Vigor 2925AC Dual-WAN Router Firewall

Vigor2925Vac

  • Dual Gigabit Ethernet WAN port for failover and load-balancing
  • Two USB ports for connection to Two 3.5G/4G LTE USB mobiles, FTP server and network printer
  • 5 x Gigabit LAN ports with multiple subnets
  • Object-based SPI Firewall and CSM (Content Security Management) for network security
  • VLAN for secure and efficient workgroup management
  • 50 VPN tunnels with comprehensive secure protocols
  • VPN load-balancing and backup for site-to-site applications
  • VoIP for cost-effective communication
  • Integrated with IEEE 802.11ac wireless access point
  • Embedded Central VPN Management for 8 remote Vigor routers
  • Embedded Central AP Management for multi-deployed Vigor wireless access points *
  • Working with Smart Monitor Network Traffic Analyzer (50 clients)
  • Working with VigorACS SI Central Management for multi-site deploymen

    * The AP Management can work with VigorAP 800, VigorAP 810, and VigorAP 900.

 4G-1     voip
   ipv6  DrayTek 802.11ac  ACSSI

Vigor2925 Series is the IPv6 ready Dual Gigabit Ethernet WANs and Dual USB WANs broadband security firewall router. The product range is from Vigor2925, Vigor2925n, Vigor2925n plus, Vigor2925Vn plus, Vigor2925ac, Vigor2925Vac.

It ensures the business continuity for today and the future IPv6 network. Its two gigabit Ethernet WAN ports can accept various high-speed Ethernet-based WAN links via FTTx/xDSL/Cable. The 2 USB ports are for 3.5G/4G LTE mobile broadband access. With the multi-WAN accesses, Vigor2925 series routers provides flexible and reliable broadband connectivity for the small business office. The VPN backup and VPN load balancing assures business continuity via multi-WAN connection to the Internet. The bandwidth management, Quality of Service, VLAN for flexible workgroup management, User Management for authentication, Route Policy, Central VPN Management, Central AP Management and Firewall serve your daily office network to bring in more business opportunities. The firmware version 3.8.0 will allow Multi WAN/ Multi LAN to support IPv6 in order to let network administrator easily set up more IP-based applications.

Dual Gigabit Ethernet WAN ports for failover and load-balancing

The Gigabit Ethernet WAN ports cater for any type of Internet access, including FTTx, xDSL and Cable fitting your local infrastructure. You can then use both WAN 1 and WAN 2 for failover, ensuring that you will always have an access to the Internet even if one of the WAN fails, or for load-balancing so the 2 WANs share Internet traffic requirements of your organization.

Two USB 2.0 ports for 3.5G/4G LTE USB mobiles, FTP drive and network printer

he two USB ports can be used for the connection of 3G/4G LTE USB mobiles mobile, FTP drive and network printers. A 3.5G/4G USB mobile connected to one of the 2 USB ports can be used as a second WAN. The two USB ports can work as Dual USB WAN ports when you connect two USB mobiles to the USB ports. The USB WAN interface can also be the primary access if the local fixed line service hasn’t been deployed yet. You can have two 3.5G/4G USB mobiles connected to the USB ports, and assign one of these (WAN 3) to be the primary access and the other (WAN 4) as the fail-over back-up. And, you have the flexibility to convert back to fixed line services when these become available.

The Vigor2925 series provide you with FTP access file uploading/downloading, which can be used from the local LAN or from anywhere on the Internet. The access can be using “username and password” or “public”. Each of them can have their own directories and/or file access rights. If your office network requires printer, you can connect one network printer to one of the two USB ports.

DrayTek IPv6 solutions 

We support Dual Stack (PPP, DHCPv6 Client, Static IPv6, 6rd) and Tunnel Mode (TSPC, AICCU, 6in4 static-tunnel) to let your business operation successfully be migrated to the era of IPv6.

Because the IPv4 addresses are limited and IPv6 allows for a larger address space and much more efficient routing. The Vigor2925 series support IPv6 and IPv4. The Vigor2925 series can support IPv6 broker/tunnel services to provide IPv6 access using either AICCU or TSPC via 3rd party IPv6 providers if your ISP does not support IPv6 yet.

  • Can be run on any one of the WAN ports (ADSL/VDSL2, Ethernet or 3G; but the USB WAN port can run AICCU/TSPC tunnel mode only)
  • Can connect to direct native IPv6 ISPs
  • Can build tunnel to 3rd party IPv6 brokers using either AICCU or TSPC methods
  • Default stateful firewall for all IPv6 LAN clients/ devices
  • DHCPv6 Client
  • Static IPv6 Client
  • DHCPv6 & RADVD (Router Advertisement Server) for client configuration
  • QoS for IPv6 with DiffServ
  • IP Filtering Rules
  • Router Management over IPv6 (Telnet/HTTP) with IPv6 access list
  • Concurrent operation with IPv4 (“Dual-Stack”)
  • Other router features are only available on IPv4

Secured Networking

DrayTek Vigor2925 series inherited versatile firewall mechanism from previous Vigor series routers. The firewall allows setting of Call/Data Filters and DoS/DDoS prevention, whereas the CSM covers IM/P2P/Protocol filter, URL Content Filter and Web Content Filter. The object-based design used in SPI (Stateful Packet Inspection) firewall allows users to set firewall policy with ease. The object-based firewall is flexible and allows your network be safe. With Objects settings, you can pre-define objects or groups for IP, service type, keyword, file extension, etc., and mix these with the Time Scheduler or the VLAN groups as required. Altogether this gives you peace of mind whether you are guarding a complicated network or a small office. The DoS/DDoS prevention and URL/Web content filter strengthen the security outside and control inside. The enterprise-level CSM (Content Security Management) enables users to control and manage IM (Instant Messenger) and P2P (Peer-to-Peer) applications more efficiently. The CSM hence prevents inappropriate content from distracting employees and impeding productivity. Furthermore, the CSM can keep office networks threat-free and available.
By adoption of the world-leading Cyren GlobalView Web Content Filtering, you can block whole categories of web sites (e.g. sports, online shopping), subject to an annual subscription to the Cyren GlobalView WCF, which is timely updated with changed or new site categorizations. A free 30-day trial can be activated via activation wizard of Vigor2925 series routers’ web user interface.
The “User Management” implemented on your router firmware can allow you to prevent any computer from accessing your Internet connection without a username or password. You can set scheduler or maximum usage time to your employees within office network. The user accounts can also be restricted by any other aspect of the firewall rule on a user-by-user basis.
The Vigor2925 series support DrayTek’s SmartMonitor network traffic analyzer (up to 50 nodes), which captures actual live data of activities in your managed network, such as the content of MSN entering to or out of your network. You can track specified files download/upload or view statistics on data type activities to realize what corporate related information have been released accidentally or on purpose.
Multi-subnets(Multiple Private LAN Subnets)
With the 5-port Gigabit switch on the LAN side, the Gigabit LAN switch provides extremely high speed connectivity for the highest speed local data transfer of any server or local PCs. The tagged VLANs (802.1q) can mark data with a VLAN identifier. This identifier can be carried through on onward Ethernet switch to specific ports. The specific VLAN clients can also pick up this identifier as it is just passed to the LAN. You can set the priorities for LAN-side QoS. You can assign each of VLANs to each of the different IP subnets that the router may also be operating, to provide even more isolation. The said functionality is tag-based multi-subnet. On the wireless-quipped models (Vigor2925n/Vigor2925n plus/Vigor2925Vn plus/Vigor2925ac/Vigor2925Vac) each of the wireless SSIDs can also be grouped within one of the VLANs.
With multi-subnet, the traffic can be sent through non-NAT mode with higher performance. If you deploy Vigor2925 series with MPLS network with your main office, the multi-subnet settings will let your data transactions be carried out without NAT.
VLAN-5G

Comprehensive VPN

For remote teleworkers and inter-office links, Vigor2925 series provide up to 50 simultaneous VPN tunnels (such as IPSec/PPTP/L2TP protocols) for secure data exchange and communication. With a dedicated VPN co-processor, the hardware encryption of AES/DES/3DES and hardware key hash of SHA-1/MD5 are seamlessly handled, thus maintaining maximum router performance. Teleworkers can be authenticated directly with your LDAP server if preferred. The Vigor2925 series are equipped with two Gigabit Ethernet ports and USB WAN ports for WAN load-balancing and backup. The VPN trunking (VPN load-balancing and VPN backup) are hence implemented on Vigor2925 series. With VPN trunking, you can create multiple WAN connections to a remote site in order to increase bandwidth. The VPN trunking also can allow you to have failover (backup) of VPN route through a secondary WAN connection.
With SSL VPN, Vigor2925 series let teleworkers have convenient and simple remote access to central site VPN. The teleworkers do not need to install any VPN software manually. From regular web browser, you can establish VPN connection back to your main office even in a guest network or web cafe. The SSL technology is same as the encryption that you use for secure web sites such as your online bank. The SSL VPNs can be operated in either full tunnel mode or Proxy mode.
For client-to-site, remote dial-in users can use up-to 25 SSL VPN tunnels to avoid the local network infrastructure limitation, there are 64 profiles on WUI, but it only allows 25 concurrent tunnels.

Centralized Management 

With F/W 3.7.4, the embedded Central VPN Management (CVM) will let network administrator register up to 16 remote routers but run concurrent remote management over 8 remote routers.

Concurrent dual-band 802.11ac WLAN (2.4/5GHz frequency)

Vigor2925n plus and Vigor2925Vn plus have a built-in IEEE 802.11n WLAN with concurrent dual-band (2.4G/5G). They can allow the essential applications to use the less interference band (e.g. 5G). The Wi-Fi access is also protected by security and encryption protocols, including WEP/WPA/WPA2, MAC Address Control, Multiple SSID, Wireless LAN Isolation, Wireless VLAN* and 802.1x Authentication.

The Vigor2925ac and Vigor2925Vac are equipped IEEE 802.11ac wireless access point which can run 300Mbps @ 2.4GHz and 1300 Mbps @5GHz 11ac).

The Wireless Rate Control function allows connection rates for each network device to be individually managed as required. The WMM (Wi-Fi Multi-Media)* function allows setting of priority levels for various applications: voice, video, data, etc., so time-critical applications can be assigned higher priority levels. Furthermore, WDS (Wireless Distribution System) function allows you to extend the wireless coverage distance easily.

Central AP Management 

APM provides the 3-step installation, plug-plug-press, and then wireless clients are able to enjoy surfing internet. Moreover, through the unified user interface of Draytek routers, the status of APs is clear at the first sight.

If your network requires several VigorAP900 or VigorAP 810 units, to centrally manage and monitor them individually as a group will be expected. DrayTek central wireless management (AP Management) lets control, efficiency, monitoring and security of your company-wide wireless access easier be managed. Inside the web user interface, we call “central wireless management” as Central AP Management which supports mobility, client monitoring/reporting and load-balancing to multiple APs. For central wireless management, you will need a Vigor2860 or Vigor2925 series router; there is no per-node licensing or subscription required. For multiple wireless clients, to apply the AP Load Balancing to the multiple APs will manage wireless traffic with smooth flow and enhanced efficiency.

 

Cost-effective VoIP feature

The VoIP QoS feature is available in the all Vigor2925Vn-plus Series. It ensures the VoIP packets with highest priority and desired bandwidth to make crystal-clear calls.

In line with the concept of Internet covering all aspect of communication requirements, Vigor2925Vn plus and Vigor2925Vac are designed with 2 FXS ports and a Line port, and supports many supplemental services. You can connect 2 analogue telephones to the 2 FXS ports, and the PSTN line to the Line port. The Vigor2925Vn plus and Vigor2925Vac support 12 SIP (Session Initiation Protocol) registrations through Internet or with the traditional PSTN line (for instance, in case of an electricity blackout and subsequent loss of power to the router itself).

Flexible Network Management

Like all DrayTek routers, Vigor2925 Series routers support comprehensive network management functions. For example, you can set username/password and directory/file access privilege for individual users as required. There are also routing/network tables, system log, debugging utilities, etc., making network administrators’ jobs easy.

Other management features include SNMP, TR-069 and TR-104. TR-069 can be utilized with DrayTek’s VigorACS SI management software to remotely monitor and manage the Vigor2925 series.

There are many nodes of license for deploying VigorACS SI Central Management. Through “Self-hosted” or “Cloud-based” subscription, the remotely-deployed DrayTek Vigor routers can be managed for firmware upgrade, VPN establishment, real-time monitoring and obtain proper customer care.

1. WAN Protocol

  • Giga Ethernet (WAN1 & WAN2)
    • DHCP Client
    • Static IP
    • PPPoE
    • PPTP/L2TP (WAN-2 only)
    • PPPoA (ADSL2 only)
    • 802.1q Multi-VLAN Tagging
  • USB (WAN3 & WAN4)
    • PPP/DHCP
  • IPv6
    • Tunnel Mode: TSPC, AICCU, 6rd, Static 6in4
    • Dual Stack: PPP, DHCPv6 Client, Static IPv6

2. USB

  • 3.5G/4G-LTE as Primary or Backup WAN
  • Printer Sharing
  • File SystemSupport FAT32 File System
    Support FTP Function for File Sharing
    Support Samba for File Sharing
  • LTE USB mobile Support List Please Contact support@draytek.com

3. VPN

  • Up to 50 VPN Tunnels
  • Protocol : PPTP, IPsec, L2TP, L2TP over IPsec
  • Encryption : MPPE and Hardware-based AES/DES/3DES
  • Authentication : MD5, SHA-1
  • IKE Authentication : Pre-shared Key and Digital Signature (X.509)
  • LAN-to-LAN, Teleworker-to-LAN
  • DHCP over IPsec
  • IPsec NAT-traversal (NAT-T)
  • Dead Peer Detection (DPD)
  • VPN Pass-through
  • VPN Wizard
  • mOTP
  • SSL VPN: 16 Tunnels
  • VPN Trunk (Load Balance/Backup)

4. Multi-WAN

  • Load-Balance/Route Policy
    (The Gigabit Ethernet interface and USB mobile can be used either for WAN-backup or load balancing.)
  • WAN Connection Failover

5. CSM (Content Security Management) 

  • IM/P2P Application
  • GlobalView Web Content Filter (Powered by CYREN-90)
  • URL Content Filter :
    • URL Keyword Blocking (Whitelist and Blacklist)
    • Java Applet, Cookies, Active X, Compressed,  Executable, Multimedia File Blocking
    • Excepting Subnets

6. Bandwidth Management

  • QoS
    • Guarantee Bandwidth for VoIP
    • Class-based Bandwidth Guarantee by User-defined Traffic Categories
    • DiffServ Code Point Classifying
    • 4-level Priority for Each Direction (Inbound/Outbound)
    • Bandwidth Borrowed
  • Bndwidth/Session Limitation
  • Layer-2 (802.1p) and Layer-3 (TOS/DSCP) QoS Mapping

7. Network Feature

  • Packet Forwarding Acceleration*
  • DHCP Client/Relay/Server
  • IGMP Snooping/Proxy V2 and V3
  • Triple-Play Application
  • Dynamic DNS
  • NTP Client
  • Call Scheduling
  • RADIUS Client
  • DNS Cache/Proxy and LAN DNS
  • UPnP 30 sessions
  • Multiple Subnets
  • Port-based/Tag-based VLAN (802.1q)
  • Routing Protocol:
    • Static Routing
    • RIP V2

8. Network Management

  • Web-based User Interface (HTTP/HTTPS)
  • Quick Start Wizard
  • CLI (Command Line Interface, Telnet/SSH)
  • Administration Access Control
  • Configuration Backup/Restore
  • Built-in Diagnostic Function
  • Firmware Upgrade via TFTP/FTP/HTTP/TR-069
  • Logging via Syslog
  • SNMP Management MIB-II
  • Management Session Time Out
  • 2-level Management (Admin/User Mode)
  • TR-069
  • TR-104
  • LAN Port Monitoring
  • Support Smart Monitor (50 clients)
  • Central AP Management (20 nodes)
  • Central VPN Management (Up to 8 Remote Routers)

9. Firewall

  • Multi-NAT, DMZ Host, Port-redirection and Open Port
  • Object-based Firewall, Object IPv6, Group IPv6
  • MAC Address Filter
  • SPI (Stateful Packet Inspection) (Flow Track)
  • DoS/DDoS Prevention
  • IP Address Anti-spoofing
  • E-mail Alert and Logging via Syslog
  • Bind IP to MAC Address
  • Time Schedule Control
  • User Management

10. Wireless AP

  • 802.11ac Wireless Access Point (300Mbps @ 2.4GHz and 1300 Mbps @5GHz 11ac)
  • Wireless Client List
  • Wireless LAN Isolation
  • 64/128-bit WEP
  • WPA/WPA2
  • Wireless Wizard
  • Hidden SSID
  • WPS
  • MAC Address Access Control
  • Access Point Discovery
  • WDS (Wireless Distribution System)
  • 802.1x Authentication
  • Multiple SSID
  • Wireless Rate-control
  • IEEE802.11e: WMM (Wi-Fi Multimedia)
  • SSID VLAN Grouping with LAN Port (Port-based VLAN)

11. VoIP

  • Protocol: SIP, RTP/RTCP
  • 12 SIP Registrars
  • G.168 Line Echo-cancellation
  • Jitter Buffer
  • Voice codec:
    • G.711
    • G.723.1
    • G.726
    • G.729 A/B
    • VAD/CNG
  • DTMF Tone :
    • Inband
    • Outband (RFC-2833)
    • SIP Info
  • FAX/Modem Support :
    • Tone Detection
    • G.711 Pass-through
    • T.38.
  • Supplemental Services :
    • Call Hold/Retrieve/Waiting
    • Call Waiting with Caller ID*
    • Call Transfer
    • Call Forwarding (Always, Busy and No Answer)
    • Call Barring (Incoming/Outgoing)
    • DND (Do Not Disturb)
    • MWI (Message Waiting Indicator) (RFC-3842)
    • Hotline
  • Secure Phone (ZRTP + SRTP)
  • PSTN Loop-through When Power Failure
  • Dial Plan :
    • Phone Book
    • Digit Map
    • Call Barring
    • Regional