I understand your point. As I stated they were behind on Internet connectivity. I wouldn't recommend trying to run IPX over any WAN link, ADSL, Frame-relay,etc. However the problem that I see is that clients will not upgrade their NetWare servers to the latest version and use IP instead of IPX. As I stated before, if the servers are running IP, than the Pix should not have a problem with allowing connections through it to the server.
As for your VPN issues, have you attempted to access a NT 4.0 server with Microsoft's VPN client running on Windows 95 or 98? It's very difficult to do. However making a VPN connection with a W2K server with W2K pro or XP is a whole lot easier. If the server you were attempting to connect to was not running IP and using BorderManager, than yes it's nearly impossible to make this work do due to the Novell client problems with PPPoE. I'm certified in both Microsoft and Novell, so I try to be as unbiased as possible since both platforms have their advantages and disadvantages. Donald R. Queen CCNP,CCA,CNE5, MCSE Baker Robbins & Company Technology Consultants Knowledge, Solutions, Partnership ----- Original Message ----- From: "Brian Zeitz" To: Sent: Wednesday, August 14, 2002 10:56 AM Subject: RE: Cisco PIX & Novell [7:51303] > If you believe any of this, you can spend $1.50 and own some of the > Novell Company (stock market). About the cost of a candy bar? My > experience with Novell you need to spend a lot of effort to get anything > to work, and there support is non-existant. I have heard of even > hardcore Novell shops switch to a different OS, after trying Novell 5 > with horror stories. Everything about Novell works with broadcasts that > flood the network. They are considered a step up from Apple networks > though, in the unnecessary traffic they create. Recently, I was told I > needed to make a VPN connection to another company using ADSL, the > problem is that Novell Client will not work with ADSL. It may work now > in Novell 6 client. There was a long laundry list of "work arounds", and > modifications you had to do to get it running. I really don't have this > kind of patience, so I think they dropped the idea of getting a VPN > connection into Novell. Some of the fixes were playing games with the > MTU size to get it to work. The problem with that, is the rest of my > network is using the ADSL line. > > I think you will find issues with using Pix Firewall with Novell. Novell > requires so many modifications to make it work, that you will compromise > performance and security (i.e. "compatability mode), if you can get it > to work at all. With major security Vulnerabilities like "Denial of > Service" issues with the Novell VPN. > > I find a lot of people like Novell (and other obsolete OS's) because > they have good memories of running the 3.xx box on a 386. Maybe back > then it was worth mentioning. Now, it is full of security holes, and > bugs that are in the Novell OS which no one bothers to fix. At this > point, they are just struggling to keep the lights on at Novell. > > Novell got IPX from Xerox anyway, not so innovating at all. > > > > > -----Original Message----- > From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, August 13, 2002 7:35 PM > To: [EMAIL PROTECTED] > Subject: Re: Cisco PIX & Novell [7:51303] > > Not junk at all. :-) I think it's impressive that Novell continues to > innovate. Comments below: > > Don Queen wrote: > > > > What version of Netware are you running on the server? If it 5 > > or 6, it's > > native IP, so basically you're sending IP traffic out of the > > Pix, which > > should work. It sound as if your problem may be with the packet > > actually > > coming back into the Pix. Do you have any rules that may be > > preventing the > > server from responding back to the client? Here is the > > information from > > Novell's website listing the port that Novell uses > > > > TCP and UDP are both used by NetWare 5.1 and NetWare 6.0 for > > Pure IP > > connectivity. The following ports are used for communication. > > > > TCP 524 - NCP Requests - Source port will be a high port > > (1024-65535) > > UDP 524 - NCP for time synchronization - Source port will be a > > high port > > UDP 123 - NTP for time synchronization - Source port will be > > the same > > UDP 427 - SLP Requests - Source port will be the same (427) > > TCP 427 - SLP Requests - Source port will be the same (427) > > TCP 2302 - CMD - Source port will be a high port > > UDP 2645 - CMD - Source port will be the same (2645) > > I thought I would add to this the decoding of the acronyms: > > NCP sort of obviously NetWare Core Protocol, the classic client/server > protocol that Novell has used for almost 20 years. > > SLP is for Service Location Protocol, a protocol for finding services > that > may catch on, although admittedly it is mostly Novell and Apple making a > big > deal of it. RFC 2608 defines the current version of SLP, version 2. I > think > I read somewhere that Novell uses the older version. It's defined int > RFC > 2165. They use different multicast addresses which could be an issue. > > CMD is the Novell Compatibility Mode Protocol. I knew it used UDP port > 2645. > I hadn't heard of it using TCP port 2302. > > Note that all of these ports might not be necessary for every > implementation. > > The original poster needs to tell us what his problem is, if anything. > Maybe > he was just getting info. > > Priscilla > > > > > Not bad for "junk" as you call it. > > > > ----- Original Message ----- > > From: "Brian Zeitz" > > To: > > Sent: Tuesday, August 13, 2002 2:02 PM > > Subject: RE: Cisco PIX & Novell [7:51303] > > > > > > > Usually people set up a web interfaces for this. I don't > > really know the > > > Novell Junk, but I would start by upgrading the client to > > Novell 6, if > > > you even want to attempt VPN, if that's what you are trying > > to do. > > > > > > If the server is on the DMZ, you want cut though proxy > > (probably doesn't > > > work with Novell). If you server is on the internet, you > > don't want to > > > transmit your passwords over the internet in clear text so > > you need VPN. > > > > > > Save yourself a lot of headaches and trouble and switch to > > Microsoft or > > > Unix. > > > > > > -----Original Message----- > > > From: John Chang [mailto:[EMAIL PROTECTED]] > > > Sent: Tuesday, August 13, 2002 1:24 PM > > > To: [EMAIL PROTECTED] > > > Subject: Cisco PIX & Novell [7:51303] > > > > > > We have a Cisco PIX 525. The Novell 5.1 user/client is > > behind the > > > firewall. The server is outside the firewall. What do I > > need to do > > > make > > > the client be able to sign into the server? We have it > > configured so > > > that > > > anyone in the inside can do any ip to the outside? The > > Netware client > > > is > > > set to use IP as the preferred method. Thank you. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=51409&t=51303 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
