How to setup inbound PPTP through a Juniper NS 5 GT (Screen OS)

If you’re reading this, you should really select a better VPN solution…  However in my case I needed to keep the status quo.  The customers SonicWall died while being moved during a big cutover, in a pinch I replaced it with a Juniper NS 5GT.  I recreated the configuration on the SonicWall, and everything worked great except inbound PPTP connections to their Windows PPTP server sitting behind the Juniper Netscreen.  I discovered that Juniper blocks GRE connections which are ‘port-less’ but are TCP type 47.  Fortunately GRE is included in the NetScreen service list which made things easy.

Here are the steps:

1) Create a MIP for the PPTP server behind the Netscreen

2) Create the PPTP Policy (Untrust to Trust)


Select Multiple button under Destination Address, select PPTP and GRE as the ‘Service’.

Selection PPTP as the ‘Application’Juniper_Netscreen_5_GT_PPTP_Policy_w_GRE

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.