Screen OS

Hi,

 

We are having issues with connecting multiple users from our site to a client's ISA PPTP VPN.  We are hiding all our traffic behind a single public IP NATed on the Trust interface of our SSG-520 (ScreenOS 6.0.0r5a.0).

 

A single session connects fine, but subsequent sessions are unable to connect.

 

I understand this is an issue with multiple GRE sessions, but I have found conflicting articiles as to whether multiple sessions can be established from behind a single IP.

 

I don't have Multiple IPs to set up a DIP pool, but I have seen a few posts that suggest that the application layer gateway can handle multiple GRE sessions:

 

I have entered the following commands:

set alg pptp enable

set service "PPTP" timeout 30

 

but with ALG PPTP enable turned on no sessions can connect at all.

Do I need a supporting policy to go with this?  Presently I have a trust -> Untrust Any/Any/Any/Allow.

 

Using these posts for reference:

http://www.nabble.com/PPTP-client-through-NS-to10264125.html

http://www.juniperforum.com/index.php/topic,2405.0.html

 

Thanks,

James

 

Officially, PPTP ALG was not supported until 6.1.  I don't recall seeing a problem with 6.0 with PPTP, but then again, I don't remember if the PPTP ALG was enabled (I specifically didn't use it, because I know it wasn't supported yet).

Hi,

 

Have upgraded to 6.1 and have 2 sessions connected simultaneously so looking good.  Thank you for your assistance.

 

Cheers,

James

Hi,

 

Can anyone tell me how many pptp coonection can 320m supported. As i have seen that ssg 520m supports 64 connections.

SSG 320M also supports 64 PPTP connections.

 

-Richard

Hello, does anyone know how many PPTP calls an NS-208 supports. I believe the NS-25 supports 32 but would like to know if NS-208 has more or not. Thanks.