DrayTek Vigor 2960 SSL VPN Router

DrayTek Vigor 2960 High-Performance SSL VPN Router/Firewall •High-Performance Router/Firewall •Load Balancing & WAN Failover •Native IPv4 & IPv6 dual-stack •Two Gigabit WAN ports •Four Gigabit LAN Ports •Twin Independent USB Ports •IPSec VPN - LAN-to-LAN or Teleworker (100 tunnels) •SSL VPN (ETA Q1/2014) •802.1q Tagged and port-based VLANs •QoS Assurance on different traffic types •VPN Trunking (Backup/aggregation) •Mobile One-Time Passwords for Teleworker VPNs •Multiple LAN-side private IP subnets •Internet Content Filtering •Optional VigorCare Available
Manufacturer: DrayTek
Delivery date: 1-2 days
£478.80 incl VAT
£412.80 incl VAT
excluding shipping

DrayTek Vigor 2960 SSL VPN Router 

The DrayTek 2960 is a little brother to the 3900. It has the same interface and the same code behind it, but is keyed down for a smaller site. The arrangement of interfaces reflects this, as there are 4 ethernet LAN ports and 2 ethernet WAN ports, with two USB ports for 4G WAN if required. The 2960 makes for a great office router for connecting to HQ or to the datacentre, or a great router for your redundant/backup datacentre, as it integrates with all of the 3900 VLAN/VPN systems, where the 2862 and 2926 series are not of the same family, and so there can be issues when VPNing from one VLAN to another etc.

The web security features are also extremely well featured and thought out, and the firewall is very, very adaptable if you plan your setup well. 

The remote access is as what we have come to expect from DrayTek, well thought out and fantastic value for money. The VPN support includes MoTP and two factor authentication as well as being compatible with Windows authentication via RADIUS. The SSL VPN support is also very useful for many situations if you do need good old-fashioned network access from home.

 

Specifications

  • Physical Interfaces:
    • LAN: 4-port Gigabit (10/100/1000 Base-T)
    • WAN: 2-port Gigabit (10/100/1000 Base-T) Ethernet
    • USB: 2 USB 2.0 Ports (for flash storage and 3G)
      Note : USB Function due in later firmware
    • WAN Protocols : PPPoE, PPTP, DHCP Client, Static IP
    • Load Balancing : Policy based or automatic
    • WAN Failover : Switch to other connection when primary WAN lost
  • VPN support:
    • Protocols : PPTP, IPSec, L2P, L2TP over IPSec
    • Up to 100 simultaneous tunnels (LAN-to-LAN or Teleworker-to-LAN)
    • PPTP Acceleration (90Mbps  with  encryption,  400Mbps without encryption)
    • Dial-in and Dial-out supported
    • VPN Trunking - allows alternative failover route or multiple
      tunnels to the same destination to increase capacity/throughput
    • LDAP/Active Directory : Teleworker VPNs can be auththenticated by a LDAP/AD server
    • NAT-Traversal (NAT-T): VPN over routes without VPN Passthrough
    • PKI Certificates: Use X.509 Digital Signatures
    • IKE Authentication: Pre-shared key (PSK), Phase 1 agressive/standard, Phase 2 selectable lifetimes
    • Encryption:
      • Hardware-based AES (128, 192, 256 bits)
      • Hardware-based DES/3DES (56 & 168 bits)
      • Hardware-based MD5 & SHA-1
      • MPPE (40 or 128 bits)
    • Radius Client: Authentication for PPTP remote dial-in teleworkers
    • DHCP over IPSec
    • GRE over IPSec
    • Dead-Peer-Detection (DPD))
    • Smart-VPN Softare utility: For teleworkers
    • No extra licencing or additional VPN client costs.
    • Ineroperability : Compatible with other 3rd party VPN devices
  • Firewall:
    • Stateful Packet Inspection (SPI)
    • Content Security Management (CSM)
    • Multi-NAT: Set one-to-one mappings between your private and public IP addresses
    • Port Redirection & Open Ports
    • Policy-based IP Packet Filter. Fully configurable policies based on IP address, MAC address (source or destination), DiffServ attribute, direction, bandwidth, remote site
    • DoS/DDoS Protection
    • IP Address Anti-spoofing
    • Object-Based Firewall
    • Notification: Email alerts and logs to syslog
    • Bind IP to MAC address
    • User-Controlled Rules: Interrogates LDAP server to permit access or enforce policies
  • System Management:
    • Web-Based User Interface: Integrated server for router management (via HTTP or HTTPS)
    • Telnet/SSH : Command line control and configuration
    • Configuration Backup/Restore
    • Built-in diagnostics, dial-out triger, routing table, ARP table, DHCP Table, NAT Sessions Table, data flow monitor, traffic graph, ping diagnostics, traceroute
    • Firmware Upgrade by HTTP, TFTP & FTP
    • Syslog Logging
    • SNMP Management: v1/v2/v3, MIB II
    • Vigor ACS-SI Centralised Management: TR-069 compatible for ACS platform
    • Compatible with DrayTek Traffic Analyser : Windows software for up to 100 users
  • Bandwidth Management:
    • Traffic Shaping: Dynamic bandwidth management with IP traffic shaping
    • Bandwidth Reservation: Connection or client based
    • Packet Size Control
    • DiffServ Codepoint Classifying
    • 4 Priority Levels (Inbound/Outbound)
    • Individual IP Bandwidth Session Limits per user/group
    • Bandwidth Borrowing
    • User-defined class-based rules
  • Web Content Filtering & CSM:
    • URL Keyword Blocking: Blacklist or Whitelist
    • Content Type Blocking: Java applet, cookies, Active-X
    • Block P2P Applications (inc. Kazza, WinMX, Bittorrent)
    • Block Instant messaging
    • Block access of web sites by direct IP address (thus URLs only)
    • Block HTTP download of compressed, executable or multimedia files
    • Web Content Filter: GlobalView filtering of 64 web site categories (e.g. adult, gambling sites etc.). subscription required (free trial included)
    • Time Scheduling: Blocking rules can be activated based on time schedules
  • Routing Functions:
    • IPv4 & IPv6 Dual-Stack
    • DNS Cache/Proxy
    • DHCP Client, Server & Relay
    • DHCP Options: 1,3,6,51,53,54,58,59,60,61,66,125
    • IGMP v1/v2 & Proxy/Snooping
    • uPnP: 500 Sessions
    • NAT: 80,000 Sessions
    • NTP Client with DST Adjustments
    • Static routing
    • Policy-based routing
    • BGP Routing protocol
    • Dynamic DNS : Updates DDNS servers with public IP address
    • Port-Based VLAN
    • Tag-Based VLAN: 802.1q
    • Client/Call Scheduling : Real-time clock, with NTP updating schedules access or connectivity
    • Wake-on-LAN : Passed from WAN to preset LAN device
  • Operating Requirements:
    • Rack Mountable (Mount brackets included)
    • Temperature Operating : 0°C ~ 45°C
    • Storage : -10°C ~ 70°C
    • Humidity 10% ~ 90% (non-condensing)
    • Power Consumption: 19W Max
    • Dimensions: L273 * W166 * H44 (mm) (1U Height))
    • Operating Power: 220-240VAC (internal PSU)
    • Warranty : 2 Years Manufacturer's RTB included
Products specifications
WAN Ports Ethernet
LAN Ports Gigabit
Body Colour
 
USB 2.0