224 | Draytek 5500 Series specification

8.If the worker has connected to the headquarter using host to host VPN tunnel. (Please refer to Chapter 3 VPN for detail instruction), he may set up an index for it. Enter the Class Name of Index 3. In this index, he will set reserve bandwidth for 1 VPN tunnel.

9.Click edit to open a new window.

10.First, check the ACT box. Then click Edit of Local Address to set a worker’s subnet address. Click Edit of Remote Address to set headquarter’s subnet address. Leave other fields and click OK.

224	VigorPro5500 Series User’s Guide

Image 232

Draytek 5500 Series manual 224

Contents

VigorPro 5500 Series Unified Security Firewall User’s Guide Safety Instructions and Approval Instructions European Community Declarations Regulatory Information Table of Contents 100 171 211 Trouble Shooting 235 Page Web Configuration Buttons Explanation LED Indicators and Connectors For VigorPro LED For VigorPro 5500G Wlan Isdn For VigorPro 5500Gi Interface Description Hardware Installation Internet VigorPro5500 Series User’s Guide Configuring Basic Settings Changing Password Now, the Main Screen will pop up Quick Start Wizard PPPoE VigorPro5500 Series User’s Guide Pptp Static IP Dhcp Online Status Displays the IP address of the default gateway Online status for Dhcp Saving Configuration This page is left blank WAN Basics of Internet Protocol IP NetworkWhat are Public IP Address and Private IP Address Get Your Public IP Address from ISP General Setup EnablePhysical Mode Display Name Load Balance Mode Active ModePhysical Type Negotiation for determined by the system Internet Access Access ModeIndex Details Details Page for PPPoE Details Page for Static or Dynamic IP Settings Dhcp ClientKeep WAN Connection DNS Server IP Address Pptp Setup PPP SetupDetails Page for Pptp Assignment Load-Balance Policy MAC address for the router Protocol WAN Interface Src IP Start Binding WANDest Port End LAN Basics of LAN What is Static Route What is Routing Information Protocol RIPWhat are Virtual LANs and Rate Control 1st IP Address 1st Subnet Mask For IP Routing Usage Subnet Dhcp Server ConfigurationRelay Agent 1st subnet/2nd subnet Specify which subnet that Static Route DNS Server Add Static Routes to Private and Public Networks VigorPro5500 Series User’s Guide Vlan Disable Bind IP to MACStrict Bind ARP Table NAT Port Redirection Public Port Service NamePrivate IP Private Port Active DMZ Host True… Choose PC Open Ports CommentWAN Interface Local IP Address Enable Open Ports Local ComputerStart Port End Port Set to Factory Default Clear all profiles Objects SettingsIP Object Allowed Interface Choose a proper interface WAN, LAN or AnyAddress Type Start IP Address Available IP Objects IP GroupSelected IP Objects Service Type Object Service Type Group Name Available Service Type Objects Selected Service Type CSM Profile Profile Name Basics for Firewall FirewallFirewall Facilities IP Filters Stateful Packet Inspection SPI Denial of Service DoS Defense Content Security Management CSMContent Filtering Web Filtering Anti-Virus and Anti-Intrusion Content Security Call FilterData Filter Filter Filter Setup Filter RuleMove Up/Down Next Filter Set Check to enable Filter Rule CommentsDirection Source/Destination IP Service Type Example VigorPro5500 Series User’s Guide DoS Defense Block IP options Block LandBlock Smurf Block trace router VigorPro5500 Series User’s Guide URL Content Filter ControlWhite List pass those Matching keyword Zip, rar, .arj, .ace, .cab, .sit Exe, .com, .scr, .pif, .bas, .bat, .inf, .regInside to outside world to protect the local users privacy Files downloading from web pages. Accordingly, files with Web Content Filter Service Basic SetupAnti-Intrusion Advanced Setup Here and enable the SysLog Access Setup from System Maintenance Syslog/Mail AlertType links Severity Action Profile Setting Anti-Virus Enable Log Enable Virus ScanSyslog/Mail Alert Virus List File Pattern List Detailed View for Anti-Virus Default Action Enable Syslog/Mail AlertDestroy the file if the file Name is over length For Default Action For default action Anti-Spam Service ActivationMessage Timeout or Network ProblemChoose Protocol to Scan Spam Cancel Bandwidth ManagementActivating Anti-Spam Clear Sessions Limit Default TX limit Default RX limitBandwidth Limit Set in that web TX limit Quality of ServiceRX limit General Setup for WAN Interface Enable UDP Bandwidth Reserved Bandwidth RatioReserved bandwidth to upstream speed and reserved Bandwidth to downstream speed ManagementQuality of Service Edit the Class Rule for QoS Remote Address Local AddressDiffServ CodePoint Edit the Service Type for Class Rule Port Configuration Enable the Function and Add a Dynamic DNS Account ApplicationsDynamic DNS Index WAN Interface Force Update Enable DynamicService Provider Login Name Disable the Function and Clear all Dynamic DNS Accounts Set to Factory DefaultSchedule Delete a Dynamic DNS Account Enable Schedule Setup Idle TimeoutStart Date yyyy-mm-dd Start Time hhmm Radius Server IP AddressDestination Port Shared Secret UPnP Cant work with Firewall Software Wake On LAN Wake byMAC Address Wake Up VPN and Remote Access Remote Access Control PPP General Setup IPSec General Setup IPSec Peer Identity IPSec Security Method 107 Remote Dial-in User User IPSec Tunnel Enable this accountSpecify Remote Node Medium -Authentication Header AH means data will be Check to enable Callback function -Enables the callbackCheck to enable callback budget control -By default, User Name LAN to LAN VPN Connection Through Enable this profileCall Direction Enable Ping to keep alive Enable Ping to Keep Alive is used to handle abnormalPPP Authentication Ping to the IP IKE Authentication VPN and Remote Access IPSec Peer IdentityMedium AH Authentication Header means data will be 3DES without Authentication -Use triple DES encryption For i models only Perfect Forward Secret PFS- The IKE Phase 1 key will beProvide Isdn Number to Remote- In the case that Allowed Dial-In Type Profiles set in the VPN and Remote Access IPSec Peer Check to enable Callback function-Enables the callbackSpecify Clid or Remote VPN Gateway Change default route to this VPN tunnel From first subnet to remote network, you have to do Dial Connection ManagementRefresh Seconds Local Certificate Certificate ManagementGenerate Import View Trusted CA Certificate Isdn Certificate BackupBasic Concept General Settings PPP/MP Setup Dial to Single/Dual ISPsRequire ISP Callback Cbcp If your ISP supports Call Control Common Settings Method IpcpCheck Yes and enter the IP address in the field of Fixed IP Function. Require ISP Callback Cbcp If your ISP Primary ISP Setup ISP Name Enter your ISP name Password Enter the password provided by your ISPSecondary ISP Setup ISP Name Enter the secondary ISP name Your ISP Virtual TA Virtual TA Server Install a Virtual TA ClientVirtual TA User Profiles MSN Configuration Configure a Virtual TA Client/ ServerUser Profile Call Control Setup Call Control Basic Setup Basic Concepts Wireless LANSecurity Overview Example Enable Wireless LAN Mixed 11b+11g+SuperG The radio can support Hide Ssid ChannelLong Preamble Security Access Control Enable Access Control Attribute MAC Address FilterClear All 14.5 WDS Choose the mode for WDS setting. Disable mode will not AP Discovery Into Access Control Station List Vlan Wired VlanStation Rate Control P1 P4 Wireless VlanVLAN0-3 Login ID Wvlan How can you wireless client access into Internet? Vlan Cross Setup WVLAN0-15 Upload Rate Wireless Rate ControlDownload Rate System Maintenance System Status Administrator Password Default GatewayOld Password New Password Configuration Backup Backup the Configuration Restore Configuration Syslog/Mail Alert Mail To AuthenticationReturn-Path Time and Date Management Reboot System Trap TimeoutManager Host IP Trap Community Firmware Upgrade Signature Upgrade License Oad message Upgrade Manually Authentication/downlSignature Automatically Diagnostics Dial-out TriggerDecoded Format Address, the protocol and length of the package Routing Table ARP Cache Table NAT Sessions Table Dhcp TableLeased Time Wireless Vlan Online Station Table Ping through Ping DiagnosisPing to Data Flow Monitor Order by Traffic Graph TX rate kbpsRX rate kbps Sessions Trace Route Trace through Registration for the Router Creating and Activating an Account from VigorPro Website 172 173 174 175 176 177 178 179 From System Maintenance Signature Upgrade Registering Your Vigor Router 181 182 From Anti-SpamProfile Setting 184 Activating Anti-Virus/Anti-Intrusion/Anti-Spam Service For Anti-Virus and Anti-Intrusion Service 186 187 Transfer RenameBack 189 For Anti-Spam Service Getting 30 Days of Free Charge 191 192 193 Upgrade License for Anti-Spam 195 196 197 Applying a New License for Anti-Intrusion/Anti-Virus 199 200 201 202 Add License 204 Backup and Upgrade Signature for Anti-Intrusion/Anti-Virus Switching between DT-DT and DT-KL Time for BackupTime for Download Time for Import 207 208 Enabling Anti-Virus/Anti-Intrusion/Anti-Spam 210 Application and Examples 212 213 214 215 216 217 Settings in VPN Router in the enterprise office 219 Settings in the remote host 221 QoS Setting Example Go to Bandwidth ManagementQuality of Service 223 224 LAN Created by Using NAT 226 Upgrade Firmware for Your Router 228 Request a certificate from a CA server on Windows CA Server Go to Certificate Management and choose Local Certificate 231 232 233 Time and Date to reset current time of the router first Trouble Shooting Checking If the Hardware Status Is OK or Not For Windows For MacOs Pinging the Router from Your Computer For MacOs Terminal Checking If the ISP Settings are OK or Not For PPPoE Users For Static/Dynamic IP Users Software Reset Backing to Factory Default Setting If NecessaryFor Pptp Users Hardware Reset Contacting Your Dealer