How to setup inbound PPTP through a Juniper NS 5 GT (Screen OS)

If you’re reading this, you should really select a better VPN solution…  However in my case I needed to keep the status quo.  The customers SonicWall died while being moved during a big cutover, in a pinch I replaced it with a Juniper NS 5GT.  I recreated the configuration on the SonicWall, and everything worked great except inbound PPTP connections to their Windows PPTP server sitting behind the Juniper Netscreen.  I discovered that Juniper blocks GRE connections which are ‘port-less’ but are TCP type 47.  Fortunately GRE is included in the NetScreen service list which made things easy.

Here are the steps:

1) Create a MIP for the PPTP server behind the Netscreen

2) Create the PPTP Policy (Untrust to Trust)

Juniper_Netscreen_5_GT_PPTP_Policy_w_GRE_firewall

Select Multiple button under Destination Address, select PPTP and GRE as the ‘Service’.

Selection PPTP as the ‘Application’Juniper_Netscreen_5_GT_PPTP_Policy_w_GRE

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.