DrayTek Vigor-2930n Router Manual PDF (Setup & Configuration Guide)

Page 141 / 298 Scroll up to view Page 136 - 140

igor2930 Series User’s Guide

133

Enable this account

Check the box to enable this function.

Idle Timeout-

If the dial-in user is idle over the limitation of

the timer, the router will drop this connection. By default, the

Idle Timeout is set to 300 seconds.

ISDN

Allow the remote ISDN dial-in connection. You can further set

up Callback function below. You should set the User Name

and Password of remote dial-in user below. This feature is for

S

model only.

PPTP

Allow the remote dial-in user to make a PPTP VPN

connection through the Internet. You should set the User

Name and Password of remote dial-in user below.

IPSec Tunnel

Allow the remote dial-in user to make an IPSec VPN

connection through Internet.

L2TP

Allow the remote dial-in user to make a L2TP VPN

connection through the Internet. You can select to use L2TP

alone or with IPSec. Select from below:

None -

Do not apply the IPSec policy. Accordingly, the VPN

connection employed the L2TP without IPSec policy can be

viewed as one pure L2TP connection.

Nice to Have -

Apply the IPSec policy first, if it is applicable

during negotiation. Otherwise, the dial-in VPN connection

Page 142 / 298

Vigor2930 Series User’s Guide

134

becomes one pure L2TP connection.

Must -

Specify the IPSec policy to be definitely applied on the

L2TP connection.

SSL Tunnel

It allows the remote dial-in user to make an SSL VPN

Tunnel connection through Internet, suitable for the

application through network accessing (e.g.,

PPTP/L2TP/IPSec)

If you check this box, the function of SSL Tunnel for this

account will be activated immediately.

To check if SSL Tunnel is activated or not, please open

Draytek SSL VPN portal interface. From the web page, you

will see the message to indicate the SSL Tunnel is activated.

Specify Remote Node

Check the checkbox-

You can specify the IP address of the

remote dial-in user, ISDN number or peer ID (used in IKE

aggressive mode).

Uncheck the checkbox-

This means the connection type you

select above will apply the authentication methods and

security methods in the

general settings

.

Netbios Naming Packet

Pass

– click it to have an inquiry for data transmission

between the hosts located on both sides of VPN Tunnel while

connecting.

Block

– When there is conflict occurred between the hosts on

both sides of VPN Tunnel in connecting, such function can

block data transmission of Netbios Naming Packet inside the

tunnel.

Multicast via VPN

Some programs might send multicast packets via VPN

connection.

Pass

– Click this button to let multicast packets pass through

Page 143 / 298

igor2930 Series User’s Guide

135

the router.

Block

– This is default setting. Click this button to let

multicast packets be blocked by the router.

SSL VPN

Set SSL Web Proxy -

It allows the remote dial-in user to

access internal web over SSL VPN, suitable for the application

through web only (e.g., HTTP). Click

SSL VPN>> SSL Web

Proxy

to set profiles.

If you have set several profiles beforehand, you can check SSL

Web Proxy and choose the one(s) you need as SSL VPN.

To check if SSL Web Proxy is activated or not, please open

Draytek SSL VPN portal interface. From the web page, you

will see the message to indicate that you have the privilege for

the SSL Web Proxy.

If you haven’t set any SSL VPN web proxy profiles, you will a

link here. Click this link to access into the configuration page

of SSL VPN.

Note:

SSL VPN can be applied in browser (e.g., IE) which

supports ActivateX only.

User Name

This field is applicable when you select ISDN, PPTP or L2TP

with or without IPSec policy above.

Passwor

This field is applicable when you select ISDN, PPTP or L2TP

with or without IPSec policy above.

Enable Mobile One-Time

Passwords (mOTP)

Check this box to make the authentication with mOTP

function.

Page 144 / 298

Vigor2930 Series User’s Guide

136

PIN Code

– Type the code for authentication (e.g, 1234).

Secret

– Use the 32 digit-secret number generated by mOTP

in the mobile phone (e.g., e759bb6f0e94c7ab4fe6).

IKE Authentication

Method

This group of fields is applicable for IPSec Tunnels and L2TP

with IPSec Policy when you specify the IP address of the

remote node. The only exception is Digital Signature (X.509)

can be set when you select IPSec tunnel either with or without

specify the IP address of the remote node.

Pre-Shared Key -

Check the box of Pre-Shared Key to invoke

this function and type in the required characters (1-63) as the

pre-shared key.

Digital Signature (X.509) –

Check the box of Digital

Signature to invoke this function and Select one predefined

Profiles set in the

VPN and

Remote Access >>IPSec Peer

Identity.

IPSec Security Method

This group of fields is a must for IPSec Tunnels and L2TP

with IPSec Policy when you specify the remote node. Check

the Medium, DES, 3DES or AES box as the security method.

Medium - Authentication Header (AH)

means data will be

authenticated, but not be encrypted. By default, this option is

invoked. You can uncheck it to disable it.

High-Encapsulating Security Payload (ESP)

means payload

(data) will be encrypted and authenticated. You may select

encryption algorithm from Data Encryption Standard (DES),

Triple DES (3DES), and AES.

Local ID -

Specify a local ID to be used for Dial-in setting in

the LAN-to-LAN Profile setup. This item is optional and can

be used only in IKE aggressive mode.

Callback Function

The callback function provides a callback service only for the

ISDN dial-in user (for

i

model only). The remote user will be

charged the connection fee by the telecom.

Check to enable Callback function

-Enables the callback

function.

Specify the callback number

-The option is for extra security.

Once enabled, the router will ONLY call back to the specified

Callback Number.

Check to enable callback budget control

-By default, the

callback function has a time restriction. Once the callback

budget has been exhausted, the callback mechanism will be

disabled automatically.

Callback Budget (Unit: minutes)

- Specify the time budget

for the dial-in user. The budget will be decreased

automatically per callback connection.

Page 145 / 298

igor2930 Series User’s Guide

137

3.9.8 LAN to LAN

Here you can manage LAN-to-LAN connections by maintaining a table of connection

profiles. You may set parameters including specified connection direction (dial-in or

dial-out), connection peer ID, connection type (ISDN connection, VPN connection -

including PPTP, IPSec Tunnel, and L2TP by itself or over IPSec) and corresponding security

methods, etc.

The router provides up to

100

profiles, which also means supporting

100

VPN tunnels

simultaneously. The following figure shows the summary table.

Set to Factory Default

Click to clear all indexes.

Name

Indicate the name of the LAN-to-LAN profile. The

symbol

???

represents that the profile is empty.

Status

Indicate the status of individual profiles. The symbol V and X

represent the profile to be active and inactive, respectively.

Click each index to edit each profile and you will get the following page. Each LAN-to-LAN

profile includes 4 subgroups. If the fields gray out, it means you may leave it untouched. The

following explanations will guide you to fill all the necessary fields.

For the web page is too long, we divide the page into several sections for explanation.

Rate

Popular DrayTek Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share