Draytek Vigor 2925n

Vigor2925 Series is the IPv6 ready dual WAN broadband security firewall router. It ensures the business continuity for today and the future IPv6 network. Its two gigabit Ethernet WAN port can accept various high-speed Ethernet-based WAN links via FTTx/xDSL/Cable. The 2 USB ports are for 3G/4G LTE mobile broadband access. With the multi-WAN accesses, Vigor2925 routers support bandwidth management functions such as failover and load-balancing, making them ideal solutions for reliable and flexible broadband connectivity for the small business office.
The specifications cover many functions that are required by modern day businesses, including secure but easy to apply firewall, comprehensive VPN capability, Gigabit LAN ports, USB ports for 3G/4G mobile dongles, FTP servers and network printers, VLAN for flexible workgroup management, and much more.
 2925-4
Dual Gigabit Ethernet WAN port for failover and load-balancing
The Gigabit Ethernet WAN ports cater for any type of Internet access, including FTTx, xDSL and Cable fitting your local infrastructure. You can then use both WAN 1 and WAN 2 for failover, ensuring that you will always have an access to the Internet even if one of the WAN fails, or for load-balancing so the 2 WANs share Internet traffic requirements of your organization.

2 USB 2.0 ports for 3G/4G LTE mobile, FTP drive and network printers
The two USB ports can be used for the connection of 3G/4G mobile broadband dongle, FTP drive and network printers. A 3G/4G mobile broadband connected to one of the 2 USB ports can be used as a second WAN for bandwidth management. The USB WAN interface can also be the primary access if the local fixed line service hasn’t been deployed yet. You can have 2 USB 3G/4G dongles connected to the USB ports, and assign one of these (WAN 3) to be the primary access and the other (WAN 4) as the fail-over back-up. And, you have the flexibility to convert back to fixed line services when these become available.

Object-based SPI Firewall for network security
Like all DrayTek routers, Vigor2925 Series supports Object-based SPI firewall and CSM (Content Security Management). The firewall allows setting of Call/Data Filters and DoS/DDoS prevention, whereas the CSM covers IM/P2P/Protocol filter, URL Content Filter and Web Content Filter.
With Objects settings, you can pre-define objects or groups for IP, service type, keyword, file extension, etc., and mix these with the Time Scheduler or the VLAN groups as required. Altogether this gives you peace of mind whether you are guarding a complicated network or a small office.

VLAN for secure and efficient workgroup management
Not only with 5 x Gigabit LAN ports for the needs of unified communication applications, such as CRM server, FTP server, Mail server, the Vigor2925 Series has the comprehensive VLAN function for management. The VLAN functions allow 5 subnets to be allocated for multiple workgroups. When combined with the NAT and firewall functions, you can design corporate network groups in terms of traffic, security level, priority settings, etc.
Applications such as VoIP, IPTV and Wireless SSID can also be integrated into VLAN tags and firewall objects, giving you the maximum flexibility in designing workgroups for your organization.

50 VPN tunnels; hardware based with comprehensive secure protocols
Up to 50 VPN tunnels are supported, each can be set to IPsec/PPTP/L2TP/L2TP over IPsec protocols, with hardware encryption of AES/DES/3DES. This level of VPN capability covers the requirements of most businesses for secure inter-office and remote data accessing. For the site-to-site application, Vigor2925 Series offers VPN load-balancing & backup to deliver the high performance and reliable remote access. For client-to-site, remote dial-in users can use up-to 25 SSL VPN tunnels to avoid the local network infrastructure limitation, , there are 64 profiles on WUI, but it only allows 25 concurrent tunnels. 

Multi-subnet
With the 5-port Gigabit switch on the LAN side provides extremely high speed connectivity for the highest speed local data transfer of any server or local PCs. The tagged VLANs (802.1q) can mark data with a VLAN identifier. This identifier can be carried through an onward Ethernet switch to specific ports. The specific VLAN clients can also pick up this identifier as it is just passed to the LAN. You can set the priorities for LAN-side QoS. You can assign each of VLANs to each of the different IP subnets that the router may also be operating, to provide even more isolation. The said functionality is tag-based Multi-subnet.
Each of the wireless SSIDs can also be grouped within one of the VLANs.

Centralized Management 
With F/W 3.7.4, the embedded Central VPN Management (CVM) will let network administrator register up to 16 remote routers but run concurrent remote management over 8 remote routers.

AP Management 
APM provides the 3-step installation, plug-plug-press, and then wireless clients are able to enjoy surfing internet. Moreover, through the unified user interface of Draytek routers, the status of APs is clear at the first sight.

Supports Smart Monitor traffic report software
Vigor2925 series routers support Smart Monitor, DrayTek's proprietary network traffic reporting software, for up to 50 users. This software monitors all incoming and outgoing network traffic, categorizes these into various activity and data types and provides statistics in various report types, so network administrators can monitor network activities for planning and/or fault locating purposes.

Embedded IEEE 802.11n WLAN (2.4GHz)
Vigor2925n has a built-in IEEE 802.11n WLAN Access Point. The Wi-Fi access is also protected by security and encryption protocols, including WEP/WPA/WPA2, MAC Address Control, Multiple SSID, Wireless LAN Isolation, Wireless VLAN and 802.1x Authentication.
The Wireless Rate Control function allows connection rates for each network device to be individually managed as required. The WMM (Wi-Fi Multi-Media) function allows setting of priority levels for various applications: voice, video, data, etc., so time-critical applications can be assigned higher priority levels. Furthermore, WDS (Wireless Distribution System) function allows you to extend the wireless coverage distance easily.

Flexible Network Management
Like all DrayTek routers, Vigor2925 Series routers support comprehensive network management functions. For example, you can set username/password and directory/file access privilege for individual users as required. There are also routing/network tables, system log, debugging utilities, etc., making network administrators' jobs easy.
Other management features include SNMP, TR-069 and TR-104. TR-069 can be utilized with DrayTek's VigorACS SI management software to remotely monitor and manage the Vigor2925 Series.

1.WAN Feature
  • Ethernet WAN
    • IPv4 - DHCP Client, Static IP, PPPoE, PPTP, L2TP, 802.1p/q Multi-VLAN Tagging
    • IPv6 - Tunnel Mode: PPP, TSPC, AICCU, 6rd* (6rd will be supported by firmware v3.7.3)
      Dual Stack: DHCPv6 Client, Static IPv6

  • USB WAN
    • PPP
  • Outbound Policy-based Load-balance
  • WAN Connection Failover
  • WAN Budgets*
  • 50,000 NAT Sessions
2. Network Feature
  • DHCP Client/Relay/Server
  • IGMP Snooping/Proxy Version 2 and Version 3
  • Dynamic DNS
  • NTP Client
  • Call Scheduling
  • RADIUS Client
  • DNS Cache/Proxy
  • UPnP 30 sessions
  • Multiple Subnets
  • Port-based/Tag-based VLAN (802.1q)
  • Layer-2 QoS (802.1p)
  • Routing Protocol:
    • Static Routing
    • RIP V2
  • Route Policy 
3. VPN
  • Up to 50 VPN Tunnels
  • Protocol : PPTP, IPsec, L2TP, L2TP over IPsec
  • Encryption : MPPE and Hardware-based AES/DES/3DES
  • Authentication : MD5, SHA-1
  • IKE Authentication : Pre-shared Key and Digital Signature (X.509)
  • LAN-to-LAN, Teleworker-to-LAN
  • DHCP over IPsec
  • IPsec NAT-traversal (NAT-T)
  • Dead Peer Detection (DPD)
  • VPN Pass-through
  • VPN Wizard
  • mOTP
  • SSL VPN (Up to 25 Tunnels)
  • VPN Trunk (Load Balance/Backup)
4. Firewall
  • Multi-NAT, DMZ Host, Port-redirection and Open Port
  • Object-based Firewall, Object IPv6, Group IPv6
  • MAC Address Filter
  • SPI (Stateful Packet Inspection) (Flow Track)
  • DoS / DDoS Prevention
  • IP Address Anti-spoofing
  • E-mail Alert and Logging via Syslog
  • Bind IP to MAC Address
  • Time Schedule Control
  • User Management
5. USB
  • 3.5G (HSDPA)/4G (LTE) as WAN
  • Printer Sharing
  • File System : *
    • Support FAT32 File System *
    • Support FTP Function for File Sharing *
    • Support Samba for File Sharing *
6. Bandwidth Management
  • QoS :
    • Class-based Bandwidth Guarantee by User-defined Traffic Categories
    • Guarantee Bandwidth for VoIP
    • DiffServ Code Point Classifying
    • 4-level Priority for Each Direction (Inbound/Outbound)
    • Bandwidth Borrowed
  • Session Limitation
    • Default & Specific Limitation
  • Bandwidth Limitation
    • Default & Specific Limitation
    • Auto Adjustment by Exceeding Session/Available Bandwidth
  • TOS/DSCP QoS Mapping
7. Network Management
  • Web-Based User Interface (HTTP/HTTPS)
  • Quick Start Wizard
  • CLI (Command Line Interface, Telnet/SSH)
  • Administration Access Control
  • Configuration Backup/Restore
  • Built-in Diagnostic Function
  • Firmware Upgrade via TFTP/FTP/HTTP/TR-069
  • Logging via Syslog
  • SNMP Management MIB-II (v2/v3)
  • Management Session Time Out
  • 2-level management (Admin/User Mode)
  • TR-069 
  • TR-104
  • LAN Port Monitoring
  • Support Smart Monitor (Up to 50 nodes)
  • Central AP Management (Up to 20 APs)
8. Content Security Management
  • IM/P2P Applications
  • GlobalView Web Content Filter (Powered by *
  • URL Content Filter
    • URL Keyword Blocking (Whitelist and Blacklist)
    • Java Applet, Cookies, Active X, Compressed, Executable, Multimedia File Blocking
    • Excepting Subnets
9. Wireless AP
  • IEEE802.11n Compliant (2.4GHz)
  • Wireless Client List
  • Wireless LAN Isolation
  • 64/128-bit WEP
  • WPA/WPA2
  • Hidden SSID
  • WPS
  • MAC Address Access Control
  • Access Point Discovery
  • WDS (Wireless Distribution System)
  • 802.1x Authentication
  • Multiple SSID
  • Wireless Rate-control
  • IEEE802.11e: WMM (Wi-Fi Multimedia)
  • SSID VLAN Grouping with LAN Port*
10. Declaration of Conformity