If you believe any of this, you can spend $1.50 and own some of the Novell Company (stock market). About the cost of a candy bar? My experience with Novell you need to spend a lot of effort to get anything to work, and there support is non-existant. I have heard of even hardcore Novell shops switch to a different OS, after trying Novell 5 with horror stories. Everything about Novell works with broadcasts that flood the network. They are considered a step up from Apple networks though, in the unnecessary traffic they create. Recently, I was told I needed to make a VPN connection to another company using ADSL, the problem is that Novell Client will not work with ADSL. It may work now in Novell 6 client. There was a long laundry list of "work arounds", and modifications you had to do to get it running. I really don't have this kind of patience, so I think they dropped the idea of getting a VPN connection into Novell. Some of the fixes were playing games with the MTU size to get it to work. The problem with that, is the rest of my network is using the ADSL line.
I think you will find issues with using Pix Firewall with Novell. Novell requires so many modifications to make it work, that you will compromise performance and security (i.e. "compatability mode), if you can get it to work at all. With major security Vulnerabilities like "Denial of Service" issues with the Novell VPN. I find a lot of people like Novell (and other obsolete OS's) because they have good memories of running the 3.xx box on a 386. Maybe back then it was worth mentioning. Now, it is full of security holes, and bugs that are in the Novell OS which no one bothers to fix. At this point, they are just struggling to keep the lights on at Novell. Novell got IPX from Xerox anyway, not so innovating at all. -----Original Message----- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 13, 2002 7:35 PM To: [EMAIL PROTECTED] Subject: Re: Cisco PIX & Novell [7:51303] Not junk at all. :-) I think it's impressive that Novell continues to innovate. Comments below: Don Queen wrote: > > What version of Netware are you running on the server? If it 5 > or 6, it's > native IP, so basically you're sending IP traffic out of the > Pix, which > should work. It sound as if your problem may be with the packet > actually > coming back into the Pix. Do you have any rules that may be > preventing the > server from responding back to the client? Here is the > information from > Novell's website listing the port that Novell uses > > TCP and UDP are both used by NetWare 5.1 and NetWare 6.0 for > Pure IP > connectivity. The following ports are used for communication. > > TCP 524 - NCP Requests - Source port will be a high port > (1024-65535) > UDP 524 - NCP for time synchronization - Source port will be a > high port > UDP 123 - NTP for time synchronization - Source port will be > the same > UDP 427 - SLP Requests - Source port will be the same (427) > TCP 427 - SLP Requests - Source port will be the same (427) > TCP 2302 - CMD - Source port will be a high port > UDP 2645 - CMD - Source port will be the same (2645) I thought I would add to this the decoding of the acronyms: NCP sort of obviously NetWare Core Protocol, the classic client/server protocol that Novell has used for almost 20 years. SLP is for Service Location Protocol, a protocol for finding services that may catch on, although admittedly it is mostly Novell and Apple making a big deal of it. RFC 2608 defines the current version of SLP, version 2. I think I read somewhere that Novell uses the older version. It's defined int RFC 2165. They use different multicast addresses which could be an issue. CMD is the Novell Compatibility Mode Protocol. I knew it used UDP port 2645. I hadn't heard of it using TCP port 2302. Note that all of these ports might not be necessary for every implementation. The original poster needs to tell us what his problem is, if anything. Maybe he was just getting info. Priscilla > > Not bad for "junk" as you call it. > > ----- Original Message ----- > From: "Brian Zeitz" > To: > Sent: Tuesday, August 13, 2002 2:02 PM > Subject: RE: Cisco PIX & Novell [7:51303] > > > > Usually people set up a web interfaces for this. I don't > really know the > > Novell Junk, but I would start by upgrading the client to > Novell 6, if > > you even want to attempt VPN, if that's what you are trying > to do. > > > > If the server is on the DMZ, you want cut though proxy > (probably doesn't > > work with Novell). If you server is on the internet, you > don't want to > > transmit your passwords over the internet in clear text so > you need VPN. > > > > Save yourself a lot of headaches and trouble and switch to > Microsoft or > > Unix. > > > > -----Original Message----- > > From: John Chang [mailto:[EMAIL PROTECTED]] > > Sent: Tuesday, August 13, 2002 1:24 PM > > To: [EMAIL PROTECTED] > > Subject: Cisco PIX & Novell [7:51303] > > > > We have a Cisco PIX 525. The Novell 5.1 user/client is > behind the > > firewall. The server is outside the firewall. What do I > need to do > > make > > the client be able to sign into the server? We have it > configured so > > that > > anyone in the inside can do any ip to the outside? The > Netware client > > is > > set to use IP as the preferred method. Thank you. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=51363&t=51303 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
