Draytek Vigor 3200 Series, Vigor3200, Vigor3200n User Manual

Page 1
Page 2
Vigor3200 Series User’s Guide
ii
Vigor3200 Series
User’s Guide
Version: 1.5
Firmware Version: V3.3.7.2
(for future update, contact DrayTek)
Date: 17/09/2012
Page 3
Vigor3200 Series User’s Guide
iii
Copyright Information
Copyright Declarations
Copyright 2012 All rights reserved. This publication contains information that is protected by copyright. No part may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language without written permission from the copyright holders.
Trademarks
The following trademarks are used in this document:
z Microsoft is a registered trademark of Microsoft Corp. z Windows, Windows 95, 98, Me, NT, 2000, XP, Vista and Explorer are
trademarks of Microsoft Corp.
z Apple and Mac OS are registered trademarks of Apple Inc. z Other products may be trademarks or registered trademarks of their respective
manufacturers.
Safety Instructions and Approval
Safety Instructions
z Read the quick start guide thoroughly before you set up the router. z The router is a complicated electronic unit that may be repaired only be
authorized and qualified personnel. Do not try to open or repair the router yourself.
z Do not place the router in a damp or humid place, e.g. a bathroom. z The router should be used in a sheltered area, within a temperature range of +5 to
+40 Celsius.
z Do not expose the router to direct sunlight or other heat sources. The housing and
electronic components may be damaged by direct sunlight or heat sources.
z Do not deploy the cable for LAN connection outdoor to prevent electronic shock
hazards.
z Keep the package out of reach of children. z When you want to dispose of the router, please follow local regulations on
conservation of the environment.
Warranty
We warrant to the original end user (purchaser) that the router will be free from any defects in workmanship or materials for a period of two (2) years from the date of purchase from the dealer. Please keep your purchase receipt in a safe place as it serves as proof of date of purchase. During the warranty period, and upon proof of purchase, should the product have indications of failure due to faulty workmanship and/or materials, we will, at our discretion, repair or replace the defective products or components, without charge for either parts or labor, to whatever extent we deem necessary tore-store the product to proper operating condition. Any replacement will consist of a new or re-manufactured functionally equivalent product of equal value, and will be offered solely at our discretion. This warranty will not apply if the product is modified, misused, tampered with, dam aged by an act of God, or subjected to abnormal working conditions. The warranty does not cover the bundled or licensed software of other vendors. Defects which do not significantly affect the usability of the product will not be covered by the warranty. We reserve the right to re vise the m a nual and onli ne documentation and to make changes from time to time in the contents hereof without obligation to notify any person of such revision or changes.
Be a Registered Owner
Web registration is preferred. You can register your Vigor router via http://www.DrayTek.com.
Firmware & Tools Updates
Due to the continuous evolution of DrayTek technology, all routers will be regularly upgraded. Please consult the DrayTek web site for more information on newest firmware, tools and documents.
http://www.DrayTek.com
Page 4
Vigor3200 Series User’s Guide
iv
European Community Declarations
Manufacturer: DrayTek Corp.
Address: No. 26, Fu Shing Road, HuKou Township, HsinChu Industrial Park, Hsin-Chu, Taiwan 303
Product: Vigor3200 Series Router DrayTek Corp. declares that Vigor3200 Series of routers are in compliance with the following essential
requirements and other relevant provisions of R&TTE Directive 1999/5/EEC. The product conforms to the requirements of Electro-Magnetic Compatibility (EMC) Directive 2004/108/EC by
complying with the requirements set forth in EN55022/Class B and EN55024/Class B. The product conforms to the requirements of Low Voltage (LVD) Directive 2006/95/EC by complying with the
requirements set forth in EN60950-1.
Regulatory Information
Federal Communication Commission Interference Statement This equipment has been tested and found to comply with the limits for a Class B digital device, pursuant to Part
15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses and can radiate radio frequency energy and, if not installed and used in accordance with the instructions, may cause harmful interference to radio communications. However, there is no guarantee that interference will not occur in a particular installation. If this equipment does cause harmful interference to radio or television re cepti on , whi ch can be determined by turning the equipment off and on, the user is encouraged to try to correct the interference by one of the following measures:
z Reorient or relocate the receiving antenna. z Increase the separation between the equipment and receiver. z Connect the equipment into an outlet on a circuit different from that to which the receiver is connected. z Consult the dealer or an experienced radio/TV technician for help.
This device complies with Part 15 of the FCC Rules. Operation is subject to the following two conditions: (1) This device may not cause harmful interference, and (2) This device may accept any interference received, including interference that may cause undesired operation.
Please visit http://www.draytek.com/user/SupportDLRTTECE.php#
This product is designed for 2.4GHz WLAN network throughout the EC region and Switzerland with restrictions in France. Please see the user manual for the applicable networks on your product.
Page 5
Vigor3200 Series User’s Guide
v
Page 6
Vigor3200 Series User’s Guide
vi
TTaabbllee ooff CCoonntteennttss
Introduction .................................................................................................1
1.1 Web Configuration Buttons Explanation................................................................................. 1
1.2 LED Indicators and Connectors.............................................................................................. 2
1.2.1 For Vigor3200................................................................................................................... 2
1.2.2 For Vigor3200n................................................................................................................. 4
1.3 Hardware Installation .............................................................................................................. 6
1.4 Printer Installation ................................................................................................................... 7
Configuring Basic Settings......................................................................13
2.1 Accessing Web Page............................................................................................................ 13
2.2 Changing Password.............................................................................................................. 14
2.3 Quick Start Wizard................................................................................................................ 15
2.3.1 For WAN1 – WAN4......................................................................................................... 16
2.3.2 For WAN5....................................................................................................................... 24
2.4 Service Activation Wizard...................................................................................................... 26
2.5 Online Status......................................................................................................................... 29
2.6 Saving Configuration............................................................................................................. 30
2.7 Support Area......................................................................................................................... 30
2.8 Registering Vigor Router....................................................................................................... 32
Tutorials and Applications.........................................................................35
3.1 How to Implement the AD/LDAP Authentication for User Management?............................. 35
3.2 How to implement the AD/LDAP authentication for SSL Application?.................................. 38
3.3 How to Configure Multi-Subnet............................................................................................. 46
3.4 How to Customize Your Login Page ..................................................................................... 51
3.5 Create a LAN-to-LAN Connection Between Remote Office and Headquarter..................... 53
3.6 Create a Remote Dial-in User Connection Between the Teleworker and Headquarter........ 62
3.7 QoS Setting Example............................................................................................................ 67
3.8 Upgrade Firmware for Y our Router....................................................................................... 71
3.9 Request a certificate from a CA server on Windows CA Server........................................... 74
3.10 Request a CA Certificate and Set as Trusted on Windows CA Server............................... 78
3.11 Creating an Account for MyVigor.........................................................................................80
Page 7
Vigor3200 Series User’s Guide
vii
3.11.1 Creating an Account via Vigor Router.......................................................................... 80
3.11.2 Creating an Account via MyVigor Web Site.................................................................. 83
3.12 How can I get the files from USB storage device connecting to Vigor router?................... 87
3.13 VPN Trunk Load-Balance between Vigor 3200 and Other Vigor Router............................ 90
Advanced Web Configuration................................................................ 101
4.1 WAN.................................................................................................................................... 101
4.1.1 Basics of Internet Protocol (IP) Network....................................................................... 101
4.1.2 General Setup............................................................................................................... 103
4.1.3 Internet Access............................................................................................................. 107
4.1.4 Load-Balance Policy..................................................................................................... 119
4.2 LAN ..................................................................................................................................... 121
4.2.1 Basics of LAN ............................................................................................................... 121
4.2.2 General Setup............................................................................................................... 123
4.2.3 Static Route.................................................................................................................. 131
4.2.4 VLAN............................................................................................................................. 134
4.2.5 Bind IP to MAC............................................................................................................. 135
4.2.6 LAN Port Mirror............................................................................................................. 136
4.3 NA T..................................................................................................................................... 138
4.3.1 Port Redirection............................................................................................................ 139
4.3.2 DMZ Host...................................................................................................................... 142
4.3.3 Open Ports.................................................................................................................... 145
4.3.4 Address Mapping.......................................................................................................... 146
4.3.5 Port Triggering.............................................................................................................. 148
4.4 Firewall................................................................................................................................ 151
4.4.1 Basics for Firewall......................................................................................................... 151
4.4.2 General Setup............................................................................................................... 153
4.4.3 Filter Setup ................................................................................................................... 158
4.4.4 DoS Defense ................................................................................................................ 166
4.5 User Management............................................................................................................... 169
4.5.1 General Setup............................................................................................................... 169
4.5.2 User Profile (Reserved)................................................................................................ 170
4.5.3 User Group................................................................................................................... 173
3.5.4 User Online Status........................................................................................................ 175
4.6 Objects Settings.................................................................................................................. 176
4.6.1 IP Object....................................................................................................................... 176
4.6.2 IP Group ....................................................................................................................... 178
4.6.3 Service Type Object ..................................................................................................... 180
4.6.4 Service Type Group...................................................................................................... 182
4.6.5 Keyword Object ............................................................................................................184
4.6.6 Keyword Group............................................................................................................. 185
4.6.7 File Extension Object.................................................................................................... 186
4.7 CSM Profile......................................................................................................................... 188
4.7.1 APP Enforcement Profile.............................................................................................. 189
4.7.2 URL Content Filter Profile............................................................................................. 193
4.7.3 Web Content Filter Profile............................................................................................. 198
4.8 Bandwidth Management ..................................................................................................... 201
Page 8
Vigor3200 Series User’s Guide
viii
4.8.1 Sessions Limit............................................................................................................... 201
4.8.2 Bandwidth Limit ............................................................................................................203
4.8.3 Quality of Service.......................................................................................................... 205
4.9 Applications.........................................................................................................................214
4.9.1 Dynamic DNS............................................................................................................... 214
4.9.2 Schedule....................................................................................................................... 216
4.9.3 RADIUS........................................................................................................................ 220
4.9.4 LDAP / Active Directory................................................................................................ 221
4.9.5 UPnP............................................................................................................................. 223
4.9.6 IGMP............................................................................................................................. 225
4.9.7 Wake on LAN................................................................................................................ 226
4.10 VPN and Remote Access.................................................................................................. 227
4.10.1 VPN Client Wizard...................................................................................................... 227
4.10.2 VPN Server Wizard..................................................................................................... 233
4.10.3 Remote Access Control.............................................................................................. 238
4.10.4 PPP General Setup .................................................................................................... 238
4.10.5 IPSec General Setup.................................................................................................. 240
4.10.6 IPSec Peer Identity..................................................................................................... 241
4.10.7 Remote Dial-in User ................................................................................................... 243
4.10.8 LAN to LAN................................................................................................................. 247
4.10.9 VPN TRUNK Management......................................................................................... 255
4.10.10 Connection Management ......................................................................................... 265
4.1 1 Certificate Management.................................................................................................... 267
4.11.1 Local Certificate.......................................................................................................... 267
4.11.2 Trusted CA Certificate ................................................................................................ 271
4.11.3 Certificate Backup....................................................................................................... 272
4.12 Wireless LAN .................................................................................................................... 272
4.12.1 Basic Concepts........................................................................................................... 272
4.12.2 General Setup............................................................................................................. 275
4.12.3 Security....................................................................................................................... 279
4.12.4 Access Control............................................................................................................ 281
4.12.5 WPS............................................................................................................................ 282
4.12.6 WDS............................................................................................................................ 285
4.12.7 Advanced Setting........................................................................................................ 288
4.12.8 WMM Configuration.................................................................................................... 289
4.12.9 AP Discovery.............................................................................................................. 291
4.12.10 Station List................................................................................................................ 292
4.12.11 Web Portal................................................................................................................ 293
4.13 SSL VPN........................................................................................................................... 294
4.13.1 General Setup............................................................................................................. 294
4.13.2 SSL Web Proxy .......................................................................................................... 295
4.13.3 SSL Application .......................................................................................................... 297
4.13.4 User Account.............................................................................................................. 299
4.13.5 User Group................................................................................................................. 301
4.13.6 Online User Status...................................................................................................... 302
4.14 USB Application................................................................................................................ 304
4.14.1 USB General Settings................................................................................................. 304
4.14.2 USB User Management.............................................................................................. 305
4.14.3 File Explorer................................................................................................................ 308
4.14.4 USB Disk Status......................................................................................................... 308
4.14.5 Syslog Explorer........................................................................................................... 309
4.15 System Maintenance..........................................................................................................311
4.15.1 System Status............................................................................................................. 311
Page 9
Vigor3200 Series User’s Guide
ix
4.15.2 TR-069........................................................................................................................ 313
4.15.3 Administrator Password.............................................................................................. 314
4.15.4 User Password ........................................................................................................... 315
4.15.5 Login Customization................................................................................................... 317
4.15.6 Configuration Backup ................................................................................................. 319
4.15.7 Syslog/Mail Alert......................................................................................................... 321
4.15.8 Time and Date............................................................................................................ 324
4.15.9 Management............................................................................................................... 325
4.15.10 Reboot System......................................................................................................... 326
4.15.11 Firmware Upgrade.................................................................................................... 327
4.15.12 Activation.................................................................................................................. 328
4.16 Diagnostics........................................................................................................................ 329
4.16.1 Dial-out Trigger........................................................................................................... 330
4.16.2 Routing Table ............................................................................................................. 330
4.16.3 ARP Cache Table....................................................................................................... 331
4.16.4 DHCP Table................................................................................................................ 331
4.16.5 NAT Sessions Table................................................................................................... 332
4.16.6 Data Flow Monitor....................................................................................................... 333
4.16.7 Traffic Graph............................................................................................................... 335
4.16.8 Ping Diagnosis............................................................................................................ 336
4.16.9 Trace Route................................................................................................................ 337
4.17 External Devices............................................................................................................... 338
Trouble Shooting.....................................................................................339
5.1 Checking If the Hardware Status Is OK or Not....................................................................339
5.2 Checking If the Network Connection Settings on Your Computer Is OK or Not................. 340
5.3 Pinging the Router from Y our Computer............................................................................. 342
5.4 Checking If the ISP Settings are OK or Not........................................................................ 343
5.5 Problems for 3G Network Connection ................................................................................ 344
5.6 Backing to Factory Default Setting If Necessary ................................................................ 344
5.7 Contacting Your Dealer....................................................................................................... 346
Page 10
Page 11
Vigor3200 Series User’s Guide
1
IInnttrroodduuccttiioonn
Vigor3200 Series, a broadband router, integrates IP layer QoS, NAT session/bandwidth management to help users control works well with large bandwidth.
By adopting hardware-based VPN platform and hardware encryption of AES/DES/3DES, the router increases the performance of VPN greatly and offers several protocols (such as IPSec/PPTP/L2TP) with up to 32 VPN tunnels.
The object-based design used in SPI (Stateful Packet Inspection) firewall allows users to set firewall policy easily. CSM (Content Security Management) provides users control and management in IM (Instant Messenger) and P2P (Peer to Peer) more efficiency than before. By the way, DoS/DDoS prevention and URL/Web content filter strengthen the security outside and control inside.
Object-based firewall is flexible and allows your network be safe. In addition, Vigor3200 Series supports USB interface for connecting USB printer to share printer, USB storage device for sharing files, or for 3G WAN.
Vigor3200 Series provides two-level management to simplify the configuration of network connection. The user mode allows user accessing into WEB interface via simple configuration. However, if users want to have advanced configurations, they can access into WEB interface through admin mode.
11..11 WWeebb CCoonnffiigguurraattiioonn BBuuttttoonnss EExxppllaannaattiioonn
Several main buttons appeared on the web pages are defined as the following:
Save and apply current settings.
Cancel current settings and recover to the previous saved settings.
Clear all the selections and parameters settings, including selection from
drop-down list. All the values must be reset with factory default settings.
Add new settings for specified item.
Edit the settings for the selected item.
Delete the selected item with the corresponding settings.
Note: For the other buttons shown on the web pages, please refer to Chapter 3 and 4 for detailed explanation.
Page 12
Vigor3200 Series User’s Guide
2
11..22 LLEEDD IInnddiiccaattoorrss aanndd CCoonnnneeccttoorrss
Before you use the Vigor router, please get acquainted with the LED indicators and connectors first.
11..22..11 FFoorr VViiggoorr33220000
LED Status Explanation
Blinking The router is powered on and ru n ni n g no rmally. ACT (Activity) Off The router is powered off. On USB device is connected and ready for use. USB Blinking The data is transmitting. On The DoS/DDoS function is active. DoS Blinking It will blink while detecting an attack.
VPN On The VPN tunnel is active.
On The WAN1 ~ WAN4 connection is ready. WAN1-4 Blinking It will blink while transmitting data.
CSM On The profile(s) of CSM (Content Security
Management) for IM/P2P, URL/Web Content Filter application can be enabled from Firewall >>General Setup. (Such profile must be established under CSM menu).
LED on Connector
On The port is connected. Off The port is disconnected.
Left LED (Green)
Blinking The data is transmitting. On The port is connected with 1000Mbps.
WAN 1/2/3/4
Right LED (Green)
Off The port is connected with 10/100Mbps when left
LED is on. On The port is connected. Off The port is disconnected.
Left LED (Green)
Blinking The data is transmitting. On The port is connected with 1000Mbps.
DMZ
Right LED (Green)
Off The port is connected with 10/100Mbps when left
LED is on. On The port is connected. Off The port is disconnected.
Left LED (Green)
Blinking The data is transmitting. On The port is connected with 1000Mbps.
LAN
Right LED (Green)
Off The port is connected with 10/100Mbps when left
LED is on.
Page 13
Vigor3200 Series User’s Guide
3
Interface Description
Factory Reset Restore the default settings. Usage: Turn on the router (ACT LED is blinking).
Press the hole and keep for more than 5 seconds. When you see the ACT LED begins to blink rapidly than usual, release the button. Then the router will
restart with the factory default configuration. WAN1- WAN4 Connecters for remote networked devices. DMZ Connecter for local DMZ host. LAN Connecter for local network devices. USB Connecter for 3G Modem or printer.
PWR
Connecter for a power adapter. ON/OFF
Power Switch.
Page 14
Vigor3200 Series User’s Guide
4
11..22..22 FFoorr VViiggoorr33220000nn
LED Status Explanation
Blinking The router is powered on and ru n ni n g no rmally. ACT (Activity) Off The router is powered off. On USB device is connected and ready for use. USB Blinking The data is transmitting. On Wireless access point is ready. Blinking Ethernet packets are transmitting over wireless
LAN.
WLAN
Off The WLAN function is inactive.
VPN On The VPN tunnel is active.
On The WAN1 ~ WAN4 connection is ready. WAN1-4 Blinking It will blink while transmitting data.
CSM On The profile(s) of CSM (Content Security
Management) for IM/P2P, URL/Web Content Filter application can be enabled from Firewall >>General Setup. (Such profile must be established under CSM menu).
LED on Connector
On The port is connected. Off The port is disconnected.
Left LED (Green)
Blinking The data is transmitting. On The port is connected with 1000Mbps.
WAN 1/2/3/4
Right LED (Green)
Off The port is connected with 10/100Mbps when left
LED is on. On The port is connected. Off The port is disconnected.
Left LED (Green)
Blinking The data is transmitting. On The port is connected with 1000Mbps.
DMZ
Right LED (Green)
Off The port is connected with 10/100Mbps when left
LED is on. On The port is connected. Off The port is disconnected.
Left LED (Green)
Blinking The data is transmitting. On The port is connected with 1000Mbps.
LAN
Right LED (Green)
Off The port is connected with 10/100Mbps when left
LED is on.
Page 15
Vigor3200 Series User’s Guide
5
Interface Description
Wireless LAN ON/OFF/WPS
Press "Wireless LAN ON/OFF/WPS" button once to wait for client device making network connection through WPS. Press "Wireless LAN ON/OFF/WPS" button twice to enable (WLAN LED on) or disable (WLAN LED off) wireless connection.
Factory Reset Restore the default settings. Usage: Turn on the router (ACT LED is blinking).
Press the hole and keep for more than 5 seconds. When you see the ACT LED begins to blink rapidly than usual, release the button. Then the router will
restart with the factory default configuration. WAN1- WAN4 Connecters for remote networked devices. DMZ Connecter for local DMZ host. LAN Connecter for local network devices. USB Connecter for 3G Modem or printer.
PWR
Connecter for a power adapter. ON/OFF
Power Switch.
Page 16
Vigor3200 Series User’s Guide
6
11..33 HHaarrddwwaarree IInnssttaallllaattiioonn
Before starting to configure the router, you have to connect your devices correctly.
1. Connect the cable Modem/DSL Modem/Media Converter to any WAN port of router
with Ethernet cable (RJ-45).
2. Connect one end of an Ethernet cable (RJ-45) to the LAN port of the router and the other
end of the cable (RJ-45) into the Ethernet port on your computer. Or, use a switch to connect Vigor router and computer(s).
3. Connect one end of the power adapter to the router’s power port on the rear panel, and
the other side into a wall outlet.
4. Power on the device by pressing down the power switch on the rear panel.
5. The system starts to initiate. After completing the system test, the ACT LED will light
up and start blinking.
(For the detailed information of LED status, please refer to section 1.1.)
Page 17
Vigor3200 Series User’s Guide
7
11..44 PPrriinntteerr IInnssttaallllaattiioonn
You can install a printer onto the router for sharing printing. All the PCs connected this router can print documents via the router. The example provided here is made based on Windows XP/2000. For Windows 98/SE/Vista, please visit www.DrayTek.com.
Before using it, please follow the steps below to configure settings for connected computers (or wireless clients).
1. Connect the printer with the router through USB/parallel port.
2. Open Start->Settings-> Printer and Faxes.
Page 18
Vigor3200 Series User’s Guide
8
3. Open File->Add Printer. A welcome dialog will appear. Please click Next.
4. Click Local printer attached to this computer and click Next.
5. In this dialog, choose Create a new port Type of port and use the drop down list to
select Standard TCP/IP Port. Click Next.
Page 19
Vigor3200 Series User’s Guide
9
6. In the following dialog, type 192.168.1.1 (router’s LAN IP) in the field of Printer Name
or IP Address and type IP_192.168.1.1 as the port name. Then, click Next.
7. Click Standard and choose Generic Network Card.
8. Then, in the following dialog, click Finish.
Page 20
Vigor3200 Series User’s Guide
10
9. Now, your system will ask you to choose right name of the printer that you installed onto
the router. Such step can make correct driver loaded onto your PC. When you finish the selection, click Next.
10. For the final stage, you need to go back to Control Panel-> Printers and edit the
property of the new printer you have added.
11. Select "LPR" on Protocol, type p1 (number 1) as Queue Name. Then click OK. Next
please refer to the red rectangle for choosing the correct protocol and LPR name.
Page 21
Vigor3200 Series User’s Guide
11
The printer can be used for printing now. Most of the printers with different manufacturers are compatible with vigor router.
Note 1: Some printers with the fax/scanning or other additional functions are not supported. If you do not know whether your printer is supported or not, please visit www.DrayTek.com to find out the printer list. Open Support >FAQ; find out the link of
Printer Server and click it; then choose the What types of printers are compatible with Vigor router?.
Note 2: Vigor router supports printing request from computers via the LAN port but not
WAN port.
Page 22
Vigor3200 Series User’s Guide
12
This page is left blank.
Page 23
Vigor3200 Series User’s Guide
13
C
Coonnffiigguurriinngg
B
Baassiicc
SSeettttiinnggss
For using the router properly, it is necessary for you to change the password of web configuration for security and adjust primary basic settings.
This chapter explains how to setup a password for accessing into the web configurator of Vigor router and how to adjust settings for accessing Internet successfully.
22..11 AAcccceessssiinngg WWeebb PPaaggee
1. Make sure your PC connects to the router correctly.
You may either simply set up your computer to get IP dynamically from the router or set up the IP address of the computer to be the same subnet as the default IP address of Vigor router 192.168.1.1. For the detailed information, please refer to the later section ­Trouble Shooting of the guide.
2. Open a web browser on your PC and type http://192.168.1.1. The following window
will be open to ask for username and password.
3. Please type “admin/admin” on Username/Password and click Login. For the option of
Group, it is used to access into SSL VPN portal. Just keep it in default. For the detailed information about the Group application of SSL VPN portal, refer to Chapter 3.
Notice: If you fail to access to the web configuration, please go to “Trouble Shooting” for detecting and solving your problem.
4. The web page can be logged out according to the chosen condition. The default setting is
Auto Logout, which means the web configuration system will logout after 5 minutes without any operation. Change the setting for your necessity.
Page 24
Vigor3200 Series User’s Guide
14
22..22 CChhaannggiinngg PPaasssswwoorrdd
No matter user mode operation or admin mode operation, please change the password for the original security of the router.
1. Open a web browser on your PC and type http://192.168.1.1. A pop-up window will
open to ask for username and password.
2. Please type “admin/admin” on Username/Password for admin mode. Otherwise, do not
type any word (both username and password are Null for user mode) on the window and click Login on the window.
3. Now, the Main Screen will appear.
Note: The home page will change slightly in accordance with the type of the router you have.
4. Go to System Maintenance page and choose Administrator Password.
Page 25
Vigor3200 Series User’s Guide
15
Enter the login password on the field of Old Password. Type New Password and confirm the password. Then click OK to continue.
5. Now, the password has been changed. Next time, use the new password to access the
Web Configurator for this router.
22..33 QQuuiicckk SSttaarrtt WWiizzaarrdd
Notice: Quick Start Wizard for user mode operation is the same as for admin mode operation.
If your router can be under an environment with high speed NAT, the configuration provide here can help you to deploy and use the router quickly. The first screen of Quick Start Wizard is entering login password. After typing the password, please click Next.
On the next page as shown below, please select the WAN interface that you use. Choose Auto negotiation as the physical type for your router. Then click Next for next step.
Page 26
Vigor3200 Series User’s Guide
16
Note: There are five WAN selections available for you to choose. In which, WAN5 is selected for 3G USB modem connection. Refer to the following for detailed information.
22..33..11 FFoorr WWAANN11 –– WWAANN44
Choose WAN1/WAN2/WAN3/WAN4 and click Next. On the next page as shown below, please select the appropriate Internet access type according to the information from your ISP. For example, you should select PPPoE mode if the ISP provides you PPPoE interface. Then click Next for next step.
22..33..11..11 PPPPPPooEE
PPPoE stands for Point-to-Point Protocol over Ethernet. It relies on two widely accepted standards: PPP and Ethernet. It connects users through an Ethernet to the Internet with a common broadband medium, such as a single DSL line, wireless device or cable modem. All the users over the Ethernet can share a common connection.
PPPoE is used for most of DSL modem users. All local users can share one PPPoE connection for accessing the Internet. Your service provider will provide you information about user name, password, and authentication mode. If your ISP provides you the PPPoE connection, please select PPPoE for this router.
1. Choose WAN1/WAN2/WAN3/WAN4 as the WAN Interface and click the Next button.
The following page will be open for you to specify Internet Access Type.
Page 27
Vigor3200 Series User’s Guide
17
2. Click PPPoE as the Internet Access Type. Then click Next to open the following page.
Available settings are explained as follows:
Item Description User Name
Assign a specific valid user name provided by the ISP.
Password
Assign a valid password provided by the ISP.
Confirm Password
Retype the password.
Back
Click it to return to previous setting page.
Next
Click it to get into the next setting page.
Cancel
Click it to give up the quick start wizard.
3. Please manually enter the Username/Password provided by your ISP. Click Next for
viewing summary of such connection.
Page 28
Vigor3200 Series User’s Guide
18
4. Click Finish. A page of Quick Start Wizard Setup OK!!! will appear. Then, the system
status of this protocol will be shown.
5. Now, you can enjoy surfing on the Internet.
Page 29
Vigor3200 Series User’s Guide
19
22..33..11..22 PPPPTTPP//LL22TTPP
1. Choose WAN1/WAN2/WAN3/WAN4 as the WAN Interface and click the Next button.
The following page will be open for you to specify Internet Access Type.
2. Click PPTP/L2TP as the Internet Access Type. Then click Next to continue.
Available settings are explained as follows:
Item Description User Name
Assign a specific valid user name provided by the ISP.
Password
Assign a valid password provided by the ISP.
Confirm Password
Retype the password.
Page 30
Vigor3200 Series User’s Guide
20
WAN IP Configuration
Obtain an IP address automatically – the router will get an
IP address automatically from DHCP server. Specify an IP address – you have to type relational settings
manually.
IP Address - Type the IP address. Subnet Mask –Type the subnet mask.
Gateway – Type the IP address of the gateway.
Primary DNS –Type in the primary IP address for the router. Second DNS –Type in secondary IP address for necessity in
the future.
PPTP Server / L2TP Server
Type the IP address of the server.
Back
Click it to return to previous setting page.
Next
Click it to get into the next setting page.
Cancel
Click it to give up the quick start wizard.
3. Click Next for viewing summary of such connection.
4. Click Finish. A page of Quick Start Wizard Setup OK!!! will appear. Then, the system
status of this protocol will be shown.
5. Now, you can enjoy surfing on the Internet.
Page 31
Vigor3200 Series User’s Guide
21
22..33..11..33 SSttaattiicc IIPP
1. Choose WAN1/WAN2/WAN3/WAN4 as the WAN Interface and click the Next button.
The following page will be open for you to specify Internet Access Type.
2. Click Static IP as the protocol. Type in all the information that your ISP provides for this
protocol.
Available settings are explained as follows:
Item Description WAN IP
Type the IP address.
Subnet Mask
Type the subnet mask.
Gateway
Type the IP address of gateway.
Primary DNS
Type in the primary IP address for the router.
Secondary DNS
Type in secondary IP address for necessity in the future.
Page 32
Vigor3200 Series User’s Guide
22
Back
Click it to return to previous setting page.
Next
Click it to get into the next setting page.
Cancel
Click it to give up the quick start wizard.
3. After finishing the settings in this page, click Next to see the following page.
4. Click Finish. A page of Quick Start Wizard Setup OK!!! will appear. Then, the system
status of this protocol will be shown.
5. Now, you can enjoy surfing on the Internet.
Page 33
Vigor3200 Series User’s Guide
23
22..33..11..44 DDHHCCPP
1. Choose WAN1/WAN2/WAN3/WAN4 as the WAN Interface and click the Next button.
The following page will be open for you to specify Internet Access Type.
2. Click DHCP as the protocol. Type in all the information that your ISP provides for this
protocol.
Available settings are explained as follows:
Item Description Host Name
Type the name of the host.
MAC
Some Cable service providers specify a specific MAC address for access authentication. In such cases you need to enter the MAC address.
Back
Click it to return to previous setting page.
Next
Click it to get into th/e next setting page.
Page 34
Vigor3200 Series User’s Guide
24
Cancel
Click it to give up the quick start wizard.
3. After finishing the settings in this page, click Next to see the following page.
4. Click Finish. A page of Quick Start Wizard Setup OK!!! will appear. Then, the system
status of this protocol will be shown.
5. Now, you can enjoy surfing on the Internet.
22..33..22 FFoorr WWAANN55
To use 3G USB modem for network connection, please choose WAN5.
1. Choose WAN5 as the WAN Interface and click the Next button.
Page 35
Vigor3200 Series User’s Guide
25
2. Then, click Next to continue.
3. Click Finish. A page of Quick Start Wizard Setup OK!!! will appear. Then, the system
status of this protocol will be shown.
4. Now, you can enjoy surfing on the Internet.
Page 36
Vigor3200 Series User’s Guide
26
22..44 SSeerrvviiccee AAccttiivvaattiioonn WWiizzaarrdd
Service Activation Wizard can guide you to set WCF (Web Content Feature) with a quick and easy way. For the Service Activation Wizard is only available for admin operation,
therefore, please type “admin/admin” on Username/Password while Logging into the web configurator.
Service Activation Wizard is a tool which allows you to use trial version or update the license of WCF directly without accessing into the server (MyVigor) located on http://myvigor.draytek.com
. For using Web Content Filter Profile, please refer to later section
Web Content Filter Profile for detailed information. Now, follow the steps listed below to activate WCF feature for your router.
1. Open Service Activation Wizard.
2. The screen of Service Activation Wizard will be shown as follows. Choose the one you
need and click Next. In this case, we choose to activate free trail edition.
Free trial edition: it offers a period of trial for you to get acquainted with WCF function. Formal edition with license key: you can extend the license valid time manually.
Note: If you activate Formal edition with license key first, the free trial edition will
be invalid.
Page 37
Vigor3200 Series User’s Guide
27
3. In the following page, you can activate the Web content filter service at the same time or
individually. When you finish the selection, please click Next.
4. Setting confirmation page will be displayed as follows, please click Next.
5. Wait for a moment till the following page appears.
When such page appears, you can enable or disable these services for your necessity. Then, click Finish.
Note: The service will be activated and applied as the default rule configured in Firewall>>General Setup.
Page 38
Vigor3200 Series User’s Guide
28
6. Now, the web page will display the service that you have activated according to your
selection(s). The valid time for the free trial of these services is one month.
Later, if you need to extend the license valid time, you can also use the Service
Activation Wizard again to reach your goal by clicking the radio button of Formal edition with license key and clicking Next.
Page 39
Vigor3200 Series User’s Guide
29
22..55 OOnnlliinnee SSttaattuuss
The online status shows the system status, WAN status, and other status related to this router within one page. If you select PPPoE as the protocol, you will find out a link of Dial PPPoE or Drop PPPoE in the Online Status web page.
Detailed explanation is shown below:
Item Description LAN Status Primary DNS
- Displays the IP address of the primary DNS. Secondary DNS
- Displays the IP address of the secondary DNS. IP Address
- Displays the IP address of the LAN interface. TX Packets
- Displays the total transmitted packets at the LAN interface. RX Packets
- Displays the total number of received packets at the LAN
Page 40
Vigor3200 Series User’s Guide
30
Item Description
interface.
WAN 1 Status ~ WAN 5 Status
Line
- Displays the physical connection of this interface. Name
- Displays the name set in WAN1/WAN web page. Mode
- Displays the type of WAN connection (e.g., PPPoE). Up Time
- Displays the total uptime of the interface. IP
- Displays the IP address of the WAN interface. GW IP
- Displays the IP address of the default gateway. TX Packets
- Displays the total transmitted packets at the WAN interface. TX Rate
- Displays the speed of transmitted octets at the WAN interface.
RX Packets
- Displays the total number of received packets at the WAN interface.
RX Rate
- Displays the speed of received octets at the WAN interface.
Note: The words in green mean that the WAN connection of that interface is ready for accessing Internet; the words in red mean that the WAN connection of that interface is not ready for accessing Internet.
22..66 SSaavviinngg CCoonnffiigguurraattiioonn
Each time you click OK on the web page for saving the configuration, you can find messages showing the system interaction with you.
Ready indicates the system is ready for you to input settings. Settings Saved means your settings are saved once you click Finish or OK button.
22..77 SSuuppppoorrtt AArreeaa
When you click the menu item under Support Area, you will be guided to visit www.draytek.com and open the corresponding pages directly.
Page 41
Vigor3200 Series User’s Guide
31
Click Support Area>>Application Note, the following web page will be displayed.
Click Support Area>>FAQ, the following web page will be displayed.
Click Support Area>>Product Registration, the following web page will be displayed.
Page 42
Vigor3200 Series User’s Guide
32
22..88 RReeggiisstteerriinngg VViiggoorr RRoouutteerr
You have finished the configuration of Quick Start Wizard and you can surf the Internet at any time. Now it is the time to register your Vigor router to MyVigor website for getting more service. Please follow the steps below to finish the router registration.
1. Please login the web configuration interface of Vigor router by typing “admin/admin
as User Name / Password.
2. Click Support Area>>Production Registration from the home page.
Page 43
Vigor3200 Series User’s Guide
33
3. A Login page will be shown on the screen. Please type the account and password that
you created previously. And click Login.
4. The following page will be displayed after you logging in MyVigor. From this page,
please click Add or Product Registration.
Note: Below the field of Your Device List, all the Vigor routers that you have registered to MyVigor website will be displayed in sequence.
Page 44
Vigor3200 Series User’s Guide
34
5. When the following page appears, please type in Nickname (for the router) and choose
the right registration date from the popup calendar (it appears when you click on the box of Registration Date). After adding the basic information for the router, please click Submit.
6. When the following page appears, your router information has been added to the
database. Click OK to leave this web page and return to My Information web page.
6. Take a look at the page of My Information, the new added Vigor router is listed under
Your Device List.
Page 45
Vigor3200 Series User’s Guide
35
TTuuttoorriiaallss aanndd A
Apppplliiccaattiioonnss
33..11 HHooww ttoo IImmpplleemmeenntt tthhee AADD//LLDDAAPP AAuutthheennttiiccaattiioonn ffoor
r UUsseerr
MMaannaaggeemmeenntt??
For simplifying the configuration of LDAP authentication for User Access Management, we implement “Group” feature.
There is no need to pre-configure user profile for each user on Vigor router anymore. We only need to configure the Groups DN, then the Vigor router (e.g., Vigor 3200 series) can pass the authentication to LDAP server with the pre-defined Group path.
Below shows the configuration steps:
1. Access into the web configurator of the Vigor router.
2. Open Applications>>Active Directory /LDAP to get the following page for
configuring LDAP related settings.
There are three types of bind type supported:
z Simple Mode – Just simply do the bind authentication without any search action. z Anonymous – Perform a search action first with Anonymous account then do the
bind authentication.
z Regular Mode– Mostly it is the same with anonymous mode. The different is that,
the server will firstly check if you have the search authority. For the regular mode, you’ll need to type in the Regular DN and Regular Password.
Page 46
Vigor3200 Series User’s Guide
36
3. Create LDAP server profiles. Click the Active Directory /LDAP tab to open the profile
web page and click any one of the index number link. If we have two groups “RD1” and “SHRD” on LDAP server, we can configure two
LDAP server profiles with different Group Distinguished Name.
4. Click OK to save the settings above.
5. Open User Management>>General Setup. Select User-Based as the Mode option.
Page 47
Vigor3200 Series User’s Guide
37
6. Then open User Management>>User Profile to create the user profile that will
authenticate with LDAP server.
7. After above configurations, users belong to either “rd1” or “shrd” group can access
Internet after inputting their credentials on LDAP server.
Page 48
Vigor3200 Series User’s Guide
38
33..22 HHooww ttoo iimmpplleemmeenntt tthhee AADD//LLDDAAPP aauutthheennttiiccaattiioonn ffoor
r SSSSLL
AApppplliiccaattiioonn??
Below shows the configuration steps:
1.
Access into the web configurator of the Vigor router.
2.
Open Applications>>Active Directory /LDAP to get the following page for configuring LDAP related settings. Click the General Setup tab and enable the AD/LDAP service.
There are three types of bind type supported:
z Simple Mode – Just simply do the bind authentication without any search
action.
z Anonymous – Perform a search action first with Anonymous account then
do the bind authentication.
z Regular Mode– Mostly it is the same with anonymous mode. The different
is that, the server will firstly check if you have the search authority.
For the regular mode, you’ll need to type in the Regular DN and Regular Password.
Page 49
Vigor3200 Series User’s Guide
39
3. Click the Active Directory /LDAP tab to open the profile web page.
4.
Click any one of the index number link to configure the proper Base Distinguished Name and Group Distinguished Name.
Suppose that there are several departments in your company, e.g., RD1 and RD2. Here, create a profile for RD1 first.
Sometimes, you may forget the Distinguished Name since it’s too long. Then you may click the button to list all the account information on the AD/LDAP
Server to assist you finish the setup.
Page 50
Vigor3200 Series User’s Guide
40
Press the button on this page to keep searching its sub-tree.
In addition, means this item is an organization; means this item is an account.
5.
Press certain item, its Base Distinguished Name (BDN) will be shown automatically in the AD/LDAP Distinguished Name field box. Then, press OK to save the profile and return to the previous page.
Page 51
Vigor3200 Series User’s Guide
41
6. After finishing the AD/LDAP configuration, go to VPN and Remote Access >>
PPP General Setup. Check the box of LDAP that you’ve enabled in Application >> Active Directory / LDAP.
Note: Group Distinguished Name is not a MUST required option for the
AD/LDAP configuration. However, you may need, sometimes, to separate certain accounts’ authority with it. For example, the Base Distinguished Name (BDN) is “ou=people,dc=ms,dc=draytek,dc=com”. There is a lot of accounts information. But, only several of them you may prefer to grant the authority of VPN dial-up. For such case, you will have to use this Group Distinguished Name feature separate those accounts.
7. Click OK to save the configuration.
8. Configure the AD/LDAP profiles for different departments (supposed that there several
departments in your company, e.g., RD1/RD2).
Page 52
Vigor3200 Series User’s Guide
42
9. Setup two applications profiles (named PC1 and PC2) for SSL VPN.
10. Setup two SSL Web Proxy Servers profiles (named google and baidu) for SSL
VPN.
11.
Go to SSL VPN >>User Group to setup two separate groups (named with g1 and g2) with different authorities and different authentication methods.
Different departments should have separated access authorities. For example, RD1 can only access Google web site and connect to PC1 via VNC; while RD2 can only access Baidu web site and connect to PC2 via RDP. Therefore,
Set the user group profile (named g1) for RD1 department:
Page 53
Vigor3200 Series User’s Guide
43
Set the user group profile (named g2) for RD2 department:
Page 54
Vigor3200 Series User’s Guide
44
12. Once you’ve finished the configuration on Vigor router, try to login SSL portal
with https://<IPAddress>/ .
13.
Please type in the user name and password, and select the group that the account belongs to (In this case, the username is Caesar and the group it belongs to is g1).
You may also leave this Group option blank. The router will look through all the group profiles to check which one your account belongs to. (It might take a few seconds.)
If the authentication is successful, SSL portal web interface with the applications related to such user account will be displayed on the screen.
Page 55
Vigor3200 Series User’s Guide
45
Page 56
Vigor3200 Series User’s Guide
46
33..33 HHooww ttoo CCoonnffiigguurree MMuullttii--SSuubbnneett
By identifying the tagged message, Vigor3200 can divide the LAN Port into several VLAN groups. Such LAN port with tagged information will accept the packets only with VLAN ID number.
For example, Vigor3200 can divide the internal departments of a company into four different groups by using VigorSwitch G2240. Each group uses different network segment and does not connect for each other. VigorSwitch G2240 Trunk Port 23 and Vigor3200 LAN Port are connected with network cable. See the following graphic for an example.
VLAN0 (Human Resource): LAN Port IP: 192.168.1.0/24 VLAN1 (Finance Dept): LAN Port IP: 192.168.2.0/24 VLAN2 (Sales Dept.): LAN Port IP: 192.168.3.0/24 VLAN3 (R&D): LAN Port IP: 192.168.4.0/24
Page 57
Vigor3200 Series User’s Guide
47
Configuration for Vigor3200
1. In the page of LAN >> VLAN Configuration, check the box of Enable to enable the
function of VLAN Configuration.
2. Untag VLAN0 and set LAN4 as the Subnet.
3. To activate the function of VLAN Tag for VLAN1 setting, check the box of Enable and
type the value (10) for VID setting. Then check LAN Port and set LAN1 as the Subnet.
4. To activate the function of VLAN Tag for VLAN2 setting, check the box of Enable and
type the value (20) for VID setting. Then check LAN Port and set LAN2 as the Subnet.
5. To activate the function of VLAN Tag for VLAN3 setting, check the box of Enable and
type the value (30) for VID setting. Then check LAN Port and set LAN3 as the Subnet.
6. To activate the function of VLAN Tag for VLAN4 setting, check the box of Enable and
type the value (40) for VID setting. Then check LAN Port and set LAN4 as the Subnet.
In the page of LAN >> General Setup, check the Status box of LAN2, LAN3, LAN4 and enable the function of DHCP.
Page 58
Vigor3200 Series User’s Guide
48
After finishing the above configuration, the equipment connecting to Vigor3200 LAN Port can get the corresponding IP address of the network segment.
The equipment connecting to Vigor3200 LAN Port (LAN1) can get the IP address of
192.168.1.0/24. The equipment connecting to Vigor3200 LAN Port (LAN2) can get the IP address of
192.168.2.0/24. The equipment connecting to Vigor3200 LAN Port (LAN3) can get the IP address of
192.168.3.0/24. The equipment connecting to Vigor3200 LAN Port (LAN4) can get the IP address of
192.168.4.0/24. For the detailed settings of the network segment, open LAN>>General Setup and click
Details Page. Adjust the settings for your request. Refer to the following figure.
Page 59
Vigor3200 Series User’s Guide
49
7. To make any two of VLAN groups linked with each other, just check the boxes of the
ones in the field of Inter-LAN Routing in the page of LAN >> General Setup. Refer to the following figure. LAN2 and LAN3 are linked.
Configuration for VigorSwitch G2240
1. Open Vlan>>Tag-based Group.
2. Add four VID groups. In this case, we can explanation it with Port 15, 16, 17, 18 and
Trunk Port 23.
VLAN Name 3200-VID10, Port Members = 15、23 VLAN Name 3200-VID20, Port Members = 16、23 VLAN Name 3200-VID30, Port Members = 17、23 VLAN Name 3200-VID40, Port Members = 18、23
3. Open Vlan>> Ports and set the VID value with role for each Port:
Port 15 VID = 10 Role = Access Port 16 VID = 20 Role = Access Port 17 VID = 30 Role = Access Port 18 VID = 40 Role = Access Port 23 VID = 1 Role = Trunk
Port 23 is set with Trunk in this example and will transfer the packets with VLAN Tag information. That is, packets with VID 10, 20, 30 and 40 will be transferred to Vigor3200 by Port 23 and VID information will be retained.
Page 60
Vigor3200 Series User’s Guide
50
4. After finishing the above configuration, the equipment connecting to VigorSwitch Port
15, 16, 17 and 18 can get the corresponding IP address(es) of the network segment.
The equipment connecting to VigorSwitch Port 15 can get the IP address of
192.168.1.0/24 The equipment connecting to VigorSwitch Port 16 can get the IP address of
192.168.2.0/24 The equipment connecting to VigorSwitch Port 17 can get the IP address of
192.168.3.0/24 The equipment connecting to VigorSwitch Port 18 can get the IP address of
192.168.4.0/24
Page 61
Vigor3200 Series User’s Guide
51
33..44 HHooww ttoo CCuussttoommiizzee YYoouurr LLooggiinn PPaaggee
Login page can be customized to fit the request of the administrator.
1. Open User Management>>General Setup. Set User-Based as the Mode and click OK
to save teh settings.
2. Open User Management>>User Profile to create a new user profle.
3. Click any link (e.g., #3) to access into the following page. Type a User Name and a
Password. Then, click OK.
Page 62
Vigor3200 Series User’s Guide
52
4. Open System Maintenance>>Login Customization. Check the box to enable this
function. Type a brief description (e.g., Just for Carrie) in the field of Login Description which will be shown on the heading of the login dialog. Next, click OK.
Note that do not type URL redirect link in Bulletin box.
5. Open a new tab in the same browser (for IE 7.0/FireFox and above) or open a new web
browser.
6. Try to access into the web configurator (e.g., 192.168.1.1) of Vigor router. Please note
Just for Carrie” is displayed as a heading on the login dialog box.
After typing the username and password (defined in User Management>>User Profile),
click Login. You can access into Internet or access into the Landing Page if configured in User Management>>General Setup.
Page 63
Vigor3200 Series User’s Guide
53
33..55 CCrreeaattee aa LLAANN--ttoo--LLAANN CCoonnnneeccttiioonn BBeettwweeeenn RReemmoottee O
Offffiiccee
aanndd HHeeaaddqquuaarrtteerr
The most common case is that you may want to connect to network securely, such as the remote branch office and headquarter. According to the network structure as shown in the below illustration, you may follow the steps to create a LAN-to-LAN profile. These two networks (LANs) should NOT have the same network address.
Settings in Router A in headquarter:
1. Go to VPN and Remote Access and select Remote Access Control to enable the
necessary VPN service and click OK.
2. Then,
For using PPP based services, such as PPTP, L2TP, you have to set general settings in PPP General Setup.
For using IPSec-based service, such as IPSec or L2TP with IPSec Policy, you have to set general settings in IPSec General Setup, such as the pre-shared key that both parties have known.
Page 64
Vigor3200 Series User’s Guide
54
3. Go to LAN-to-LAN. Click on one index number to edit a profile.
4. Set Common Settings as shown below. You should enable both of VPN connections
because any one of the parties may start the VPN connection.
Page 65
Vigor3200 Series User’s Guide
55
5. Set Dial-Out Settings as shown below to dial to connect to Router B aggressively with
the selected Dial-Out method.
If an IPSec-based service is selected, you should further specify the remote peer IP Address, IKE Authentication Method and IPSec Security Method for this Dial-Out connection.
If a PPP-based service is selected, you should further specify the remote peer IP Address, Username, Password, PPP Authentication and VJ Compression for this Dial-Out connection.
Page 66
Vigor3200 Series User’s Guide
56
6. Set Dial-In settings to as shown below to allow Router B dial-in to build VPN
connection.
If an IPSec-based service is selected, you may further specify the remote peer IP Address, IKE Authentication Method and IPSec Security Method for this Dial-In connection. Otherwise, it will apply the settings defined in IPSec General Setup above.
If a PPP-based service is selected, you should further specify the remote peer IP Address, Username, Password, and VJ Compression for this Dial-In connection.
Page 67
Vigor3200 Series User’s Guide
57
7. At last, set the remote network IP/subnet in TCP/IP Network Settings so that Router A
can direct the packets destined to the remote network to Router B via the VPN connection.
Settings in Router B in the remote office:
1. Go to VPN and Remote Access and select Remote Access Control to enable the
necessary VPN service and click OK.
2. Then, for using PPP based services, such as PPTP, L2TP, you have to set general
settings in PPP General Setup.
For using IPSec-based service, such as IPSec or L2TP with IPSec Policy, you have to set general settings in IPSec General Setup, such as the pre-shared key that both parties have known.
Page 68
Vigor3200 Series User’s Guide
58
3. Go to LAN-to-LAN. Click on one index number to edit a profile.
4. Set Common Settings as shown below. You should enable both of VPN connections
because any one of the parties may start the VPN connection.
5. Set Dial-Out Settings as shown below to dial to connect to Router B aggressively with
the selected Dial-Out method.
If an IPSec-based service is selected, you should further specify the remote peer IP Address, IKE Authentication Method and IPSec Security Method for this Dial-Out connection.
Page 69
Vigor3200 Series User’s Guide
59
If a PPP-based service is selected, you should further specify the remote peer IP Address, Username, Password, PPP Authentication and VJ Compression for this Dial-Out connection.
Page 70
Vigor3200 Series User’s Guide
60
6. Set Dial-In settings to as shown below to allow Router A dial-in to build VPN
connection.
If an IPSec-based service is selected, you may further specify the remote peer IP Address, IKE Authentication Method and IPSec Security Method for this Dial-In connection. Otherwise, it will apply the settings defined in IPSec General Setup above.
If a PPP-based service is selected, you should further specify the remote peer IP Address, Username, Password, and VJ Compression for this Dial-In connection.
Page 71
Vigor3200 Series User’s Guide
61
7. At last, set the remote network IP/subnet in TCP/IP Network Settings so that Router B
can direct the packets destined to the remote network to Router A via the VPN connection.
Page 72
Vigor3200 Series User’s Guide
62
33..66 CCrreeaattee aa RReemmoottee DDiiaall--iinn UUsseerr CCoonnnneeccttiioonn BBeettwweeeen
n tthhee
TTeelleewwoorrkkeerr aanndd HHeeaaddqquuaarrtteerr
The other common case is that you, as a teleworker, may want to connect to the enterprise network securely. According to the network structure as shown in the below illustration, you may follow the steps to create a Remote User Profile and install Smart VPN Client on the remote host.
Settings in VPN Router in the enterprise office:
1. Go to VPN and Remote Access and select Remote Access Control to enable the
necessary VPN service and click OK.
2. Then, for using PPP based services, such as PPTP, L2TP, you have to set general settings
in PPP General Setup.
For using IPSec-based service, such as IPSec or L2TP with IPSec Policy, you have to set general settings in IKE/IPSec General Setup, such as the pre-shared key that both parties have known.
Page 73
Vigor3200 Series User’s Guide
63
3. Go to Remote Dial-In User. Click on one index number to edit a profile.
4. Set Dial-In settings to as shown below to allow the remote user dial-in to build VPN
connection.
If an IPSec-based service is selected, you may further specify the remote peer IP Address, IKE Authentication Method and IPSec Security Method for this Dial-In connection. Otherwise, it will apply the settings defined in IPSec General Setup above.
If a PPP-based service is selected, you should further specify the remote peer IP Address, Username, Password, and VJ Compression for this Dial-In connection.
Page 74
Vigor3200 Series User’s Guide
64
Settings in the remote host:
1. For Win98/ME, you may use "Dial-up Networking" to create the PPTP tunnel to Vigor
router.
For Win2000/XP, please use "Network and Dial-up connections" or “Smart VPN
Client”, complimentary software to help you create PPTP, L2TP, and L2TP over IPSec tunnel. You can find it in CD-ROM in the package or go to www.DrayTek.com download center. Install as instructed.
2. After successful installation, for the first time user, you should click on the Step 0.
Configure button. Reboot the host.
Page 75
Vigor3200 Series User’s Guide
65
3. In Step 2. Connect to VPN Server, click Insert button to add a new entry.
If an IPSec-based service is selected as shown below,
You may further specify the method you use to get IP, the security method, and authentication method. If the Pre-Shared Key is selected, it should be consistent with the one set in VPN router.
If a PPP-based service is selected, you should further specify the remote VPN server IP address, Username, Password, and encryption method. The User Name and Password should be consistent with the one set up in the VPN router. To use default gateway on remote network means that all the packets of remote host will be directed to VPN server
Page 76
Vigor3200 Series User’s Guide
66
then forwarded to Internet. This will make the remote host seem to be working in the enterprise network.
4. Click Connect button to build connection. When the connection is successful, you will
find a green light on the right down corner.
Page 77
Vigor3200 Series User’s Guide
67
33..77 QQooSS SSeettttiinngg EExxaammppllee
Assume a teleworker sometimes works at home and takes care of children. When working time, he would use Vigor router at home to connect to the server in the headquarter office downtown via either HTTPS or VPN to check email and access internal database. Meanwhile, children may chat on Skype in other room.
1. Go to Bandwidth Management>>Quality of Service.
2. Click Setup link of WAN. Make sure the QoS Control on the left corner is checked. And
select BOTH in Direction.
3. Set Inbound/Outbound bandwidth.
Note: The rate of outbound/inbound must be smaller than the real bandwidth to ensure correct calculation of QoS. It is suggested to set the bandwidth value for inbound/outbound as 80% - 85% of physical network speed provided by ISP to maximize the QoS performance.
Page 78
Vigor3200 Series User’s Guide
68
4. Return to previous page. Enter the Name of Index Class 1 by clicking Edit link. Type the
name “E-mail” for Class 1.
5. For this index, the user will set reserved bandwidth (e.g., 25%) for E-mail using protocol
POP3 and SMTP.
6. Return to previous page. Enter the Name of Index Class 2 by clicking Edit link. In this
index, the user will set reserved bandwidth for HTTPS. And click OK.
Page 79
Vigor3200 Series User’s Guide
69
7. Click Setup link for one of the WAN interface.
8. Check Enable UDP Bandwidth Control on the bottom to prevent enormous UDP traffic
of influent other application. Click OK.
Page 80
Vigor3200 Series User’s Guide
70
9. If the worker has connected to the headquarter using host to host VPN tunnel. (Please
refer to Chapter 3 VPN for detail instruction), he may set up an index for it. Enter the Class Name of Index 3. In this index, he will set reserved bandwidth for 1 VPN tunnel.
10. Click Edit to open a new window.
11. Click Edit to open the following window. Check the ACT box, first.
12. Then click Edit of Local Address to set a worker’s subnet address. Click Edit of
Remote Address to set headquarter’s IP address. Leave other fields and click OK.
Page 81
Vigor3200 Series User’s Guide
71
33..88 UUppggrraaddee FFiirrmmwwaarree ffoorr YYoouurr RRoouutteerr
UUssiinngg FFiirrmmwwaarree UUppggrraaddee UUttiilliittyy
Before upgrading your router firmware, you need to install the Router Tools. The Firmware Upgrade Utility is included in the tools.
1. Go to www.DrayTek.com
.
2. Access into Support >> Downloads. Please find out Firmware menu and click it. Search
the model you have and click on it to download the newly update firmware for your router.
3. Access into Support >> Downloads. Please find out Utility menu and click it.
4. Click on the link of Router Tools to download the file. After downloading the files,
please decompressed the file onto your host.
Page 82
Vigor3200 Series User’s Guide
72
5. Double click on the icon of router tool. The setup wizard will appear.
6. Follow the onscreen instructions to install the tool. Finally, click Finish to end the
installation.
7. From the Start menu, open Programs and choose Router Tools XXX >> Firmware
Upgrade Utility.
8. Type in your router IP, usually 192.168.1.1.
9. Click the button to the right side of Firmware file typing box. Locate the files that you
download from the company web sites. You will find out two files with different extension names, xxxx.all (keep the old custom settings) and xxxx.rst (reset all the custom settings to default settings). Choose any one of them that you need.
Page 83
Vigor3200 Series User’s Guide
73
10. Click Send.
11. Now the firmware update is finished.
UUssiinngg WWeebb PPaaggee
The web page also can guide you to upgrade firmware. Note that this example is running over Windows OS (Operating System).
1. Download the newest firmware from DrayTek's web site or FTP site. The DrayTek web
site is www.DrayTek.com (or local DrayTek's web site) and FTP site is ftp.DrayTek.com
.
2. Click System Maintenance>> Firmware Upgrade.
3. Select a firmware file by clicking Browse. Click Upgrade to perform the firmware upgrade.
Page 84
Vigor3200 Series User’s Guide
74
33..99 RReeqquueesstt aa cceerrttiiffiiccaattee ffrroomm aa CCAA sseerrvveerr oonn WWiinnddo
owwss CCAA
SSeerrvveerr
1. Go to Certificate Management and choose Local Certificate.
Page 85
Vigor3200 Series User’s Guide
75
2. You can click GENERATE button to start to edit a certificate request. Enter the
information in the certificate request.
3. Copy and save the X509 Local Certificate Requet as a text file and save it for later use.
4. Connect to CA server via web browser. Follow the instruction to submit the request.
Below we take a Windows 2000 CA server for example. Select Request a Certificate.
Page 86
Vigor3200 Series User’s Guide
76
Select Advanced request.
Select Submit a certificate request a base64 encoded PKCS #10 file or a renewal
request using a base64 encoded PKCS #7 file
Import the X509 Local Certificate Requet text file. Select Router (Offline request) or IPSec (Offline request) below.
Then you have done the request and the server now issues you a certificate. Select Base 64 encoded certificate and Download CA certificate. Now you should get a certificate
(.cer file) and save it.
5. Back to Vigor router, go to Local Certificate. Click IMPORT button and browse the
file to import the certificate (.cer file) into Vigor router. When finished, click refresh and
Page 87
Vigor3200 Series User’s Guide
77
you will find the below window showing “------BEGINE CERTIFICATE------.....”
6. You may review the detail information of the certificate by clicking View button.
Page 88
Vigor3200 Series User’s Guide
78
33..1100 RReeqquueesstt aa CCAA CCeerrttiiffiiccaattee aanndd SSeett aass TTrruusstteedd oon
n WWiinnddoowwss
CCAA SSeerrvveerr
1. Use web browser connecting to the CA server that you would like to retrieve its CA
certificate. Click Retrive the CA certificate or certificate recoring list.
Page 89
Vigor3200 Series User’s Guide
79
2. In Choose file to download, click CA Certificate Current and Base 64 encoded, and
Download CA certificate to save the .cer. file.
3. Back to Vigor router, go to Trusted CA Certificate. Click IMPORT button and browse
the file to import the certificate (.cer file) into Vigor router. When finished, click refresh and you will find the below illustration.
4. You may review the detail information of the certificate by clicking View button.
Note: Before setting certificate configuration, please go to System Maintenance >> Time and Date to reset current time of the router first.
Page 90
Vigor3200 Series User’s Guide
80
33..1111 CCrreeaattiinngg aann AAccccoouunntt ffoorr MMyyVViiggoorr
The website of MyVigor (a server located on http://myvigor.draytek.com) provides several useful services (such as Anti-Spam, Web Content Filter, Anti-Intrusion, and etc.) to filter the web pages for protecting your system.
To access into MyVigor for getting more information, please create an account for MyVigor first.
33..1111..11 CCrreeaattiinngg aann AAccccoouunntt vviiaa VViiggoorr RRoouutteerr
1. Click System Maintenance>>Activation to open the following page.
2. Click the Activate link. A login page for MyVigor web site will pop up automatically.
3. Click the link of Create an account now.
Page 91
Vigor3200 Series User’s Guide
81
4. Check to confirm that you accept the Agreement and click Accept.
5. Type your personal information in this page and then click Continue.
6. Choose proper selection for your computer and click Continue.
Page 92
Vigor3200 Series User’s Guide
82
7. Now you have created an account successfully. Click START.
8. Check to see the confirmation email with the title of
New Account Confirmation
Letter from myvigor.draytek.com.
9. Click the Activate my Account link to enable the account that you created. The following
screen will be shown to verify the register process is finished. Please click Login.
Page 93
Vigor3200 Series User’s Guide
83
10. When you see the following page, please type in the account and password (that you just
created) in the fields of UserName and Password.
11. Now, click Login. Your account has been activated. You can access into MyVigor server
to activate the service (e.g., WCF) that you want.
33..1111..22 CCrreeaattiinngg aann AAccccoouunntt vviiaa MMyyVViiggoorr WWeebb SSiittee
1. Access into http://myvigor.draytek.com. Find the line of Not registered yet?. Then, click
the link Click here! to access into next page.
Page 94
Vigor3200 Series User’s Guide
84
2. Check to confirm that you accept the Agreement and click Accept.
3. Type your personal information in this page and then click Continue.
4. Choose proper selection for your computer and click Continue.
Page 95
Vigor3200 Series User’s Guide
85
5. Now you have created an account successfully. Click START.
6. Check to see the confirmation email with the title of
New Account Confirmation
Letter from myvigor.draytek.com
.
7. Click the Activate my Account link to enable the account that you created. The following
screen will be shown to verify the register process is finished. Please click Login.
Page 96
Vigor3200 Series User’s Guide
86
8. When you see the following page, please type in the account and password (that you just
created) in the fields of UserName and Password. Then type the code in the box of Auth Code according to the value displayed on the right side of it.
Now, click Login. Your account has been activated. You can access into MyVigor server to activate the service (e.g., WCF) that you want.
Page 97
Vigor3200 Series User’s Guide
87
33..1122 HHooww ccaann II ggeett tthhee ffiilleess ffrroomm UUSSBB ssttoorraaggee ddeevviic
cee
ccoonnnneeccttiinngg ttoo VViiggoorr rroouutteerr??
Files on USB storage device can be reviewed by opening USB Applicaiton>>File Explorer. If it is necessary for you to delete, copy files on the device or write, paste files to the devcie, it must be done through SAMBA server or FTP server.
Samba service is based on the original USB FTP service. You will need to setup USB FTP first. We would like to give brief instructions on USB FTP setup here.
1. Plug the USB device to the USB port on the router. Make sure Disk Connected appears
on the Connection Status as the figure shown below:
2. Then, please open USB Application >> USB General Settings to enable Samba service.
Page 98
Vigor3200 Series User’s Guide
88
3. Setup a user account for the FTP service by using USB Application >>USB User
Management. Click Enable to enable FTP/Samba User account. Here we add a new account "user1" and assign authorities “Read”, “Write” and “List” to it.
Click OK to save the configuration.
4. Make sure the FTP service is running properly. Please open a browser and type
ftp://192.168.1.1
. Use the account "user1" to login.
Page 99
Vigor3200 Series User’s Guide
89
5. When the following screen appears, it means the FTP service is running properly.
6. Return to USB Application >> USB Disk Status. The information for FTP server will
be shown as below.
7. Now, users in LAN of Vigor3200 can access into the USB storage device by typing
ftp://192.168.1.1 on any browser. They can add or remove files / directories, depending on the Access Rule for FTP account settings in USB Application >>USB User Management.
Page 100
Vigor3200 Series User’s Guide
90
33..1133 VVPPNN TTrruunnkk LLooaadd--BBaallaannccee bbeettwweeeenn VViiggoorr 33220000 aanndd
OOtthheerr
VViiggoorr RRoouutteerr
This section will discuss how to build VPN Trunk with load-balance between Vigor3200 and other router (e.g., Vigor3300).
SScceennaarriioo 11:: OOnnee--ppaaiirr VVPPNN TTrruunnkk
The purpose is to setup a VPN trunk between Vigor3200 (192.168.1.0/24) and Vigor3300 (192.168.33.0/24).
At present, Vigor3200 just supports one VPN trunk group with two members for the same VPN network pair. In this case, the VPN trunk is built for 192.168.1.0/24 <-> 192.168.33.0/24. In other word, although Vigor3200 supports 4 WAN connections, it just allows you to use 2 VPN connections over two WAN ports for one VPN trunk group between the networks
192.168.1.0/24 and 192.168.33.0/24.
Note:
z You can still setup two VPN trunk groups over 4 WAN connections between the
networks 192.168.1.0/24 and 192.168.33.0/24. But the VPN traffic can just pass through one VPN trunk group.
z You can create arbitrary number of VPN trunk groups between Vigor3200 and
Vigor3300 for different VPN network pairs. For example, suppose there is another network (192.168.10.0/24) behind Vigor3300. You may create a VPN trunk group over WAN1 and WAN2 connections for 192.168.1.0/24 <-> 192.168.33.0/24, and the other VPN trunk group over WAN3 and WAN4 for 192.168.1.0/24 <->
192.168.10.0/24. Please refer to the Scenario 2 described in this document later.
Vigor3200 as a VPN client (dial out site),
LAN: 192.168.1.0/24 WAN 1 IP: 202.211.110.30 (My GRE IP, 10.0.0.1, Peer GRE IP, 10.0.0.2) WAN 2 IP: 202.211.120.30 (My GRE IP, 10.0.0.3, Peer GRE IP, 10.0.0.4)
Vigor3300 as a VPN server (dial in site),
LAN: 192.168.33.0/24 WAN 1 IP: 202.211.110.100 (Local GRE IP, 10.0.0.2, Remote GRE IP, 10.0.0.1) WAN 2 IP: 202.211.120.100 (Local GRE IP, 10.0.0.4, Remote GRE IP, 10.0.0.3)
Loading...