Which concentrator are you referring to? The 3000? Cisco says the 3000 doesn't support IPX.
-----Original Message----- From: Christopher Dumais [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 14, 2002 2:03 PM To: [EMAIL PROTECTED] Subject: RE: Cisco PIX & Novell [7:51303] We have done some testing through this same concentrator. If you do not have SLP implemented on your NW5.x environment, you need to put the IP address of your logon server in the preferred server filed of the client. Your client need to be set up for IP/IPX or just IP for this to work. IP only works faster. We were able to successfully logon, access files, and print through the concentrator. Hope this helps! Chris Dumais, CCNP, CNA Sr. Network Administrator NSS Customer and Desktop Services Team Maine Medical Center (207)871-6940 [EMAIL PROTECTED] >>> "Priscilla Oppenheimer" 8/14/02 1:37:17 PM >>> Brian Zeitz wrote: > > He may need to encapsulate the IPX into TCP/IP. Cisco only > supports IP > on the VPN3000 concentrator. Maybe a good test question for us > taking > the CSS1 exams. The VPN 5000 will support IPX. > > It might be a good design question to see if the test-taker can analyze user requirements. He didn't say anything about having a VPN concentrator. In fact, he's not trying to do a VPN, I don't think. He's just trying to get ordinary client/server traffic to work through the PIX 525. Also, he's using IP, not IPX. On the other hand, I have to somewhat agree with some of your other message about NetWare being overly complex and requiring too much tinkering to get it working. I tried to find an answer to the actual question on the Novell Web site and the servers were excruciatingly slow to start with and there was nothing useful on the particular question (of getting NetWare client to talk to NetWare 5.1 server with IP as the preferred method across a PIX firewall). The original poster said that the client talks to a Directory Agent (DA) first. This implies that Service Location Protocol (SLP) is in use, but that multicasts are not required for finding services. A DA minimizes the requirement for multicasts. SLP user and service agents can find the DA via multicast, (if they don't hear from it first), but once they do find the DA, they can send unicasts directly to the DA. It sounds like the client is finding the DA fine and the DA is giving the client a server to use, but then the failure occurs. Is there a way for him to avoid SLP and specify the actual server? Can't he just do this with an IP address (or name assuming DNS is working?) I noticed that Chuck Church is back. (Yeah!) Maybe he can help? :-) Thanks Priscilla Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=51384&t=51384 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
