Inside server edirectory novell to appear outside with out NAT.

arumugasamy · ‎05-05-2007

Dear All,

I need to solve the following issue asap.

PIX inside network 192.168.2.0/24

Server edirectory 192.168.2.10

server proxy 192.168.2.9

PIX outside net 10.10.2.0/24

PIX outside int 10.10.2.1/24

Static nated for edir svr 192.168.2.10 --10.10.2.10

static nated for proxy 192.168.2.9 -- 10.10.2.9

Access-group outin in inter outside

access-list outin permit ip any any

Client novell client not able to login from outside

In Client PC c:\netstat -n

source 10.10.2.100 --3320 10.10.2.10 524 syn_wait

source 10.10.2.100 -3321 10.10.2.10 389 syn-wait

There is no established

Even after the full access to the servers not working.

Final reply from novell the server would not work with NAT.

We have to completely remove the nat FOR THE SERVERS.

Please tell me how to pass the inside svr goes outside tramparantly with out nat with only routing.

Thnaks

swami

krir · ‎05-05-2007

If you can use the Public IP Address directly in the server, i have an option :-)

ex if you want to give a public IP Address 10.10.2.3 to the novell server

Than the following configuration will work

access-list outside-to-inside permit ip any 10.10.2.3 (you can configure it specific to port)

access-list nonat permit ip any 10.10.2.3

nat(inside) 0 access-list nonat

access-group outside-to-inside in interface outside

Note : if you have an DMZ interface than it is always better to move the novell server to the DMZ zone and use nonat from both inside and outside.

i dont understand that novell not supporting NAT. is it not using RFC compliant protocol ?

Can you pls give more information on that!

arumugasamy · ‎05-16-2007

Dear ,

I believe that this has been already done.The server is kept in dmz and the internal users are accessing this server with no nat but the outside users when accessing it even the public mapping only the novell client can not access it but all other hosts can access any services running on this server.

now novell want me to open the fw as the pure routing device with out any nating to dmz to out and static nat from out to server like staffs.

please gine the cmds for the both side no nat commands i mean from dmz server to outside and outside to dmz server with no nat.

Client does't like to go for the router to connect the server with 2nd interface network as the outside .

swami

Jon Marshall · ‎05-16-2007

Hi Swami

Can you confirm what IP address you have assigned to the server. Is it using a public IP address ie. is it's ip address assigned to it's NIC routable on the internet. If it isn't and it using a private IP address you cannot turn off NAT as no one from the outside will be able to access it.

Jon