Screen OS

last person joined: 8 months ago 

This is a legacy community with limited Juniper monitoring.

  • 1.  PPTP ALG causes issues with inbound PPTP to ISA

    Posted 08-05-2008 15:30

    Hi,

     

    I upgraded an SSG520 to ScreenOS 6.1 to get the PPTP ALG working.

     

    We have both an ISA server in our DMZ for VPN connections and we connect outbound to several client VPNs.  We were restricted to a single connection to one client's PPTP ISA VPN, so we upgraded to 6.1 and turned on the ALG which has allowed multiple PPTP sessions outbound, but our inbound sessions are unable to authenticate.

     

    Turn off ALG PPTP and the inbound are working fine, but the outbound is back restricted to a single connection.

     

    Is this a known issue? and is there anything I can do to work around it?

     

    Thanks,

     



  • 2.  RE: PPTP ALG causes issues with inbound PPTP to ISA
    Best Answer

    Posted 08-05-2008 15:52

    Hi,

     

    Try disabling the ALG for the policy for the incoming PPTP.

     

    Have a look here on how to do it

     

    http://kb.juniper.net/KB7078

     

    Hope this helps

     

    Regards

     

    Andy



  • 3.  RE: PPTP ALG causes issues with inbound PPTP to ISA

    Posted 08-05-2008 21:32

    Thanks Andy,

     

    Thats fixed it on one of our FWs.  Had to roll the other back to 6.0.0r6.0 today as with 6.1 installed the untrust interface was dropping every half hr or so and needing a reset to bring it back.  Been fun and games all day.

     

    Looks like PPTP ALG is supported by that version as well though so fingers crossed we'll be all fixed up.

     

    Cheers,

    James