Solved

Enable PPTP over Juniper-NS5GT

Posted on 2010-09-05
3
1,235 Views
Last Modified: 2012-06-21
Hi Experts,

We're having difficulties with enabling PPTP (ports 1723 + GRE 47) over this unit.
We're using VIP configuration on our WAN interface, and even when using "set vip multi" - and create a custom service as described in this post (http://www.juniperforum.com/index.php?topic=3183.0), we're still receiving error 720 when trying to connect to the PPTP serve (Windows 2008 x64 std).

If this conf (PPTP) is not supported on the Juniper, is there any other VPN service which may work? Off course taking into consideration the OS VPN limitations which are: PPTP \L2TP \PSec \SSTP.

Thx in advance
0
Comment
Question by:IT_Group1
  • 2
3 Comments
 
LVL 68

Expert Comment

by:Qlemo
Comment Utility
The port 2048 for GRE is supperflous and maybe even wrong. Just use the protocol 47 without port restrictions.
However, I suppose what you really need is to forward PPTP traffic (not GRE) to your server, and enable the PPTP ALG in NS:
 set alg pptp enable
That should allow to process the GRE traffic which belongs to a PPTP session, without having any forwarding for GRE.
0
 

Author Comment

by:IT_Group1
Comment Utility
Sounds good, will the juniper requires restart?
0
 
LVL 68

Accepted Solution

by:
Qlemo earned 500 total points
Comment Utility
Not at all. Only vip multi-port and very, very few other settings get active after reboot only. The ALGs can be switched on and off at any time.
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now