VPN scheduling for Remote Dial-in users

Security concerns are being heightened as more cyber attacks come from the Internet. The result being that network administrators may choose to limit VPN access to working hours only. This maybe particularly relevant for the connection time of work-from-home colleagues.

Vigor 3910 and Vigor 2962 routers support scheduling a VPN connection, a feature available since firmware version 3.9.6 was released.

For more details see the article Allow VPN Remote Dial-In connections only during Working Hours which demontrates how to configure a router for scheduling VPN access.


Supported Models and Firmware versions include:

Vigor3910/Vigor2962 as of firmware version 3.9.6
Vigor2927/Vigor2865/Vigor2866/Vigor2765/Vigor2766 as of firmware version 4.3.1

Please note that there are currently no plans to add this feature to older models.

Default IPsec Phase1 Dial-out Proposal Encryption with Firmware 3.9.2.

Change Proposal and the Orders of Auto IKE Phase 1

Vigor routers using Firmware version 3.9.2. such as the Vigor 3910 have modified encryption orders for the Dial-Out Auto IKE Proposal. This change may cause VPN compatibility issues if a VPN server doesn’t accept the newer proposals.

When customers report the IPsec VPN connection can not dial-up after the firmware upgrade, we advise them to:

  • Manually configure the Dial-Out IKE phase 1 proposal on the IKE Advance Setup page of the Vigor router
  • Modify the VPN profile on the VPN server for accepting the more secure proposals.

The orders sequence has been changed as follows:

Previous

  • DES-MD5 G1 (768-bit)
  • DES-SHA1 G1 (768-bit)
  • 3DES-MD5 G1 (768-bit)
  • 3DES-MD5 G5 (1536-bit)
  • 3DES-SHA1 G5 (1536-bit)
  • 3DES-MD5 G2 (1024-bit)
  • AES128-MD5 G2 (1024-bit)
  • AES256-SHA1 G2 (1024-bit)
  • AES128-MD5 G5 (1536-bit)
  • AES256-SHA1 G5 (1536-bit)
  • AES256-SHA1 G14 (2048-bit)

New

  • AES256-SHA1 G14 (2048-bit)
  • AES256-MD5 G14 (2048-bit)
  • AES256-SHA1 G5 (1536-bit)
  • AES256-MD5 G5 (1536-bit)
  • AES192-SHA1 G14 (2048-bit)
  • AES192-MD5 G14 (2048-bit)
  • AES128-SHA1 G5 (1536-bit)
  • AES128-MD5 G5 (1536-bit)
  • 3DES-MD5 G5 (1536-bit)
  • 3DES-SHA1 G5 (1536-bit)

For further information or questions, please contact us.