05-05-2007 12:14 PM - edited 03-11-2019 03:09 AM
Dear All,
I need to solve the following issue asap.
PIX inside network 192.168.2.0/24
Server edirectory 192.168.2.10
server proxy 192.168.2.9
PIX outside net 10.10.2.0/24
PIX outside int 10.10.2.1/24
Static nated for edir svr 192.168.2.10 --10.10.2.10
static nated for proxy 192.168.2.9 -- 10.10.2.9
Access-group outin in inter outside
access-list outin permit ip any any
Client novell client not able to login from outside
In Client PC c:\netstat -n
source 10.10.2.100 --3320 10.10.2.10 524 syn_wait
source 10.10.2.100 -3321 10.10.2.10 389 syn-wait
There is no established
Even after the full access to the servers not working.
Final reply from novell the server would not work with NAT.
We have to completely remove the nat FOR THE SERVERS.
Please tell me how to pass the inside svr goes outside tramparantly with out nat with only routing.
Thnaks
swami
05-05-2007 09:44 PM
If you can use the Public IP Address directly in the server, i have an option :-)
ex if you want to give a public IP Address 10.10.2.3 to the novell server
Than the following configuration will work
access-list outside-to-inside permit ip any 10.10.2.3 (you can configure it specific to port)
access-list nonat permit ip any 10.10.2.3
nat(inside) 0 access-list nonat
access-group outside-to-inside in interface outside
Note : if you have an DMZ interface than it is always better to move the novell server to the DMZ zone and use nonat from both inside and outside.
i dont understand that novell not supporting NAT. is it not using RFC compliant protocol ?
Can you pls give more information on that!
05-16-2007 04:15 AM
Dear ,
I believe that this has been already done.The server is kept in dmz and the internal users are accessing this server with no nat but the outside users when accessing it even the public mapping only the novell client can not access it but all other hosts can access any services running on this server.
now novell want me to open the fw as the pure routing device with out any nating to dmz to out and static nat from out to server like staffs.
please gine the cmds for the both side no nat commands i mean from dmz server to outside and outside to dmz server with no nat.
Client does't like to go for the router to connect the server with 2nd interface network as the outside .
swami
05-16-2007 04:38 AM
Hi Swami
Can you confirm what IP address you have assigned to the server. Is it using a public IP address ie. is it's ip address assigned to it's NIC routable on the internet. If it isn't and it using a private IP address you cannot turn off NAT as no one from the outside will be able to access it.
Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide