The Ideal VPN Router for Small Business and Remote Working
The DrayTek Vigor 2927ax - Dual-WAN Load Balancing Firewall VPN Router allows you to make the most of FTTP Fibre Broadband with Gigabit WAN throughput, extensive Firewall, Content Filtering, VPN client/server and Quality of Service controls.
The Vigor 2927ax features Wi-Fi 6 wireless, providing fast and efficient AX3000 wireless networking to your computers and devices. OFDMA enables the router to send data to more than one client at a time.
The Vigor 2927ax provides a reliable, flexible, and secure network solution, that’s ideal for Small Business and Home Offices.
Dual Gigabit WAN Load Balancer
The Vigor 2927ax is a Dual-Ethernet WAN router featuring VPN, advanced routing features, firewall, content filtering, bandwidth management and more. It offers high throughput with Load Balancing and Failover connectivity, suitable for handling Fibre to the Premises (FTTP) and Gigabit Internet connections. Offering up to 950Mbps per-WAN of Hardware Accelerated throughput while retaining its full feature set.
With Wi-Fi 6 AX3000 wireless, it provides ultra fast and efficient wireless coverage, to your network's computers and devices.
Route Policy - Powerful Routing Management
The Vigor 2927 series provides full policy-based control of where and how outbound traffic is routed with Route Policy:
Wi-Fi 6 - AX3000 Performance
The Vigor 2927ax features ultra-fast and highly efficient Wi-Fi 6, or 802.11ax. OFDMA allows the router to send to more than one device at a time, splitting up wireless frequency into blocks, assigning more to users that need more e.g. video data, less to users that need less e.g. VoIP calls, then sending all at once. Which ensures all users have less of a wait, greatly improving efficiency. It allows the router to effectively and responsively, serve more wireless clients.
Click here to learn more about the exciting new features that Wi-Fi 6 brings to home and office wireless networks.
Ideal VPN router for SMB
A feature central to DrayTek routers is its VPN (Virtual Private Networking) capabilities. A VPN enables you to link remote offices and branch offices back to HQ, or home-based/mobile teleworkers back to your office.
The Vigor 2927 is an ideal VPN router, with 300 Mbps standard IPsec VPN throughput and up to 50 concurrently active VPN tunnels.
With IPsec Hardware Acceleration for up to 16 VPN tunnels, performance increases up to 800 Mbps. Allowing securely encrypted tunnels between sites to make full use of high speed Internet connections.
It supports all common industry standard VPN protocols, for it to connect to VPN services, link remote offices and handle connections from all types of VPN clients. Supporting IPsec IKEv1 & IKEv2 protocols with EAP and XAuth authentication, DrayTek's SSL VPN and L2TP for both LAN to LAN and Dial-In teleworker VPNs. In addition, teleworkers can connect to the router with OpenVPN.
User management for Dial-In Teleworkers is managed through the router's web interface, with mOTP 2-factor authentication available for IPsec, L2TP and SSL VPN Teleworker connections. Alternatively, authentication for Dial-In Teleworker connections can be forwarded to your Active Directory (LDAP) or RADIUS or TACACS+ server.
Connect VPNs from behind NAT with DrayTek's VPN Matcher
A typical requirement for connecting a VPN tunnel between two points is that the VPN server must be directly accessible on the public Internet. Sometimes this can be achieved with NAT Port Forwarding if the router is located behind another router, but if the router is connected to 4G Mobile Broadband or is behind Carrier-Grade NAT (CG-NAT), connecting to that VPN server may be impossible.
DrayTek's new VPN Matcher service helps DrayTek routers behind NAT to allow Dial-In Teleworkers to connect, or connect two DrayTek VPN routers that are behind NAT and could not normally establish a VPN tunnel.
Connect an OpenVPN Teleworker to a DrayTek router behind NAT
Connect two DrayTek router's behind NAT with a LAN-to-LAN VPN
Connecting Remote Sites with LAN to LAN VPN
Supporting up to 50 concurrently active VPN tunnels, the Vigor 2927 series is ideal for connecting multiple sites or home offices together with fast and secure IPsec VPN tunnels.
Once connected, they have access to your office/remote resources through a secure encrypted tunnel allowing remote desktop, file sharing and seamless access to other resources and devices.
DrayTek SSL VPN for Dial-In Teleworkers & LAN to LAN
The Vigor 2927 supports up to 25 active DrayTek SSL VPN tunnel connections. These are encrypted tunnels linking your teleworkers or remote DrayTek Vigor routers back to your main office using SSL/TLS technology - the same encryption that you use for secure web sites such as your bank.
Teleworkers can easily create a secure SSL VPN tunnel to the DrayTek Vigor 2927 using the free DrayTek Smart VPN Client app. Available for Windows, macOS, Apple iOS (iPad, iPhone) and Android devices.
You can download the SmartVPN client and learn more about DrayTek SSL VPNs here.
5+1 Gigabit LAN Ports with VLANs
The Vigor 2927 series provides up to 6 Gigabit LAN ports for wired links to Computers, Servers and Network Attached Storage.
With 5 dedicated LAN ports and one flexible LAN/WAN port, the Vigor 2927 can connect up to 6 devices directly with a single Ethernet WAN configuration, or 5 devices with a dual Ethernet WAN configuration.
With Multiple LAN subnets and VLANs, the Vigor 2927 can manage up to 8 separate networks. For instance, an internal network with a separate network for Guests to use, completely separate from the private network. Each network with its own Content Filtering, Firewall, Quality of Service and Route Policy applied.
The router has full support for 802.1Q VLAN tagging, so that these subnets can be passed to other devices that support VLAN tags, such as the DrayTek VigorSwitch G1080 8-port switch, for additional network ports.
The Wireless LAN also links to these VLANs, making the same Guest & Private networks possible simply using different wireless SSIDs. Or connect up a DrayTek VigorAP wireless access point, such as the VigorAP 903 to do the same, spanning the router's own wireless and any connected wireless APs.
Designed for Central Management
The Vigor 2927 series (along with most other DrayTek routers, Access points and switches) can be centrally managed by our VigorACS central management platform.
This scalable solution provides visibility, control and reporting of your entire DrayTek product estate, ideal for dealers/SIs managing customers' devices or any user who wants to know what's going on with their devices. VigorACS also provides features like automated/bulk firmware updates, VPN management and alarms for connectivity or other issues.
For full details of VigorACS, click here.
Robust & Comprehensive IPv4 / IPv6 Firewall
Security is always taken seriously with DrayTek routers. The firewall protects against attacks including DoS (Denial of Service) attacks, IP-based attacks and access by unauthorised remote systems. Wireless, Ethernet and VPN are also protected by various protection systems.
The DrayTek object-based firewall enables you to create combinations of Firewall rules and Content Filtering to suit a home or small office environment, applying Content Filtering to the whole network, only specified devices or just the network that guests can connect to.
The Vigor 2927 supports both IPv4 and IPv6 with Dual-Stack IPv4/IPv6. Advanced networking features, such as the object-based Firewall, Quality of Service, Content Filtering and VLANs support both IPv4 and IPv6 networks.
Web Content Filtering with DNS Filter
The content control features of the Vigor 2927 allow you to set restrictions on web site access, blocking download of certain file or data types, blocking specific web sites with whitelists or blacklists, blocking IM/P2P applications or other potentially harmful or wasteful content. Restrictions can be per user, per PC or universal and according to time schedules.
Content filtering can also block sites using HTTPS/SSL where URLs are encrypted (and normal routers cannot block).
Using the GlobalView service, you can block whole categories of web sites (e.g. gambling, adult sites etc.), subject to an annual subscription, which is continuously updated with new or changed site categorisations or sites which have become compromised (such as infected with Malware). A free 30-day trial is included with your new router.
DrayDDNS - DrayTek Dynamic DNS Address
DrayTek provides a free Dynamic DNS address to each Vigor 2927 router, allowing you to link the router's current IP address to a memorable "drayddns.com" hostname, such as "vigor2927.drayddns.com".
This address automatically updates whenever the Internet connection's IP changes, so if one WAN’s IP address allocation is dynamic, or the IP changes when switching from the primary WAN connection to a backup, you can easily locate and access your Vigor 2927 router. Just use the hostname to access the router's VPN services, management and any other services you have made accessible through the router.
The Vigor 2927 can also authenticate your DrayDDNS hostname with free SSL/TLS certificates provided by LetsEncrypt, the router manages and automates the certificate process. Keeping the certificate up to date and ready for use with SSL VPN and other services.
High Availability - Hardware Failover
For even greater resilience, the Vigor 2927 series provides High Availability (HA), with both a primary and secondary router able to provide connectivity to your network and subnets.
In the event of the primary unit failing, the secondary unit will take its place on the network, automatically switching over to resume Internet, routing and VPN connectivity with no intervention required. This can remove the possibility of a single point of failure within your routers.
With Config Sync, the two routers are managed as a single unit, so that any changes made to the primary router will automatically propagate to the secondary router, ensuring it’s ready to take over at any time.
Read more about DrayTek High Availability here.
Manage Guest WiFi with Hotspot Web Portal
DrayTek routers make it easy to manage Guest Wireless with Hotspot Web Portal. The fully customisable captive portal can apply to both the router's wireless networks and LAN interfaces, for use with wireless access points.
Authentication can be handled by Google/Facebook or an external web Portal service such as Purple WiFi with RADIUS.
Upon connecting to the wireless network, users are presented with your company's branding and information. From there, depending on what you've set, they can simply click-through, provide their details or enter a PIN with Voucher generated by the router.
Once connected, the router can allow access until a user reaches their quota limit of time connected or bandwidth used.
Read more about Hotspot Web Portal here.
Quality of Service & Bandwidth Control
Prioritise latency-sensitive applications on your network with Quality of Service.
App QoS simplifies setting up Quality of Service significantly, simply select which applications or services to prioritise, such as Zoom and Skype.
Use 4 separate queues to give priority to servers & PCs (IP address), services such as VoIP or DNS, or packet tagging used by IP phones with 802.1p and DSCP support
Auto Voice VLAN allows the router to automatically prioritise VoIP calls as they pass through the router without additional configuration.
Control throughput with Bandwidth Limit, by setting speed limits for all clients individually, groups of IPs, or a shared bandwidth limit for a whole subnet, such as a Guest network.
Central AP & Switch Management
The Vigor 2927 manages DrayTek VigorAP access points and VigorSwitch switches connected locally to the router. This enables you to centrally control, manage and administer multiple AP & Switch devices installed around your building/campus from just the one router.
Central AP Management
The DrayTek router operating as the wireless controller can provision up to 20 DrayTek VigorAP access points with Central AP Management profiles, with an option to Auto Provision - auto configuring newly installed VigorAP access points with the Auto Provisioning profile, upon initial connection to the DrayTek Vigor router's network.
Central Switch Management
DrayTek VigorSwitch switches can be provisioned and managed through the router with DrayTek’s Central Switch Management system, which allows you to:
- Easily provision VLAN configuration and other port settings directly from the router.
- Set bandwidth rate limits and schedules for individual ports.
- Log switch events for alert notifications if network problems occur
- At a glance see the devices connected on your network with a virtual topology.
Provision & Manage VigorAPs with a DrayTek Vigor router
For further details of the central management feature, click here.
CSM - Web Content Filtering, URL Filtering & App Enforcement
Control access to the Internet, either for all users or specific networks / clients only. Category based filtering greatly simplifies the task of filtering Internet access:
Border Gateway Protocol
Automate routing setup between networks with BGP:
Policy-based Routing
Configure Route Policy rules to control how outbound traffic is routed. Send traffic from specified LAN IPs, to Internet domains (e.g. www.bbc.co.uk) through a specific WAN interface, VPN or LAN Gateway:
Data Flow Monitor
Live view of Internet bandwidth usage, showing both WAN usage and which users are using bandwidth. Use the Block button to temporarily stop Internet access to disruptive clients:
Specifications
Vigor 2927ax Router
Key Specifications
- Gigabit Dual-WAN Ethernet WAN Router with Load Balancing & Failover
- Up to 950Mbps Throughput per WAN interface, 1800Mbps in total
- Up to 300Mbps IPsec VPN Throughput
- 50 LAN-to-LAN & Remote Teleworker VPN Tunnels
- 25 DrayTek SSL VPN Tunnels
- 5+1 Gigabit RJ-45 LAN Ports
- AX3000 – Wi-Fi 6 Dual Band Wireless
- 8 LAN Subnets with VLANs (Port-based / 802.1q)
- SPI Firewall and Content Filtering
- Optional VigorCare Available
- Can be centrally Managed by VigorACS
The Vigor 2927 series comes in several different models depending on the features required. Please double check when ordering that you have selected the correct product and a product intended for the correct region/network.
This model:
UK Product Code | EAN | Product Name | Product Description |
---|---|---|---|
V2927AX-K | 4710484743879 | Vigor 2927ax (UK/IE) | Vigor 2927ax router with Wi-Fi 6 AX3000 wireless |
Other models in the Vigor 2927 router series:
UK Product Code | EAN | Product Name | Product Description |
---|---|---|---|
V2927-K | 4710484741288 | Vigor 2927 (UK/IE) | Vigor 2927 wired router |
V2927AC-K | 4710484741486 | Vigor 2927ac (UK/IE) | Vigor 2927ac router with 11ac AC1300 wireless |
V2927LAC-K | 4710484742018 | Vigor 2927Lac (UK/IE) | Vigor 2927Lac router with 11ac AC1300 wireless and integrated 4G/LTE modem |
V2927LAX-5G-K | 4712909127387 | Vigor 2927Lax-5G (UK/IE) | Vigor 2927Lax-5G router with Wi-Fi 6 AX3000 wireless and integrated 5G/LTE modem |
The EAN is a barcode number which identifies the unique specific product type. It is separate to the product serial number which is unique to each product. The EAN will also appear on your product box when you receive it so you can double check that you have been sent the right product.
These product codes are for UK/Irish products only. Please check with your local DrayTek office for the correct part nos. for your region if you are not in the UK/IE to ensure that you get the correct hardware and local support/warranty.
Technical Specification (UK Hardware Spec.)
Physical Interfaces
- WAN Ports: 1x Gigabit Ethernet (1G/100M/10M), RJ-45
- WAN/LAN Switchable Ports: 1x Gigabit Ethernet (1G/100M/10M), RJ-45
- LAN Ports: 5x Gigabit Ethernet (1G/100M/10M), RJ-45
- 2x Removable Wireless antennas
- 2x USB 2.0 Ports for 3G/4G Modem, thermometer or Printer
- Wireless On / Off / WPS button
- Recessed Factory Reset button
Antenna Specifications
- Wireless LAN Antennas:
- 2x External Dipole
- 5GHz Gain: 4.5 dBi
- 2.4GHz Gain: 5 dBi
- RP-SMA fitting antenna connectors
Performance
- NAT Performance:
- 950 Mb/s NAT Throughput for Single WAN with Hardware Acceleration
- 1.8Gb/s Total NAT Throughput for Dual WAN with Hardware Acceleration
- 800 Mb/s NAT Throughput per WAN
- 60,000 NAT Sessions
- 8000 Hardware Accelerated NAT Sessions
- VPN Performance:
- 300 Mb/s IPsec (AES256) VPN Performance
- 800 Mb/s Hardware Accelerated IPsec VPN Performance - New!
- 120 Mb/s SSL VPN Performance
- Max. 50 Concurrent VPN Tunnels
- Max. 25 Concurrent SSL VPN / OpenVPN Tunnels
WAN Interfaces
- WAN1: Gigabit Ethernet
- WAN2: Gigabit Ethernet
- WAN3: 2.4GHz Wireless WAN - Not supported on AX variant
- WAN4: 5GHz Wireless WAN - Not supported on AX variant
- WAN5: 4G/LTE USB Modem (not included, see supported 4G/LTE modem list)
- WAN6: 4G/LTE USB Modem (not included)
Internet Connection
- Load Balancing: IP-based, Session-based
- Hardware Acceleration
- 802.1p/q Multi-VLAN Tagging
- Multi-VLAN/PVC
- 2.4GHz & 5GHz Simultaneous Wireless WAN
- WAN Active on Demand: Link Failure, Traffic Threshold
- Connection Detection: PPP, ARP Detect, Ping Detect
- WAN Data Budget
- Dynamic DNS
- DrayDDNS – with automated LetsEncrypt Certificates
- Full Feature-set Hardware Acceleration:
- Hardware Accelerated Quality of Service
- Multi-WAN Data Budget
- Traffic Graph & Data Flow Monitor
- Bandwidth Limit
- IPv4 Connection Types: PPPoE, DHCP, Static IP, PPTP/L2TP
- IPv6 Connection Types:
- Ethernet: PPP, DHCPv6, Static IPv6, TSPC, AICCU, 6rd, 6in4 Static Tunnel
- 4G/LTE Modem & USB 4G/LTE Modem: TSPC, AICCU
Wireless Features
-
AX3000 Wi-Fi 6 wireless:
- 802.11ax 2x2 wireless access point
- Compatible with 802.11a/b/g/n/ac wireless
- Dual-band (2.4/5Ghz) simultaneous wireless
- Up to 2400Mbps PHY rate at 160MHz with 5GHz
- Up to 574Mbps PHY rate at 40MHz with 2.4GHz
- Channel Bandwidth: 20/40MHz for 2.4GHz, 20/40/80/160MHz for 5GHz
- OFDMA
- MU-MIMO
- Tx Beamforming
- 1024-QAM
- Up to 4 SSIDs per radio band
- Extended 5Ghz Band - Channels 36-48, 52-64, 100-140
- Wireless Optimisation: Airtime Fairness, AP-Assisted Mobility, Band Steering
- Bandwidth Management (Per Station / Per SSID)
- WMM (Wireless MultiMedia)
- WPS - WiFi Protected Setup
- Station Control - Time limited wireless connectivity per Station (e.g. 1 hour)
- EAPOL Key Retry - Disable EAPOL Key Retry to protect unpatched WLAN clients from KRACK
- Wireless Security:
- WPA2
- WPA3 – New!
- Pre-Shared Key authentication
- Enterprise 802.1x authentication
- WEP/WPA for Legacy Clients
- Access Control – Blacklist / Whitelist client MAC addresses per SSID
Firewall & Content Filtering
- IP-based or User-based Firewall Policy
- User-based Time Quota
- DoS Attack Defence
- Spoofing Defence
- Content Filtering:
- Application Content Filter
- URL Content Filter
- DNS Keyword Filter
- Web Features
- Web Category Filter (requires GlobalView subscription)
NAT Features
- NAT Port Redirection
- Open Ports
- Port Triggering
- DMZ Host
- UPnP
- ALG (Application Layer Gateway): SIP, RTSP, FTP, H.323
- VPN Pass-Through: PPTP, L2TP, IPsec
LAN Management
- 802.1q Tag-based, Port-based VLAN
- Up to 8 LAN Subnets (NAT or Routing mode selectable per LAN interface)
- Up to 16 VLANs
- DMZ Port
- DHCP Server:
- Multiple IP Subnet
- Custom DHCP Options
- Bind-IP-to-MAC
- DHCP Pool Count up to 1022 addresses for LANs 1-3
- DHCP Pool Count up to 253 addresses for LANs 4-8
- DHCP Relay per LAN
- LAN IP Alias
- Wired 802.1x Port Authentication
- Port Mirroring
- Local DNS Server
- Conditional DNS Forwarding
- Hotspot Web Portal
- Hotspot Authentication: Click-Through, Social Login, SMS PIN, Voucher PIN, RADIUS, External Portal Server
Networking Features
- Policy-based Routing: Protocol, IP Address, Port, Domain/Hostname, Country
- High Availability: Active-Standby, Hot-Standby
- DNS Security (DNSSEC)
- Local RADIUS server
- SMB File Sharing (Requires external storage)
- Multicast: IGMP Proxy, IGMP Snooping & Fast Leave, Bonjour
- Routing Features: IPv4 & IPv6 Static Routing, Inter-VLAN Routing, RIP v1/v2/ng, BGP
VPN
- Up to 50 active VPN tunnels - including up to 25 SSL VPN or OpenVPN Tunnels
- Up to 16 Hardware Accelerated 800Mb/s IPsec tunnels – New!
- LAN-to-LAN - Dial-In VPN Server & Dial-Out VPN Client
- Teleworker-to-LAN – Dial-In VPN Server
- User Authentication: Local, RADIUS, LDAP, TACACS+, mOTP
- IKE Authentication: Pre-Shared Key and Digital Signature (X.509)
- Encryption: MPPE, DES, 3DES, AES (128/192/256)
- Authentication: SHA-256, SHA-1
- VPN Trunk (Redundancy): Load Balancing, Failover
- Dead Peer Detection (DPD)
- IPsec NAT-Traversal (NAT-T)
- Virtual IP Mapping – Resolve VPN IP subnet/range conflicts
- DHCP over IPsec
- DrayTek VPN Matcher – Connect to a VPN router that’s behind NAT/CG-NAT - New!
- VPN Protocols:
- IPsec IKEv1, IKEv2, IKEv2 EAP
- IPsec-XAuth
- DrayTek SSL VPN
- OpenVPN (Remote Dial-In User only)
- GRE over IPsec
- PPTP
- L2TP, L2TP over IPsec
Bandwidth Management
- IP-based Bandwidth Limit
- IP-based Session Limit
- User-based Data Quota
Quality of Service (QoS)
- Classify via TOS, DSCP, 802.1p, IP Address, Service Type
- 4 Priority Queues
- App QoS
- VoIP Prioritization
- Class-based Outbound Traffic Tagging: DSCP & IP Precedence
Management
- Local Service: HTTP, HTTPS, Telnet, SSH, FTP, TR-069
- Config File Export & Import
- Import Config from Vigor 2926
- Auto Backup Config to USB Storage – New!
- Firmware Upgrade via TFTP, HTTP, TR-069
- 2-Level Administration Privilege
- Access Control Features: Access List, Brute Force Protection
- Syslog
- SMS, E-mail Notification Alert
- SNMP: v1, v2c, v3
- Managed by VigorACS
Router Central Management Features
- AP Management: Up to 20 VigorAP access points
- Switch Management: Up to 10 VigorSwitch network switches
- VPN Management: Up to 8 Vigor routers
Operating Requirements
- Rack Mountable (Optional Vigor RM1 mounting bracket required)
- Wall Mountable
- Temperature Operating: 0 °C ~ 45 °C
- Storage: -25 °C ~ 70 °C
- Humidity 10% ~ 90% (non-condensing)
- Power Consumption: 26.8 Watt Max.
- Operating Power: DC 12V (via external PSU, supplied)
- Power Requirements : 100-240VAC
- Weight: 780g
- Dimensions:
- 241mm Width
- 165mm Depth
- 44mm Height
Warranty
- Two (2) Year Manufacturer's RTB
- Software security updates:
5 years after the EOL notification. Please note that this only applies to products sold in the UK - Optional VigorCare Enhanced Warranty Available
- VigorCare B3 3 Year Subscription: VCARE-B3
- VigorCare B5 5 Year Subscription: VCARE-B5
Box Contents
- Vigor 2927ax router
- Quick Start Guide
- Screws & wall plugs for wall mounting
- 2m Cat-5e RJ-45 Network Cable
- 2x Detachable Wireless LAN Antennas
- DC 12V Power Supply with UK Plug
Please visit the DrayTek Mesh Model Compatibility page for mesh compatibility details
Copyright © 2024 DrayTek