Release Notes PN 93000693_B

                  Digi ConnectPort WAN VPN (Verizon)

                            82001350_B EOS

                           August 30, 2006


INTRODUCTION

    This is a production release of firmware for the Digi ConnectPort WAN VPN.

    The ConnectPort WAN VPN is a hardened, upgradeable 3G cellular router
    that provides secure high speed wireless connectivity to remote sites and
    devices.  It can be used for primary wireless boradband network
    connectivity to equipment at remote locations, as well as for a backup
    to existing landline communications.  The ConnectPort WAN VPN is ideal
    for use where wired networks (e.g., leased line/frame relay, ISDN, DSL)
    are not feasible, or where alternative network connections are required.

SUPPORTED PRODUCTS

    Digi ConnectPort WAN VPN

SUPPORTED AIR INTERFACES

    Sierra Wireless AirCard 775
    Sierra Wireless AirCard 850
    Sierra Wireless AirCard 860
    Sierra Wireless MC5720
    Sierra Wireless MC8755
    Sierra Wireless MC8765

ENHANCEMENTS

    Add IP Pass-through mode (optional):

        IP Pass-through (bridged) mode specifies that IP packets received
        by the Digi device server will be bridged transparently between the
        Ethernet and mobile data links. This is useful for interoperability
        with third-party routers. Effectively, the mobile IP address of the
        Digi device server is given to a host on the Ethernet side of that
        Digi device server. Please consult with your mobile plan provider
        to obtain addresses to use (IP, DNS), and that your plan supports
        static address assignment.

        Optional "pinholes" can be configured such that a user can still
        access specific services of the Digi device server from the mobile
        network side, even when it is operating in IP Pass-through mode. For
        example, one can configure a pinhole that permits a user to telnet
        to the Digi device server over the mobile network connection.

    Add Socket Tunnel feature:

        A Socket Tunnel can be used to connect two network devices - one on
        the Digi device server's local network and the other on the remote
        network. This is especially useful for providing SSL data protection
        when the local devices do not support the SSL protocol.

        One of the endpoint devices is configured to initiate the socket
        tunnel. The tunnel is initiated when that device opens a TCP socket
        to the Digi device server on the configured port number. The Digi
        device server then opens a separate connection to the specified
        destination host. Once the tunnel is established, the Digi device
        server acts as a proxy for the data between the remote network socket
        and the local network socket, regardless of which end initiated the
        tunnel.

    Support additional wireless carriers:
      o Cellular South (CDMA)
      o Movistar Colombia (CDMA)
      o Movistar Panama (CDMA)
      o Movistar Peru (CDMA)
      o Verizon Puerto Rico (CDMA)

    Improve cellular module provisioning (web UI and CLI).

    Add SureLink (tm) statistics and additional mobile information to the
    Mobile System Information web page.

    Connectware Manager (Remote Management):
      o Add Server-Initiated Connection support for Connectware Manager,
        allowing the server to connect to the device (on demand) as a
        configurable option. Includes Last Known Address (LKA) updates
        to the Connectware Manager when the mobile IP address changes.
      o Decrease the amount of data exchanged over a cellular connection
        when connecting to the Connectware Manager server.
      o Simplify Remote Management Configuration web pages for an improved
        user experience.
      o Add support to disconnect from the Connectware Manager when the
        connection to the server is idle for a configurable interval.

    DHCP Server:
      o Add configurable conflict detection, whereby the DHCP Server pings
        an IP address to verify its availability, before offering it to a
        client for a new lease. Conflict detection is disabled by default.
      o Improve information on web page for DHCP Server Management.
      o Improve web UI help information.

    Add RealPort (tm) "exclusive" mode option:

        Exclusive mode provides the ability for the Digi device to close an
        existing RealPort connection and establish a new one immediately upon
        a new connection request from the same IP address.

        This mode is useful when using RealPort over wide area networks that
        can be unstable and where you are charged by the byte (such as cellular
        or satellite) and do not wish to incur costs for keep-alive traffic.
        Exclusive mode will allow your application to retain continuity when
        temporary, unexpected interruptions in network connectivity occur.

        This configuration is available via the command line.
        Syntax: set realport exclusive=on|off

    Add support for new air interface cards:
      o Sierra Wireless MC8755 (GSM/GPRS/HSDPA/UMTS) - European frequency
      o Sierra Wireless MC8765 (GSM/GPRS/HSDPA/UMTS) - North American frequency

    Operate with newer Sierra Wireless AirCard 850 with SIM PINs enabled.

BUG FIXES

    Fixed an issue in which some of the cached DHCP Server configuration
    information may be corrupt after a button reset. (18483)

    Fixed an issue in which a network endpoint (UDP socket) could become
    blocked because of an empty packet being sent to it. (18626)

    Invalid alarm subject when configuring an snmp trap alarm. (17656)

    In Network Services Settings page, ADDP UDP port may no longer be
    configured by the user. (16811)

    Added mobile phone number of cellular modem to Mobile System Information
    page in web UI. (17752)

    Fixed an issue in which telnet breaks were not being sent on a serial
    port. (17568)

    Fixed memory leaks. (17730, 18440)

    Fixed a failure to detect in a timely manner the end of a session in
    SSL/TLS, particularly during the handshake phase. (19068)

    Removed unneeded or invalid <ppp_stats> groups from the RCI <query_state>
    reply. This eliminates confusion and significantly reduces the size of
    the generated output. (18880) Corrected duplicate <rx_data> and <tx_data>
    elements in the <ppp_stats> group. (19052)

    Added multiple AES key lengths (128, 192 and 256 bit) to ISAKMP/IKE
    phase 1 encryption proposals.  Clarified encryption proposals for
    ISAKMP/IKE phase 2 proposals, which currently support only 256-bit keys.
    Removed the other key length selections from the UI for phase 2, until
    we support a configurable AES key length. (18824)

KNOWN ISSUES

    On some IPSec VPNs, SA lifetime is not negotiated correctly.  To work
    around this issue, configure the SA lifetime on the Digi ConnectPort WAN VPN
    to be less than that configured on the VPN concentrator.

    For IPSec VPN tunnels using AES encryption, multiple key lengths (128-,
    192- and 256-bit) are supported for ISAKMP/IKE phase 1 encryption proposals.
    For ISAKMP/IKE phase 2 proposals, currently only 256-bit keys are supported
    for AES encryption.

DOCUMENTATION ERRATA

    None.

HISTORY

  82001350_B - August 30, 2006

    See ENHANCEMENTS and BUG FIXES information above.

  82001350_A - April 26, 2006

    Initial release.

    - SureLink (tm) link integrity monitor.
    - DynDNS.org dynamic DNS support.
    - GSM data-only SIM/plan support.
    - Mobile data throughput enhancements.
    - Support for newer AirCard 860 firmware (1.1.29).
    - An issue was corrected which may have prevented negotation of PAP over
      the mobile link.
    - An issue was corrected where, under certain conditions, it was possible
      for the Digi Connect to be unaware of the dropped mobile link.