Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Inside server edirectory novell to appear outside with out NAT.

Dear All,

I need to solve the following issue asap.

PIX inside network

Server edirectory

server proxy

PIX outside net

PIX outside int

Static nated for edir svr --

static nated for proxy --

Access-group outin in inter outside

access-list outin permit ip any any

Client novell client not able to login from outside

In Client PC c:\netstat -n

source --3320 524 syn_wait

source -3321 389 syn-wait

There is no established

Even after the full access to the servers not working.

Final reply from novell the server would not work with NAT.

We have to completely remove the nat FOR THE SERVERS.

Please tell me how to pass the inside svr goes outside tramparantly with out nat with only routing.



Cisco Employee

Re: Inside server edirectory novell to appear outside with out N

If you can use the Public IP Address directly in the server, i have an option :-)

ex if you want to give a public IP Address to the novell server

Than the following configuration will work

access-list outside-to-inside permit ip any (you can configure it specific to port)

access-list nonat permit ip any

nat(inside) 0 access-list nonat

access-group outside-to-inside in interface outside

Note : if you have an DMZ interface than it is always better to move the novell server to the DMZ zone and use nonat from both inside and outside.

i dont understand that novell not supporting NAT. is it not using RFC compliant protocol ?

Can you pls give more information on that!

Community Member

Re: Inside server edirectory novell to appear outside with out N

Dear ,

I believe that this has been already done.The server is kept in dmz and the internal users are accessing this server with no nat but the outside users when accessing it even the public mapping only the novell client can not access it but all other hosts can access any services running on this server.

now novell want me to open the fw as the pure routing device with out any nating to dmz to out and static nat from out to server like staffs.

please gine the cmds for the both side no nat commands i mean from dmz server to outside and outside to dmz server with no nat.

Client does't like to go for the router to connect the server with 2nd interface network as the outside .


Hall of Fame Super Blue

Re: Inside server edirectory novell to appear outside with out N

Hi Swami

Can you confirm what IP address you have assigned to the server. Is it using a public IP address ie. is it's ip address assigned to it's NIC routable on the internet. If it isn't and it using a private IP address you cannot turn off NAT as no one from the outside will be able to access it.


CreatePlease to create content