stateful firewall of Vigor router not just examine the header information also monitor the state of the connection. Vigor2930 Series User’s Guide...

  • Page 80: General Setup

    So here you assign the Start Filter Set only. Also you can configure the Log Flag settings, Apply IP filter to VPN incoming packets, and Accept incoming fragmented UDP packets. Click Firewall and click General Setup to open the general setup page. Vigor2930 Series User’s Guide...

  • Page 81: Filter Setup

    Select Pass or Block for the packets that do not match with the filter rules. For troubleshooting needs you can specify the filter log and/or CSM log here by checking the box. The log will be displayed on Draytek Syslog window. IM/P2P Select an IM/P2P profile for global IM/P2P application blocking.
  • Page 82 Do not make a loop with many filter sets. To edit Filter Rule, click the Filter Rule index button to enter the Filter Rule setup page. Check to enable the Check this box to enable the filter rule. Filter Rule Vigor2930 Series User’s Guide...
  • Page 83 From the IP Group drop down list, choose the one that you want to apply. Or use the IP Object drop down list to choose the object that you want. Service Type Click Edit to access into the following dialog to choose a suitable service type. Vigor2930 Series User’s Guide...
  • Page 84 Block If No Further Match - A packet matching the rule, and that does not match further rules, will be dropped. Pass If No Further Match - A packet matching the rule, and that does not match further rules, will be passed through. Vigor2930 Series User’s Guide...
  • Page 85 For troubleshooting needs you can specify the filter log and/or CSM log here. Check the corresponding box to enable the log function. Then, the filter log and/or CSM log will be shown on Draytek Syslog window. Vigor2930 Series User’s Guide...
  • Page 86 Each filter set is composed by 7 filter rules, which can be further defined. After that, in General Setup you may specify one set for call filter and one set for data filter to execute first. Vigor2930 Series User’s Guide...

  • Page 87: Dos Defense

    Port Scan attacks the Vigor router by sending lots of packets to detection many ports in an attempt to find ignorant services would respond. Check the box to activate the Port Scan detection. Whenever detecting this malicious exploration behavior by monitoring the Vigor2930 Series User’s Guide...
  • Page 88 ICMP packets with more fragment bit set are dropped. Block Unknown Check the box to activate the Block Unknown Protocol function. Protocol Individual IP packet has a protocol field in the datagram header to indicate the protocol type running over the upper layer. However, Vigor2930 Series User’s Guide...
  • Page 89 All the warning messages related to DoS Defense will be sent to user and user can review it through Syslog daemon. Look for the keyword DoS in the message, followed by a name to indicate what kind of attacks is detected. Vigor2930 Series User’s Guide...

  • Page 90: Bandwidth Management

    LAN. Limitation List Displays a list of specific limitations that you set on this web page. Start IP Defines the start IP address for limit session. End IP Defines the end IP address for limit session. Vigor2930 Series User’s Guide...
  • Page 91 You can type in four sets of time schedule for your request. Setup All the schedules can be set previously in Application – Schedule web page and you can use the number that you have set in that web page. Vigor2930 Series User’s Guide...

  • Page 92: Bandwidth Limit

    End IP Define the end IP address for limit bandwidth. Each/Shared Select Each to make each IP within the range of Start IP and End IP having the same speed defined in TX limit and RX Vigor2930 Series User’s Guide...

  • Page 93: Quality Of Service

    DSCP is a successor creating 64 classes possible with backward IP Precedence compatibility. In a QoS-enabled network, or Differentiated Service (DiffServ or DS) framework, a DS domain owner should sign a Service License Agreement (SLA) with other DS domain Vigor2930 Series User’s Guide...
  • Page 94 There are four queues allowed for QoS control. The first three (Class 1 to Class 3) class rules can be adjusted for your necessity. Yet, the last one is reserved for the packets which are not suitable for the user-defined class rules. Vigor2930 Series User’s Guide...
  • Page 95 UDP application traffic such as streaming video will exhaust lots of bandwidth. Outbound TCP ACK The difference in bandwidth between download and upload Prioritize are great in ADSL2+ environment. For the download speed might be impacted by the uploading TCP ACK, you can Vigor2930 Series User’s Guide...
  • Page 96 Edit link of that one. After you click the Edit link, you will see the following page. Now you can define the name for that Class. In this case, “Test” is used as the name of Class Index #1. Vigor2930 Series User’s Guide...
  • Page 97 All the packets of data will be divided with different levels and will be processed according to the level type by the system. Please assign one of the levels of the data for processing with QoS control. Vigor2930 Series User’s Guide...
  • Page 98 Edit to open the rule edit page for modification. To add a new service type, edit or delete an existed service type, please click the Edit link under Service Type field. After you click the Edit link, you will see the following page. Vigor2930 Series User’s Guide...
  • Page 99 Range as the type. By the way, you can set up to 40 service types. If you want to edit/delete an existed service type, please select the radio button of that one and click Edit/Edit for modification. Vigor2930 Series User’s Guide...

  • Page 100: Applications

    Click the number below Index to access into the setting page of DDNS setup to set account(s). WAN Interface Display current WAN interface used for accessing Internet. Domain Name Display the domain name that you set on the setting page of DDNS setup. Vigor2930 Series User’s Guide...
  • Page 101 Delete a Dynamic DNS Account In the DDNS setup menu, click the Index number you want to delete and then push Clear All button to delete the account. Vigor2930 Series User’s Guide...

  • Page 102: Schedule

    You can set up to 15 schedules. Then you can apply them to your Internet Access or VPN and Remote Access >> LAN-to-LAN settings. To add a schedule, please click any index, say Index No. 1. The detailed settings of the call schedule with index 1 are shown below. Vigor2930 Series User’s Guide...

  • Page 103: Radius

    Remote Authentication Dial-In User Service (RADIUS) is a security authentication client/server protocol that supports authentication, authorization and accounting, which is widely used by Internet service providers. It is the most common method of authenticating and authorizing dial-up and tunneled network users. Vigor2930 Series User’s Guide...
  • Page 104 The RADIUS server and client share a secret that is used to authenticate the messages sent between them. Both sides must be configured to use the same shared secret. Confirm Shared Secret Re-type the Shared Secret for confirmation. Vigor2930 Series User’s Guide...

  • Page 105: Upnp

    NAT router. The application will also learn the external IP address and configure port mappings on the router. Subsequently, such a facility forwards packets from the external ports of the router to the internal ports used by the application. Vigor2930 Series User’s Guide...

  • Page 106: Wake On Lan

    PC on this web page of Wake on LAN of this router. In addition, such PC must have installed a network card supporting WOL function. By the way, WOL function must be set as “Enable” on the BIOS setting. Vigor2930 Series User’s Guide...
  • Page 107 MAC Address Type any one of the MAC address of the binded PCs. Wake Up Click this button to wake up the selected IP. See the following figure. The result will be shown on the box. Vigor2930 Series User’s Guide...

  • Page 108: Vpn And Remote Access

    NAT settings, such as DMZ or open port. The Vigor router will not accept the ISDN dial-in connection if the box of Enable ISDN Dial-in is not checked. This submenu only applies to PPP-related VPN connections, such as PPTP, L2TP, L2TP over IPSec. Vigor2930 Series User’s Guide...
  • Page 109 For example, if the local private network is 192.168.1.0/255.255.255.0, you could choose 192.168.1.200 as the Start IP Address. But, you have to notice that the first two IP addresses of 192.168.1.200 and 192.168.1.201 are reserved for ISDN remote dial-in user. Vigor2930 Series User’s Guide...

  • Page 110: Ipsec General Setup

    IPSec-related VPN connections such as L2TP over IPSec and IPSec tunnel. Pre-Shared Key -Currently only support Pre-Shared Key authentication. Pre-Shared Key- Specify a key for IKE authentication Confirm Pre-Shared Key- Retype the characters to confirm the pre-shared key. Vigor2930 Series User’s Guide...

  • Page 111: Ipsec Peer Identity

    Click each index to edit one peer digital certificate. There are three security levels of digital signature authentication: Fill each necessary field to authenticate the remote peer. The following explanation will guide you to fill all the necessary fields. Vigor2930 Series User’s Guide...
  • Page 112 Click to check the specific fields of digital signature to accept the peer with matching value. The field includes Country (C), State (ST), Location (L), Organization (O), Organization Unit (OU), Common Name (CN), and Email (E). Vigor2930 Series User’s Guide...

  • Page 113: Remote Dial-In User

    Click each index to edit one remote user profile. Each Dial-In Type requires you to fill the different corresponding fields on the right. If the fields gray out, it means you may leave it untouched. The following explanation will guide you to fill all the necessary fields. Vigor2930 Series User’s Guide...
  • Page 114 L2TP connection. Specify Remote Node Check the checkbox-You can specify the IP address of the remote dial-in user, ISDN number or peer ID (used in IKE aggressive mode). Uncheck the checkbox-This means the connection type you Vigor2930 Series User’s Guide...
  • Page 115 Once the callback budget has been exhausted, the callback mechanism will be disabled automatically. Callback Budget (Unit: minutes)- Specify the time budget for the dial-in user. The budget will be decreased automatically per callback connection. Vigor2930 Series User’s Guide...

  • Page 116: Lan To Lan

    4 subgroups. If the fields gray out, it means you may leave it untouched. The following explanations will guide you to fill all the necessary fields. For the web page is too long, we divide the page into several sections for explanation. Vigor2930 Series User’s Guide...
  • Page 117 VPN connection. Call Direction Specify the allowed call direction of this LAN-to-LAN profile. Both:-initiator/responder Dial-Out- initiator only Dial-In- responder only. Always On or Idle Timeout Always On-Check to enable router always keep VPN connection. Vigor2930 Series User’s Guide...
  • Page 118 This field is applicable when you select ISDN, PPTP or L2TP with or without IPSec policy above. PPP Authentication This field is applicable when you select ISDN, PPTP or L2TP with or without IPSec policy above. PAP/CHAP is the most common selection due to wild compatibility. Vigor2930 Series User’s Guide...
  • Page 119 Main mode is more secure than Aggressive mode since more exchanges are done in a secure channel to set up the IPSec session. However, the Aggressive mode is faster. The default value in Vigor router is Main mode. Vigor2930 Series User’s Guide...
  • Page 120 Vigor router to callback, the local ISDN number will be provided to the remote peer. Check here to allow the Vigor router to send the ISDN number to the remote router. This feature is useful for i model only. Vigor2930 Series User’s Guide...
  • Page 121 L2TP without IPSec policy can be viewed as one pure L2TP connection. Nice to Have - Apply the IPSec policy first, if it is applicable during negotiation. Otherwise, the dial-in VPN connection becomes one pure L2TP connection. Vigor2930 Series User’s Guide...
  • Page 122 ONLY call back to the specified Callback Number. Callback budget- By default, the callback function has limitation of callback period. Once the callback budget is exhausted, the function will be disabled automatically. Vigor2930 Series User’s Guide...
  • Page 123 Check this box to change the default route with this VPN this VPN tunnel tunnel. Be aware that this setting is available only for one WAN interface is enabled. It is not available when both WAN interfaces are enabled. You have to disable one WAN Vigor2930 Series User’s Guide...

  • Page 124: Connection Management

    Tool and clicking Dial button. Dial Click this button to execute dial out function. Refresh Seconds Choose the time for refresh the dial information among 5, 10, and 30. Refresh Click this button to refresh the whole connection status. Vigor2930 Series User’s Guide...

  • Page 125: Certificate Management

    Remember to adjust the time of Vigor router before using the certificate so that you can get the correct valid period of certificate. Below shows the menu items for Certificate Management. Generate Click this button to open Generate Certificate Request window. Vigor2930 Series User’s Guide...
  • Page 126 Refresh Click this button to refresh the information listed below. View Click this button to view the detailed settings for certificate request. After clicking Generate, the generated information will be displayed on the window below: Vigor2930 Series User’s Guide...

  • Page 127: Trusted Ca Certificate

    For viewing each trusted CA certificate, click View to open the certificate detail information window. If you want to delete a CA certificate, choose the one and click Delete to remove all the certificate information. Vigor2930 Series User’s Guide...

  • Page 128: Certificate Backup

    Internet bandwidth. Usually there will be two types of calling scenario, as illustrated below: Calling via SIP Servers First, the Vigor V models of yours will have to register to a SIP Registrar by sending Vigor2930 Series User’s Guide...

  • Page 129: Dialplan

    This page allows you to set phone book and digit map for the VoIP function. Click the Phone Book and Digit Map links on the page to access into next pages for dialplan settings. Vigor2930 Series User’s Guide...
  • Page 130 Click any index number to display the dial plan setup page. Enable Click this to enable this entry. Phone Number The speed-dial number of this index. This can be any number you choose, using digits 0-9 and * . Vigor2930 Series User’s Guide...
  • Page 131 For the convenience of user, this page allows users to edit prefix number for the SIP account with adding number, stripping number or replacing number. It is used to help user having a quick and easy way to dial out through VoIP interface. Vigor2930 Series User’s Guide...
  • Page 132 VoIP interface. Take the above picture (Prefix Table Setup web page) as an example, the prefix number of 03 will be replaced by 8863. For example: dial number of “031111111” will be changed to “88631111111” and sent to Vigor2930 Series User’s Guide...
  • Page 133 SIP accounts. Please set up one SIP account first to make this interface available. Call barring is used to block phone calls that are not welcomed. Click any index number to display the dial plan setup page. Vigor2930 Series User’s Guide...
  • Page 134 For Block Anonymous – this function can block the incoming calls without caller ID on the interface (Phone 1 or Phone 2 or both) specified in the following window. Such controlling also can be done based on preconfigured schedules. Vigor2930 Series User’s Guide...
  • Page 135 This page allows you to process incoming or outgoing phone calls by regional. Default values (common used in most areas) will be shown on this web page. You can change the number based on the region that the router is placed. Vigor2930 Series User’s Guide...
  • Page 136 Dial the number typed in this field to make your phone number (ID) not displayed on the display panel of remote end. Hide caller ID [Deact] Dial the number typed in this field to release this function. Vigor2930 Series User’s Guide...

  • Page 137: Sip Accounts

    SIP Address as in Account Name@ Domain name As Vigor VoIP Router is turned on, it will first register with Registrar using AuthorizationUser@Domain/Realm. After that, your call will be bypassed by SIP Proxy to the destination using AccountName@Domain/Realm as identity. Vigor2930 Series User’s Guide...
  • Page 138 Vigor2930 Series User’s Guide...
  • Page 139 SIP server. Profile Name Assign a name for this profile for identifying. You can type similar name with the domain. For example, if the domain name is draytel.org, then you might set draytel-1 in this field. Vigor2930 Series User’s Guide...
  • Page 140 Manual – Choose this option if you want to specify an external IP address as the NAT transversal support. Nortel – If the soft-switch that you use supports Nortel solution, you can choose this option. Vigor2930 Series User’s Guide...

  • Page 141: Phone Settings

    If you want to enable function of ISDN On-Net/Off-Net, you have to choose ISDN2-TE. Call Feature – A brief description for call feature will be shown in this field for your reference. Codec – The default Codec setting for each port will be Vigor2930 Series User’s Guide...
  • Page 142 RTP TOS – It decides the level of VoIP package. Use the drop down list to choose any one of them. Click the number link of each port, you can access into the following page for configuring Phone settings. Below is the sample page for Phone1. Vigor2930 Series User’s Guide...
  • Page 143 Index (1-15) in Schedule - Enter the index of schedule profiles to control the DND mode according to the preconfigured schedules. Refer to section 3.5.2 Schedule for Vigor2930 Series User’s Guide...
  • Page 144 You can set SIP accounts (up to six groups) on SIP Account page. Use the drop down list to choose one of the profile names for the accounts as the default one for this phone setting. Vigor2930 Series User’s Guide...
  • Page 145 Congestion tone will be shown automatically on the page. If you cannot find out a suitable one, please choose User Defined and fill out the corresponding values for dial tone, ringing tone, busy tone, congestion tone by yourself for VoIP phone. Vigor2930 Series User’s Guide...
  • Page 146 DTMF tone and transfer it into SIP form. Then it will be sent to the remote end with SIP message. Payload Type (rfc2833) - Choose a number from 96 to 127, the default value was 101. This setting is available for the OutBand (RFC2833) mode. Vigor2930 Series User’s Guide...
  • Page 147 No answer means if the incoming calls do not receive any response, they will be forwarded to the SIP URL by the time out. SIP URL – Type in the SIP URL (e.g., aaa@draytel.org or Vigor2930 Series User’s Guide...
  • Page 148 20 ms voice information. Voice Active Detector - This function can detect if the voice on both sides is active or not. If not, the router will do something to save the bandwidth for other using. Click On to Vigor2930 Series User’s Guide...
  • Page 149 Or you can adjust tone settings manually if you choose User Defined. TOn1, TOff1, TOn2 and TOff2 mean the cadence of the tone pattern. TOn1 and TOn2 represent sound-on; TOff1 and TOff2 represent the sound-off. Vigor2930 Series User’s Guide...
  • Page 150 User Defined and fill out the corresponding values for dial tone, ringing tone, busy tone, congestion tone by yourself for VoIP phone. Also, you can specify each field for your necessity. It is recommended for you to use the default settings for VoIP communication. Vigor2930 Series User’s Guide...
  • Page 151 30 – 39) with any number you desire. For example, type 50 in the box of MSN 30. Later you will find MSN 30 has been replaced with MSN50 in all related pages. See the following figures for examples (pages of VoIP>>SIP Accounts and VoIP>>Phone Settings). Vigor2930 Series User’s Guide...
  • Page 152 Please use the drop down list to choose the one you want. If you choose ISDN2-S0, please refer to Detailed Settings for Phone1, Phone2, ISDN1-S0 for the configuration. However, if you choose ISDN-TE and click the number link for that port, you will see the following page. Vigor2930 Series User’s Guide...
  • Page 153 Index (1-15) in Schedule - Enter the index of schedule profiles to control the DND mode according to the preconfigured schedules. Refer to section 3.5.2 Schedule for detailed configuration. Index (1-60) in Phone Book - Enter the index of phone book Vigor2930 Series User’s Guide...
  • Page 154 ISDN line. Loop Through to Phone Port – Choose this radio button to make all the calls controlled by traditional PSTN phone. It will tack effect only if MSN mapping ring port is not Vigor2930 Series User’s Guide...
  • Page 155 Congestion tone will be shown automatically on the page. If you cannot find out a suitable one, please choose User Defined and fill out the corresponding values for dial tone, ringing tone, busy tone, congestion tone by yourself for VoIP phone. Vigor2930 Series User’s Guide...
  • Page 156 DTMF tone. SIP INFO: Choose this one then the Vigor will capture the DTMF tone and transfer it into SIP form. Then it will be sent to the remote end with SIP message. Vigor2930 Series User’s Guide...

  • Page 157: Status

    IDLE - Indicates that the VoIP function is idle. HANG_UP - Indicates that the connection is not established (busy tone). CONNECTING - Indicates that the user is calling out. WAIT_ANS - Indicates that a connection is launched and waiting for remote user’s answer. Vigor2930 Series User’s Guide...

  • Page 158: Isdn

    Display logs of VoIP calls. ISDN means integrated services digital network that is an international communications standard for sending voice, video, and data over digital telephone lines or normal telephone wires. Below shows the menu items for ISDN. Vigor2930 Series User’s Guide...

  • Page 159: General Settings

    MSN number MSN Numbers for the MSN Numbers mean that the router is able to accept only Router number-matched incoming calls. In addition, local ISDN network provider should support MSN services. The router Vigor2930 Series User’s Guide...
  • Page 160 Usually the router will send "Own Number" to the remote side. However Own number will restrict the router displaying only one number on remote side. Vigor2930 series can connect up to 6 phones at the same time. Therefore, if CLIP is selected, the external MSN numbers that you setup will be displayed to remote side.
  • Page 161 If you use ISDN1-S0 with MSN 5972729 to dial an outgoing call: remote user will see the number 5972729 because Phone CLIP is checked. If you use ISDN1-S0 without MSN Setup to dial an outgoing call: remote user will see the number 5972720 because Phone CLIP is checked. Vigor2930 Series User’s Guide...

  • Page 162: Dial To Single/Dual Isps

    Idle Timeout - Idle timeout means the router will be disconnect after being idle for a preset amount of time. The default is 180 seconds. If you set the time to 0, the ISDN connection to the ISP will always remain on. Vigor2930 Series User’s Guide...
  • Page 163 Idle Timeout - Idle timeout means the router will be disconnect after being idle for a preset amount of time. The default is 180 seconds. If you set the time to 0, the ISDN connection to the ISP will always remain on. Vigor2930 Series User’s Guide...
  • Page 164 To have an ISDN connection, please click this link. Now, the system will guide you to click Dial ISDN. Wait for a moment after clicking the dial link. Then, a successful ISDN connection will be shown as the following. Vigor2930 Series User’s Guide...

  • Page 165: Call Control

    Dial Delay Interval - It specifies the interval between dialup retries. By default, the interval is 0 second. Remote Activation – It can help users who would like to access the server which is off the Internet in the head office. Vigor2930 Series User’s Guide...
  • Page 166 Low Water Mark and these two channels are being used over the High Water Time, the additional channel will be dropped. As a result, the total link speed will be 64kbps (one B channel). Vigor2930 Series User’s Guide...

  • Page 167: Wireless Lan

    Complete Security Standard Selection: To ensure the security and privacy of your wireless communication, we provide several prevailing standards on market. Vigor2930 Series User’s Guide...
  • Page 168 MAC addresses to isolate users’ access from wired LAN. Manage Wireless Stations - Station List will display all the station in your wireless network and the status of their connection. Below shows the menu items for Wireless LAN. Vigor2930 Series User’s Guide...

  • Page 169: General Setup

    Set the wireless LAN to work at certain time interval only. You may choose up to 4 schedules out of the 15 schedules pre-defined in Applications >> Schedule setup. The default setting of this filed is blank and the function will always work. Vigor2930 Series User’s Guide...
  • Page 170 That is, the wireless client must support this feature and invoke the function, too. Note: Vigor N61 wireless adapter supports this function. Therefore, you can use and install it into your PC for matching with Packet-OVERDRIVE (refer to the Vigor2930 Series User’s Guide...

  • Page 171: Security

    This page allows you to set security with different modes for SSID 1, 2, 3 and 4 respectively. After configuring the correct settings, please click OK to save and invoke it. By clicking the Security Settings, a new web page will appear so that you could configure the settings of WEP and WPA. Vigor2930 Series User’s Guide...

  • Page 172: Access Control

    MAC address that has been configured can access the wireless LAN interface. By clicking the Access Control, a new web page will appear, as depicted below, so that you could edit the clients' MAC addresses to control their access rights. Vigor2930 Series User’s Guide...
  • Page 173 Attribute s: Isolate the station from LAN - select to isolate the wireless connection of the wireless client of the MAC address from LAN. Add a new MAC address into the list. Vigor2930 Series User’s Guide...

  • Page 174: Wps

    On the side of a station with network card installed, press Start PBC button of network card. If you want to use PIN code, you have to know the PIN code specified in wireless client. Then provide the PIN code of the wireless client you wish to connect to the Vigor2930 Series User’s Guide...
  • Page 175 Display related system information for WPS. If the wireless security (encryption) function of the router is properly configured, you can see ‘Configured’ message here. SSID Display the SSID1 of the router. WPS is supported by SSID1 only. Vigor2930 Series User’s Guide...

  • Page 176: Wds

    Provide bridge traffic between two LANs through the air. Extend the coverage range of a WLAN. To meet the above requirement, two WDS modes are implemented in Vigor router. One is Bridge, the other is Repeater. Below shows the function of WDS-bridge interface: Vigor2930 Series User’s Guide...
  • Page 177 Bridge 2 through WDS links. However, hosts connected to Bridge 1 CANNOT communicate with hosts connected to Bridge 3 through Bridge 2. Click WDS from Wireless LAN menu. The following page will be shown. Vigor2930 Series User’s Guide...
  • Page 178 “0x”. Bridge If you choose Bridge as the connecting mode, please type in the peer MAC address in these fields. Four peer MAC addresses are allowed to be entered in this page at one time. Vigor2930 Series User’s Guide...
  • Page 179 Click Enable to make this router serving as an access point; click Disable to cancel this function. Status It allows user to send “hello” message to peers. Yet, it is valid only when the peer also supports this function. Vigor2930 Series User’s Guide...

  • Page 180: Ap Discovery

    Station List provides the knowledge of connecting wireless clients now along with its status code. There is a code summary below for explanation. For convenient Access Control, you can select a WLAN station and click Add to Access Control below. Vigor2930 Series User’s Guide...
  • Page 181 Refresh Click this button to refresh the status of station list. Click this button to add current selected MAC address into Access Control. Vigor2930 Series User’s Guide...

  • Page 182: Rate Control

    For the system setup, there are several items that you have to know the way of configuration: Status, Administrator Password, Configuration Backup, Syslog, Time setup, Reboot System, Firmware Upgrade. Below shows the menu items for System Maintenance. Vigor2930 Series User’s Guide...

  • Page 183: System Status

    The available channels supported by the wireless products in different countries are various. Firmware Version It indicates information about equipped WLAN miniPCi card. This also helps to provide availability of some features that are bound with some WLAN miniPCi card. Vigor2930 Series User’s Guide...

  • Page 184: Setting

    VigorACS}:8080/ACSServer/services/UnAuthACSServ Username/Password - Type username and password for ACS Server for authentication. For example, if you want to use such CPE with VigorACS, you can type as the following: Username: acs Password: password Vigor2930 Series User’s Guide...

  • Page 185: Administrator Password

    When you click OK, the login window will appear. Please use the new password to access into the web configurator again. Follow the steps below to backup your configuration. Go to System Maintenance >> Configuration Backup. The following windows will be popped-up, as shown below. Vigor2930 Series User’s Guide...
  • Page 186 The above example is using Windows platform for demonstrating examples. The Mac or Linux platform will appear different windows, but the backup function is still available. Note: Backup for Certification must be done independently. The Configuration Backup does not include information of Certificate. Vigor2930 Series User’s Guide...
  • Page 187 Click Browse button to choose the correct configuration file for uploading to the router. Click Restore button and wait for few seconds, the following picture will tell you that the restoration procedure is successful. Vigor2930 Series User’s Guide...

  • Page 188: Syslog/Mail Alert

    From the Syslog screen, select the router you want to monitor. Be reminded that in Network Information, select the network adapter used to connect to the router. Otherwise, you won’t succeed in retrieving information from the router. Vigor2930 Series User’s Guide...

  • Page 189: Time And Date

    Type the IP address of the time server. Time Zone Select the time zone where the router is located. Automatically Update Interval Select a time interval for updating from the NTP server. Click OK to save these settings. Vigor2930 Series User’s Guide...

  • Page 190: Management

    Check it to enable this function. Get Community Set the name for getting community by typing a proper character. The default setting is public. Set Community Set community by typing a proper name. The default setting is private. Vigor2930 Series User’s Guide...

  • Page 191: Reboot System

    Note: When the system pops up Reboot System web page after you configure web settings, please click OK to reboot your router for ensuring normal operation and preventing unexpected errors of the router in the future. Vigor2930 Series User’s Guide...

  • Page 192: Firmware Upgrade

    Note that this example is running over Windows OS (Operating System). Download the newest firmware from DrayTek's web site or FTP site. The DrayTek web site is www.draytek.com (or local DrayTek's web site) and FTP site is ftp.draytek.com.

  • Page 193: Diagnostics

    (e.g., ISDN, PPPoE, PPPoA, etc) is triggered by a package sending from the source IP address. Decoded Format It shows the source IP address (local), destination IP (remote) address, the protocol and length of the package. Refresh Click it to reload the page. Vigor2930 Series User’s Guide...

  • Page 194: Routing Table

    Resolution Protocol) cache held in the router. The table shows a mapping between an Ethernet hardware address (MAC Address) and an IP address. Refresh Click it to reload the page. Clear Click it to clear the whole table. Vigor2930 Series User’s Guide...

  • Page 195: Dhcp Table

    It displays the host ID name of the specified PC. Refresh Click it to reload the page. Click Diagnostics and click NAT Sessions Table to open the setup page. Private IP:Port It indicates the source IP address and port of local PC. Vigor2930 Series User’s Guide...

  • Page 196: Data Flow Monitor

    Flow Monitor. If not, a notification dialog box will appear to remind you enabling it. Click Diagnostics and click Data Flow Monitor to open the web page. Enable Data Flow Check this box to enable this function. Monitor Vigor2930 Series User’s Guide...
  • Page 197 Peak means the highest peak value detected by the router in data transmission. Speed means line speed specified in WAN>>General. If you do not specify any rate at that page, here will display Auto for instead. Vigor2930 Series User’s Guide...

  • Page 198: Traffic Graph

    WAN1/WAN2 Bandwidth chart, the numbers displayed on vertical axis represent the numbers of the transmitted and received packets in the past. For Sessions chart, the numbers displayed on vertical axis represent the numbers of the NAT sessions during the past. Vigor2930 Series User’s Guide...

  • Page 199: Ping Diagnosis

    Type in the IP address of the Host/IP that you want to ping. Click this button to start the ping work. The result will be displayed on the screen. Clear Click this link to remove the result on the window. Vigor2930 Series User’s Guide...

  • Page 200: Trace Route

    Unspecified to be determined by the router automatically. Host/IP Address It indicates the IP address of the host. Click this button to start route tracing work. Clear Click this link to remove the result on the window. Vigor2930 Series User’s Guide...

  • Page 201: Application And Examples

    For using PPP based services, such as PPTP, L2TP, you have to set general settings in PPP General Setup. For using IPSec-based service, such as IPSec or L2TP with IPSec Policy, you have to set general settings in IPSec General Setup, such as the pre-shared key that both Vigor2930 Series User’s Guide...
  • Page 202 If an IPSec-based service is selected, you should further specify the remote peer IP Address, IKE Authentication Method and IPSec Security Method for this Dial-Out connection. If a PPP-based service is selected, you should further specify the remote peer IP Vigor2930 Series User’s Guide...
  • Page 203 Otherwise, it will apply the settings defined in IPSec General Setup above. If a PPP-based service is selected, you should further specify the remote peer IP Address, Username, Password, and VJ Compression for this Dial-In connection. Vigor2930 Series User’s Guide...
  • Page 204 Then, for using PPP based services, such as PPTP, L2TP, you have to set general settings in PPP General Setup. For using IPSec-based service, such as IPSec or L2TP with IPSec Policy, you have to set general settings in IPSec General Setup, such as the pre-shared key that both Vigor2930 Series User’s Guide...
  • Page 205 Set Dial-Out Settings as shown below to dial to connect to Router B aggressively with the selected Dial-Out method. If an IPSec-based service is selected, you should further specify the remote peer IP Address, IKE Authentication Method and IPSec Security Method for this Dial-Out connection. Vigor2930 Series User’s Guide...
  • Page 206 If an IPSec-based service is selected, you may further specify the remote peer IP Address, IKE Authentication Method and IPSec Security Method for this Dial-In connection. Otherwise, it will apply the settings defined in IPSec General Setup above. Vigor2930 Series User’s Guide...
  • Page 207 Address, Username, Password, and VJ Compression for this Dial-In connection. At last, set the remote network IP/subnet in TCP/IP Network Settings so that Router B can direct the packets destined to the remote network to Router A via the VPN connection. Vigor2930 Series User’s Guide...

  • Page 208: Create A Remote Dial-In User Connection Between The Teleworker And Headquarter

    PPP General Setup. For using IPSec-based service, such as IPSec or L2TP with IPSec Policy, you have to set general settings in IKE/IPSec General Setup, such as the pre-shared key that both parties have known. Vigor2930 Series User’s Guide...
  • Page 209 If an IPSec-based service is selected, you may further specify the remote peer IP Address, IKE Authentication Method and IPSec Security Method for this Dial-In connection. Otherwise, it will apply the settings defined in IPSec General Setup above. Vigor2930 Series User’s Guide...
  • Page 210 For Win2000/XP, please use "Network and Dial-up connections" or “Smart VPN Client”, complimentary software to help you create PPTP, L2TP, and L2TP over IPSec tunnel. You can find it in CD-ROM in the package or go to www.draytek.com download center. Install as instructed.
  • Page 211 Username, Password, and encryption method. The User Name and Password should be consistent with the one set up in the VPN router. To use default gateway on remote network means that all the packets of remote host will be directed to VPN Vigor2930 Series User’s Guide...

  • Page 212: Qos Setting Example

    Meanwhile, children may chat on Skype in the restroom. Go to Bandwidth Management>>Quality of Service. Click Setup link of WAN 1. Make sure the QoS Control on the left corner is checked. And select BOTH in Direction. Vigor2930 Series User’s Guide...
  • Page 213 Return to previous page. Enter the Name of Index Class 1 by clicking Edit link. Type the name “E-mail” for Class 1. For this index, the user will set reserved bandwidth (e.g., 25%) for E-mail using protocol POP3 and SMTP. Vigor2930 Series User’s Guide...
  • Page 214 VoIP influent other application. Click OK. If the worker has connected to the headquarter using host to host VPN tunnel. (Please refer to Chapter 3 VPN for detail instruction), he may set up an index for it. Enter the Vigor2930 Series User’s Guide...

  • Page 215: Lan - Created By Using Nat

    An example of default setting and the corresponding deployment are shown below. The default Vigor router private IP address/Subnet Mask is 192.168.1.1/255.255.255.0. The built-in DHCP server is enabled so it assigns every local NATed host an IP address of 192.168.1.x starting from 192.168.1.10. Vigor2930 Series User’s Guide...
  • Page 216 You can just set the settings wrapped inside the red rectangles to fit the request of NAT usage. To use another DHCP server in the network rather than the built-in one of Vigor Router, you have to change the settings as show below. Vigor2930 Series User’s Guide...

  • Page 217: Calling Scenario For Voip Function

    You can just set the settings wrapped inside the red rectangles to fit the request of NAT usage. Example 1: Both John and David have SIP Addresses from different service providers. John’s SIP URL: 1234@draytel.org, David’s SIP URL: 4321@iptel.org Vigor2930 Series User’s Guide...
  • Page 218 He picks up the phone and dials 2222# (DialPlan CODEC/RTP/DTMF --- Phone Number for John) (Use default value) Example 2: Both John and David have SIP Addresses from the same service provider. John’s SIP URL: 1234@draytel.org , David’s SIP URL: 4321@draytel.org Vigor2930 Series User’s Guide...

  • Page 219: Peer-To-Peer Calling

    Expiry Time: (use default value) CODEC/RTP/DTMF--- David calls John (Use default value) He picks up the phone and dials 2222# (DialPlan Phone Number for John) Or, He picks up the phone and dials 1234# (John’s Account Name) Vigor2930 Series User’s Guide...
  • Page 220 Display Name: Paulin Account Name: 4321 Authentication ID: unchecked Password: (blank) Expiry Time: (use default value) Paulin calls Arnor CODEC/RTP/DTMF--- He picks up the phone and dials 2222# (DialPlan (Use default value) Phone Number for John) Vigor2930 Series User’s Guide...

  • Page 221: Upgrade Firmware For Your Router

    4. The file RTSxxx.exe will be asked to copy onto your computer. Remember the place of storing the execution file. 5. Go to www.draytek.com to find out the newly update firmware for your router. 6. Access into Support Center >> Downloads. Find out the model name of the router and click the firmware link.
  • Page 222 You will find out two files with different extension names, xxxx.all (keep the old custom settings) and xxxx.rst (reset all the custom settings to default settings). Choose any one of them that you need. Vigor2930 Series User’s Guide...

  • Page 223: Request A Certificate From A Ca Server On Windows Ca Server

    14. Click Send. 15. Now the firmware update is finished. Vigor2930 Series User’s Guide...
  • Page 224 You can click GENERATE button to start to edit a certificate request. Enter the information in the certificate request. Copy and save the X509 Local Certificate Requet as a text file and save it for later use. Vigor2930 Series User’s Guide...
  • Page 225 Select Submit a certificate request a base64 encoded PKCS #10 file or a renewal request using a base64 encoded PKCS #7 file Import the X509 Local Certificate Requet text file. Select Router (Offline request) or IPSec (Offline request) below. Vigor2930 Series User’s Guide...
  • Page 226 (.cer file) into Vigor router. When finished, click refresh and you will find the below window showing “------BEGINE CERTIFICATE------..” You may review the detail information of the certificate by clicking View button. Vigor2930 Series User’s Guide...

  • Page 227: Request A Ca Certificate And Set As Trusted On Windows Ca Server

    Use web browser connecting to the CA server that you would like to retrieve its CA certificate. Click Retrive the CA certificate or certificate recoring list. Vigor2930 Series User’s Guide...
  • Page 228 You may review the detail information of the certificate by clicking View button. Note: Before setting certificate configuration, please go to System Maintenance >> Time and Date to reset current time of the router first. Vigor2930 Series User’s Guide...

  • Page 229: Trouble Shooting

    Turn on the router. Make sure the ACT LED blink once per second and the correspondent LAN LED is bright. If not, it means that there is something wrong with the hardware status. Simply back to “2.1 Hardware Installation” to execute the hardware installation again. And then, try again. Vigor2930 Series User’s Guide...
  • Page 230 Go to Control Panel and then double-click on Network Connections. Right-click on Local Area Connection and click on Properties. Select Internet Protocol (TCP/IP) and then click Properties. Vigor2930 Series User’s Guide...
  • Page 231 Select Obtain an IP address automatically and Obtain DNS server address automatically. Double click on the current used MacOs on the desktop. Open the Application folder and get into Network. On the Network screen, select Using DHCP from the drop down list of Configure IPv4. Vigor2930 Series User’s Guide...

  • Page 232: Pinging The Router From Your Computer

    Open the Application folder and get into Utilities. Double click Terminal. The Terminal window will appear. Type ping 192.168.1.1 and press [Enter]. It the link is OK, the line of “64 bytes from 192.168.1.1: icmp_seq=0 ttl=255 time=xxxx ms” will appear. Vigor2930 Series User’s Guide...

  • Page 233: Checking If The Isp Settings Are Ok Or Not

    Click Details Page of WAN1/WAN2 to review the settings that you configured previously. Check if the Enable option is selected. Check if Username and Password are entered with correct values that you got from your ISP. Vigor2930 Series User’s Guide...
  • Page 234 Check if the Enable option is selected. Check if IP address, Subnet Mask and Gateway are entered with correct values that you got from your ISP. Vigor2930 Series User’s Guide...
  • Page 235 Go to System Maintenance and choose Reboot System on the web page. The following screen will appear. Choose Using factory default configuration and click OK. After few seconds, the router will return all the settings to the factory settings. Vigor2930 Series User’s Guide...
  • Page 236 After restore the factory default setting, you can configure the settings for the router again to fit your personal request. If the router still cannot work correctly after trying many efforts, please contact your dealer for further help right away. For any questions, please feel free to send e-mail to support@draytek.com. Vigor2930 Series User’s Guide...

This manual is also suitable for:

Vigor2930nVigor2930vnVigor2930vsVigor2930vsn

Table of Contents