Inside server edirectory novell to appear outside with out NAT.

Unanswered Question
May 5th, 2007

Dear All,

I need to solve the following issue asap.

PIX inside network

Server edirectory

server proxy

PIX outside net

PIX outside int

Static nated for edir svr --

static nated for proxy --

Access-group outin in inter outside

access-list outin permit ip any any

Client novell client not able to login from outside

In Client PC c:\netstat -n

source --3320 524 syn_wait

source -3321 389 syn-wait

There is no established

Even after the full access to the servers not working.

Final reply from novell the server would not work with NAT.

We have to completely remove the nat FOR THE SERVERS.

Please tell me how to pass the inside svr goes outside tramparantly with out nat with only routing.



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
krir Sat, 05/05/2007 - 21:44

If you can use the Public IP Address directly in the server, i have an option :-)

ex if you want to give a public IP Address to the novell server

Than the following configuration will work

access-list outside-to-inside permit ip any (you can configure it specific to port)

access-list nonat permit ip any

nat(inside) 0 access-list nonat

access-group outside-to-inside in interface outside

Note : if you have an DMZ interface than it is always better to move the novell server to the DMZ zone and use nonat from both inside and outside.

i dont understand that novell not supporting NAT. is it not using RFC compliant protocol ?

Can you pls give more information on that!

arumugasamy Wed, 05/16/2007 - 04:15

Dear ,

I believe that this has been already done.The server is kept in dmz and the internal users are accessing this server with no nat but the outside users when accessing it even the public mapping only the novell client can not access it but all other hosts can access any services running on this server.

now novell want me to open the fw as the pure routing device with out any nating to dmz to out and static nat from out to server like staffs.

please gine the cmds for the both side no nat commands i mean from dmz server to outside and outside to dmz server with no nat.

Client does't like to go for the router to connect the server with 2nd interface network as the outside .


Jon Marshall Wed, 05/16/2007 - 04:38

Hi Swami

Can you confirm what IP address you have assigned to the server. Is it using a public IP address ie. is it's ip address assigned to it's NIC routable on the internet. If it isn't and it using a private IP address you cannot turn off NAT as no one from the outside will be able to access it.



This Discussion