for ADSL routers, Bluetooth, Broadband & Wireless routers. From Belkin, Dlink, linksys, Netgear, SMC, Slim Devices, devolo, Cisco, Logitech, Draytek, Sonos, Terratec  
  Home » broadbandstuff » Business Class » Firewalls » V2960 My Account  |  Cart Contents  |  Checkout   
ADSL Broadband->
Best Wireless Router->
BT Infinity + Virgin Media VDSL
Business Class->
  eco friendly
  Network Cards
  Print Servers
Cable Broadband->
Comms Room->
Digital Home->
Home Automation->
HomePlug Network->
Mobile Phones
Network MP3
Network Printers
Security Cameras->
Tablet PC
Wired LAN->
Wireless Bundles
Most Popular
01.Cisco ASA 5505-BUN-K9 Series Firewall - 10 User
02.Cisco ASA 5520 VPN/Firewall -5 Port
03.Cisco ASA5510-SEC-BUN-K9 Series Firewall
04.Draytek Vigor 2960 Dual-WAN VPN Router Firewall
05.ZyXEL ZyWALL USG 20 Unified Security Gateway for 1-5 Users
06.Billion BiGuard 50G 802.11g Dual-WAN Security Gateway
07.Cisco SA520 - Security Appliance
08.Netgear UTM25 Prosecure Unified Threat Management Appliance
Special Offers
Delivery Information
Support Numbers
Parcel Tracking
Help & Advice FAQ
Public Sector Discounts
Beginners Guide
Terms & Conditions
Contact Us
Secure Payments

Draytek Vigor 2960 Dual-WAN VPN Router Firewall

£322.92 ex VAT
£387.50 inc VAT

Availability: In Stock

Draytek Vigor 2960 Dual-WAN VPN Router Firewall

Main Features

  • High-Performance Router/Firewall
  • Load Balancing & WAN Failover
  • Native IPv4 & IPv6 dual-stack
  • Two Gigabit WAN ports
  • Four Gigabit LAN Ports
  • Twin Independent USB Ports
  • IPSec VPN - LAN-to-LAN or Teleworker (200 tunnels)
  • 802.1q Tagged and port-based VLANs
  • QoS Assurance on different traffic types
  • VPN Trunking (Backup/aggregation)
  • Mobile One-Time Passwords for Teleworker VPNs
  • Multiple LAN-side private IP subnets
  • Internet Content Filtering
  • Optional VigorCare Available
The Vigor 2960 is a high-performance dual-Gigabit WAN firewall. The two dedicated Gigabit WAN ports can provide load balancing, WAN failover or bandwidth aggregation (increasing total bandwidth onto the Internet). Based on a new DrayTek OS platform, the Vigor 2960 provides high performance with DrayTek's traditional ease of use and comprehensive features set. Extensive QoS, VLAN Web Content filtering features help keep your network efficiency and online productivity high.


VPNs (Virtual Private Networks) enable you to link two remote computers or networks securely using the public Internet. An encrypted tunnel is created to carry your private data between the two sites. Tunnels making use of PPTP, L2TP, AES and IPSec protocols have been available on Vigor routers for many years and provide a simple to set up solution for your site-to-site or teleworker VPNs. SSL VPNs provide a new method for teleworker to central site VPN, providing great convenience, low TCO and simplicity where other methods may not be possible.

One potential drawback of using the above methods for a Teleworker-to-central site VPN is that they need compatiable protocol stacks at each end (e.g. an IPSec client or hardware) and most importantly those protocols need to be freely passed by your local host network. This isn't normally a problem where you own the computers and the network in use and you can install any client, software or hardware you choose, as well as allowing any traffic types you like. Where it can become a problem is where you are using someone else's computer or network where either you cannot use the O/S VPN client, or the host network blocks VPN protocols or makes them unreliable. This is most commonly a problem when using WiFi hotspots or other public Internet access methods (hotels, conference centres etc.).

You may already have heard of SSL previously, and you have almost certainly used it. SSL (Secure Sockets Layer) is the protocol used by all web browsers for accessing 'secure' web sites. You will have used secure web sites whenver you have used your credit card online or accessed your banking web sites, for example. SSL is supported by all web browsers, and as it is so commonly used, all hotspots and other public Internet will always allow SSL to pass properly. By using the SSL protocol for your telework VPN tunnel you therefore have some important benefits.

Another advantage of web based SSL VPN is that your host Vigor router presents the user with his/her login page to the network within their browser and then can provide access only to the web based applications or local servers which you allow as opposed to a regular VPN which connects the user to the network directly for access to any resource which is accessible locally. No TCP/UDP ports have to be opened on your host router; if the user cannot login to the VPN, they won't get access.

As mentioned previously, an SSL VPN uses your standard web browser; this means that for your web based applications running at your office (webmail, Intranet, Thin Clients etc.) SSL VPNs work really well for this access method, which is called 'SSL Web Proxy' mode. A very common application for SSL VPN is remote desktop. By using the Windows 'Remote Desktop Web Connection', your office desktop will be accessible from your web browser whereever you are and whoever's computer you're using. In addition, by using Vigor web proxy, you can browse external web sites via the tunnel, thus bypassing any local web site blocking policy (content filtering or local polcies). If you are familiar with 'port redirection' or 'open ports setup' on Vigor routers, SSL Proxy to your internal web services is very similar in concept to this except that the data passes through a secured tunnel, hence increasing security and privacy.

Please check on specific models for the level of SSL VPN supported.

MOTP (Mobile One-time Passwords)

As an alternative to a fixed password for remote teleworkers, you can make use of DrayTek's Mobile One-Time Password (MOTP) system to add Two-layer authentication. A One-time password is generated dynamically each time you want to connect, works once only and expires immediately. For DrayTek MOTP, the authentication device is your mobile phone; MOTP applets are available for Symbian mobile phones (e.g. Nokia), most phones supporting Java and the Apple iPhone™.

SSL VPNs beyond the Browser

Using the web browser for your remote access is great for accessing web-based applications (intranet, webmail, remote web desktop etc.) but it does not provide access to the actual network directly, for example for shared directory access, network resources or other applications which are not browser based. Only data or applications which are available in your web browser locally are available remotely via the SSL Proxy.

For full network access, DrayTek provide an Active-X Tunnel plug-in (a VPN client, effectively) which can transfer at the network layer, making a fully VPN tunnel. This is called SSL Tunnel mode. This plug-in is downloaded automatically by your browser from the host Vigor router when you log into the SSL VPN and select Tunnel mode. You are then fully connected to the remote network for direct network resource access. In this way, you are no longer limited to running web-based applications and can access shares and other network resources.

VPN Trunking

VPN Trunking is the facility to create more than one VPN tunnel, over a second Wan CONNECTION, to the same remote location in order to provide either increased bandwidth between the two sites (load balancing) or resilience (failover) in the event that one tunnel/connection is interrupted. The Vigor 2960 supports both Failover and Load Balancing modes for VPN Trunks.

The Vigor 2960 already supports load balancing to the Internet using its dual-WAN ports. What VPN trunking does is enables a single virtual tunnel to be created across both WAN connections to the same remote location creating a single virtual tunnel, recombining the tunnel at the other end. As far as the traffic and LAN devices/clients are concerned, there is just a single tunnel, with increased bandwidth.

Vigor 2960 Series Specification

Physical Interfaces:

  • LAN: 4-port Gigabit (10/100/1000 Base-T)
  • WAN: 2-port Gigabit (10/100/1000 Base-T) Ethernet
  • USB: 2 USB 2.0 Ports (for flash storage and 3G) - Note : USB Function due in later firmware
  • WAN Protocols : PPPoE, PPTP, DHCP Ciet, Static IP
  • Load Balancing : Policy based or automatic
  • WAN Failover : Switch to other connection when primary WAN lost
VPN support:
  • Protocols : PPTP, IPSec, L2P, L2TP over IPSec
  • Up to 200 simultaneous tunnels (LAN-to-LAN or Teleworker-to-LAN)
  • Dial-in and Dial-out supported
  • VPN Trunking - allows alternative failover route or multiple tunnels to the same destination to increase capacity/throughput
  • LDAP/Active Directory : Teleworker VPNs can be auththenticated by a LDAP/AD server
  • NAT-Traversal (NAT-T): VPN over routes without VPN Passthrough
  • PKI Certificates: Use X.509 Digital Signatures
  • IKE Authentication: Pre-shared key (PSK), Phase 1 agressive/standard, Phase 2 selectable lifetimes
  • Encryption:
    • Hardware-based AES (128, 192, 256 bits)
    • Hardware-based DES/3DES (56 & 168 bits)
    • Hardware-based MD5 & SHA-1
    • MPPE (40 or 128 bits)
  • Radius Client: Authentication for PPTP remote dial-in teleworkers
  • DHCP over IPSec
  • GRE over IPSec
  • Dead-Peer-Detection (DPD))
  • Smart-VPN Softare utility: For teleworkers
  • No extra licencing or additional VPN client costs.
  • Ineroperability : Compatible with other 3rd party VPN devices
  • Stateful Packet Inspection (SPI)
  • Content Security Management (CSM)
  • Multi-NAT: Set one-to-one mappings between your private and public IP addresses
  • Port Redirection & Open Ports Policy-based IP Packet Filter. Fully configurable policies based on IP address, MAC address (source or destination), DiffServ attribute, direction, bandwidth, remote site
  • DoS/DDoS Protection
  • IP Address Anti-spoofing
  • Object-Based Firewall
  • Notification: Email alerts and logs to syslog
  • Bind IP to MAC address
  • User-Controlled Rules: Interrogates LDAP server to permit access or enforce policies
System Management:
  • Web-Based User Interface: Integrated server for router management (via HTTP or HTTPS)
  • Telnet/SSH : Command line control and configuration
  • Configuration Backup/Restore
  • Built-in diagnostics, dial-out triger, routing table, ARP table, DHCP Table, NAT Sessions Table, data flow monitor, traffic graph, ping diagnostics, traceroute
  • Firmware Upgrade by HTTP, TFTP & FTP
  • Syslog Logging
  • SNMP Management: v1/v2, MIB II
  • Vigor ACS-SI Centralised Management: TR-069 compatible for ACS platform
  • Compatible with Smart Monitor Traffic Analyser : Windows software for up to 100 users
Bandwidth Management:
  • Traffic Shaping: Dynamic bandwidth management with IP traffic shaping
  • Bandwidth Reservation: Connection or client based
  • Packet Size Control
  • DiffServ Codepoint Classifying
  • 4 Priority Levels (Inbound/Outbound)
  • Individual IP Bandwidth Session Limits per user/group
  • Bandwidth Borrowing
  • User-defined class-based rules
Web Content Filtering & CSM:
  • URL Keyword Blocking: Blacklist or Whitelist
  • Content Type Blocking: Java applet, cookies, Active-X
  • Block P2P Applications (inc. Kazza, WinMX, Bittorrent)
  • Block Instant messaging
  • Block access of web sites by direct IP address (thus URLs only)
  • Block HTTP download of compressed, executable or multimedia files
  • Web Content Filter: GlobalView filtering of 64 web site categories (e.g. adult, gambling sites etc.). subscription required (free trial included)
  • Time Scheduling: Blocking rules can be activated based on time schedules
Routing Functions:
  • IPv4 & IPv6 Dual-Stack
  • DNS Cache/Proxy
  • DHCP Client, Server & Relay
  • DHCP Options: 1,3,6,51,53,54,58,59,60,61,66,125
  • IGMP v1/v2 & Proxy/Snooping
  • uPnP: 500 Sessions
  • NAT: 80,000 Sessions
  • NTP Client with DST Adjustments
  • Static routing
  • Policy-based routing
  • Dynamic DNS : Updates DDNS servers with public IP address
  • Port-Based VLAN
  • Tag-Based VLAN: 802.1q
  • Client/Call Scheduling : Real-time clock, with NTP updating schedules access or connectivity
  • Wake-on-LAN : Passed from WAN to preset LAN device
Operating Requirements:
  • Rack Mountable (Mount brackets included)
  • Temperature Operating : 0°C ~ 45°C
  • Storage : -10°C ~ 70°C
  • Humidity 10% ~ 90% (non-condensing)
  • Power Consumption: 19W Max
  • Dimensions: L273 * W166 * H44 (mm) (1U Height))
  • Operating Power: 220-240VAC (internal PSU)
  • Warranty : 2 Years Manufacturer's RTB included

Write a review of the Draytek Vigor 2960 Dual-WAN VPN Router Firewall
Draytek Vigor 2960 Dual-WAN VPN Router Firewall Reviews
No reviews yet...
Write the first review of the Draytek Vigor 2960 Dual-WAN VPN Router Firewall
Click V2960 to visit the manufacturer's website
Call 0844 357 1670 for volume discounts
Product Search
Use keywords to find products
Advanced Search
Shopping Cart more
0 items
Manufacturer Info
Draytek Homepage
Other products
Tell A Friend
Tell someone you know about this product.

Cisco partner OrbtalkBanner
SSL Certificate

Powered by Google | © 2016 | Sip Trunks | Hosted PBX | Wireless Routers | | Reviews | Hosted PBX Video