IPSec LAN-LAN VPN between Vigor and Cyberoam.

Vigor Model- 2912 Ver-

Cyeberoam Model- CR25iNG – 10.6.3 MR-4

This article describes a detailed configuration example that demonstrates how to set up a LAN-to-LAN IPSec VPN connection between Cyberoam and Vigor using preshared key to authenticate VPN peers.

Throughout the article we will use the network parameters as shown in the diagram below



Step by Step Configuration on Cyberoam

Step 1: Create VPN Policy

  • Go to VPN and create VPN Policy with following values:
    • Policy Name: Vigor2912
    • Description: If required
    • Allow Re-keying: Yes
    • Key Negotiation Tries: 3
    • Authentication Mode: Main Mode
    • Pass data in compressed format: Enable

Phase 1

    • Encryption Algorithm: AES256: Authentication Algorithm MD5
    • Encryption Algorithm: AES256: Authentication Algorithm SHA 1
    • DH Group (Key Group): 2 (DH1024)
    • Key life: 28800 sec
    • Rekey margin: 120 Sec
    • Randomize Rekeying margin by: 0
    • Dead Peer Detection: Enable
    • Check Peer After Every: 10 Sec
    • Wait for response upto: 30 Sec
    • Action When Peer unreachable : Disconnect

Phase 2

    • Encryption Algorithm: AES256       Authentication Algorithm: MD5
    • Encryption Algorithm: AES256       Authentication Algorithm: SHA1
    • PFS Group (DH Group): None
    • Key life: 3600 sec


Step 2: Create VPN Connection

  • Go to VPN IPSec Connection Create Connection and specify parameters as follows:
    • Connection name: Vigor2912
    • Description: If required
    • Connection Type: Site to Site
    • Policy: Choose Vigor 2912 policy
    • Action on restart: Respond only
    • Authentication Type – Preshared Key
    • Preshared Key: 0123456789
    • End points Details Local (WAN IP address) –
    • Remote : xxxx.dyndns.org
    • Local: choose Cyberoam Local Subnet from the Object :
    • Remote: Choose Vigor Local Subnet from the Object :



Step 3 Go to VPN and Remote Access >> Remote Access Control Setup

  • To allow the VPN traffic through routers, enable IPsec services as per following screen


Step 4 Go to VPN and Remote Access LAN to LAN

  • Choose an unused profile, e.g. 1. and click Next to continue.
  • The status of unused profile will be “???”

Section 1: Common Settings

  • Enter a Profile Name and enable the profile
  • As Vigor router will always initiate the VPN connection, for Call Direction click “Dial-Out” and click “Always on” to enable always on VPN tunnel.

Section 2: Dial- Out Settings

  • Under Type of Server I am calling, select “IPSec Tunnel” and enter WAN IP address/hostname of Cyberoam i.e. as Server IP/Host Name
  • Under IKE Authentication Method, click “Pre-Shared Key” and enter Pre-Shared Key 0123456789
  • Under IPSec Security Method, click “High (ESP)” and select AES with Authentication
  • Click “Advanced” button

In Advanced settings enter parameters as follows:

    • IKE phase 1 mode: Main mode
    • IKE phase 1 proposal: AES256_SHA1_G2
    • IKE phase 2 proposal: AES256_SHA1/AES256_MD5
    • IKE phase 1 key lifetime: 28800
    • IKE phase 2 key lifetime: 3600
    • Perfect Forward Secret: Disable


Section 5: TCP/ IP Network Settings

  • Enter following parameters
    • Remote Network IP – (Cyberoam’s internal network IP)
    • Remote Network Mask –
    • Local Network IP- (Vigor Internal network IP)
    • Local Network Mask-
    • Click “OK” button


After above configurations see the VPN status below.




Vigor Hotspot solution

Vigor Hotspot solution: Web Captive Portal login (HTTP/ HTTPS)

To track and secure your Wi-Fi Hotspot or visitor network in a centralized way. Based on captive portal technology, Vigor 2960/3900 lets your hotspot user’s login simply by using a web browser. Captive portal is the technology that forces user to see the login page before accessing the Internet. User just needs to access a normal web site (e.g. www.datavoiz.com), he will be automatically forced to see the Vigor login page. After entering the correct information, he will be able to surf the Internet normally.

This portal will allow the users to login with their credentials such as User Name and Password, which will be provided by the IT Team. The profiles of users will be created in advance with pre-defined time limits. After the user profiles are created, the same can be printed in the form of a voucher or the same can be exported to CSV file format. These voucher can then be given to the users, who are accessing the internet within your premises.

Vigor Hotspot
Vigor Hotspot

Authentication Methods- Local/Guest/Radius/LDAP/SMS

The Administrator can choose various methods of user authentication as mentioned above. Internal employee’s authentication can be integrated to the LDAP/Radius server and in the event of Guests/customers the authentication can be integrated to the guest profile setting the usage time limits.

Guests/users/customers can be authenticated for the credentials they provide in the form of email and mobile number through SMS authentication method. A report can also be generated on the details of the guests/users/customers on the usage of the internet services at the hot-spot location. SMS gateway/service provider can be customized with the necessary APIs provided by the SMS service provider.

Bulletin board

Bulletin board is available on the portal’s screen welcoming the guests with the information, news, profile or any adverts related to the company.

URL Redirection after login

Once the guest/users have logged into the Vigor Hotspot solution, automatically the pre-defined web/url link will be opened in the browser. This feature can be used for the branding perspectives.

Timed out settings

The active sessions will be timed-out, if the guests/users are idle for more than 10 Mins or so. Guests/Users have to log into the system again. These parameters can be configured in the system as per the company policy.

Whitelist settings

Whitelist functionality will allow the administrator to enable or disable policies that are created in the firewall to block and open web/URL links for Guest/Users Profiles with the pre-defined range of IP-Groups based on the company policies. E.g. for guests, administrator can block sites likes You Tube, Facebook, Twitter, etc. and allow the same to the internal users.

Monitor Online status

Status of the Guests/Users can be monitored on the monitor online status page for the number of guests/users, who have logged into hot-spot.

Create Bulk Guest profiles

Vigor Hotspot solution has the capability to create in advance, the bulk guest profiles. Administrator can create 30 profiles/groups. Each profile can carry 255 users, which means 255 Users x 30 Profiles. Administrator can define time-limits for each profile or group in advance for current or forthcoming days/weeks/months/year.

  • Administrator can set usage time and period for the Guest users
  • It is possible to export .csv file to get print
  • Administrator can create multiple guest groups and policy’s

Established in 2007, DVCOM Technology is an established Open Source IP Telephony and Unified Communications, Video Conferencing and Networking Solutions Company and Value added Distributors for Various Brands in IP Phones, IP PBX, GSM, VoIP Gateways, Telepresence, VPN Firewall Wi-Fi Routers, IP Intercoms, and Audio Paging & Network Security in MENA region.

Vigor AP Management

An access point connects users with other users inside a network and it also serves as the point of interconnection between WLAN and fixed wire network. Each access point can serve multiple number of users based on its capacity of operation and range. Managing your access point is very important for having better network quality and coverage.
Usually special type of network peripherals and software’s are used for access point management also known as AP Management. This comes with an extra cost. What if all this come along with a router as a bundle free of licensing cost. Routers like Vigor Routers which are famous in market comes with built-in feature of AP Management. This is a very good news for people who are looking for managing their access points, that too for free of cost and no additional device added to their network. If you see it from a customer or business standpoint this is an added advantage, router and AP management is a single box.

Digitalization has brought lot of change make things available at real-time. This has also created an increased use of smartphones, tablets and other mobile devices making people more connected and providing quick access to data on the go. Due to the drastic growth of users, many organization and enterprises have to invest lot in their network infrastructure to accommodate new users and to process their request. It’s not as simple as providing connectivity to everyone. There is a high risk of data security, network performance and reliability. All the organizations are trying to meet this requirements without much expense. All this is possible only if the network is managed properly.

Wireless routers are the key component of a wireless network, they are the one really responsible for creating the access point that enables the users to connect their device to the network. Let’s take the example of WIFI network we use at home, in this case there can only be one or two access points that will help the user to connect to the network. This is not the same if we look in to wireless network available at a hospital or a hotel, there will be multiple access point to which hundreds of users will be connected. The complexity of such network is much higher. Higher the complexity, higher is the effort to manage the network. This can only be done with the help of special type of network peripherals or software that helps to monitor the network traffic and load at real-time.
In this guide, we will help you to understand the collaboration between Vigor access points and wireless LAN controllers, and how you can use Vigor’s AP Management features to run maintenance and deployment on your wireless LAN in a cost-effective way.

Deployment of an access point is very challenging if it has many access points associated with it. The task becomes more challenging when the network administrator has to manually configure each access points to the wireless controller. Going to each access points interface and configuring is not a very long task but this can be a problem when any error occur at the time of deployment. The administrator has to visit to each AP interface to troubleshoot the error. This could have been easy for the administrator, if there was any centralized interface to see all the AP configurations on the go and troubleshoot the error.

All this is possible with the Vigor AP Management Router that has the capability to perform centralized discovery of access points in the same layer 2 subnet. All this can be done without making any changes in the settings, out of the box in default state. After the discovery of access points is done, the administrator can assign unique IP address and give name to the devices. All this can be done directly from the Vigor AP management Router interface. Let’s take the case where the AP’s are already having preconfigured and unique IP addresses, the Router can still run a scan and help to discover the access points. This discovery mechanism is of great help and it considerably reduces the initial configuration effort.

Let’s take the case where AP’s are scattered over a larger demography, resulting in long discovery scan time. This can create a larger time gap for the network administrator to make the configuration changes. But with the help of background discovery capability of Vigor wireless controller the administrator can perform other configuration and changing the settings while discovery process is still running. This reduces the waiting time and increase efficiency of work.

  1. Centralized AP discovery by Vigor AP Management Router
  2. After discovery, Aps can be centrally managed by Vigor Management Router

Centralized AP Discovery by Vigor AP Management Router reduces initial deployment time and effort.

Automatic Provisioning

If there are lot of Access Points to be configured at a time and there is very minimal changes in the configuration parameters like the operational frequency, VLAN ID, device name, then a question comes to our mind, can we configure and do the deployment in a go for all the access points? Doing this considerably reduces the time of deployment and make the deployment easy for the administrator. All this is possible by using automatic provisioning. Extending the notion that AP management and deployment should be easy and straight forward process which will directly increase the efficiency and will drastically reduce the cost to the organization. All these features are available in Vigor AP management Routers. They are enabled with the feature of Automatic Provisioning with template based AP configuration. The configuration with the help of AP templates that has lot of parameter like VAP (Virtual Access Point), ESSID and WAP/WAP2 security enabled, the network administrators can quickly complete the deployment for n numbers of AP’s on the go. For setting which may vary from access points to access points like Channel, Operation Mode, Client Limits etc., the Vigor AP management Router provide the freedom to customize each of the AP’s individually during the initial discovery process. In this way it can eliminate the redundant tasks. In this way automatic provision in Vigor AP management Router make your task very easy.

Let’s take the care of network maintenance and some setting changes, in this case also if there is any type of centralized interface like we have in Vigor AP Management Router, then it’s very easy for network administrator to go and change the setting for a particular AP. This mostly helps in the case where you need to change some password for a particular AP due to some security reasons. In this way the AP template available in Vigor AP management Router helps to get things done quickly.

Customized Templates

Support to create multiple templates.


AP Settings|Profile name|Administrator Name|Password|Enable/ disable 2nd subnet

2.4/5G WLAN Settings|Enable/ disable Wireless LAN Profile|Limit Clients

Operation Mode (AP/ Universal repeater mode)|2.4/5G Mode|2.5/5G Channel

Airtime Fairness |Band Steering|Roaming|WMM|Adjust Tx Power

Continue reading “Vigor AP Management”