If you’re reading this, you should really select a better VPN solution… However in my case I needed to keep the status quo. The customers SonicWall died while being moved during a big cutover, in a pinch I replaced it with a Juniper NS 5GT. I recreated the configuration on the SonicWall, and everything worked great except inbound PPTP connections to their Windows PPTP server sitting behind the Juniper Netscreen. I discovered that Juniper blocks GRE connections which are ‘port-less’ but are TCP type 47. Fortunately GRE is included in the NetScreen service list which made things easy.
Here are the steps:
1) Create a MIP for the PPTP server behind the Netscreen
2) Create the PPTP Policy (Untrust to Trust)
Select Multiple button under Destination Address, select PPTP and GRE as the ‘Service’.