Hi,

The 2820 default firewall security is poor, so I have created a list of firewall policies/rules to permit specific traffic in and out of the network. All works well, except for the on demand vpn tunnel between my site and another. Before the default block all traffic and then permit, the vpn tunnel would connect and traffic would flow without any problems.

With the filers in place, the tunnel will not come up when there is traffic.

I have added rule to allow traffic from and to the other remote network. I even create a rule that allowed all traffic to any destination, but the tunnel does not come up.

If I log into the router, I can press the dial button on the VPN profile and it all works.

2nd issue, and this is a biggie.

If I use the USB samba setup, even with the block all traffic or a custom firewall policy, the exteranl posts are open. This is not good.

Doing an external scan, by using www.grc.com, post 135 & 139 are open when using the Samba server.


Model Name : Vigor2820Vn
Firmware Version : 3.3.4_232201
Build Date/Time : Jun 15 2010 10:38:10
ADSL Firmware Version : 232201_A Hardware: Annex A

If you've blocked most traffic, have you allowed port TCP 1723 & GRE 47 if you're using PPTP, or UDP port 500 for IPSec?

I added a rule to allow all traffic from LAN to WAN. The tunnel does not come up automatically. If I click on the dial button in the VPN connection tab, then the tunnel starts. Traffic flows correctly though the tunnel. The problem is with the tunnel auto-connecting on demand, which is initiated by the 2820.

I think I found the solution.

I added a rule to the default call list to allow traffic from my LAN to WAN with the destination subnet of my remote VPN. It appears to be work now.