security with VPN

There are lots of things you can do, but the question is, how much value do they add, and how much value is the data you want to protect? You don't want to spend $50K to protect $1K worth of data, but you can certainly justify spending $50K to protect business loss of $50M if a network gets compromised.
You can be reasonably assured that you have taken prudent measures for the data you have, if the routers contain a stateful packet inspection engine (LinkSys does, D-Links does, I don't know about the Vigor). If you want to go one step further, look into an intrusion detection package that would alert you to potential intrusions, then you can adjust the ports that are blocked.
Network Ice (formerly BlackIce Defender) from ISS is a relatively good product:
http://www.iss.net

Just remember that security is a process, not a one-time implementation. You have to continually evaluate and adjust to the changing climate.

Thanks for that Irmoore. There is a 'Keep State' and 'Source Route' box under the default filter sets that I mentioned in the question but they are not checked. Should I not be blocking other un-used ports  - I only access the networks for remote control of machines.

If you mean blocking from the internet to the lan, then block all ports unless you have a web server,etc.  If you mean blocking ports from the lan to the internet, or across the vpn then that depends on your company and its users.  If you have users that use kazaa, irc,etc, or abuse the internet then yes, block outgoing.  If you want to be the most secure, then yes, block outgoing except the bare minimum.

I would enable Keep State, but not Source Route. Which model Vigor do you have?

I use the Vigor 2600 ADSL modem/router. Only concerned about access from the internet to the LAN's. Users only have internet access, no mail, web or ftp servers or other services used.

Thanks. Reassuring. Will keep an eye on things though.