DrayTek Vigor 2960 SSL VPN Router

DrayTek Vigor 2960 High-Performance SSL VPN Router/Firewall •High-Performance Router/Firewall •Load Balancing & WAN Failover •Native IPv4 & IPv6 dual-stack •Two Gigabit WAN ports •Four Gigabit LAN Ports •Twin Independent USB Ports •IPSec VPN - LAN-to-LAN or Teleworker (100 tunnels) •SSL VPN (ETA Q1/2014) •802.1q Tagged and port-based VLANs •QoS Assurance on different traffic types •VPN Trunking (Backup/aggregation) •Mobile One-Time Passwords for Teleworker VPNs •Multiple LAN-side private IP subnets •Internet Content Filtering •Optional VigorCare Available
Manufacturer: DrayTek
£399.00 excl tax
£344.00 excl tax

DrayTek Vigor 2960 SSL VPN Router 

The Vigor 2960 is a high-performance dual-Gigabit WAN firewall. The two dedicated Gigabit WAN ports can provide load balancing or WAN failover. Based on a new DrayTek OS platform, the Vigor 2960 provides high performance with DrayTek's traditional ease of use and comprehensive features set. Extensive QoS, VLAN Web Content filtering features help keep your network efficiency and online productivity high.

 

VPN

As a VPN endpoint/concentrator, the Vigor 2960 will support up to 100 simultaneous teleworker or LAN-to-LAN VPNs with a VPN throughput of up to 500Mb/s dependant on protocol, thanks to its hardware-based VPN co-processor. VPN security includes certificate, MOTP or token/PSK based access and key-hash authentication to ensure maximum security.

SSL VPN

For ease of remote access, the Vigor 2960 can provide up to 20 simultaneous SSL VPN web-proxy tunnels, making remote access to your network possible from virtually anywhere without the inconvenience or compatibility issues of installing a VPN client. As SSL is a standard Internet protocol (used for web sites) )SSL VPNs are also resilient to difficulties in creating tunnels through guest networks (web cafes, hotels etc.) where traditional IPSec/PPTP tunnels can often have difficulties. SSL encryption is strong too, using 128bit DES/3DES or AES. Using MoTP, your teleworker passwords are strong and realtime; a password is generated in real-time by your mobile phone (iphone, Android etc.) which can be used once only, and only at the time its generated. All teleworker methods can also optionally use LDAP or X.509 certificates for authentication. In addition to Web-proxy mode, full SSL VPN tunnelling will be provided as a later firmware updated

High Availability

For even greater resilience, the Vigor2960 provides High Availability (HA). The CARP protocol (equivalent to VRRP or HSRP) lets you set up a master and secondary Vigor2960 whereby in the event of the master unit failing, the secondary unit can seamlessly and automatically switch over. This can remove the possibility of a single point of failure within your routers. Additionally, multiple active Vigor2960's can provide reciprocal routing backup to other active Vigor2960s.

 Specifications

  • Physical Interfaces:
    • LAN: 4-port Gigabit (10/100/1000 Base-T)
    • WAN: 2-port Gigabit (10/100/1000 Base-T) Ethernet
    • USB: 2 USB 2.0 Ports (for flash storage and 3G)
      Note : USB Function due in later firmware
    • WAN Protocols : PPPoE, PPTP, DHCP Client, Static IP
    • Load Balancing : Policy based or automatic
    • WAN Failover : Switch to other connection when primary WAN lost
  • VPN support:
    • Protocols : PPTP, IPSec, L2P, L2TP over IPSec
    • Up to 100 simultaneous tunnels (LAN-to-LAN or Teleworker-to-LAN)
    • PPTP Acceleration (90Mbps  with  encryption,  400Mbps without encryption)
    • Dial-in and Dial-out supported
    • VPN Trunking - allows alternative failover route or multiple
      tunnels to the same destination to increase capacity/throughput
    • LDAP/Active Directory : Teleworker VPNs can be auththenticated by a LDAP/AD server
    • NAT-Traversal (NAT-T): VPN over routes without VPN Passthrough
    • PKI Certificates: Use X.509 Digital Signatures
    • IKE Authentication: Pre-shared key (PSK), Phase 1 agressive/standard, Phase 2 selectable lifetimes
    • Encryption:
      • Hardware-based AES (128, 192, 256 bits)
      • Hardware-based DES/3DES (56 & 168 bits)
      • Hardware-based MD5 & SHA-1
      • MPPE (40 or 128 bits)
    • Radius Client: Authentication for PPTP remote dial-in teleworkers
    • DHCP over IPSec
    • GRE over IPSec
    • Dead-Peer-Detection (DPD))
    • Smart-VPN Softare utility: For teleworkers
    • No extra licencing or additional VPN client costs.
    • Ineroperability : Compatible with other 3rd party VPN devices
  • Firewall:
    • Stateful Packet Inspection (SPI)
    • Content Security Management (CSM)
    • Multi-NAT: Set one-to-one mappings between your private and public IP addresses
    • Port Redirection & Open Ports
    • Policy-based IP Packet Filter. Fully configurable policies based on IP address, MAC address (source or destination), DiffServ attribute, direction, bandwidth, remote site
    • DoS/DDoS Protection
    • IP Address Anti-spoofing
    • Object-Based Firewall
    • Notification: Email alerts and logs to syslog
    • Bind IP to MAC address
    • User-Controlled Rules: Interrogates LDAP server to permit access or enforce policies
  • System Management:
    • Web-Based User Interface: Integrated server for router management (via HTTP or HTTPS)
    • Telnet/SSH : Command line control and configuration
    • Configuration Backup/Restore
    • Built-in diagnostics, dial-out triger, routing table, ARP table, DHCP Table, NAT Sessions Table, data flow monitor, traffic graph, ping diagnostics, traceroute
    • Firmware Upgrade by HTTP, TFTP & FTP
    • Syslog Logging
    • SNMP Management: v1/v2/v3, MIB II
    • Vigor ACS-SI Centralised Management: TR-069 compatible for ACS platform
    • Compatible with DrayTek Traffic Analyser : Windows software for up to 100 users
  • Bandwidth Management:
    • Traffic Shaping: Dynamic bandwidth management with IP traffic shaping
    • Bandwidth Reservation: Connection or client based
    • Packet Size Control
    • DiffServ Codepoint Classifying
    • 4 Priority Levels (Inbound/Outbound)
    • Individual IP Bandwidth Session Limits per user/group
    • Bandwidth Borrowing
    • User-defined class-based rules
  • Web Content Filtering & CSM:
    • URL Keyword Blocking: Blacklist or Whitelist
    • Content Type Blocking: Java applet, cookies, Active-X
    • Block P2P Applications (inc. Kazza, WinMX, Bittorrent)
    • Block Instant messaging
    • Block access of web sites by direct IP address (thus URLs only)
    • Block HTTP download of compressed, executable or multimedia files
    • Web Content Filter: GlobalView filtering of 64 web site categories (e.g. adult, gambling sites etc.). subscription required (free trial included)
    • Time Scheduling: Blocking rules can be activated based on time schedules
  • Routing Functions:
    • IPv4 & IPv6 Dual-Stack
    • DNS Cache/Proxy
    • DHCP Client, Server & Relay
    • DHCP Options: 1,3,6,51,53,54,58,59,60,61,66,125
    • IGMP v1/v2 & Proxy/Snooping
    • uPnP: 500 Sessions
    • NAT: 80,000 Sessions
    • NTP Client with DST Adjustments
    • Static routing
    • Policy-based routing
    • BGP Routing protocol
    • Dynamic DNS : Updates DDNS servers with public IP address
    • Port-Based VLAN
    • Tag-Based VLAN: 802.1q
    • Client/Call Scheduling : Real-time clock, with NTP updating schedules access or connectivity
    • Wake-on-LAN : Passed from WAN to preset LAN device
  • Operating Requirements:
    • Rack Mountable (Mount brackets included)
    • Temperature Operating : 0°C ~ 45°C
    • Storage : -10°C ~ 70°C
    • Humidity 10% ~ 90% (non-condensing)
    • Power Consumption: 19W Max
    • Dimensions: L273 * W166 * H44 (mm) (1U Height))
    • Operating Power: 220-240VAC (internal PSU)
    • Warranty : 2 Years Manufacturer's RTB included