Easter Bank Holiday Weekend
Early Closing Thursday

We will be closing early on Thursday 28th March at 16:30

Last orders: 16:00 (next day: 15:30) | CLOSED - Good Friday & Easter Monday

Call us FREE on 0800 488 000
X
X

Please Log In Below

Forgotten Password?
Retry
Login
loading Gif
Sorry! You can't edit your cart on this page.
Sorry! This item could not be added to your cart as it is no longer available from Comms Express.
Please check the quantity you are adding and try again.
The following item has been added to your cart.
Product Code:
Options:
Qty:
Unit Price:£
View Cart
Checkout
Your cart is empty.
Subtotal:
£0
Remove all items from cart
Are you sure? Yes No
Learn more about how
to collect Data Points
for free gifts.
Comms Express Finance Options
Request A Quote
View Cart
Checkout
Cookie Policy×

Hi there! Our website may store cookies on your computer in order to give you the best experience, such as remembering the items in your cart so you can continue shopping where you left off.

By continuing to use our site, you give consent for cookies to be used.

Spend £100.00 for
FREE DELIVERY.
Free delivery excludes heavy and bulky products
Browse Categories
End of Life Product
£POA
£POA Inc VAT.

If you wish to enquire about this product please contact us on
0800 488 0000

Sorry, this item is no longer available from Comms Express.

DrayTek Vigor 2960 High-Performance SSL VPN Router/Firewall

by DrayTek
See more product details
Part No:FEV2960-K
Manufacturer No:V2960-K
Delivery: End of Life Product
More Related Items
Click to change options
Colour:
Apply
£19.91 Ex VAT
Qty:
Email product to a friend
X
  • Scroll to top
    DrayTek Vigor 2960 High-Performance SSL VPN Router/Firewall

    The Vigor 2960 is a high-performance dual-Gigabit WAN firewall. The two dedicated Gigabit WAN ports can provide load balancing or WAN failover. Based on a new DrayTek OS platform, the Vigor 2960 provides high performance with DrayTek's traditional ease of use and comprehensive features set. Extensive QoS, VLAN Web Content filtering features help keep your network efficiency and online productivity high.


    VPN

    As a VPN endpoint/concentrator, the Vigor 2960 will support up to 200 simultaneous teleworker or LAN-to-LAN VPNs with a VPN throughput of up to 500Mb/s dependant on protocol, thanks to its hardware-based VPN co-processor. VPN security includes certificate, MOTP or token/PSK based access and key-hash authentication to ensure maximum security.


    SSL VPN

    For ease of remote access, the Vigor 2960 can provide up to 20 simultaneous SSL VPN web-proxy tunnels, making remote access to your network possible from virtually anywhere without the inconvenience or compatibility issues of installing a VPN client. As SSL is a standard Internet protocol (used for web sites) )SSL VPNs are also resilient to difficulties in creating tunnels through guest networks (web cafes, hotels etc.) where traditional IPSec/PPTP tunnels can often have difficulties. SSL encryption is strong too, using 128bit DES/3DES or AES. Using MoTP, your teleworker passwords are strong and realtime; a password is generated in real-time by your mobile phone (iphone, Android etc.) which can be used once only, and only at the time its generated. In addition to Web-proxy mode, full SSL VPN tunnelling is supported for Windows OS via a Java applet or the Smart VPN Client.


    High Availability

    For even greater resilience, the Vigor2960 provides High Availability (HA). The CARP protocol (equivalent to VRRP or HSRP) lets you set up a master and secondary Vigor2960 whereby in the event of the master unit failing, the secondary unit can seamlessly and automatically switch over. This can remove the possibility of a single point of failure within your routers. Additionally, multiple active Vigor2960's can provide reciprocal routing backup to other active Vigor2960s.

    SSL VPNs

    VPNs (Virtual Private Networks) enable you to link two remote computers or networks securely using the public Internet. An encrypted tunnel is created to carry your private data between the two sites. Tunnels making use of PPTP, L2TP, AES and IPSec protocols have been available on Vigor routers for many years and provide a simple to set up solution for your site-to-site or teleworker VPNs. SSL VPNs provide a new method for teleworker to central site VPN, providing great convenience, low TCO and simplicity where other methods may not be possible.


    The benefits of SSL VPNs

    One potential drawback of using the above methods for a Teleworker-to-central site VPN is that they need compatiable protocol stacks at each end (e.g. an IPSec client or hardware) and most importantly those protocols need to be freely passed by your local host network. This isn't normally a problem where you own the computers and the network in use and you can install any client, software or hardware you choose, as well as allowing any traffic types you like. Where it can become a problem is where you are using someone else's computer or network where either you cannot use the O/S VPN client, or the host network blocks VPN protocols or makes them unreliable. This is most commonly a problem when using WiFi hotspots or other public Internet access methods (hotels, conference centres etc.).

    You may already have heard of SSL previously, and you have almost certainly used it. SSL (Secure Sockets Layer) is the protocol used by all web browsers for accessing 'secure' web sites. You will have used secure web sites whenver you have used your credit card online or accessed your banking web sites, for example. SSL is supported by all web browsers, and as it is so commonly used, all hotspots and other public Internet will always allow SSL to pass properly. By using the SSL protocol for your telework VPN tunnel you therefore have some important benefits:

    Traditional VPN (e.g. AES/IPSecSSL VPN
    Requires VPN Client or Hardware Uses Standard Web Browser SSL
    Support for popular O/S's only Compatible with all computers/browsers
    Licence fees all for some vendor
    client software (Not DrayTek though!)
    No client licence fees
    Requires user to operate VPN Client No special operator procedures.
    Just use your web browser.
    At OSI 'network' layer At OSI 'session' layer
    AES/DES/3DES Encryption SSL Encryption
    Full network access (unless filtered) Ability to easily restrict users to
    specific web applications
    Network Level Access as standard. Network level access via
    DrayTek Java Tunnel Plug-in
    (Windwos OS only)
    Teleworker or Site-to-Site (LAN-to-LAN) Teleworker-to-Host site only

    Another advantage of web based SSL VPN is that your host Vigor router presents the user with his/her login page to the network within their browser and then can provide access only to the web based applications or local servers which you allow as opposed to a regular VPN which connects the user to the network directly for access to any resource which is accessible locally. No TCP/UDP ports have to be opened on your host router; if the user cannot login to the VPN, they won't get access.

    As mentioned previously, an SSL VPN uses your standard web browser; this means that for your web based applications running at your office (webmail, Intranet, Thin Clients etc.) SSL VPNs work really well for this access method, which is called 'SSL Web Proxy' mode. A very common application for SSL VPN is remote desktop. By using the Windows 'Remote Desktop Web Connection', your office desktop will be accessible from your web browser whereever you are and whoever's computer you're using. In addition, by using Vigor web proxy, you can browse external web sites via the tunnel, thus bypassing any local web site blocking policy (content filtering or local polcies). If you are familiar with 'port redirection' or 'open ports setup' on Vigor routers, SSL Proxy to your internal web services is very similar in concept to this except that the data passes through a secured tunnel, hence increasing security and privacy.

    Please check on specific models for the level of SSL VPN supported.


    MOTP (Mobile One-time Passwords)

    As an alternative to a fixed password for remote teleworkers, you can make use of DrayTek's Mobile One-Time Password (MOTP) system to add Two-layer authentication. A One-time password is generated dynamically each time you want to connect, works once only and expires immediately. For DrayTek MOTP, the authentication device is your mobile phone; MOTP applets are available for Symbian mobile phones (e.g. Nokia), most phones supporting Java and the Apple iPhone™.

    apple iPhone MOTP

    SSL VPNs beyond the Browser

    Using the web browser for your remote access is great for accessing web-based applications (intranet, webmail, remote web desktop etc.) but it does not provide access to the actual network directly, for example for shared directory access, network resources or other applications which are not browser based. Only data or applications which are available in your web browser locally are available remotely via the SSL Proxy (see above).

    For full network access, DrayTek provide an Java Tunnel plug-in (a VPN client, effectively) which can transfer at the network layer, making a fully VPN tunnel. This is called SSL Tunnel mode. This plug-in is downloaded automatically by your browser from the host Vigor router when you log into the SSL VPN and select Tunnel mode. You are then fully connected to the remote network for direct network resource access. In this way, you are no longer limited to running web-based applications and can access shares and other network resources.

    VPN Trunking

    VPN Trunking is the facility to create more than one VPN tunnel, over a second Wan CONNECTION, to the same remote location in order to provide either increased bandwidth between the two sites (load balancing) or resilience (failover) in the event that one tunnel/connection is interrupted. The Vigor 2960 supports both Failover and Load Balancing modes for VPN Trunks.

    The Vigor 2960 already supports load balancing to the Internet using its dual-WAN ports. What VPN trunking does is enables a single virtual tunnel to be created across both WAN connections to the same remote location creating a single virtual tunnel, recombining the tunnel at the other end. As far as the traffic and LAN devices/clients are concerned, there is just a single tunnel, with increased bandwidth.

    DrayTek VPN Trunking

    In the diagram above, you can see a single virtual tunnel as far as the LAN at each end is concerned. Within the router, two WAN connections are being used with each router, across which the VPN tunnel can be spread, increasing total capacity and/or redundancy (for failover).


    Additional Features:


    The benefits of SSL VPNs

    One potential drawback of using the above methods for a Teleworker-to-central site VPN is that they need compatiable protocol stacks at each end (e.g. an IPSec client or hardware) and most importantly those protocols need to be freely passed by your local host network. This isn't normally a problem where you own the computers and the network in use and you can install any client, software or hardware you choose, as well as allowing any traffic types you like. Where it can become a problem is where you are using someone else's computer or network where either you cannot use the O/S VPN client, or the host network blocks VPN protocols or makes them unreliable. This is most commonly a problem when using WiFi hotspots or other public Internet access methods (hotels, conference centres etc.).

    You may already have heard of SSL previously, and you have almost certainly used it. SSL (Secure Sockets Layer) is the protocol used by all web browsers for accessing 'secure' web sites. You will have used secure web sites whenver you have used your credit card online or accessed your banking web sites, for example. SSL is supported by all web browsers, and as it is so commonly used, all hotspots and other public Internet will always allow SSL to pass properly.

    Another advantage of web based SSL VPN is that your host Vigor router presents the user with his/her login page to the network within their browser and then can provide access only to the web based applications or local servers which you allow as opposed to a regular VPN which connects the user to the network directly for access to any resource which is accessible locally. No TCP/UDP ports have to be opened on your host router; if the user cannot login to the VPN, they won't get access.

    As mentioned previously, an SSL VPN uses your standard web browser; this means that for your web based applications running at your office (webmail, Intranet, Thin Clients etc.) SSL VPNs work really well for this access method, which is called 'SSL Web Proxy' mode. A very common application for SSL VPN is remote desktop. By using the Windows 'Remote Desktop Web Connection', your office desktop will be accessible from your web browser whereever you are and whoever's computer you're using. In addition, by using Vigor web proxy, you can browse external web sites via the tunnel, thus bypassing any local web site blocking policy (content filtering or local polcies). If you are familiar with 'port redirection' or 'open ports setup' on Vigor routers, SSL Proxy to your internal web services is very similar in concept to this except that the data passes through a secured tunnel, hence increasing security and privacy.

    Please check on specific models for the level of SSL VPN supported.


    MOTP (Mobile One-time Passwords)

    As an alternative to a fixed password for remote teleworkers, you can make use of DrayTek's Mobile One-Time Password (MOTP) system to add Two-layer authentication. A One-time password is generated dynamically each time you want to connect, works once only and expires immediately. For DrayTek MOTP, the authentication device is your mobile phone; MOTP applets are available for Symbian mobile phones (e.g. Nokia), most phones supporting Java and the Apple iPhone™.

    apple iPhone MOTP

    SSL VPNs beyond the Browser

    Using the web browser for your remote access is great for accessing web-based applications (intranet, webmail, remote web desktop etc.) but it does not provide access to the actual network directly, for example for shared directory access, network resources or other applications which are not browser based. Only data or applications which are available in your web browser locally are available remotely via the SSL Proxy (see above).

    For full network access, DrayTek provide an Java Tunnel plug-in (a VPN client, effectively) which can transfer at the network layer, making a fully VPN tunnel. This is called SSL Tunnel mode. This plug-in is downloaded automatically by your browser from the host Vigor router when you log into the SSL VPN and select Tunnel mode. You are then fully connected to the remote network for direct network resource access. In this way, you are no longer limited to running web-based applications and can access shares and other network resources.

    VPN Trunking

    VPN Trunking is the facility to create more than one VPN tunnel, over a second Wan CONNECTION, to the same remote location in order to provide either increased bandwidth between the two sites (load balancing) or resilience (failover) in the event that one tunnel/connection is interrupted. The Vigor 2960 supports both Failover and Load Balancing modes for VPN Trunks.

    The Vigor 2960 already supports load balancing to the Internet using its dual-WAN ports. What VPN trunking does is enables a single virtual tunnel to be created across both WAN connections to the same remote location creating a single virtual tunnel, recombining the tunnel at the other end. As far as the traffic and LAN devices/clients are concerned, there is just a single tunnel, with increased bandwidth.

    DrayTek VPN Trunking

    In the diagram above, you can see a single virtual tunnel as far as the LAN at each end is concerned. Within the router, two WAN connections are being used with each router, across which the VPN tunnel can be spread, increasing total capacity and/or redundancy (for failover).

    Email product to a friend
    Print product details
    View Keywording: