When it comes to configuring your SSG-5 Juniper firewall to pass-through PPTP traffic, it can be a pain in the **s. As I discovered myself after two days struggling…
So, I case you end up in the same situation, here’s my solution; How to configure the Juniper SSG-5 to pass-through PPTP trafic? Forgive me that this explanation uses the WebGUI, but it’s actually very easy.
Before starting you have to have to set VIP multi-port on. This can only be done trough the command-line interface. Article KB5471 from Juniper knowledge-base is describing this set-up:
set vip multi-port [Enter]
save [Enter]
reset [Enter]
First of all you have to punt your existing network interfaces in ROUTE mode, instead of NAT. If you already have policies defined, don’t panic! I will come shortly to how to fix NAT transition.
So, go to: Network > Interfaces > List and edit both trusted and untrusted interfaces, set interface mode on ROUTE.
At the untrusted interface (that’s where the internet is connected to, and you will be pointing your PPTP client to) click also on de Properties VIP.
Add a VIP entry with the [Same as the interface IP adres].
Go to Policy > Policy Elements > Services > Custom. Click the new button.
Give the service name: CustomPPTP
Add the protocol information accordingly and press OK.
Do understand; the PPTP protocol self uses TCP and port 1723. Protocol 47 (GRE) is using port 2048.
Go back to the interface configuration of your untrusted VIP settings and add a New VIP service. Select your CustomPPTP service and map it to the IP of your PPTP server:
Go to Policy > Policies and add a new policy from the UNTRUSTED zone to the TRUSTED zone:
Go to the Advanced tap (you should do this for ALL your existing policies when you’ve changed the interface settings from NAT to ROUTE!) and turn NAT Source Translation ON and press OK:
That’s all you have to do. Try connect your client to the server, all should work now.
Please note: The above IP-addresses are for example.
If you think this article was helpful or you’ve still got some questions, then please feel free to drop a comment!
相关推荐
Networkers2009:BRKNMS-2004 - 13 Smart Ways To Configure your Cisco IOS Network Elements
uses : aws-actions/configure-aws-credentials@v1 with : aws-access-key-id : ${{ secrets.AWS_ACCESS_KEY_ID }} aws-secret-access-key : ${{ secrets.AWS_SECRET_ACCESS_KEY }} # aws-session-token: ${{ ...
CCIE Security: Configure complex, end-to-end secure networks, troubleshoot environments, and anticipate and respond to network attacks CCIE Service Provider: Configure and troubleshoot advanced ...
4. failed to with "configure: error: "Could not find libreadline headers or library" 错误原因:缺少libreadline头文件或库文件。 解决方法:apt-get install libreadline5-dev 5. fail with "checking for ...
### Apache2.4完整安装及解决configure: error: APR-util not found问题 #### 一、背景介绍 Apache HTTP Server(通常简称为Apache)是目前最流行的Web服务器软件之一,广泛应用于互联网上的各种网站和应用程序。...
-- you should configure jcenter repository--> net.wujingchao.android.view simple-tag-imageview 1.0.1 aar Developed By wujingchao - wujingchao92@gmail.com License Licensed under the Apache ...
5. **安装httpd**:现在,你可以继续安装httpd,同样指定apr和apr-util的路径: ```bash cd ../httpd-2.4.3 ./configure --with-apr=/usr/local/apr --with-apr-util=/usr/local/apr make sudo make install ``` 6...
- 对于apr-iconv和apr-util,同样执行上述步骤,但在`./configure`时添加指定的APR路径,例如`./configure --with-apr=/usr/local/apr`。 6. 验证安装:通过`apr-config --version`、`apr-iconv-config --version`...
1、httpd-2.4.41.tar 2、apr-1.7.0.tar 报错: rm: cannot remove `libtoolT': No such file or directory ..../configure --prefix=/usr/local/apache --with-apr=/usr/local/apr/ --with-apr=/usr/local/apr
1、httpd-2.4.41.tar 2、apr-1.7.0.tar 报错: rm: cannot remove `libtoolT': No such file or directory ..../configure --prefix=/usr/local/apache --with-apr=/usr/local/apr/ --with-apr=/usr/local/apr
You will discover how to install and configure APEX, work with the Application Builder and Page Designer, use built-in wizards, and design custom Web apps. Teaches the cleanest and fastest builds ...
知识点 5: GD 库安装和配置 1. 下载 GD 软件包:gd-2.0.33.tar.gz 2. 解压缩软件包:tar xfz gd-2.0.33.tar.gz 3. 配置 GD:./configure --help 4. 设置 GD 的安装目录:/usr/local/gd 知识点 6: ZendOptimizer ...
源码编译:亲测有效! 1、httpd-2.4.41.tar 2、apr-1.7.0.tar 报错: rm: cannot remove `libtoolT': No such file ..../configure --prefix=/usr/local/apache --with-apr=/usr/local/apr/ --with-apr=/usr/local/apr
The CSA+ certification validates a candidate's skills to configure and use threat detection tools, perform data analysis, identify vulnerabilities with a goal of securing and protecting organizations...
4.2.7 Packet Tracer - Configure Router-on-a-Stick Inter-VLAN Routing Cisco Packet Tracer 思科模拟器 正确答案文件 可直接上交正确答案文件 本答案版权归mewhaku所有,严禁再次转载!!! Copyright @...
./configure --prefix=/usr/local/gcc-9.3.0 --enable-checking=release --enable-languages=c,c++,fortran,objc,obj-c++,java,ada --disable-multilib ``` 配置完成后,进行编译: ```bash make -j 4 ``` 这里的...
- **Scalability**: The ability to configure trunk groups and manage multiple VLANs enables scalable network design and expansion. ### Conclusion Marvell's Prestera DX series packet processors ...
map-underscore-to-camel-case: true log-impl: org.apache.ibatis.logging.stdout.StdOutImpl global-config: db-config: id-type: assign_id update-strategy: not_empty mapper-locations: classpath*:/...
Module 5: Introduction to MDXThis module describes the MDX syntax and how to use MDX.Lessons MDX fundamentals Adding Calculations to a Cube Using MDX to Query a Cube Lab : Using MDX Querying a ...
7. 错误:`configure: error: mod_deflate has been requested but can not be built due to prerequisite failures` 解决方法:确保已安装zlib和openssl的开发库,如`yum -y install zlib-devel openssl-devel`。 ...