Release Notes PN 93000573_D

                         Digi Connect WAN VPN GSM
                         Digi Connect WAN VPN EDGE10
                         Digi Connect WAN VPN S1X
                         Digi Connect WAN VPN C1X
                         Digi Connect WAN VPN V1X
                         Digi Connect WAN VPN 1X

                            82001253_D EOS

                            July 27, 2006


INTRODUCTION

    This is a production release of firmware for the Digi Connect WAN VPN GSM,
    Digi Connect WAN VPN Edge10, Digi Connect WAN VPN S1X,
    Digi Connect WAN VPN V1X, Digi Connect WAN VPN C1X, and
    Digi Connect WAN VPN 1X.

    The Digi Connect WAN VPN family, part of the Digi Remote Site Management
    line of products, provide an alternative to traditional wired TCP/IP
    Wide Area Networks (WANs), utilizing global wireless Cellular, and
    IPSec VPN technology to create secure primary and backup network
    connectivity. They offer an easy, cost-effective, means of securely
    connecting virtually any remote location or device into the corporate
    IP network.

SUPPORTED PRODUCTS

    Digi Connect WAN VPN GSM
    Digi Connect WAN VPN EDGE10
    Digi Connect WAN VPN S1X
    Digi Connect WAN VPN V1X
    Digi Connect WAN VPN C1X
    Digi Connect WAN VPN 1X

ENHANCEMENTS

    Add IP Pass-through mode (optional):

        IP Pass-through (bridged) mode specifies that IP packets received
        by the Digi device server will be bridged transparently between the
        Ethernet and mobile data links. This is useful for interoperability
        with third-party routers. Effectively, the mobile IP address of the
        Digi device server is given to a host on the Ethernet side of that
        Digi device server. Please consult with your mobile plan provider
        to obtain addresses to use (IP, DNS), and that your plan supports
        static address assignment.

        Optional "pinholes" can be configured such that a user can still
        access specific services of the Digi device server from the mobile
        network side, even when it is operating in IP Pass-through mode. For
        example, one can configure a pinhole that permits a user to telnet
        to the Digi device server over the mobile network connection.

    Add Socket Tunnel feature:

        A Socket Tunnel can be used to connect two network devices - one on
        the Digi device server's local network and the other on the remote
        network. This is especially useful for providing SSL data protection
        when the local devices do not support the SSL protocol.

        One of the endpoint devices is configured to initiate the socket
        tunnel. The tunnel is initiated when that device opens a TCP socket
        to the Digi device server on the configured port number. The Digi
        device server then opens a separate connection to the specified
        destination host. Once the tunnel is established, the Digi device
        server acts as a proxy for the data between the remote network socket
        and the local network socket, regardless of which end initiated the
        tunnel.

    Support additional wireless carriers:
      o Cellular South (CDMA)
      o Movistar Colombia (CDMA)
      o Movistar Panama (CDMA)
      o Movistar Peru (CDMA)
      o Verizon Puerto Rico (CDMA)

    Improve cellular module provisioning (web UI and CLI).

    Add SureLink (tm) statistics and additional mobile information to the
    Mobile System Information web page.

    Connectware Manager (Remote Management):
      o Add Server-Initiated Connection support for Connectware Manager,
        allowing the server to connect to the device (on demand) as a
        configurable option. Includes Last Known Address (LKA) updates
        to the Connectware Manager when the mobile IP address changes.
      o Decrease the amount of data exchanged over a cellular connection
        when connecting to the Connectware Manager server.
      o Simplify Remote Management Configuration web pages for an improved
        user experience.
      o Add support to disconnect from the Connectware Manager when the
        connection to the server is idle for a configurable interval.

    DHCP Server:
      o Add configurable conflict detection, whereby the DHCP Server pings
        an IP address to verify its availability, before offering it to a
        client for a new lease. Conflict detection is disabled by default.
      o Improve information on web page for DHCP Server Management.
      o Improve web UI help information.

    Add RealPort (tm) "exclusive" mode option:

        Exclusive mode provides the ability for the Digi device to close an
        existing RealPort connection and establish a new one immediately upon
        a new connection request from the same IP address.

        This mode is useful when using RealPort over wide area networks that
        can be unstable and where you are charged by the byte (such as cellular
        or satellite) and do not wish to incur costs for keep-alive traffic.
        Exclusive mode will allow your application to retain continuity when
        temporary, unexpected interruptions in network connectivity occur.

        This configuration is available via the command line.
        Syntax: set realport exclusive=on|off

BUG FIXES

    Fixed an issue in which some of the cached DHCP Server configuration
    information may be corrupt after a button reset. (18483)

    Fixed an issue in which a network endpoint (UDP socket) could become
    blocked because of an empty packet being sent to it. (18626)

    Invalid alarm subject when configuring an snmp trap alarm. (17656)

    In Network Services Settings page, ADDP UDP port may no longer be
    configured by the user. (16811)

    Added mobile phone number of cellular modem to Mobile System Information
    page in web UI. (17752)

    Fixed an issue in which telnet breaks were not being sent on a serial
    port. (17568)

    Fixed memory leaks. (17730, 18440)

    Fixed a failure to detect in a timely manner the end of a session in
    SSL/TLS, particularly during the handshake phase. (19068)

    Removed unneeded or invalid <ppp_stats> groups from the RCI <query_state>
    reply. This eliminates confusion and significantly reduces the size of
    the generated output. (18880) Corrected duplicate <rx_data> and <tx_data>
    elements in the <ppp_stats> group. (19052)

    Removed inappropriate BER (bit error rate) item from 'display mobile'
    output for Siemens MC75 module.

    Added multiple AES key lengths (128, 192 and 256 bit) to ISAKMP/IKE
    phase 1 encryption proposals.  Clarified encryption proposals for
    ISAKMP/IKE phase 2 proposals, which currently support only 256-bit keys.
    Removed the other key length selections from the UI for phase 2, until
    we support a configurable AES key length. (18824)

KNOWN ISSUES

    On some IPSec VPNs, SA lifetime is not negotiated correctly.  To work
    around this issue, configure the SA lifetime on the Digi ConnectPort WAN VPN
    to be less than that configured on the VPN concentrator.

    For IPSec VPN tunnels using AES encryption, multiple key lengths (128-,
    192- and 256-bit) are supported for ISAKMP/IKE phase 1 encryption proposals.
    For ISAKMP/IKE phase 2 proposals, currently only 256-bit keys are supported
    for AES encryption.

DOCUMENTATION ERRATA

    None.

HISTORY

  82001253_D - July 27, 2006

    See ENHANCEMENTS and BUG FIXES information above.

  82001253_C1 - May 10, 2006

    - Fixed an issue, where, in certain circumstances, the device would not
      retain the correct default IP address assignment configuration. (18544)

  82001253_C - April 28, 2006

    - SureLink (tm) link integrity monitor.
    - DynDNS.org dynamic DNS support.
    - Data-only SIM/plan support (GSM, EDGE10).
    - Additional wireless carriers support:
        o Cellular One (GSM)
        o Alltel (CDMA)
        o IUSACELL (CDMA)
        o Midwest Wireless (CDMA)
        o Oceanic Digital (CDMA)
        o Telus (CDMA)
        o Movistar (CDMA)
    - Generic GSM carrier updates
    - Mobile data throughput enhancements.
    - Support for mobile IP mode selection (V1X, Verizon 1X).
    - Added support for 1X product.
    - An issue was corrected which may have prevented negotation of PAP over
      the mobile link.
    - An issue was corrected where, under certain conditions, it was
      possible for the Digi Connect to be unaware of a dropped mobile link.

  82001253_B - January 22, 2006

    - Added capability to reset cellular module or device after a configurable
      number of failed originations.
    - Added features to support requirements for usage on the Verizon network.
    - SIM PIN support for GSM carriers.
    - Maximum number of NAT triggers is now configurable.
    - Configurable delayed ACK, gratuitous ARP, RTO min/max, ARP TTL.
    - Connections to Connectware Manager server can be compressed.
    - Enhanced capability of the device to re-connect to the mobile network if
      the connection is lost for any reason.
    - Made RealPort protocol keepalives configurable with the "set realport"
      command, lowering aggregate protocol traffic.  TCP keepalive should be
      used if RealPort protocol keepalives are disabled.
    - Fixed an issue where the mobile IP address was not being transmitted
      correctly when used as a VPN identity.
    - Fixed an issue where, in rare cases, a VPN tunnel could stop passing data.
    - Fixed an issue where enabling or disabling a VPN tunnel could cause the
      device to re-boot if traffic was moving over the connection.

  82001253_A3 - November 1, 2005

    - Fixed an issue with sporadic VPN GSM module initialization.

  82001253_A2 -  September 9, 2005

    - Added support for Digi Connect VPN C1X.
    - LCP keepalives.

  82001253_A - July 2, 2005

    Initial release.