Here it is. We have a Cisco PIX 525. The Novell 4.83 user/client is behind the firewall. The Novell Netware 5.1 server is outside the firewall. What do I need to do to make the client be able to sign into the server? We have it configured so that anyone in the inside can do any ip to the outside? The Netware client is set to use IP as the preferred method.
Looking at the syslog what happens is the client connects to the directory agent server which directs another server to communicate with the client. Is there a way of telling the client to authenticate to a specific server. Thank you. At 11:34 PM 8/13/2002 +0000, Priscilla Oppenheimer wrote: >Not junk at all. :-) I think it's impressive that Novell continues to >innovate. Comments below: > >Don Queen wrote: > > > > What version of Netware are you running on the server? If it 5 > > or 6, it's > > native IP, so basically you're sending IP traffic out of the > > Pix, which > > should work. It sound as if your problem may be with the packet > > actually > > coming back into the Pix. Do you have any rules that may be > > preventing the > > server from responding back to the client? Here is the > > information from > > Novell's website listing the port that Novell uses > > > > TCP and UDP are both used by NetWare 5.1 and NetWare 6.0 for > > Pure IP > > connectivity. The following ports are used for communication. > > > > TCP 524 - NCP Requests - Source port will be a high port > > (1024-65535) > > UDP 524 - NCP for time synchronization - Source port will be a > > high port > > UDP 123 - NTP for time synchronization - Source port will be > > the same > > UDP 427 - SLP Requests - Source port will be the same (427) > > TCP 427 - SLP Requests - Source port will be the same (427) > > TCP 2302 - CMD - Source port will be a high port > > UDP 2645 - CMD - Source port will be the same (2645) > >I thought I would add to this the decoding of the acronyms: > >NCP sort of obviously NetWare Core Protocol, the classic client/server >protocol that Novell has used for almost 20 years. > >SLP is for Service Location Protocol, a protocol for finding services that >may catch on, although admittedly it is mostly Novell and Apple making a big >deal of it. RFC 2608 defines the current version of SLP, version 2. I think >I read somewhere that Novell uses the older version. It's defined int RFC >2165. They use different multicast addresses which could be an issue. > >CMD is the Novell Compatibility Mode Protocol. I knew it used UDP port 2645. >I hadn't heard of it using TCP port 2302. > >Note that all of these ports might not be necessary for every implementation. > >The original poster needs to tell us what his problem is, if anything. Maybe >he was just getting info. > >Priscilla > > > > > Not bad for "junk" as you call it. > > > > ----- Original Message ----- > > From: "Brian Zeitz" > > To: > > Sent: Tuesday, August 13, 2002 2:02 PM > > Subject: RE: Cisco PIX & Novell [7:51303] > > > > > > > Usually people set up a web interfaces for this. I don't > > really know the > > > Novell Junk, but I would start by upgrading the client to > > Novell 6, if > > > you even want to attempt VPN, if that's what you are trying > > to do. > > > > > > If the server is on the DMZ, you want cut though proxy > > (probably doesn't > > > work with Novell). If you server is on the internet, you > > don't want to > > > transmit your passwords over the internet in clear text so > > you need VPN. > > > > > > Save yourself a lot of headaches and trouble and switch to > > Microsoft or > > > Unix. > > > > > > -----Original Message----- > > > From: John Chang [mailto:[EMAIL PROTECTED]] > > > Sent: Tuesday, August 13, 2002 1:24 PM > > > To: [EMAIL PROTECTED] > > > Subject: Cisco PIX & Novell [7:51303] > > > > > > We have a Cisco PIX 525. The Novell 5.1 user/client is > > behind the > > > firewall. The server is outside the firewall. What do I > > need to do > > > make > > > the client be able to sign into the server? We have it > > configured so > > > that > > > anyone in the inside can do any ip to the outside? The > > Netware client > > > is > > > set to use IP as the preferred method. Thank you. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=51355&t=51303 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]