DrayTek Vigor 2950G User Manual

Vigor2955 User’s Guide

Vigor 2955

Dual-WAN SSL VPN Appliance

User’s Guide

Version: 1.0

Date: 30/10/2009

iii

Vigor2955 User’s Guide

Trademarks

Copyright 2009 All rights reserved. This publication contains information that is protected by copyright. No part may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language without written permission from the copyright holders.

The following trademarks are used in this document:

z Microsoft is a registered trademark of Microsoft Corp. z Windows, Windows 95, 98, Me, NT, 2000, XP, Vista and Explorer are

trademarks of Microsoft Corp.

z Apple and Mac OS are registered trademarks of Apple Inc. z Other products may be trademarks or registered trademarks of their

respective manufacturers.

Safety Instructions and Approval

Safety Instructions

Warranty

z Read the installation guide thoroughly before you set up the router. z The router is a complicated electronic unit that may be repaired only be

authorized and qualified personnel. Do not try to open or repair the router yourself.

z Do not place the router in a damp or humid place, e.g. a bathroom. z The router should be used in a sheltered area, within a temperature range

of +5 to +40 Celsius.

z Do not expose the router to direct sunlight or other heat sources. The

housing and electronic components may be damaged by direct sunlight or heat sources.

z Do not deploy the cable for LAN connection outdoor to prevent electronic

shock hazards.

z Keep the package out of reach of children. z When you want to dispose of the router, please follow local regulations on

conservation of the environment. We warrant to the original end user (purchaser) that the router will be free from any defects in workmanship or materials for a period of two (2) years from the date of purchase from the dealer. Please keep your purchase receipt in a safe place as it serves as proof of date of purchase. During the warranty period, and upon proof of purchase, should the product have indications of failure due to faulty workmanship and/or materials, we will, at our discretion, repair or replace the defective products or components, without charge for either parts or labor, to whatever extent we deem necessary tore-store the product to pr o per o perating condition. Any replacement will consist of a new or re-manufactured functionally equivalent product of equal value, and will be offered solely at our discretion. This warranty will not apply if the product is modified, misused, tampered with, damaged by an act of God, or subjected to abnormal working conditions. The warranty does not cover the bundled or licensed software of other vendors. Defects which do not significantly affect the usability of the product will not be covered by the warranty. We reserve the right to revise the manual and online documentation and to make changes from time to time in th e contents hereof without obligation to notify any person of such revision or changes.

Be a Registered Owner

Firmware & Tools Updates

Vigor2955 User’s Guide

Web registration is preferred. You can register your Vigor router via http://www.draytek.com.

Due to the continuous evolution of DrayTek technology, all routers will be regularly upgraded. Please consult the DrayTek web site for more information on newest firmware, tools and documents.

http://www.draytek.com

European Community Declarations

Manufacturer: DrayTek Corp.

Address: No. 26, Fu Shing Road, HuKou Township, HsinChu Industrial Park, Hsin-Chu, Taiwan 303

Product: Vigor2955 Series Router DrayTek Corp. declares that Vigor2955 is in compliance with the following essential requirements and other

relevant provisions of R&TTE Directive 1999/5/EEC. The product conforms to the requirements of Electro-Magnetic Compatibility (EMC) Directive 2004/108/EC by

complying with the requirements set forth in EN55022/Class A and EN55024/Class A. The product conforms to the requirements of Low Voltage (LVD) Directive 2006/95/EC by complying with the

requirements set forth in EN60950-1.

Regulatory Information

Federal Communication Commission Interference Statement This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part

15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or televisio n recept i on , whi ch can be determined by turning the equipment of f a nd on, the user is encouraged to try to correct the interference by one of the following measures:

z Reorient or relocate the receiving antenna. z Increase the separation between the equipment and receiver. z Connect the equipment into an outlet on a circuit different from that to which the receiver is connected. z Consult the dealer or an experienced radio/TV technician for help.

This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions: (1) This device may not cause harmful interference, and (2) This device may accept any interference received, including interference that may cause undesired operation.

Taiwanese BSMI (Bureau of Standards, Metrology and Inspection) A Warning:

Warning: This device might cause interference of radio frequency under the environment of dwelling. In such condition, the users might be asked to adopt some proper strategies.

Please visit http://www.draytek.com/user/AboutRegulatory.php.

This product is designed for the POTS network throughout the EC region and Switzerland with restrictions in France.

Vigor2955 User’s Guide

TTaabbllee ooff CCoonntteennttss

Preface ...............................................................................................................1

1.1 Web Configuration Buttons Explanation................................................................................. 1

1.2 LED Indicators and Connectors.............................................................................................. 2

1.3 Hardware Installation .............................................................................................................. 3

1.4 Printer Installation ................................................................................................................... 4

Configuring Basic Settings ..............................................................................9

2.1 Changing Password................................................................................................................ 9

2.2 Quick Start Wizard.................................................................................................................11

2.2.1 PPPoE ............................................................................................................................ 12

2.2.2 PPTP............................................................................................................................... 14

2.2.3 L2TP ............................................................................................................................... 15

2.2.4 Static IP........................................................................................................................... 16

2.2.5 DHCP.............................................................................................................................. 17

2.3 Online St atus......................................................................................................................... 18

2.4 Saving Configuration............................................................................................................. 20

A d v a n c e d Web Con f i g ura t i o n..................................................................................21

3.1 WAN...................................................................................................................................... 21

3.1.1 Basics of Internet Protocol (IP) Network......................................................................... 21

3.1.2 General Setup................................................................................................................. 22

3.1.3 Internet Access............................................................................................................... 25

3.1.4 Load-Balance Policy.......................................................................................................32

3.2 LAN ....................................................................................................................................... 35

3.2.1 Basics of LAN ................................................................................................................. 35

3.2.2 General Setup................................................................................................................. 37

3.2.3 Static Route.................................................................................................................... 39

3.2.4 VLAN............................................................................................................................... 42

3.2.5 Bind IP to MAC............................................................................................................... 42

3.3 NAT ....................................................................................................................................... 44

3.3.1 Port Redirection.............................................................................................................. 45

3.3.2 DMZ Host........................................................................................................................ 47

3.3.3 Open Ports...................................................................................................................... 51

3.3.4 Address Mapping............................................................................................................ 52

3.4 Firewall.................................................................................................................................. 54

3.4.1 Basics for Firewall........................................................................................................... 54

3.4.2 General Setup................................................................................................................. 56

3.4.3 Filter Setup ..................................................................................................................... 57

3.4.4 DoS Defense .................................................................................................................. 62

vii

Vigor2955 User’s Guide

3.5 Objects Settings....................................................................................................................65

3.5.1 IP Object......................................................................................................................... 65

3.5.2 IP Group ......................................................................................................................... 67

3.5.3 Service Type Object .......................................................................................................68

3.5.4 Service Type Group........................................................................................................69

3.5.5 IM Object ........................................................................................................................ 70

3.5.6 P2P Object...................................................................................................................... 72

3.5.7 Protocol Object............................................................................................................... 73

3.5.8 Misc Object..................................................................................................................... 74

3.6 CSM ...................................................................................................................................... 75

3.6.1 APP Enforcement Profile................................................................................................ 76

3.6.2 URL Content Filter Profile............................................................................................... 78

3.6.3 Web Content Filter Profile............................................................................................... 80

3.7 Bandwidth Management....................................................................................................... 81

3.7.1 Sessions Limit................................................................................................................. 81

3.7.2 Bandwidth Limit .............................................................................................................. 82

3.7.3 Quality of Service............................................................................................................ 83

3.8 Applications........................................................................................................................... 90

3.8.1 Dynamic DNS................................................................................................................. 90

3.8.2 Schedule......................................................................................................................... 92

3.8.3 RADIUS/LDAP................................................................................................................ 94

3.8.4 UPnP............................................................................................................................... 95

3.8.5 Wake on LAN.................................................................................................................. 96

3.9 VPN and Remote Access...................................................................................................... 98

3.9.1 VPN Client Wizard.......................................................................................................... 98

3.9.2 VPN Server Wizard....................................................................................................... 104

3.9.3 Remote Access Control................................................................................................ 108

3.9.4 PPP General Setup ...................................................................................................... 109

3.9.5 IPSec General Setup.................................................................................................... 110

3.9.6 IPSec Peer Identity....................................................................................................... 111

3.9.7 Remote Dial-in User ..................................................................................................... 114

3.9.8 LAN to LAN................................................................................................................... 118

3.9.9 VPN TRUNK Management........................................................................................... 128

3.9.10 Connection Management ........................................................................................... 139

3.10 Certificate Management.................................................................................................... 140

3.10.1 Local Certificate.......................................................................................................... 140

3.10.2 Trusted CA Certificate ................................................................................................ 143

3.10.3 Certificate Backup....................................................................................................... 145

3.11 SSL VPN ........................................................................................................................... 145

3.11.1 General Setup............................................................................................................. 145

3.11.2 SSL Web Proxy .......................................................................................................... 146

3.11.3 SSL Application .......................................................................................................... 147

3.11.4 User Account.............................................................................................................. 149

3.11.5 Online User Status...................................................................................................... 151

3.12 System Maintenance......................................................................................................... 152

3.12.1 System Status............................................................................................................. 152

3.12.2 TR-069 Setting............................................................................................................ 153

3.12.3 Administrator Password.............................................................................................. 155

3.12.4 Configuration Backup ................................................................................................. 155

3.12.5 Syslog/Mail Alert.........................................................................................................157

3.12.6 Time and Date............................................................................................................ 159

3.12.7 Management............................................................................................................... 160

Vigor2955 User’s Guide

viii

3.12.8 Reboot System........................................................................................................... 161

3.12.9 Firmware Upgrade...................................................................................................... 162

3.13 Diagnostics........................................................................................................................ 163

3.13.1 Dial-out Trigger........................................................................................................... 163

3.13.2 Routing Table ............................................................................................................. 164

3.13.3 ARP Cache Table....................................................................................................... 164

3.13.4 DHCP Table................................................................................................................ 165

3.13.5 NAT Sessions Table................................................................................................... 165

3.13.6 Data Flow Monitor....................................................................................................... 166

3.13.7 Traffic Graph............................................................................................................... 168

3.13.8 Ping Diagnosis............................................................................................................ 169

3.13.9 Trace Route................................................................................................................ 170

3.14 Support Area..................................................................................................................... 171

Application and Examples............................................................................173

4.1 Create a LAN-to-LAN Connection Between Remote Office and Headquarter................... 173

4.2 Create a Remote Dial-in User Connection Between the Teleworker and Headquarter...... 181

4.3 QoS Setting Example.......................................................................................................... 185

4.4 LAN – Created by Using NAT ............................................................................................. 187

4.5 Upgrade Firmware for Y our Router..................................................................................... 189

4.6 Request a certificate from a CA server on Windows CA Server......................................... 191

4.7 Request a CA Certificate and Set as Trusted on Windows CA Server............................... 195

4.8 ERD Mechanism for VPN TRUNK...................................................................................... 197

4.9 VPN Load Balance Application........................................................................................... 199

Trouble Shooting...........................................................................................203

5.1 Checking If the Hardware Status Is OK or Not....................................................................203

5.2 Checking If the Network Connection Settings on Your Computer Is OK or Not ................. 204

5.3 Pinging the Router from Your Computer............................................................................. 206

5.4 Checking If the ISP Settings are OK or Not........................................................................ 208

5.5 Backing to Factory Default Setting If Necessary ................................................................ 210

5.6 Contacting Your Dealer........................................................................................................211

Vigor2955 User’s Guide

Prreeffaaccee

The Vigor2950 series router provides Dual-WAN interface (which is a configuration second WAN) for Internet access to make the Internet connection more reliable. The wireless LAN supports more secure features and the transmission speed is up to 108Mbps (SuperG Object-oriented firewall is flexible and allows your network be safe. In addition, through VoIP function, the communication fee for you and remote people can be reduced.

11..11 WWeebb CCoonnffiigguurraattiioonn BBuuttttoonnss EExxppllaannaattiioonn

Several main buttons appeared on the web pages are defined as the following:

Save and apply current settings.

Cancel current settings and recover to the previous saved settings.

Clear all the selections and parameters settings, including selection from

drop-down list. All the values must be reset with factory default settings.

Add new settings for specified item.

Edit the settings for the selected item.

Delete the selected item with the corresponding settings.

Note: For the other buttons shown on the web pages, please refer to Chapter 4 for detailed explanation.

Vigor2955 User’s Guide

11..22 LLEEDD IInnddiiccaattoorrss aanndd CCoonnnneeccttoorrss

Before you use the Vigor router, please get acquainted with the LED indicators and connectors first.

The displays of LED indicators and connectors for the routers are different slightly. The following sections will introduce them respectively.

LED Status Explanation

Blinking The router is powered on and ru n ni n g no rmally. ACT (Activity)

Off The router is powered off. DMZ On DMZ Host is specified in certain site. Monitor On LAN traffic monitor is active.

On The VPN tunnel is launched. VPN

Off The VPN tunnel is closed. QoS

USB

LED on Connector

10 (left LED)

WAN

100 (right LED)

LAN/Monitor LAN

100 (left LED)

1000 (right LED)

On The QoS function is active.

On The USB device is active.

On The port is connected with 10Mbps.

Off The port is disconnected.

Blinking The data is transmitting.

On The port is connected with 100Mbps.

Off The port is disconnected.

Blinking The data is transmitting.

On The port is connected with 100Mbps.

Off The port is disconnected.

Blinking The data is transmitting.

On The port is connected with 1000Mbps.

Off The port is disconnected.

Blinking The data is transmitting.

Interface Description

RST (Factory Reset)

WAN(1/2) Connecter for remote networked devices. LAN/Monitor Connecter for local networked devices. LAN (1-4) Connecter for local networked devices. USB Connecter for USB device (e.g., printer).

Vigor2955 User’s Guide

Restore the default settings. Usage: Turn on the router (ACT LED is blinking). Press the hole and keep for more than 5 seconds. When you see the ACT LED begins to blink rapidly than usual, release the button. Then the router will restart with the factory default configuration.

Connecter for a power cord with 100-240VAC (inlet).

Power Switch.

11..33 HHaarrddwwaarree IInnssttaallllaattiioonn

Before starting to configure the router, you have to connect your devices correctly.

1. Connect the power cord to the router’s power port on the rear panel, and the other side

into a wall outlet.

2. Power on the device by pressing down the power switch on the rear panel.

3. The system starts to initiate. After completing the system test, the ACT LED will light

up and start blinking.

4. Connect one end of an Ethernet cable (RJ-45) to one of the LAN ports of the router and

the other end of the cable (RJ-45) into the Ethernet port on your computer (that device also can connect to other computers to form a small area network). The LAN LED (Left or Right) will light up according to the network card feature (1000 or 100) of the device that it connected.

5. Connect a cable Modem/DSL Modem/Media Converter (depends on your requirement)

to any WAN port of router with Ethernet cable (RJ-45). The WAN1/WAN2 LED (Left or Right) will light up according to the network card feature (100 or 10) of the device that it connected.

(For the detailed information of LED status, please refer to section 1.1.)

Vigor2955 User’s Guide

11..44 PPrriinntteerr IInnssttaallllaattiioonn

You can install a printer onto the router for sharing printing. All the PCs connected this router can print documents via the router. The example provided here is made based on Windows XP/2000/Vista. For Windows 98/SE, please visit www.draytek.com.

Before using it, please follow the steps below to configure settings for connected computers.

1. Connect the printer with the router through USB/parallel port.

2. Open Start->Settings-> Printer and Faxes.

Vigor2955 User’s Guide

3. Open File->Add a New Computer. A welcome dialog will appear. Please click Next.

4. Click Local printer attached to this computer and click Next.

5. In this dialog, choose Create a new port Type of port and use the drop down list to

select Standard TCP/IP Port. Click Next.

Vigor2955 User’s Guide

6. In the following dialog, type 192.168.1.1 (router’s LAN IP) in the field of Printer

Name or IP Address and type IP_192.168.1.1 as the port name. Then, click Next.

7. Click Standard and choose Generic Network Card.

8. Then, in the following dialog, click Finish.

Vigor2955 User’s Guide

9. Now, your system will ask you to choose right name of the printer that you installed

onto the router. Such step can make correct driver loaded onto your PC. When you finish the selection, click Next.

10. For the final stage, you need to go back to Control Panel-> Printers and edit the

property of the new printer you have added.

11. Select "LPR" on Protocol, type p1 (number 1) as Queue Name. Then click OK. Next

please refer to the red rectangle for choosing the correct protocol and UPR name.

12. The printer can be used for printing now. Most of the printers with different

manufacturers are compatible with vigor router.

Vigor2955 User’s Guide

Note 1: Some printers with the fax/scanning or other additional functions are not supported. If you do not know whether your printer is supported or not, please visit www.draytek.com to find out the printer list. Open Support >FAQ; find out the link of Printer Server and click it; then click the What types of printers are

compatible with Vigor router? link.

Note 2: Vigor router supports printing request from computers via LAN ports but

not WAN port.

Vigor2955 User’s Guide

Coonnffiigguurriinngg

For use the router properly, it is necessary for you to change the password of web configuration for security and adjust primary basic settings.

This chapter explains how to setup a password for an administrator and how to adjust basic settings for accessing Internet successfully. Be aware that only the administrator can change the router configuration.

22..11 CChhaannggiinngg PPaasssswwoorrdd

To change the password for this device, you have to access into the web browse with default password first.

1. Make sure your computer connects to the router correctly.

Notice: You may either simply set up your computer to get IP dynamically from the router or set up the IP address of the computer to be the same subnet as the default IP address of Vigor router 192.168.1.1. For the detailed information, please refer to the later section - Trouble Shooting of this guide.

Baassiicc

Seettttiinnggss

2. Open a web browser on your PC and type http://192.168.1.1. A pop-up window will

open to ask for username and password. Please type “admin” as the username and leave blank for the password on the window. Next click OK for next screen.

Vigor2955 User’s Guide

3. Now, the Main Screen will pop up.

4. Go to System Maintenance page and choose Administrator Password.

5. Enter the login password (the default is blank) on the field of Old Password. Type a

new one in the field of New Password and retype it on the field of Confirm Password. Then click OK to continue.

6. Now, the password has been changed. Next time, use the new password to access the

Web Configurator for this router.

Vigor2955 User’s Guide

22..22 QQuuiicckk SSttaarrtt WWiizzaarrdd

If your router can be under an environment with high speed NAT, the configuration provide here can help you to deploy and use the router quickly. The first screen of Quick Start Wizard is entering login password. After typing the password, please click Next.

On the next page as shown below, please select the WAN interface that you use. Choose Auto negotiation as the physical type for your router. Then click Next for next step.

On the next page as shown below, please select the appropriate Internet access type according to the information from your ISP. For example, you should select PPPoE mode if the ISP provides you PPPoE interface. Then click Next for next step.

Vigor2955 User’s Guide

In the Quick Start Wizard, you can configure the router to access the Internet with different protocol/modes such as PPPoE, PPTP, L2TP, Static IP or DHCP.

22..22..11 PPPPPPooEE

PPPoE stands for Point-to-Point Protocol over Ethernet. It relies on two widely accepted standards: PPP and Ethernet. It connects users through an Ethernet to the Internet with a common broadband medium, such as a single DSL line, wireless device or cable modem. All the users over the Ethernet can share a common connection.

PPPoE is used for most of DSL modem users. All local users can share one PPPoE connection for accessing the Internet. Your service provider will provide you information about user name, password, and authentication mode.

If your ISP provides you the PPPoE connection, please select PPPoE for this router. The following page will be shown:

User Name Assign a specific valid user name provided by the ISP. Password Assign a valid password provided by the ISP.

Vigor2955 User’s Guide

Confirm Password Retype the password to confirm it. Click Next for viewing summary of such connection.

Click Finish. A page of Quick Start Wizard Setup OK!!! will appear. Then, the system status of this protocol will be shown.

Vigor2955 User’s Guide

22..22..22 PPPPTTPP

Click PPTP as the protocol. Type in all the information that your ISP provides for this protocol.

Click Next for viewing summary of such connection.

Click Finish. A page of Quick Start Wizard Setup OK!!! will appear. Then, the system status of this protocol will be shown.

Vigor2955 User’s Guide

22..22..33 LL22TTPP

Click L2TP as the protocol. Type in all the information that your ISP provides for this protocol.

After finishing the settings in this page, click Next to see the following page.

Vigor2955 User’s Guide

22..22..44 SSttaattiicc IIPP

Click Static IP as the protocol. Type in all the information that your ISP provides for this protocol.

After finishing the settings in this page, click Next to see the following page.

Click Finish. A page of Quick Start Wizard Setup OK!!! will appear. Then, the system status of this protocol will be shown.

Vigor2955 User’s Guide

22..22..55 DDHHCCPP

Click DHCP as the protocol. Type in all the information that your ISP provides for this protocol.

After finishing the settings in this page, click Next to see the following page.

Click Finish. A page of Quick Start Wizard Setup OK!!! will appear. Then, the system status of this protocol will be shown.

Vigor2955 User’s Guide

22..33 OOnnlliinnee SSttaattuuss

The online status shows the system status, WAN status, and other status related to this router within one page. If you select PPPoE/PPTP as the protocol, you will find out a link of Dial

PPPoE or Drop PPPoE in the Online Status web page. Online status for PPPoE

Online status for PPTP (for WAN2)

Online status for Static IP (for WAN1)

Vigor2955 User’s Guide

Online status for DHCP

Detailed explanation is shown below:

Primary DNS Display the IP address of the primary DNS. Secondary DNS Display the IP address of the secondary DNS.

LAN Status

IP Address Display the IP address of the LAN interface. TX Packets Display the total transmitted packets at the LAN interface. RX Packets Display the total number of received packets at the LAN interface.

WAN1/2 Status

Line Display the physical connection (Ethernet) of this interface. Name Display the name set in WAN1/WAN web page. Mode Display the type of WAN connection (e.g., PPPoE). Up Time Display the total uptime of the interface. IP Display the IP address of the WAN interface. GW IP Display the IP address of the default gateway. TX Packets Display the total transmitted packets at the WAN interface. TX Rate Display the speed of transmitted octets at the WAN interface. RX Packets Display the total number of received packets at the WAN interface. RX Rate Display the speed of received octets at the WAN interface.

Note: The words in green mean that the WAN connection of that interface

(WAN1/WAN2) is ready for accessing Internet; the words in red mean that the WAN connection of that interface (WAN1/WAN2) is not ready for accessing Internet.

Vigor2955 User’s Guide

22..44 SSaavviinngg CCoonnffiigguurraattiioonn

Each time you click OK on the web page for saving the configuration, you can find messages showing the system interaction with you.

Ready indicates the system is ready for you to input settings. Settings Saved means your settings are saved once you click Finish or OK button.

Vigor2955 User’s Guide

+ 191 hidden pages