Hi,
We are having issues with connecting multiple users from our site to a client's ISA PPTP VPN. We are hiding all our traffic behind a single public IP NATed on the Trust interface of our SSG-520 (ScreenOS 6.0.0r5a.0).
A single session connects fine, but subsequent sessions are unable to connect.
I understand this is an issue with multiple GRE sessions, but I have found conflicting articiles as to whether multiple sessions can be established from behind a single IP.
I don't have Multiple IPs to set up a DIP pool, but I have seen a few posts that suggest that the application layer gateway can handle multiple GRE sessions:
I have entered the following commands:
set alg pptp enable
set service "PPTP" timeout 30
but with ALG PPTP enable turned on no sessions can connect at all.
Do I need a supporting policy to go with this? Presently I have a trust -> Untrust Any/Any/Any/Allow.
Using these posts for reference:
http://www.nabble.com/PPTP-client-through-NS-to10264125.html
http://www.juniperforum.com/index.php/topic,2405.0.html
Thanks,
James