ScreenOS Firewalls (NOT SRX)
Reply
Contributor
JamesBellaart
Posts: 26
Registered: ‎06-19-2008
0
Accepted Solution

PPTP ALG causes issues with inbound PPTP to ISA

Hi,

 

I upgraded an SSG520 to ScreenOS 6.1 to get the PPTP ALG working.

 

We have both an ISA server in our DMZ for VPN connections and we connect outbound to several client VPNs.  We were restricted to a single connection to one client's PPTP ISA VPN, so we upgraded to 6.1 and turned on the ALG which has allowed multiple PPTP sessions outbound, but our inbound sessions are unable to authenticate.

 

Turn off ALG PPTP and the inbound are working fine, but the outbound is back restricted to a single connection.

 

Is this a known issue? and is there anything I can do to work around it?

 

Thanks,

 

Trusted Expert
AndyC
Posts: 441
Registered: ‎07-08-2008

Re: PPTP ALG causes issues with inbound PPTP to ISA

Hi,

 

Try disabling the ALG for the policy for the incoming PPTP.

 

Have a look here on how to do it

 

http://kb.juniper.net/KB7078

 

Hope this helps

 

Regards

 

Andy

JNCIS-FWV
JNCIA-WX
JNCIA-SSL
JNCIA-ER
Contributor
JamesBellaart
Posts: 26
Registered: ‎06-19-2008
0

Re: PPTP ALG causes issues with inbound PPTP to ISA

Thanks Andy,

 

Thats fixed it on one of our FWs.  Had to roll the other back to 6.0.0r6.0 today as with 6.1 installed the untrust interface was dropping every half hr or so and needing a reset to bring it back.  Been fun and games all day.

 

Looks like PPTP ALG is supported by that version as well though so fingers crossed we'll be all fixed up.

 

Cheers,

James

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.