Draytek Vigor 2910VGi VPN Dual WAN Wireless Broadband Router w/ VoIP & ISDN backup

|


The Vigor2910 is a high-performance firewall and VPN device, providing up to 32 simultaneous VPN tunnels for branch-office linking or teleworkers. In addition, sophisticated firewalling is provided making the Vigor2910 a comprehensive and feature-packed firewall device to increase both security, flexibility and performance of your network Internet connectivity. Security features are packed into every area of the Vigor2910's functions.

Dual Ethernet WAN Interfaces
The primary 'WAN' interface (the connection to the outside world) is 10/100BaseT Ethernet. This can connect to any Ethernet based router IP or Internet feed which might typically be fed via Leased Line, cable modem, ADSL, Satellite system - anything which is then terminated in Ethernet. In addition, one of the LAN Ethernet ports can be selected as a secondary WAN (Internet) Interface. The second interface can be used as backup failover for the primary WAN port, load balancing or for bandwidth aggregation. This allows you to use two Internet feeds simulataneously to provide higher total capacity (aggregation), or rule-based routing over two feeds (load balancing). If you do not have a second WAN feed, you can use the 2nd WAN port as a regular LAN port instead.


3G USB Modem Support - HSDPA
You can use the Vigor 2910 Series' USB port as a WAN interface to a USB 3G (cellular) modem, supporting the latest 'HSDPA' networks. HSDPA provides connection at up to 3.4Mb/s - much faster than previous cellular GSM/GPRS systems. This enables you to provide broadband access anywhere in the UK (subject to network coverage) without needing fixed lines. This can be in a temporary office, a coach, hotel or anywhere you like and your users can then browse web sites or check there email with ease. The USB modem and SIM is not supplied with the router; you obtain that separately from your cellphone company.

The following USB modems/phones are currently supported:
  • Huawei E220 (T-Mobile, Vodafone, 3 etc.)
  • Telstra HSDPA USB Modem
  • 4G System XSPlug P3
  • Zapp Telemodem Z020
  • Option GlobeSurfer iCON 7.2
  • Option Globesurfer iCON
  • 4G System XSPlug P3
  • ZTE AC8700 3G
  • Benq EF91
  • Nokia N70
  • Nokia 6233
  • Nokia N95
  • LG U8380
  • Telstra Next G 3G USB
  • ZTE AC8700
  • ZTE MF622
Want instant emergency broadband cover without a contract? Prepay 3G broadband from T-mobile. Your backup broadband when you need it!

LAN-to-LAN VPN Services
A VPN (Virtual Private Network) is a method for using a public network (Internet) to carry private data between offices or from teleworkers to office. The Vigor2910 can act as a VPN concentrator (endpoint) for up to 32 remote sites - i.e. running 16 simultaneous tunnels to remote locations; either single teleworkers or remote networks/offices. The VPNs use induststry standard protocols including IPSec, PPTP and with high level encryption including 3DES, AES and MPPE. No additional licences are needed for users. Cross compatibility with with common Microsoft Windows and MacOS VPN software clients is supported as well as compatibility with many other 3rd party VPN vendor's products, including Cisco™ Pix, Nokia™, Sonicwall™, Checkpoint™, Juniper™ and Watchguard™. For more details on VPN, see DrayTek VPN.

Vigor2910 Enhanced Firewall
The Vigor2910 includes full packet-level firewall facilities and also employs stateful packet inspection/recording for both NAT and non-NAT (IP routed) modes. A default 'deny' policy means that any packet arriving which appears unsolicited won't get through to your LAN. The Vigor2910 series also features automatic selectable protection from Dos/DDos (Denial of Service/Distributed Denial of Service) attacks and IP anti-spoofing. User-definable filters also allow you to add additional protection to your connection (see right); a new object-oriented system makes specifying flexible filter sets easier and more flexible. For added confidence, potential or foiled attacks are logged and can be reported via the router's syslog facility or emailed to you by the router.

Voice-Over-IP (VoIP) Features (2910V/VG ONLY)
The Vigor2910VG model adds twin phone ports for VoIP (Voice over IP). VoIP enables you to use your existing broadband capacity to carry regular voice calls to suitably equipped remote sites, for example another Vigor VoIP enabled router or to other compatible hardware/software products. The DrayTek supports the open 'SIP' standard for compatibility with other vendors' produdcts.


The calls between the two sites in the example above are, of course, free of charge because they are making use of your existing always-on ADSL connection, but cost isn't the only advantage; using VOIP means that you have additional call capacity in your home or office, without tying up your regular phone line. Using a VoIP-PSTN gateway service, such as DrayTEL you can also fully integrate with the PSTN, making and receiving calls to and from any regular phone number, worldwide.

Selectable QoS Assurance
The Vigor2910 supports selectable QoS (Quality of Service). This enables you to select specific protocols/services to have guaranteed levels of your Internet bandwidth. For example, if you need POP3 email to have priority, you could specify that 50% of your available bandwidth is guaranteed for POP3 email. When the bandwidth is not being used by POP3, it is still available for all other traffic,. The Vigor2910's QoS facility provides flexibility - you can set several groups of services to have different priorities, data directions and bandwidth reservations.

Content Filtering
The Vigor2910 also helps protect against internal Internet abuse with its content filter which can block specified sites according to matched keywords which you specify - i.e. keywords within URLs. You can alternatively set the router to only allow access to specific pre-set site - all other sites are blocked. Additionally, you can block Java/ActiveX applet downloads, cookies as well as HTML download of specific file types (e.g. ZIP, EXE, multimedia etc.). This all provides a deterrent to internal abuse of your Internet resources and re-inforce your local Internet user policies for staff or family members.

For specific categories filtering, the Vigor2910 also provides integration with the Surfcontrol™ service, allowing you to block werb surfing by categories (e.g. adult material, gambing etc.) based on Surfonctrol's online database of millions of sites. Surfcontrol is provided as a free trial to test, and a subscription service thereafter, provided by Surfcontrol directly (current cost est. from £25 per year).

To protect your Internet connection from abuse or your users from unsuitable content, you can block popular Peer-to-Peer applications, as well as Instant Messaging software. You can set a time schedule so that the activities are allowed at only certain times of day.

Virtual LAN (VLAN)
The Vigor 2910's VLAN facility enables you to segment each of the router's four RJ45 Ethernet ports, so that each is a separate virtual LAN. You can create VLAN groups which include or exclude any of the ports so that groups, departments and companies can communicate with each other, or not. For example, two companies could share the same broadband feed, without having access to each other's networks. For more details of VLAN, see here. For the wireless models, wireless VLANs can also be specified, with groups common/exclusive to wired and wireless clients.

Printer Port
The USB port on the back of the router allows you to connect most standard USB based printers and then print to them from any Windows98SE/XP/2000 PC, using built-in O/S support from any application, thus not needing to have a particular PC provide the printer sharing to its peers.

Wireless Interface
The Wireless interface on the Vigor2910G/VG enables wireless connection of PCs and supports Atheros™ Super-G, for total wireless bandwidth of up to 108Mb/s. Support for regular 802.11g and 802.11b is also provided. Twin extra-gain aerials provide an additional gain, ensuring maximum coverage range and signal diversity (higher-gain aerials are available as an optional extra). The wireless clients can be segmented into wireless 'VLANs' to create common or distinct groups and multiple levels of security lock down access even further (see later).

WDS - Wireless Distribution System
WDS provides two modes of operation to expand the Wireless range of your LAN. Where you install two or more compatible wireless routers, the WDS-enabled router becomes a satellite (slave) to the main base. In 'Repeater' Mode, the slave unit is within range of the main base unit and then repeats the main wireless signal into its own coverage area - this can effectively double the total range of the network (depending on the environment). In WDS Bridge mode, two physically separated LAN can be joined wirelessly, in order than they can communicate with each other. This is ideal where two offices need to be linked but a cable cannot be run (e.g. across a road).

Wireless VLAN & Rate Control
As with the VLAN facility on the wired (RJ45) ethernet ports, the Wireless VLAN facility enables you to create groups of LAN clients which are common (can communicate with each other) or distinct (cannot communicate with each other) whilst still allowing Internet access to all clients. Wireless VLAN Groups can be combined with VLAN groups on the wired ports too. Wireless Rate Control allows you to limit the wireless rate that a particular wireless client can use.

Extensive Wireless Security
The Vigor2910G/VG models support industry standard WEP encryption, WPA and WPA2 encyption methods. For enterprise level control, 802.1x authentication is also supported, operating with your own Radius server. In addition, you can add "VPN over WLAN" to increase the level of wireless encryption, using DES/3DES encryption. Finally, you can lock the router down further so if the unique hardware ('MAC') address of the wireless client is not in the 'allow' list, the client is also denied access as well as pre-set DHCP allocations and block any other devices which attempt to connect.

Optional ISDN Interface (2900VGi)
The Vigor2900VGi model offers all of the same facilities as the standard Vigor2900VG model but has an ISDN interface in addition. This can connect to any ISDN2e or BT Highway/Midband line. The ISDN interface provides dial-backup in the event of your main Internet feed being interrupted. Alternatively, the ISDN interface can be used on its own if you do not have a boradband feed to connect to the Vigor2900, both for shared internet access and direct-dial ISDN LAN-to-LAN Wide Area Networking.

USEFUL LINKS
  • Draytek Vigor 2910 Series Features

SPECIFICATIONS

Product Highlights
  • Excellent Routing Functionality
  • True Firewall with Stateful Packet Inspection (SPI) & Intrusion Control, Denial of Service (DoS)
  • VPN Endpoint supporting 32 VPN Tunnels
  • Built-in USB Print Server
  • Easy Configuration & Monitoring with Comprehensive Diagnostic Tools
  • DUAL WAN 10/100 Ethernet ports
Routing Features
  • Internet Protocols : PPPoE
  • Static routing and Dynamic Routing with RIP v1 and v2
  • DHCP Server, DHCP Client, DHCP Relay
  • Configurable MTU Size
  • Dynamic DNS
Firewall and Security Features
  • KeepState Firewall
    • Filter on destination port values
    • Defends router against Denial-of-Service (DoS) attacks
    • Intrusion detection
  • Disable Firewall Option
  • Content Filtering
    • Keyword and URL blocking
    • Trusted IP access
    • Time scheduling
    • Email and logging notification
Wireless Features (Vigor2910VG only) :
  • 802.11g Super-G Wireless LAN (Total bandwidth up to 108Mb/s) - New!
  • Twin gain aerials provide diversity and optimum coverage
  • Optional Higher-Gain Aerials
  • Backward compatible with 802.11b (11Mb/s) and regular 802.11g (54Mb/s) standards
  • Wireless Security Features :
  • WEP, WPA and WPA2 Wireless Security & Encryption - New!
  • VPN over WLAN (Encrypted Tunnelling)
  • WLAN Isolation - Isolate WLAN from wired LAN - New!
  • SSID Stealthing
  • Restricted access list for clients (by MAC address)
  • Time Scheduling (WLAN can be disabled at certain times of day)
  • 802.1x User Authentication (via Radius Server, EAP-TLS Mode) - New!
  • WDS (Wireless Distribution system) for WLAN Bridging and Repeating- New!
  • Wireless Client Rate control - New!
  • Wireless VLAN - Set inclusive/Exclusive wireless groups - New!
  • Active Client list in Web Interface
VPN (Virtual Private Network) Features
  • Support up to 32 simultaneous tunnels
  • High-performance IPSec 3DES encryption
    •  MPPE, DES (56-bit) and 3DES (168-bit) encryption
    •  Authenication MD5 & SHA-1
    •  Diffie-Hellman Group 768-bit & 1024-bit
    •  Key Management: Auto Internet Key Exchange (IKE) w/ Perfect Forward Secrecy (PFS)
    •  Operation Mode: Main & Aggressive
  • Single-session Virtual Private Network (VPN) Pass-through (IPSec, L2TP), PPTP
  • Radius Support for dial-in teleworker profiles
NAT (Network Address Translation) Features
  • Many-to-One (NAT)
  • Many-to-Many (Multi-NAT)
  • Full Routing (Non-NAT)
Applications & Gaming Features
  • Port Forwarding
  • UPnP Support
  • Single DMZ Support
Management Features
  • QoS (Quality of Service) assurance with 8 selectable levels & Diffserv support
  • Web Based Interface
  • - 5-click Installation Wizard
  • System performance and status monitoring
  • Remote Management via Web services
  • Block http downloads of file types :
  • Binary Executable : .EXE / .COM / .BAT / .SCR / .PIF
  • Compressed : .ZIP / .SIT / .ARC / .CAB/. ARJ / .RAR
  • Multimedia : .MOV / .MP3 / .MPEG / .MPG / .WMV / .WAV / .RAM / .RA / .RM / .AVI / .AU
  • Time Schedules for enabling/disabling these restrictions
  • Syslog Support
VoIP Facilities (Vigor2910V / Vigor2910VG only) :
  • Voice calls carried over existing ADSL connection
  • Two VOIP ports (RJ11 to BT type sockets)
  • Automatic QoS Assurance for Voice-over-IP Calls - VoIP given highest priority
  • SIP Standard Compliant
  • VoIP Codecs : 8Kb/s-64Kb/s
  • Registration with multiple different SIP Registrars at the same time - New!
  • Distinctive Ring for incoming calls on different accounts - New!
  • Automatically select different SIP providers depending on destination called - New!
  • Manually select SIP provider for outgoing calls by user-defined prefix - New!
  • Hotline Facility - connects to a fixed destination when you lift the handset - New!
  • Do Not Disturb - Phones can be set to not ring according to a time schedule (e.g. at night) - New!
  • Speed Dial (Phone Book) for quick dialling
  • Caller ID on phone ports (UK Standard Compliant) - New!
  • Integration with the PSTN via ITSP (e.g. DrayTel) enabling you to make/recieve calls from regular phone lines
  • Connect any standard analogue phone into the phone ports
  • UK Standard Call progress Tones (Ring, Busy cadence etc.)
  • Adjustable Gain (volume) for voice tx/rx
  • Log of incoming/outgoing calls & realtime Status reporting
  • DTMF Transmission : In-Band, Out-of-Band (RFC2833), SIP Info
  • Low latency queuing (LLQ), Random Early Detection
  • G.168 Line Electrical Echo cancellation & Jitter Buffer (125 ms)
  • Support for VoIP through VPN tunnels
  • Built-in Call Handling (PBX) Facilities:
  • Intercom (call) between local voice/phone ports - New!
  • SIP Compliant Call Diversion (Forwarding) - Always, Busy or No-Answer
  • DND (Do Not Disturb) with automatic time schedule - New!
  • Call Waiting - New!
  • Call Transfer - New!
  • T.38 Fax Facilities - New!
  • Outbound NAT Proxy / STUN Server Support
ISDN Features (Vigor2910VGi only):
  • Compatible with ISDN2e, BT's Home/Business Highway & BT Midband™ lines
  • Uses ISDN for shared Internet access (dial-on-demand)
  • Support for 64Kb/s and 128Kb/s (Multilink-PPP)
  • Automatic ISDN backup for Internet access during WAN port (broadband) failure
  • Bandwidth-on-demand (automatically switches between 64Kb/s and 128Kb/s)
  • Direct ISDN Dial-up LAN-to-LAN connectivity (to another ISDN site)
  • Remote 'teleworker' direct dial-in access to your LAN (from a remote ISDN line)
  • Remote activation of ISP dial-up (dials ISP on receipt of recognised Caller ID)
Printer Server
  • USB Printer Server
    •  USB Port Version 1.1
    •  Compatible with most printers with a USB Port
LAN Ports
  • 4 RJ45 10/100 Ethernet Switch
    •  Auto Uplink
    •  Auto Sensing / Manual Speed Selection
    •  VLAN 802.11q Support
WAN Ports
  • 1 RJ45 10/100 Ethernet Port
    •  Auto Uplink
    •  Auto Sensing
Manufactures Warranty
  • 2 years RTB
System Requirements
  • Broadband (cable, DSL) Internet service and modem with Ethernet connection
  • & Ethernet adapter and cable for each computer
  • Windows® 98, Me, NT, 2000, XP, Mac® OS, NetWare®, UNIX®, or Linux®
  • Internet Explorer 5.0 or Netscape® 4.7 or higher
Package Contents
  • DrayTek Vigor 2910 VPN Broadband Router
  • UK Power adapter
  • RJ45 3m Ethernet cable
  • Installation guide

1 comments:

Anonymous said...

Your post is really superb!!!. Thanks shared the best information about Wireless WAN & Wireless Broadband Internet.Great work!
Thanks,
Wan connection

Post a Comment