Solved

Enable PPTP over Juniper-NS5GT

Posted on 2010-09-05
3
1,251 Views
Last Modified: 2012-06-21
Hi Experts,

We're having difficulties with enabling PPTP (ports 1723 + GRE 47) over this unit.
We're using VIP configuration on our WAN interface, and even when using "set vip multi" - and create a custom service as described in this post (http://www.juniperforum.com/index.php?topic=3183.0), we're still receiving error 720 when trying to connect to the PPTP serve (Windows 2008 x64 std).

If this conf (PPTP) is not supported on the Juniper, is there any other VPN service which may work? Off course taking into consideration the OS VPN limitations which are: PPTP \L2TP \PSec \SSTP.

Thx in advance
0
Comment
Question by:IT_Group1
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 70

Expert Comment

by:Qlemo
ID: 33606891
The port 2048 for GRE is supperflous and maybe even wrong. Just use the protocol 47 without port restrictions.
However, I suppose what you really need is to forward PPTP traffic (not GRE) to your server, and enable the PPTP ALG in NS:
 set alg pptp enable
That should allow to process the GRE traffic which belongs to a PPTP session, without having any forwarding for GRE.
0
 

Author Comment

by:IT_Group1
ID: 33606943
Sounds good, will the juniper requires restart?
0
 
LVL 70

Accepted Solution

by:
Qlemo earned 500 total points
ID: 33607270
Not at all. Only vip multi-port and very, very few other settings get active after reboot only. The ALGs can be switched on and off at any time.
0

Featured Post

Retailers - Is your network secure?

With the prevalence of social media & networking tools, for retailers, reputation is critical. Have you considered the impact your network security could have in your customer's experience? Learn more in our Retail Security Resource Kit Today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question