Support Support Downloads Knowledge Base Service Request Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[Archive] VPN Connection via PPTP Internet Connection



Article ID: KB4215 KB Last Updated: 04 Jun 2010Version: 4.0
VPN Connection via PPTP Internet Connection


Note: This article applies to ScreenOS 4.0 and higher.

Some large Internet Service Providers (ISPs) require a multi-step connection to their network. This can potentially affect the IPSec connection from a NetScreen-Remote Client. The initial connection from the remote client to the ISP provides access to the ISP's network; it does not provide Internet access. An IP address is acquired via DHCP from the ISP. In order for the remote client to access the Internet, a PPTP connection is then initiated to the ISP. Once this tunnel is established, an IP address is assigned to the dial-up adapter and access is granted.

Image of example

Now the remote client can initiate an IPSec tunnel to the corporate office. If the IPSec tunnel is initiated manually after the PPTP tunnel is up, the connection works fine. If the user wants the connection to be issued automatically, modifications to the Remote Client Security Policy are required. If these modifications are not made, the NetScreen-Remote Client may use the incorrect adapter and thus use the wrong IP to initiate the IPSec tunnel.

To configure the NetScreen-Remote Client for a VPN Connection with a PPTP Internet Connection, perform the following steps:

Step one: From the Start menu, click Programs, click NetScreen-Remote, and then click Security Policy Editor.

Image of step one

Step two: Click to expand the corporate connection.

Image of step two

Step three: Click to select My Identity.

Image of step three

Step four: From the Name drop-down menu, click to select the dial-up adapter.

Image of step four

Note: Selecting the dial-up adapter, instead of using the default of Any, will force the NetScreen-Remote Client to look for an IP address from the dial-up adapter. The IPSec tunnel will not be able to establish until the PPTP tunnel IP address has been assigned by the ISP.

Step five: Click File, and then click Save.

Image of step five

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Security Alerts and Vulnerabilities

Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search