Security firewall router
- Dual Gigabit Ethernet WAN port for failover and load-balancing
- 2 USB 2.0 ports for 3G/LTE mobile, FTP server and network printers
- 5 x Gigabit LAN ports with multiple subnets
- Support IPv6 & IPv4 network
- Object-based SPI Firewall and CSM (Content Security Management) for network security
- VLAN for secure and efficient workgroup management
- Support central AP / VPN / Switch Management
- 50 VPN tunnels with comprehensive secure protocols
- VPN load-balancing and backup for site-to-site applications
- Flexible Network Management
- Supports Smart Monitor Traffic Analyzer (50-nodes)
- Integrated with IEEE 802.11ac wireless access point (Vigor2925ac, Vigor2925Vac only)
- Working with VigorACS SI Central Management for multi-site deploymen
- VoIP for cost-effective communication ( Vigor2925Vac, Vigor2925Vn-plus only)
Vigor2925 Series is the IPv6 ready dual WAN broadband security firewall router.
It ensures the business continuity for today and the future IPv6 network. Its two gigabit Ethernet WAN port can accept various high-speed Ethernet-based WAN links via FTTx/xDSL/Cable.
The 2 USB ports are for 3G/LTE mobile broadband access.
With the multi-WAN accesses, Vigor2925 series routers provides flexible and reliable broadband connectivity for the small business office.
The specifications cover many functions that are required by modern day businesses, including secure but easy to apply firewall, comprehensive VPN capability, Gigabit LAN ports, USB ports for 3G/LTE mobile dongles, FTP servers and network printers, VLAN for flexible workgroup management, and much more.
The VPN backup and VPN load balancing assures business continuity via multi-WAN connection to the Internet. The bandwidth management, Quality of Service, VLAN for flexible workgroup management, User Management for authentication, Route Policy, Central VPN Management, Central AP Management and Firewall serve your daily office network to bring in more business opportunities.
Dual Gigabit Ethernet WAN ports for failover and load-balancing
The Gigabit Ethernet WAN ports cater for any type of Internet access, including FTTx, xDSL and Cable fitting your local infrastructure. You can then use both WAN 1 and WAN 2 for failover, ensuring that you will always have an access to the Internet even if one of the WAN fails, or for load-balancing so the 2 WANs share Internet traffic requirements of your organization.
2 USB 2.0 ports for 3G/LTE mobile, FTP drive and network printer
The two USB ports can be used for the connection of 3G/LTE dongle, FTP drive and network printers.
A 3G/LTE connected to one of the 2 USB ports can be used as a second WAN for bandwidth management.
The USB WAN interface can also be the primary access if the local fixed line service hasn’t been deployed yet.
You have 2 USB for 3G/LTE dongle connect to the USB ports, and assign one of these (WAN 3) to be the primary access and the other (WAN 4) as the fail-over back-up. And, you have the flexibility to convert back to fixed line services when these become available.
The access can be using “username and password” or “public”. Each of them can have their own directories and/or file access rights.
We support Dual Stack (PPP, DHCPv6 Client, Static IPv6, 6rd) and Tunnel Mode (TSPC, AICCU, 6in4 static-tunnel) to let your business operation successfully be migrated to the era of IPv6.
Because the IPv4 addresses are limited and IPv6 allows for a larger address space and much more efficient routing. The Vigor2925 series support IPv6 and IPv4. The Vigor2925 series can support IPv6 broker/tunnel services to provide IPv6 access using either AICCU or TSPC via 3rd party IPv6 providers if your ISP does not support IPv6 yet.
- Can be run on any one of the WAN ports (ADSL/VDSL2, Ethernet or 3G; but the USB WAN port can run AICCU/TSPC tunnel mode only)
- Can connect to direct native IPv6 ISPs
- Can build tunnel to 3rd party IPv6 brokers using either AICCU or TSPC methods
- Default stateful firewall for all IPv6 LAN clients/ devices
- DHCPv6 Client
- Static IPv6 Client
- DHCPv6 & RADVD (Router Advertisement Server) for client configuration
- QoS for IPv6 with DiffServ
- IP Filtering Rules
- Router Management over IPv6 (Telnet/HTTP) with IPv6 access list
- Concurrent operation with IPv4 (“Dual-Stack”)
- Other router features are only available on IPv4
Like all DrayTek routers, Vigor2925 Series routers support comprehensive network management functions. For example, you can set username/password and directory/file access privilege for individual users as required. There are also routing/network tables, system log, debugging utilities, etc., making network administrators' jobs easy.
Other management features include SNMP, TR-069 and TR-104. TR-069 can be utilized with DrayTek's VigorACS SI management software to remotely monitor and manage the Vigor2925 series.
There are many nodes of license for deploying VigorACS SI Central Management. Through “Self-hosted” or “Cloud-based” subscription, the remotely-deployed DrayTek Vigor routers can be managed for firmware upgrade, VPN establishment, real-time monitoring and obtain proper customer care.
Supports Smart Monitor traffic report software
Vigor2925 series routers support Smart Monitor, DrayTek's proprietary network traffic reporting software, for up to 50 users. This software monitors all incoming and outgoing network traffic, categorizes these into various activity and data types and provides statistics in various report types, so network administrators can monitor network activities for planning and/or fault locating purposes.
Central AP Management
APM provides the 3-step installation, plug-plug-press, and then wireless clients are able to enjoy surfing internet. Moreover, through the unified user interface of Draytek routers, the status of APs is clear at the first sight.
If your network requires several VigorAP900 or VigorAP 810 units, to centrally manage and monitor them individually as a group will be expected. DrayTek central wireless management (AP Management) lets control, efficiency, monitoring and security of your company-wide wireless access easier be managed.
Inside the web user interface, we call “central wireless management” as Central AP Management which supports mobility, client monitoring/reporting and load-balancing to multiple APs. For central wireless management, you will need a Vigor2860 or Vigor2925 series router; there is no per-node licensing or subscription required.
For multiple wireless clients, to apply the AP Load Balancing to the multiple APs will manage wireless traffic with smooth flow and enhanced efficiency.
With F/W 3.7.4, the embedded Central VPN Management (CVM) will let network administrator register up to 16 remote routers but run concurrent remote management over 8 remote routers.
Multi-subnets ( Multiple Private LAN Subnets )
With the 5-port Gigabit switch on the LAN side, the Gigabit LAN switch provides extremely high speed connectivity for the highest speed local data transfer of any server or local PCs. The tagged VLANs (802.1q) can mark data with a VLAN identifier. This identifier can be carried through on onward Ethernet switch to specific ports. The specific VLAN clients can also pick up this identifier as it is just passed to the LAN. You can set the priorities for LAN-side QoS. You can assign each of VLANs to each of the different IP subnets that the router may also be operating, to provide even more isolation. The said functionality is tag-based multi-subnet.
Each of the wireless SSIDs can also be grouped within one of the VLANs. *Except Vigor2925
With multi-subnet, the traffic can be sent through non-NAT mode with higher performance. If you deploy Vigor2925 series with MPLS network with your main office, the multi-subnet settings will let your data transactions be carried out without NAT.
For remote teleworkers and inter-office links, Vigor2925 series provide up to 50 simultaneous VPN tunnels (such as IPSec/PPTP/L2TP protocols) for secure data exchange and communication. With a dedicated VPN co-processor, the hardware encryption of AES/DES/3DES and hardware key hash of SHA-1/MD5 are seamlessly handled, thus maintaining maximum router performance. Teleworkers can be authenticated directly with your LDAP server if preferred. The Vigor2925 series are equipped with two Gigabit Ethernet ports and USB WAN ports for WAN load-balancing and backup. The VPN trunking (VPN load-balancing and VPN backup) are hence implemented on Vigor2925 series. With VPN trunking, you can create multiple WAN connections to a remote site in order to increase bandwidth. The VPN trunking also can allow you to have failover (backup) of VPN route through a secondary WAN connection.
With SSL VPN, Vigor2925 series let teleworkers have convenient and simple remote access to central site VPN. The teleworkers do not need to install any VPN software manually. From regular web browser, you can establish VPN connection back to your main office even in a guest network or web cafe. The SSL technology is same as the encryption that you use for secure web sites such as your online bank. The SSL VPNs can be operated in either full tunnel mode or Proxy mode.
For client-to-site, remote dial-in users can use up-to 25 SSL VPN tunnels to avoid the local network infrastructure limitation, , there are 64 profiles on WUI, but it only allows 25 concurrent tunnels.
Up to 50 VPN tunnels are supported, each can be set to IPsec/PPTP/L2TP/L2TP over IPsec protocols, with hardware encryption of AES/DES/3DES. This level of VPN capability covers the requirements of most businesses for secure inter-office and remote data accessing. For the site-to-site application, Vigor2925 Series offers VPN load-balancing & backup to deliver the high performance and reliable remote access. For client-to-site, remote dial-in users can use up-to 25 SSL VPN tunnels to avoid the local network infrastructure limitation, there are 64 profiles on WUI, but it only allows 25 concurrent tunnels.
VLAN for secure and efficient workgroup management
Not only with 5 x Gigabit LAN ports for the needs of unified communication applications, such as CRM server, FTP server, Mail server, the Vigor2925 Series has the comprehensive VLAN function for management. The VLAN functions allow 5 subnets to be allocated for multiple workgroups. When combined with the NAT and firewall functions, you can design corporate network groups in terms of traffic, security level, priority settings, etc.
Applications such as VoIP, IPTV and Wireless SSID can also be integrated into VLAN tags and firewall objects, giving you the maximum flexibility in designing workgroups for your organization.
Object-based SPI Firewall for network security
Like all DrayTek routers, Vigor2925 Series supports Object-based SPI firewall and CSM (Content Security Management). The firewall allows setting of Call/Data Filters and DoS prevention, whereas the CSM covers IM/P2P/Protocol filter, URL Content Filter and Web Content Filter.
With Objects settings, you can pre-define objects or groups for IP, service type, keyword, file extension, etc., and mix these with the Time Scheduler or the VLAN groups as required. Altogether this gives you peace of mind whether you are guarding a complicated network or a small office.
Embedded IEEE 802.11n WLAN (2.4GHz)* Except Vigor2925
Vigor2925 series ( except Vigor2925 ) has a built-in IEEE 802.11n WLAN Access Point. The Wi-Fi access is also protected by security and encryption protocols, including WEP/WPA/WPA2, MAC Address Control, Multiple SSID, Wireless LAN Isolation, Wireless VLAN and 802.1x Authentication.
The Wireless Rate Control function allows connection rates for each network device to be individually managed as required. The WMM (Wi-Fi Multi-Media) function allows setting of priority levels for various applications: voice, video, data, etc., so time-critical applications can be assigned higher priority levels. Furthermore, WDS (Wireless Distribution System) function allows you to extend the wireless coverage distance easily.
* Except Vigor2925
Concurrent dual-band 802.11ac WLAN (2.4/5GHz frequency)
The Vigor2925ac and Vigor2925Vac are equipped IEEE 802.11ac wireless access point which can run 300Mbps @ 2.4GHz and 1300 Mbps @5GHz 11ac).
The Wireless Rate Control function allows connection rates for each network device to be individually managed as required. The WMM (Wi-Fi Multi-Media)* function allows setting of priority levels for various applications: voice, video, data, etc., so time-critical applications can be assigned higher priority levels. Furthermore, WDS (Wireless Distribution System) function allows you to extend the wireless coverage distance easily.
* Vigor2925ac, Vigor2925Vac only
Cost-effective VoIP feature
The VoIP QoS feature is available in Vigor2925Vn-plus and Vigor2925Vac. It ensures the VoIP packets with highest priority and desired bandwidth to make crystal-clear calls.
In line with the concept of Internet covering all aspect of communication requirements, Vigor2925Vn-plus and Vigor2925Vac are designed with 2 FXS ports and a Line port, and supports many supplemental services. You can connect 2 analogue telephones to the 2 FXS ports, and the PSTN line to the Line port. The Vigor2925Vn-plus and Vigor2925Vac support 12 SIP (Session Initiation Protocol) registrations through Internet or with the traditional PSTN line (for instance, in case of an electricity blackout and subsequent loss of power to the router itself).
* Vigor2925Vn-plus, Vigor2925Vac only
- Giga Ethernet (WAN1 & WAN2)
- DHCP Client
- Static IP
- PPTP/L2TP (WAN-2 only)
- PPPoA (ADSL2 only)
- 802.1q Multi-VLAN Tagging
- USB (WAN3 & WAN4)
- Tunnel Mode: TSPC, AICCU, 6rd, Static 6in4
- Dual Stack: PPP, DHCPv6 Client, Static IPv6
- 3.5G/4G-LTE as Primary or Backup WAN
- Printer Sharing
- File System
- Support FAT32 File System
- Support FTP Function for File Sharing
- Support Samba for File Sharing
- LTE USB mobile Support List Please Contact firstname.lastname@example.org
- Up to 50 VPN Tunnels
- Protocol : PPTP, IPsec, L2TP, L2TP over IPsec
- Encryption : MPPE and Hardware-based AES/DES/3DES
- Authentication : MD5, SHA-1
- IKE Authentication : Pre-shared Key and Digital Signature (X.509)
- LAN-to-LAN, Teleworker-to-LAN
- DHCP over IPsec
- IPsec NAT-traversal (NAT-T)
- Dead Peer Detection (DPD)
- VPN Pass-through
- VPN Wizard
- SSL VPN: 25 Tunnels
- VPN Trunk (Load Balance/Backup)
- Load-Balance/Route Policy (The Gigabit Ethernet interface and USB mobile can be used either for WAN-backup or load balancing.)
- WAN Connection Failover
CSM (Content Security Management)
- IM/P2P Application
- GlobalView Web Content Filter (Powered by )
- URL Content Filter :
- URL Keyword Blocking (Whitelist and Blacklist)
- Java Applet, Cookies, Active X, Compressed, Executable, Multimedia File Blocking
- Excepting Subnets
Central Device Management
- AP Management
- VPN Management
- Switch Management
- Guarantee Bandwidth for VoIP
- Class-based Bandwidth Guarantee by User-defined Traffic Categories
- DiffServ Code Point Classifying
- 4-level Priority for Each Direction (Inbound/Outbound)
- Bandwidth Borrowed
- Bndwidth/Session Limitation
- Layer-2 (802.1p) and Layer-3 (TOS/DSCP) QoS Mapping
- Packet Forwarding Acceleration*
- DHCP Client/Relay/Server
- IGMP Snooping/Proxy V2 and V3
- Triple-Play Application
- Dynamic DNS
- NTP Client
- Call Scheduling
- RADIUS Client
- DNS Cache/Proxy and LAN DNS
- UPnP 30 sessions
- Multiple Subnets
- Port-based/Tag-based VLAN (802.1q)
- Routing Protocol:
- Static Routing
- RIP V2
- Web-based User Interface (HTTP/HTTPS)
- Quick Start Wizard
- CLI (Command Line Interface, Telnet/SSH)
- Administration Access Control
- Configuration Backup/Restore
- Built-in Diagnostic Function
- Firmware Upgrade via TFTP/FTP/HTTP/TR-069
- Logging via Syslog
- SNMP Management MIB-II
- Management Session Time Out
- 2-level Management (Admin/User Mode)
- LAN Port Monitoring
- Support Smart Monitor (50 clients)
- Central AP Management (20 nodes)
- Central VPN Management (Up to 8 Remote Routers)
- Multi-NAT, DMZ Host, Port-redirection and Open Port
- Object-based Firewall, Object IPv6, Group IPv6
- MAC Address Filter
- SPI (Stateful Packet Inspection) (Flow Track)
- DoS Prevention
- IP Address Anti-spoofing
- E-mail Alert and Logging via Syslog
- Bind IP to MAC Address
- Time Schedule Control
- User Management
Wireless AP ( n / n-plus / Vn-plus / ac / Vac models )
- 2.4GHz ( n model)
- 2.4 + 5GHz (n-plus/vn-plus/ac/vac models)
- Wireless Client List
- Wireless LAN Isolation
- 64/128-bit WEP
- Wireless Wizard
- Hidden SSID
- MAC Address Access Control
- Access Point Discovery
- WDS (Wireless Distribution System)
- 802.1x Authentication
- Multiple SSID
- Wireless Rate-control
- IEEE802.11e: WMM (Wi-Fi Multimedia)
- SSID VLAN Grouping with LAN Port (Port-based VLAN)
VoIP ( Vac / Vn-plus models )
- Protocol: SIP, RTP/RTCP
- 12 SIP Registrars
- G.168 Line Echo-cancellation
- Jitter Buffer
- Voice codec:
- G.729 A/B
- DTMF Tone :
- Outband (RFC-2833)
- SIP Info
- FAX/Modem Support :
- Tone Detection
- G.711 Pass-through
- Supplemental Services :
- Call Hold/Retrieve/Waiting
- Call Waiting with Caller ID*
- Call Transfer
- Call Forwarding (Always, Busy and No Answer)
- Call Barring (Incoming/Outgoing)
- DND (Do Not Disturb)
- MWI (Message Waiting Indicator) (RFC-3842)
- Secure Phone (ZRTP + SRTP)
- PSTN Loop-through When Power Failure
- Dial Plan :
- Phone Book
- Digit Map
- Call Barring
Flexibility Internet Application
VPN Hub and Spoke
VPN TrunkThe VPN backup ensures the stable LAN-to-LAN (site-to-site) remote access
VLAN for Secure and Efficent Workgroup Management
Security & Productivity - SSID
The CVM (Central VPN Management)
The AP Management of Vigor2925 series
Support Smart Monitor up to 50 PC Users
With rackmount bracket
|Wi-Fi Frequency||11b/g/n :
|Wireless Transmit Power||2.4GHz Max : 19 dBm 5 GHz Max : 21 dBm|
|Temperature||Operating : 0°C ~ 45°C Storage : -25°C ~ 70°C|
|Humidity||10% ~ 90% ( non-condensing )|
|Power Adapter||DC 12V / 1.5A ( 2925, 2925n, 2925n plus, 2925Vn plus ) DC 12V @ 1.5A ~ 2A ( 2925ac, 2925Vac )|
|Max. Power||10 Watt ( 2925 ) 15 Watt ( 2925n ) 17 Watt ( 2925n plus, 2925Vn plus ) 24 Watt ( 2925ac, 2925Vac )|
|Dimension||L241 * W165 * H44 (mm)|