08-05-2008 03:29 PM
I upgraded an SSG520 to ScreenOS 6.1 to get the PPTP ALG working.
We have both an ISA server in our DMZ for VPN connections and we connect outbound to several client VPNs. We were restricted to a single connection to one client's PPTP ISA VPN, so we upgraded to 6.1 and turned on the ALG which has allowed multiple PPTP sessions outbound, but our inbound sessions are unable to authenticate.
Turn off ALG PPTP and the inbound are working fine, but the outbound is back restricted to a single connection.
Is this a known issue? and is there anything I can do to work around it?
Solved! Go to Solution.
08-05-2008 03:52 PM
Try disabling the ALG for the policy for the incoming PPTP.
Have a look here on how to do it
Hope this helps
08-05-2008 09:32 PM
Thats fixed it on one of our FWs. Had to roll the other back to 6.0.0r6.0 today as with 6.1 installed the untrust interface was dropping every half hr or so and needing a reset to bring it back. Been fun and games all day.
Looks like PPTP ALG is supported by that version as well though so fingers crossed we'll be all fixed up.