Product and Solutions

Vigor 2960

  • Designed for very highspeed WANs.
  • 2 Gigabit WAN ports and 4 Gigabit LAN ports.
  • Upto 200 concurrent VPN tunnels with a dedicated VPN co-processor.
  • Supports VLAN Tagging / Unifi Compatible.
  • Advanced object-based, configurable firewall for complete protection and policy enforcement.
  • Extensive bandwidth management options with 8-level priority QoS.
  • Native IPv4 and IPv6 support.
  • IPv4/IPv6 Ready Operating System including new object-based Firewall
  • 2 USB ports, both can be used for 3G/4G dongle, effectively 4 WANs.
WAN Protocol
EthernetPPPoE, PPTP, DHCP client, static IP, L2TP*, IPv6 ready
Dual WAN
Outbound Policy Band Load Balance
  • Allow your local network to access Internet using multiple Internet connections with high-level of Internet connectivity availability
  • Two dedicated Ethernet WAN ports (Gigabit WAN)
  • WAN fail-over or load-balanced connectivity
VPN
ProtocolsPPTP, IPSec, L2TP, L2TP over IPSec
Up to 200 Sessions SimultaneouslyLAN to LAN, remote access (teleworker-to-LAN), dial-in or dial-out
VPN TrunkingVPN Ioad-balancing and VPN backup*
LDAP/Active DirectoryLightweight directory access protocol. The enterprises use LDAP/Active Directory authentication technology to allow administrator, IT personnel and users to be authenticated when trying to access company's intranet environment
NAT-Traversal (NAT-T)VPN over routes without VPN pass-through
PKI CertificateDigital signature (X.509)
IKE AuthenticationPre-shared key; IKE phase 1 aggressive/standard modes & phase 2 selectable lifetimes
AuthenticationHardware-based MD5, SHA-l
EncryptionMPPE and hardware-based AES/DES/3DES
RADIUS ClientAuthentication for PPTP remote dial-in
DHCP over IPSecBecause DrayTek add a virtual NIC on the PC, thus while conncting to the server via IPSec tunnel, PC will obtain an IP address from the remote side through DHCP protocol, which is quite similar with PPTP
GRE over IPSecGRE is used when IP packets need to be sent from one network to another without being parsed by any intervening routers
Dead Peer Detection (DPD)When there is traffic between the peers, it is not necessary for one peer to send a keep-alive to check for liveness of the peer because the IPSec traffic serves as implict proof of the availability of the peer
Smart VPN Software UtilityProvided free of charge for teleworker convenience (Windows 7/Vista/XP including 32/64 bit)
Easy of AdoptionNo additional client or remote site licensing required
Industrial-standard InteroperabilityCompatible with other leading 3rd party vendor VPN devices
Firewall
Stateful Packet Inspection (SPI)Outgoing/Incoming traffic inspection based on connection information
Content Security Management (CSM)Appliance-based gateway security and content filtering
Multi-NATYou have been allocated multiple public IP address by your ISP. You hence can have a one-to-one relationship between a public IP address and an internal/private IP address. This means that you have the protection of NAT (see earlier) but the PC can be addressed directly from the outside world by its aliased public IP address, but still by only opening specific ports to it (for example TCP port 80 for an http/web server)
Port RedirectionThe packet is forwarded to a specific local PC if the port number matches with the defined port number. You can also translate the external port to another port locally
Open PortsAs port redirection (above) but allows you to define a range of ports
DMZ Port*This opens up a single PC completely. All incoming packets will be forwarded onto the PC with the local IP address you set. The only exceptions are packets received in response to outgoing requests from other local PCs or incoming packets which match rules in the other two methods. The precedence is as follows: Port Redirection > Open Ports > DMZ
Policy-based IP Packet FilterThe header infomation of an IP packet (IP or MAC source/destination address; source/destination ports; DiffServ attribute; direction dependent, bandwidth dependent, remote-site dependent)
DoS/DDoS PreventionAct of preventing customers, users, clients or other computers from accessing data on a computer
IP Address Anti-spoofingSource IP address check on all interfaces: only IP addresses classified within the defined IP networks are allowed
Object based FirewallUtilizes object-oriented approach to firewall policy
NotificationE-mail alert and logging via syslog
Bind IP to MAC AddressFlexible DHCP with 'IP-MAC binding'
User/Rule baseUser base integrates LDAP/Active Directory authentication to enforce policies*
System Management
Web-based User Interface (HTTP/HTTPS)Integrated web server for the configuration of routers via Internet browsers with HTTP or HTTPS
DrayTek's Quick Start WizardLet administrator adjust time zone and promptly set up the Internet (PPPoE, PPTP, Static IP, DHCP)
User AdministrationRADIUS user administration for dial-in access (PPP/PPTP and ISDN CLIP)
CLI (Command Line Interface, Telnet/SSH)Remotely administer computers via the telnet
DHCP Client/Relay/ServerProvides an easy-to configure function for your local IP network
Dynamic DNSWhen you connect to your ISP, by broadband or ISDN you are normally allocated an dynamic IP address. i.e the public IP address your router is allocated changes each time you connect to the ISP. If you want to run a local server, remote users cannot predict your current IP address to find you
Administration Access ControlThe password can be applied to authentication of administrators
Configuration Backup/RestoreIf the hardware breaks down, you can recover the failed system within acceptable time. Through TFTP, the effective way is to bakup and restore configuration between remote hosts
Port-based VLANCreate separate groups of users via segmenting each of the Ethernet ports. Hence, they can or can't communicate with users in other segments, as required
Built-in Diagnostic FunctionDial-out trigger, routing table, ARP cache table, DHCP table, NAT sessions table, wireless VLAN online station table, data flow monitor, traffic graph, ping diagnosis, trace route
NTP Client/Call SchedulingThe Vigor has a real time clock which can update itself from your browser manually or more conveniently automatically from an Internet time server (NTP). This enables you to schedule the router to dial-out to the Internet at a preset time, or restrict Internet access to certain hours. A schedule can also be applied to LAN-to-LAN profies (VPN or direct dial) or some of the content filtering options
Firmware Upgrade via HTTP/TFTP/TR-069Using the TFTP server and the firmware upgrade utility software, you may easily upgrade to the latest firmware whenever enhanced features are added
User ManagementDial-in access management (PPTP/L2TP and mOTP) and LDAP/Active Directory integration
Tag-based VLAN (802.1q)
  • By means of using a VLAN ID, a tag-based VLAN can identify VLAN group membership (Support 20 VLAN groups)
  • Support GVRP protocol in conjunction with switch (e.g. VigorSwitch)
Remote MaintenanceWith Telnet/SSL, SSH (with password or public key), browser (HTTP/HTTPS), TFTP or SNMP, firmware upgrade via HTTP/HTTPS or TFTP
Wake On LANA PC on LAN can be woken up from an idle/stand by state by the router it connects when it receives a special 'wake up' packet on its Ethernet interface
Logging via SyslogSyslog is a method of logging router activity
SNMP ManagementSNMP management via SNMP v1/v2, MIB II
VigorACS SI Centralized ManagementTR-069 based
External DeviceAuto-detection mechanism to manage Vigor devices such as router/switch/AP
Smart Monitor Traffic AnalyzerSupport 100 PC Users
Bandwidth Management
Traffic ShapingDynamic bandwidth management with IP traffic shaping
Bandwidth ReservationReserve minimum and maximum bandwidths by connection based or total data through send/receive directions
Packet Size ControlSpecify size of data packet
DiffServ Codepoint ClassifyingPriority queuing of packets based on DiffServ
4 Priority Levels (Inbound/Outbound)Prioritization in terms of Internet usage
Individual IP Bandwidth/Session LimitationDefine session/bandwidth limitation basad on IP address
Bandwidth BorrowingTransmission rates control of data services through packet scheduler
User-defined Class-based RulesMore flexibility
Routing Functions
RouterIP and NetBIOD/IP-multi-protocol router
Advanced Routing and ForwardingComplete independent management and configuration of IP networks in the device. i.e. individual settings for DHCP, DNS, firewall, VLAN, routing, QoS etc
DNSDNS cache/proxy
DHCPDHCP client/relay/server
NTPNTP client, automatic adjustment for daylight-saving time
Policy-based RoutingBased on firewall rules, certain data types are marked for specific routing, e.g. to particular remote sites or lines
Dynamic RoutingIt is with routing protocol of RIP v2/OSPF v2/v3*. Learning and propagating routes; separate settings for WAN and LAN
Static RoutingAn instruction to re-route particular traffic through to another local gateway, instead of sending it onto the Internet with the rest of the traffic. A static route is just like a 'diversion sign' on a road
Content Filter
URL Keyword Blocking
  • Whitstist and Blacklist
  • Java applet, cookies, active X, compressed, executable, multtmedia file blocking
Web Content FilterDynamic URL filtering database
Time Schedule ControlSet rule according to your specific office hours
Internet CSM (Content Security Management) Featuring
  • URL keyword filtering - whitelist or blacklist specific sites or keywords in URLs
  • Block web sites by category (subject to subscription)
  • Prevent accessing of web sites by using their direct IP address (thus URLs only)
  • Blocking automatic download or Java applets and ActiveX controls
  • Blocking of web site cookies
  • Block http downloads of file types (binary, compressed, muttimedia)
  • Time schedules & exclusions for enabling/disabling these restrictions
  • Block P2P (Peer-to-Peer) file sharing programs (e.g. Kazaa, WinMX etc.)
  • Block Instant messaging programs (e.g. IRC, MSN/Yahoo Messenger)
Hardware
LAN4-port Gigabit switch, RJ-45
WAN2-port Gigabit ethernet, RJ-45
USB2 x USB host 2.0
Support
Warranty2-year limited warranty, technical support through e-mail and internet FAQ/application notes
Fireware UpgradableFree firmware upgrade from Internet
ModelPortsWireless
Vigor 29602 Gigabit WAN + 4 Gigabit LAN + 2 USBNone

Click link to download PDF file

  1. Vigor 2960 Datasheet