Draytek Vigor 2900

Draytek Vigor 2900 ... ADSL, Satellite system - anything which is then terminated in Ethernet.

A VPN (Virtual Private Network) is a method for using a public network (Internet) to carry private data between offices or from teleworkers to office. The Vigor2900 can act as a VPN concentrator (endpoint) for up to 16 remote sites - i.e. running 16 simultaneous tunnels to remote locations; either single teleworkers or remote networks/offices. The VPNs use industry standard protocols including IPSec, PPTP and with high level encryption including 3DES, AES and MPPE. Cross compatibility with common Microsoft Windows and MacOS VPN software clients is supported as well as compatibility with many other 3rd party VPN vendor's products.

The Vigor2900 includes full packet-level firewall facilities, not just the inherent 'NAT' security and port-blocking of other routers. The router also employs keep-state packet recording; put simply, this means that when a packet is sent out, a reciprocal record is kept to allow a packet coming back in the opposite direction, but a default 'deny' policy means that any packet arriving which appears unsolicited won't get through. The Vigor2900 series also features automatic selectable protection from DOS/DDos (Denial of Service/Distributed Denial of Service) attacks and IP anti-spoofing. User-definable filters also allow you to add additional protection to your connection. For added confidence, potential or foiled attacks are logged and can be reported via the router's syslog facility or emailed to you by the router.

The Vigor2900 also helps protect against internal Internet abuse with its content filter which can block specified sites, e.g. common email sites or keywords within URLs. Additionally, you can block Java/ActiveX applet download, as well as HTML download of specific file types (e.g. ZIP, EXE, multimedia etc.) You can also block specific PCs from accessing the Internet.

The Vigor 2900's VLAN facility enables you to segment each of the router's four RJ45 Ethernet ports, so that each is a separate virtual LAN. You can create VLAN groups which include or exclude any of the ports so that groups, departments and companies can communicate with each other, or not. For example, two companies could share the same broadband feed, without having access to each other's networks. For more details of VLAN, see here. The 'Bandwidth Throttling' feature lets you set a maximum throughput for each of the Vigor's four Ethernet ports, which can prevent a particular user (or segment) from taking all of your bandwidth.

The Vigor2900 comes with its Syslog tool; one or more PCs can run this syslog tool so that route status and activity is continuously logged. This includes information about individual PC/User activity as well as firewall rule matching and general router operation. Syslog programs are available from 3rd parties for other Operating Systems too. The Vigor2900 series also supports SNMP (with MIB-II), allowing an SNMP client to monitor the router's LAN activity, again locally or remotely.