DrayTek
Vigor 2925 Series Router Firewall
  • Dual-WAN Gigabit Ethernet
  • Dual-WAN 3G/4G (via compatible USB Modem)
  • All-WAN Simultaneous operation
  • Load-Balancing & WAN Failover
  • IPv6 Ready - See below for feature support
  • High performance - up to 300Mb/s firewall throughput
  • DrayTek Firewall with huge flexibility
  • 5-Port Gigabit Ethernet LAN Switch
  • Temperature Monitoring (optional Thermometer)
  • 802.11a/b/n Wireless LAN (Vigor 2925n/ac)
  • Dual-band (2.4/5Ghz) Wireless (Vigor2925ac)
  • Wireless Guest Portal
  • Multiple Private LAN Subnets
  • SMS (Text Message) Alert
  • VLANs (Port or 802.1q based)
  • Includes SmartMonitor
  • Content Filtering (by keyword, data type or category)
  • Ethernet and WiFi VLANs (common/distinct groups)
  • LDAP Integration for VPN and user access
  • QoS (Layer 2&3, 802.1p & TOS/DCSP)
  • Up to 32 VPN tunnels for LAN-to-LAN or teleworkers
  • VPN Trunking & Backup
  • SSL VPN - Tunnel or Proxy (25 users)
  • USB Port for Printer, Logs or 3G/4G Modem
  • Optional VigorCare Available

 

 

Vigor 2925 Series Ethernet Router Firewall & Load-Balancer

 

The Vigor 2925 series is our dual-Ethernet WAN firewall for load-balancing or failover. It's also a fully featured firewall, VPN concentrator and content filtering device. This latest router series includes support for professional features such as VLAN tagging, Gigabit Ethernet built-in wireless LAN (Vigor 2925n or Vigor 2925ac).

 

Vigor 2925 front panel sockets

 

A 5-port Gigabit Ethernet switch on the LAN side provides high speed connectivity for your server, other local PCs or for uplink to a larger Ethernet switch. Comprehensive security features include content filtering, web application controls and an object based firewall management system.

 

Robust & Comprehensive Firewall

 

Security is always taken seriously with DrayTek routers. The firewall protects against attacks including DoS (Denial of Service) attacks, IP-based attacks and access by unauthorised remote systems. Wireless, Ethernet and VPN are also protected by various protection systems. The latest ('Version 3') DrayTek object-based firewall allows even more setup flexibility than ever, enabling you to create combinations of users, rules and restrictions to suit multi-departmental organisations. The Vigor 2925 also allows selective direction firewall rules of LAN to WAN, WAN to LAN or LAN to VPN. In addition, QoS (Quality of Service Assurance) can now be selectively applied to specific users.

 

Web Content Filtering

 

GlobalView Categories

The content control features of the Vigor 2925 allows you to set restrictions on web site access, blocking download of certain file or data types, blocking specific web sites with whitelists or blacklists, blocking IM/P2P applications or other potentially harmful or wasteful content. Restrictions can be per user, per PC or univeral. Using DrayTek's GlobalView service, you can block whole categories of web sites (e.g. gambling, adult sites etc.), subject to an annual subscription to the Globalview service, which is continuously updated with new or changed site categorisations or sites which have become compromised (such as infected with Malware). A free 30-day trial is included with your new router.

 

WAN Load Balancing & Backup

 

The Vigor 2925 features WAN connectivity via its two WAN Ethernet ports and two USB ports for connection of a compatible 3G or 4G modem. The ethernet ports can connect to DSL modems (e.g. Vigor 120), a cable modem or any other Ethernet-based Internet feed. The multiple WAN interfaces can be used either for WAN-Backup or load balancing. Load-balancing or failover supports IPv4 only currently (not IPv6).

 

WAN-Backup provides contingency (redunancy) in case of your primary ADSL line or ISP suffering temporary outage). Internet Traffic will be temporarily routed via the secondary Internet access. When normal services is restored to your primary ADSL line, all traffic is switched back to that.

 

Vigor 2925 Load Balancing with two Internet connections
The Vigor 2925 makes use of two simultaneous WAN connections

 

The USB port provides Internet connectivity (main, backup or load balanced) by connecting to a compatible USB modem (or cellphone) for access to the high speed 3G cellular networks from UK providers such as Vodafone, O2, 3 and EE. If you don't have ADSL at all, the USB/3G access method can be used as your primary/only Internet connection, ideal for temporary locations, mobile applications or where broadband access is not available. In addition you can instead connect a compatible analogue modem to use analogue dial-up connections for failover in the event of your broadband failing.

User Management/Authentication

 The Vigor 2925 has built-in user management which allows you to provide conditional internet access to different users based on their own unique login (stored in the router, or on an external Radius server). For full details of this feature, click here.

 

802.1q Tagged, Wireless & Port Based VLAN

The Vigor 2925 features a hugely flexible VLAN system. Each of the six Gigabit LAN ports can be isolated from each other, for example to feed different companies or departments but keeping their local traffic completely separated. For more detailed explanation about VLANs click here.

VPN - Linking remote offices, HQ, teleworkers and mobile staff

 

A feature central to DrayTek routers is the VPN (Virtual Private Networking) features. A VPN enables you to link two remote offices, branch offices back to HQ or home-based/mobile teleworkers back to your office. Once connected, they have access to your office/remote resources through a secure encrypted tunnel allowing remote desktop, file sharing and seamless access to other resources and devices.

The Vigor 2925 allows you to set up up to 32 simultaneous VPN tunnels to remote offices or teleworkers. The Vigor2925 series supports all industry standard protocols, including encryption and authentication methods. Teleworkers can authenticate directly with your LDAP server if prefered.

 

The Vigor2925 supports VPN trunking; this allows you to create one big virtual tunnel tunnels down multiple WAN connections to a remote site in order to increase bandwidth. VPN trunking also provides failover (backup) of your VPN route down a secondary WAN connection so that if one WAN connection fails, your VPN connection stays up. You can learn more about DrayTek VPN here.

 

With VPN trunking you can double your VPN bandwidth and if one WAN fails, the VPN stays up

 

The Vigor 2925 also supports SSL VPN for up to 5 simultaneous remote workers. These are encrypted tunnels linking your teleworker back to your main office but they are 'clientless in that your O/S does not need to generate the tunnel and you do not need to install any VPN software manually. You instigate an SSL tunnel from your regular web browser, so it could be in a web cafe or guest network, and the tunnel is creating using SSL technology - the same encryption that you use for secure web sites such as your bank. The Vigor 2925 can operate SSL VPNs in either Proxy or full tunnel mode. For SSL VPN Tunnel mode Windows OS is supported.

 

You can learn more about DrayTek SSL VPNs here.

 

 

Reliable and High-Performance WiFi ('n' and 'ac' models only)

 

The Vigor 2925n features 802.11n wireless LAN, backward compatible with 802.11b/g standards. The Vigor 2925ac model additionally support simultaneous dual-band operation, meaning that it can provide connectivity in both the 2.4Ghz (most common) and 5Ghz bands at the same time so that compatible client devices can take advantage of the far less congested 5Ghz band.  

Real-world throughput depends on your own environment (factors such as obstructions, number of hosts and distance all make a significant difference), but actual transfer speeds of over 100Mb/s are achievable (based on our real world tests). In addition, aerial diversity provides more resilience to interference. Optional alternative aerials can provide higher gain or directional beams for specific applications

 

Wireless Security

 

The Vigor 2925n and Vigor 2925ac provide several independent levels of security including encryption (up to WPA2), authentication (802.11x) and methods such as MAC address locking and DHCP fixing to restrict access to authorised users only. The Web interface lets you see how many and which clients are currently connected as well as their current bandwidth usage. An 'instant' block lets you disconnect a wireless user temporarily in case of query. The Wireless VLAN facility allows you to isolate wireless clients from each other or from the 'wired' LAN.

 

You can also allow guest access with password protection so that visitors can use your WiFi access, but only with a password which you set for them. When the user connects to your wireless LAN, they are firstly presented with your login screen before any Internet access is permitted. This is in addition to any encryption system you have running.  The guest network can be in its own VLAN therefore isolated from your business or private network.

 

The Multiple SSID features enables you to have up to four distinct or common virtual wireless access points. For example, you could have one for company usage, with access to your company LAN and another for public access which allows internet surfing only.  

For specialist or more demanding coverage applications, optional aerials can potentially increase or adjust the range of wireless coverage (depending on environment) or provide directional coverage in order that your wireless transmission is focused and concentrated into one direction only, for example into a room or across open space. With the increasing popularity of wireless LANs, you will want to choose the least congested wireless channel (Nos. 1-13) for yours so the Vigor can scan and provide a list of all devices in the vicinity so that you can choose the best channel (see screenshot below).

 

The Vigor2925n provides a local survey of other devices so that you can choose the least congested channel.
Above : The Vigor2925n provides a local survey of other access points
so that you can choose the least congested channel.
  • 802.11b/g/n Compliant
  • 802.11ac (Vigor 2925ac only)
  • Hardware wireless co-processor for increased throughput
  • 'MIMO' Technology with three aerials (2T2R) for diversity
  • Packet Aggregation and Channel Bonding
  • Optional Higher Gain or directional aerials available - Click Here.
  • Backward compatible with 802.11b and 802.11g Standards
  • Active Client list in Web Interface
  • Wireless LAN Isolation (from each other and/or wired LAN)
  • 64/128-bit WEP Encryption
  • WPA/WPA2 Encryption
  • WPS - WiFi Protected Setup for client security setup
  • Switchable Hidden SSID
  • Restricted access list for clients (by MAC address)
  • Time Scheduling (WLAN can be disabled at certain times of day)
  • Access Point Discovery
  • WDS (Wireless Distribution system) for Bridging and Repeating
  • 802.1x Radius Authentication
  • Wireless Rate-Control
  • Automatic Power Management
  • 802.11e WMM (Wi-Fi Multimedia)

 

 

Vigor 2925ac with 802.11ac

The Vigor 2925ac features the same specification as the standard Vigor 2925 product with the addition of 802.11ac wireless LAN. 802.11ac provides increased speed and performance over the existing 802.11n, which is the most commonly used standard currently.

The Vigor 2925ac provides the following features on 802.11ac:

 
•802.11ac Compliant (as well as 802.11n, a, b and g)
•1300Mb/s Total Wireless Capacity (3x433Mb/s)
•3 Spatial Streams (3x3)
•DFS/TPC Support, allowing use of all of bands 1 and 2
•Supports extended channels (36-64 & 100-140)
•Selectable 20/40/80 Mhz Channel Bandwidth
•Dynamic adjustment of channel bandwidth
•A-MSDU Selectable
•Mixed-Mode / Green field Selectable
•Simultaneous Operation with 2.4Ghz (802.11n/b/g)
•Wireless LAN Co-processor**

 

* Support for DFS/TPC allows the Vigor 2925ac to use a larger range of wireless LAN channels (frequencies). As well as the standard Band A-Lower (UNII-1) channels (Nos. 36, 40,44,48), the Vigor 2925ac can use Band A-Upper (UNII-2) Nos. 52,56,60,64) and Band B (UNII-2) (Nos 100-140).

 

**Wireless co-processor; provides data processing offload for increased performance, particularly in multi-user environments. It also enables higher performance WDS - Up to 500Mb/s which is particularly useful if forming point-to-point wireless bridges.

 

Wireless LAN WDS Facility

 

Vigor2925n supports WDS (Wireless Distribution System) which enables you to use the wireless capability to bridge to another network, within wireless range. You need an additional compatible wireless router for this of course. Here is a simple example: 

 

DrayTek Vigor Wireless LAN WDS Bridiging

 

With WDS bridging, both networks should be within the same logical IP subnet (IP address range). Once set up, all of the PCs on both sides of the link can access each other, across the wireless bridge. Local wireless devices such as a laptop can continue to use their local access point.

 

Vigor 2925n WDS Repeater

 

An additional mode, as shown above, called 'repeating', allows you to set up a third station. In the diagram below, the router at 'B' is set up in repeating mode, relaying traffic between LANs at A and C. Therefore, all three physical networks can communicate with each other over the wireless links.

 

Important Note : Wireless performance (speed and range) always depends on your specific environment and will vary considerably. Factors affecting performance include wireless traffic, other networks nearby, site construction, walls, ceilings and other electronic equipment nearby. Speeds quoted are the maximum wireless capacity, including RX/TX capacity, protocol overheads and all clients/hosts connected.

 

3G/4G Cellular Data Features

 

The Vigor 2925 Series' USB port can host a compatible 3G modem or cellphone for access to the cellular network for full Internet Access. All UK networks provide high speed HSDPA data connections and some are starting to roll out 4G. The 3G/4G connection can be used as your primary/only Internet access, or as backup to your main ADSL line connection. This facility is ideal for homes or offices which don't want to pay fixed line + broadband rental and also for temporary locations, or those to where fixed lines aren't available but for businesses, having 3G as a failover to your main connectivity means that your business stays online when your broadband doesn't!

 

3G Modems for the DrayTek Vigor 2820 compatible with Vodafone, 3, EE, Virgin Mobile, Orange, T-Mobile and O2

With the Vigor 2925n (Wireless model) your local users can be connected wirelessly to the router, so instant free 'hotspots' can be deployed quickly and easily. Mains power is required for the router's PSU, but this could be from a mobile generator or equivalent so you need to plan for this.

Please check with us for the latest USB modem compatibility; the phone companies (Vodafone, EE, O2, 3 etc.) continuously introduce new models, so additional Modem Support is added continuously. If you have a new modem, not yet supported, it is possible to obtain logs for our engineers to assess.

The Vigor 2925 and 3G/4G cellular modem setup is ideal for:

  • Backup to your primary Internet feed (ADSL, cable etc.)
  • Providing lower cost broadband than a fixed line solution
  • Areas without fixed line broadband access
  • Compatible with a wide range of 3G modems/phones
  • Temporary Locations
  • Mobile Homes
  • Locations on the move - coaches, trains
  • Fairgrounds & temporary exhibitions
  • Outdoor locations (the router and modem itself must be indoors!)
  • Disaster Planning & High Availability

Vigor2820 with 3G Modem

 

Network Attached Storage (NAS)

The Vigor 2925's USB2.0 port can also be used to add storage memory to the unit in the form of a USB memory key (as shown right) or for higher capacity a USB hard drive (normally requires its own power). The Vigor 2925 then provides FTP access file uploading/downloading which can be from the local LAN or from anywhere on the Internet - ideal for a simple to deploy file depository. Access can be 'public' or using usernames and passwords, each of which can have their own directories and/or file access rights. As well as FTP, file sharing is available as a Windows 'network drive'. You can also use Windows Explorer to view and access the contents of the USB drive.

If you do have a USB memory key connected, you can also have the router save it's system logs (syslog) to that memory instead of to a connecting computer; useful for technical personnel (SysAdmins).

USB FTP Server

Vigor 2925 Dual-WAN Router Firewall Series - Technical Specification

 

  • Physical Interfaces:
    • LAN Ports (Switch)
      • 5 X Gigabit Ethernet (1000Mb/s) Ports
      • Port-Based VLAN (Inclusive/Exclusive Groups)
      • 802.1q VLAN Tagging
    • WAN Ports:
      • WAN1 : Gigabit Ethernet (1000Mb/s Interface)
      • WAN2 : Gigabit Ethernet (1000Mb/s Interface)
      • WAN3 : USB Port for 3G Cellular Modem or Printer
    • Performance:
      • Firewall: Up to 200Mb/s
      • IPSec VPN: Up to 50Mb/s
    • Load Balance/Failover Features:
      • Outbound Policy-Based Load-Balance
      • WAN Connection Fail-over
      • BoD (Bandwidth on Demand)
    • Wireless LAN Features ('n' Models Only):
      • 802.11b/g/n (Vigor 2925n / 2925ac) 
      • 802.11b/g/n/a/ac (Vigor 2925ac)
      • Simultaneous Dual-Band Operation - 2.4Ghz/5Ghz (Vigor 2925ac)
      • Multiple SSID : Create up to 4 virtual wireless LANs (independent or joined)
      • Packet Aggregation and Channel Bonding
      • Optional Higher Gain or directional aerials available - Click Here.
      • Active Client List in Web Interface
      • Wireless LAN Isolation (from VLAN groups and wired Ethernet interfaces)
      • 64/128-bit WEP Encryption
      • WPA/WPA2 Encryption
      • Switchable Hidden SSID
      • Restricted access list for clients (by MAC address)
      • Time Scheduling (WLAN can be disabled at certain times of day)
      • Access Point Discovery
      • WDS (Wireless Distribution system) for WLAN Bridging and Repeating
      • 802.1x Radius Authentication
      • Wireless VLAN
      • Wireless Rate-Control
      • Automatic Power Management
      • 802.11e WMM (Wi-Fi Multimedia)
    • WAN Protocols (Ethernet):
      • DHCP Client
      • Static IP
      • PPPoE
      • PPTP
      • L2TP *
      • BPA
    • Firewall & Security Features:
      • CSM (Content Security Management):
        • URL Keyword Filtering - Whitelist or Blacklist specific sites or keywords in URLs
        • Block Web sites by category (e.g. Adult, Gambling etc. Subject to subscription)
        • Prevent accessing of web sites by using their direct IP address (thus URLs only)
        • Blocking automatic download of Java applets and ActiveX controls
        • Blocking of web site cookies
        • Block http downloads of file types :
          • Binary Executable : .EXE / .COM / .BAT / .SCR / .PIF
          • Compressed : .ZIP / .SIT / .ARC / .CAB/. ARJ / .RAR
          • Multimedia : .MOV / .MP3 / .MPEG / .MPG / .WMV / .WAV / .RAM / .RA / .RM / .AVI / .AU
        • Time Schedules for enabling/disabling the restrictions
        • Block P2P (Peer-to-Peer) popular file sharing programs 
        • Block Instant Messaging programs (e.g. IRC, MSN/Yahoo Messenger etc.)
      • Multi-NAT, DMZ Host
      • Port Redirection and Open Port Configuration
      • Policy-Based Firewall
      • MAC Address Filter
      • SPI ( Stateful Packet Inspection ) with new FlowTrack Mechanism
      • DoS / DDoS Protection
      • IP Address Anti-spoofing
      • E-Mail Alert and Logging via Syslog
      • Bind IP to MAC Address
    • Bandwidth Management:
      • QoS
      • Guaranteed Bandwidth for VoIP
      • Class-based Bandwidth Guarantee by User-Defined Traffic Categories
      • Layer 2&3 (802.1p & TOS/DCSP)
      • DiffServ Code Point Classifying
      • 4-level Priority for each Direction (Inbound / Outbound)
      • Bandwidth Borrowed
      • Temporary (5 minute) Quick Blocking of any LAN Client
      • Bandwidth / Session Limitation (with automatic adjustment)
      • TOS/DSCP QoS Mapping
      • Smart Bandwidth Limitation (Triggered by Traffic/ Session)
    • Network/Router Management:
      • Web-Based User Interface (HTTP / HTTPS)
      • CLI ( Command Line Interface ) / Telnet / SSH
      • Administration Access Control
      • Configuration Backup / Restore
      • Built-in Diagnostic Function
      • Firmware Upgrade via TFTP / FTP
      • Logging via Syslog
      • SNMP v3 Management with MIB-II
      • TR-069
      • TR-104
    • VPN Facilities:
      • Up to 32 Concurrent VPN Tunnels (incoming or outgoing)
      • Tunnelling Protocols: PPTP, IPSec, L2TP, L2TP over IPSec
      • IPSec Main and Agressive modes
      • IKE Phase 1 DiffieHelman Groups 1,2,5 & 14
      • IKE Phase 2 DiffieHelman Groups 1,2,5 & 14 (will match phase 1 selection)
      • Encryption : MPPE, DES and Hardware-Based AES (128/192/256bits) / DES / 3DES (168bits)
      • Authentication : Hardware-Based MD5, SHA-1 and SHA-256
      • IKE Authentication : Pre-shared Key or X.509 Digital SignatureVPN Facilities:
      • SSL VPN for teleworkers - Up to 5 simultaneous users. Proxy or tunnel
      • LAN-to-LAN & Teleworker-to-LAN connectivity
      • DHCP over IPSec
      • NAT-Traversal ( NAT-T )
      • Dead Peer Detection (DPD)
      • VPN Pass-Through
      • MOTP (Mobile One Time Password)
    • Network Features & Routing protocols
      • DHCP Client / Relay / Server
      • DHCP Option 66 support
      • Dynamic DNS (3rd party providers)
      • NTP Client (Syncrhonise Router Time)
      • Call Scheduling (Enable/Trigger Internet Access by Time)
      • RADIUS Client
      • Microsoft™ UPnP Support (30 connections)
      • Static Routing
      • RIP v2
      • IGMP v2 & V3 and IGMP snooping
      • DNS Cache & Proxy
    • Operating Requirements:
      • Rack Mountable (Optional Vigor 'RM1' mounting bracket required)
      • Wall Mountable
      • Temperature Operating : 0°C ~ 45°C
      • Storage : -25°C ~ 70°C
      • Humidity 10% ~ 90% (non-condensing)
      • Power Consumption: 18 Watt Max.
      • Dimensions: L240.96 * W165.07 * H43.96 ( mm )
      • Operating Power: DC 15V (via external PSU, supplied)
      • Warranty : Two (2) Years RTB
      • Power Requirements : 220-240VAC

New Vigor 2925 Dashboard in Web Interface

Vigor 2925 WUI Dashboard

Logging of Ambient Temperature (Requires optional thermometer)

Temperature on Vigor 2925 Chart

Web Content Filtering

Diagnostic Tools

Wireless LAN Access Point Scanning

The Vigor2860n provides a local survey of other devices so that you can choose the least congested channel.

Rack Mounting Kit

The RM1 Rackmount Bracket enables you to fit any Vigor2925 series router into a standard 19" rack or cabinet. The bracket takes up one rack slot (1U) and includes a cable retainer at the back to keep the power cord captive. The front mounted sockets of the router remain fully accessible. For wireless models, we then recommend extension aerials (or aerial extensions).


Directional and Higher-Gain Aerials

DrayTek Aerials

Omnidirectional and Unidirectional aerials are available for increased coverage or other specialist requirements. For full specifications, click here.


 

 

Product CodeEANUK Product DescriptionNotes
V2925-K 4716779074840 Vigor 2925 (UK/IE)  
V2925N-K 4716779074628 Vigor 2925n (UK/IE)  
V2925AC-K 4716779078855 Vigor 2925ac (UK/IE)