• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1920
  • Last Modified:

Allow incoming PPTP to Juniper NS5GT

I need to allow PPTP traffic through the Juniper firewall to a Microsoft RRAS server.

Public VPN IP is 1.1.1.1
private IP is 10.1.1.10

Can someone help configure teh firewall to pass teh PPTP traffic?

I tried to open port 1723 and create a MIP to the private IP but this is not working.
0
NytroZ
Asked:
NytroZ
  • 2
  • 2
1 Solution
 
Sanga CollinsSystems AdminCommented:
you actually need the following

for Microsoft Windows, the custom PPTP service must contain both TCP port 1723 and IP protocol 47 with port 2048. The source port for TCP 1723 must be 0-65535 to allow for any source port.

i got this from the juniper KB
http://kb.juniper.net/InfoCenter/index?page=content&id=KB5471

The instructions are for a VIP, but can easily be translated for a MIP. I used this setup succesfully for a client that had a doctors office. His staff would connect remotely to the office to upload documents

Hope this hleps
0
 
QlemoC++ DeveloperCommented:
A "port" does not exist for GRE (protocol 47) - that protocol does not know of the concept of ports. A port restriction is useless, and maybe even leads to failure. I can see Juniper recommends that, but I cannot tell why that port restriction should apply at all.

I would not set up MIP for this, as this reserves a IP address completely and solely to get redirected to a single machine. VIP is much more useful, as it allows a per-port definition of (internal) target IPs.
0
 
Sanga CollinsSystems AdminCommented:
BTW GRE is a pre defined service in screenOS 6 and greater

"GRE       IP (47) any       Generic Routing Encapsulation       60"

I can not speak on how or why it works, all i know is without it I was not able to setup the VPN server successfully.
0
 
QlemoC++ DeveloperCommented:
Yes, one should forward GRE traffic the same as PPTP. It can work without, but will not most of the time.
0

Featured Post

Prep for the ITIL® Foundation Certification Exam

December’s Course of the Month is now available! Enroll to learn ITIL® Foundation best practices for delivering IT services effectively and efficiently.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now