SRX

Greetings

After upgrading to an SRX220H I'm running into issues with my Windows based VPN that is in my trust network

The VPN will establish but will only stay active for 5-35 minutes and will suddenly timeout. After reviewing several posts, it appears the solution is to disable the PPTP ALG. I have attempted to do this, but am running into issues where the username and password verification will time out.

I have attached my cfg for your review

Am I running into a bug or am I missing something?

Regards

//jk

Attachment(s)

srx_cfg.txt   7 KB 1 version

Hi

If no traffic hits the session for some time it will be deleted due to
timeout - this is normal. Try to find your vpn sessions is "show security flow session"
output and look at "Timeout:" field. There will be 2 sessions, by the way: TCP on
port 1723 and GRE (as PPTP = TCP + GRE).

If you will see that session is dropped when timeout reaches zero, then you can increase
it by editing the predefined junos-pptp application,

lab@jsrx> show configuration groups junos-defaults applications application junos-pptp   
term t1 alg pptp protocol tcp destination-port 1723;

To do it, you will need to add the following to your config:
#set applications application junos-pptp inactivity-timeout [seconds, or "never"]

Thanks PK!!!

I believe that the issue was resolved with the following NAT rule while keeping the ALG PPTP in place:

}

rule-set untrust-nat {

  from zone untrust;

  to zone trust;

  rule VPN {

    match {

     source-address 0.0.0.0/0;

     destination-address 192.168.10.0/24;

     destination-port 1723;

     }

    then {             

     source-nat {

      off;

    }

}

The information that you have provided was very useful in verifying resolution

Thanks

//jon