Allow PPTP traffic inbound through a NetScreen in NAT mode

[maqsoodjee]

Hi
I have Netscreen 5gt.I want to allow pptp traffic inbound through my router in NAT mode, for that purpose i have followed the juniper kb .

http://kb.juniper.net/KB5471

But when i try to run this
" set interface untrust vip 2048 CustomPPTP 10.1.1.10 "
it gave me an error on '2048' " unknown keyword " .

can any body suggest me the correct configuration for
My PPTP inbound traffic.

 

[Packet7]

Can you post the output from "get vip" and "get pol from untrust to trust"?

Thank you.

 

[maqsoodjee]

Here is the Output
" get vip "
Virtual IP Interface Port Service Server/Port
(myliveip) untrust 2048 CustomPPTP 10.5.5.5/2048(OK)

" get pol "
i am posint the policy related to PPTP
Untrust Global Any VIP::1 CustomPPTP Permit enabled ---X-

One More thing might help u is i am getting this error in log

" Rejected an IKE packet on untrust from 66.100.105.165:3587 to "my untrust ip:500 " with cookies c116b3c15c5f0fe5 and 4902f485250a63c1 because there were no acceptable Phase 1 proposals.

 

[Packet7]

Hi,

OK, it looks like the Netscreen is trying to establish a VPN. Is this what you're trying to do? Let me know.

Rgds,

John

 

[wickedstick]

The correct syntax is 'set interface untrust vip untrust-ip 2048 <IP ADX>'.

the rejected IKE error is just someone trying to establish an IPSEC VPN to your box. Could be remnants of an old VPN you had and the other end didn't clear their config after you took down the VPN or possibly even just someone scanning the FW. the good news is you're rejecting it so there is nothing to worry about.