When it comes to configuring your SSG-5 Juniper firewall to pass-through PPTP traffic, it can be a pain in the **s. As I discovered myself after two days struggling…
So, I case you end up in the same situation, here’s my solution; How to configure the Juniper SSG-5 to pass-through PPTP trafic? Forgive me that this explanation uses the WebGUI, but it’s actually very easy.
Before starting you have to have to set VIP multi-port on. This can only be done trough the command-line interface. Article KB5471 from Juniper knowledge-base is describing this set-up:
set vip multi-port [Enter]
save [Enter]
reset [Enter]
First of all you have to punt your existing network interfaces in ROUTE mode, instead of NAT. If you already have policies defined, don’t panic! I will come shortly to how to fix NAT transition.
So, go to: Network > Interfaces > List and edit both trusted and untrusted interfaces, set interface mode on ROUTE.
At the untrusted interface (that’s where the internet is connected to, and you will be pointing your PPTP client to) click also on de Properties VIP.
Add a VIP entry with the [Same as the interface IP adres].
Go to Policy > Policy Elements > Services > Custom. Click the new button.
Give the service name: CustomPPTP
Add the protocol information accordingly and press OK.
Do understand; the PPTP protocol self uses TCP and port 1723. Protocol 47 (GRE) is using port 2048.
Go back to the interface configuration of your untrusted VIP settings and add a New VIP service. Select your CustomPPTP service and map it to the IP of your PPTP server:
Go to Policy > Policies and add a new policy from the UNTRUSTED zone to the TRUSTED zone:
Go to the Advanced tap (you should do this for ALL your existing policies when you’ve changed the interface settings from NAT to ROUTE!) and turn NAT Source Translation ON and press OK:
That’s all you have to do. Try connect your client to the server, all should work now.
Please note: The above IP-addresses are for example.
If you think this article was helpful or you’ve still got some questions, then please feel free to drop a comment!
相关推荐
Networkers2009:BRKNMS-2004 - 13 Smart Ways To Configure your Cisco IOS Network Elements
CCIE Security: Configure complex, end-to-end secure networks, troubleshoot environments, and anticipate and respond to network attacks CCIE Service Provider: Configure and troubleshoot advanced ...
uses : aws-actions/configure-aws-credentials@v1 with : aws-access-key-id : ${{ secrets.AWS_ACCESS_KEY_ID }} aws-secret-access-key : ${{ secrets.AWS_SECRET_ACCESS_KEY }} # aws-session-token: ${{ ...
资源来自pypi官网。 资源全名:configure_django-0.1.6.tar.gz
-- you should configure jcenter repository--> net.wujingchao.android.view simple-tag-imageview 1.0.1 aar Developed By wujingchao - wujingchao92@gmail.com License Licensed under the Apache ...
1、httpd-2.4.41.tar 2、apr-1.7.0.tar 报错: rm: cannot remove `libtoolT': No such file or directory ..../configure --prefix=/usr/local/apache --with-apr=/usr/local/apr/ --with-apr=/usr/local/apr
1、httpd-2.4.41.tar 2、apr-1.7.0.tar 报错: rm: cannot remove `libtoolT': No such file or directory ..../configure --prefix=/usr/local/apache --with-apr=/usr/local/apr/ --with-apr=/usr/local/apr
You will discover how to install and configure APEX, work with the Application Builder and Page Designer, use built-in wizards, and design custom Web apps. Teaches the cleanest and fastest builds ...
源码编译:亲测有效! 1、httpd-2.4.41.tar 2、apr-1.7.0.tar 报错: rm: cannot remove `libtoolT': No such file ..../configure --prefix=/usr/local/apache --with-apr=/usr/local/apr/ --with-apr=/usr/local/apr
The CSA+ certification validates a candidate's skills to configure and use threat detection tools, perform data analysis, identify vulnerabilities with a goal of securing and protecting organizations...
4.2.7 Packet Tracer - Configure Router-on-a-Stick Inter-VLAN Routing Cisco Packet Tracer 思科模拟器 正确答案文件 可直接上交正确答案文件 本答案版权归mewhaku所有,严禁再次转载!!! Copyright @...
map-underscore-to-camel-case: true log-impl: org.apache.ibatis.logging.stdout.StdOutImpl global-config: db-config: id-type: assign_id update-strategy: not_empty mapper-locations: classpath*:/...
Module 5: Introduction to MDXThis module describes the MDX syntax and how to use MDX.Lessons MDX fundamentals Adding Calculations to a Cube Using MDX to Query a Cube Lab : Using MDX Querying a ...
configure.bat -static -prefix "E:\qt" -confirm-license -opensource -debug-and-release -platform win32-msvc -nomake examples -nomake tests -plugin-sql-sqlite -plugin-sql-odbc -qt-zlib -qt-libpng -qt-...
依赖模块: configure arguments: --prefix=/usr/local/nginx --with-...-with-http_gzip_static_module --with-http_dav_module --with-http_flv_module
安装linux编译时报apr错误的解决方法 httpd-2.4.3.tar.gz, apr-util-1.3.10.tar.gz, apr-1.4.2.tar.gz,
vmware-vsphere-install-configure-manage-v70
libtool-2.4.6.tar.gz 手动安装包 ①./configure ②make ③make install
kmgmt-2511-configure-dynamic-host-configuration-protocol-dhcp-cbs.pdf
configure -confirm-license -opensource -platform win32-msvc2015 -debug-and-release -static -prefix "c:\Qt\5.5.1-static-vs2015" -make libs -nomake tests -nomake examples 我的工程用到了这些库 qtpcred....