Default IPsec Phase1 Dial-out Proposal Encryption with Firmware 3.9.2.
Default IPsec Phase1 Dial-out Proposal Encryption with Firmware 3.9.2.
Vigor routers using Firmware version 3.9.2. such as the Vigor 3910 have modified encryption orders for the Dial-Out Auto IKE Proposal. This change may cause VPN compatibility issues if a VPN server doesn’t accept the newer proposals.
When customers report the IPsec VPN connection can not dial-up after the firmware upgrade, we advise them to:
- Manually configure the Dial-Out IKE phase 1 proposal on the IKE Advance Setup page of the Vigor router
- Modify the VPN profile on the VPN server for accepting the more secure proposals.
The orders sequence has been changed as follows:
Previous
- DES-MD5 G1 (768-bit)
- DES-SHA1 G1 (768-bit)
- 3DES-MD5 G1 (768-bit)
- 3DES-MD5 G5 (1536-bit)
- 3DES-SHA1 G5 (1536-bit)
- 3DES-MD5 G2 (1024-bit)
- AES128-MD5 G2 (1024-bit)
- AES256-SHA1 G2 (1024-bit)
- AES128-MD5 G5 (1536-bit)
- AES256-SHA1 G5 (1536-bit)
- AES256-SHA1 G14 (2048-bit)
New
- AES256-SHA1 G14 (2048-bit)
- AES256-MD5 G14 (2048-bit)
- AES256-SHA1 G5 (1536-bit)
- AES256-MD5 G5 (1536-bit)
- AES192-SHA1 G14 (2048-bit)
- AES192-MD5 G14 (2048-bit)
- AES128-SHA1 G5 (1536-bit)
- AES128-MD5 G5 (1536-bit)
- 3DES-MD5 G5 (1536-bit)
- 3DES-SHA1 G5 (1536-bit)
For further information or questions, please contact us.