Config of VPN Through Juniper Netscreen 5GT? GRE packet

  • Hello,

    I’ve been trying to configure a Juniper Netscreen 5Gt to pass PPTP traffic to a VPN I set up on Win 2003 SBS. I can connect, and get prompted for a L/P, but then it just hangs. The event log shows an error (Event ID 20209) indicating that GRE packets were unable to pass through the firewall. I found a way to create a custom service for GRE passthru, but this still did not resolve the issue.
    The problem is that I can not create a VIP on my untrust interface, because GRE passwthu has multiple ports and I can’t select and specific virtual port.

    Has anyone sucessfully setup PPTP based VPN through a Netscreen 5GT?


  • Global Moderator


    set ff dst-ip <destination ip="">clear db
    debug flow basic
    generate traffic (try vpn)
    get db stream

    would do it……</destination>

  • thx very much for the reply. Can you tell me what debug commands i shoud use?


  • Global Moderator

    Can drop a debug output

  • Hi All,

    has anybody finally made it working? I’m currently trying this with NS5GT Screenos 5.4.0r3a.0
    but I had no luck up to now. I have created all services and policies that are required and of course vip multiport is on.

    Any help?


  • What screenos?  After 5.2 (I think) you have to enable IPSec and GRE through as they arent both included in the service together.

    There is a good KB on this, but I forget the number 😕

  • Yes this can work with VIP.  But you have to enable vip multiport.

    set vip multi

    Then reset the box.  Then create a custom service to allow TCP port 1723 and also IP protocol 47 with port 2048.  Then reference this service in the VIP.  Then ensure your policy references the VIP.