Thursday, May 29, 2014

Enabling PPTP passthrough on ScreenOS

Enable vip multi-port command; this allows a VIP service to listen to multiple ports simultaneously
After entering set vip multi-port you'll be promptd with a warning that you must reboot.
set vip multi-port
save
reset
Define the service as usual
set service CustomPPTP group "other" 47 src 2048-2048 dst 2048-2048      
Append the TCP source ports to the service we just defined
set service CustomPPTP + tcp src 0-65535 dst 1723-1723
The source port for TCP 1723 must be 0-65535 to allow for any source port

Set up your VIP   
set int eth0/0 vip interface-ip 2048 CustomPPTP 192.168.1.2
And define your policy
set policy from untrust to trust any vip(ethernet0/0) CustomPPTP permit log
Posted by at No comments:
Labels: , , , , , ,
Subscribe to: Posts (Atom)