Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Novell Server can't reach outside?

Hello and thanks for your time in advance.

I'm replacing a Watchguard firewall w/a 501 for a customer. We have only 1 public ip address(DSL). Using pat all clients can surf the web. There is a functional conduit into the firewall to an ftp server. The only problem is with the Novell server. It can reach the inside but cannot reach the outside int of the 501. It does fine with the firewall that's already there. I'm using the same ip for both firewalls (just switching them temporarily to test), clearing arp cache as I go,yet the server will not get through the 501. Any ideas PLEASE?

As a side note..if

"static (inside, outside) x.x.x.x 10.0.20.10 "(for incoming mail to the Novell box) is used all outbound traffic will cease through the 501 until the reload command is issued. Thanks again.

6 REPLIES
New Member

Re: Novell Server can't reach outside?

Hmmm.

Kinda sounds like a PAT global problem.

So you put in the PAT command and all clients can issue successful requests to the outside world? Including the Novell server ( I realize you can't exactly web browse from a novell box..) but can you ping an outside IP address from the Novell server before you put the static command in place? The ftp server is completely ok. Give more details if possible, we'll help get you there...

New Member

Re: Novell Server can't reach outside?

Here's the config:

nameif ethernet0 outside security0

nameif ethernet1 inside security100

enable password /F.u.pU7VSgK.2I3 encrypted

passwd 2KFQnbNIdI.2KYOU encrypted

hostname pix

domain-name ted.net

fixup protocol ftp 21

fixup protocol http 80

fixup protocol h323 1720

fixup protocol rsh 514

fixup protocol rtsp 554

fixup protocol smtp 25

fixup protocol sqlnet 1521

fixup protocol sip 5060

fixup protocol skinny 2000

names

pager lines 24

interface ethernet0 10baset

interface ethernet1 10full

mtu outside 1500

mtu inside 1500

ip address outside 205.25.2.115 255.255.255.252

ip address inside 10.0.20.2 255.255.255.0

ip audit info action alarm

ip audit attack action alarm

pdm history enable

arp timeout 14400

global (outside) 5 interface

nat (inside) 5 0.0.0.0 0.0.0.0 0 0

route outside 0.0.0.0 0.0.0.0 205.25.2.115 1

timeout xlate 3:00:00

timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h323 0:05:00 si

p 0:30:00 sip_media 0:02:00

timeout uauth 0:05:00 absolute

aaa-server TACACS+ protocol tacacs+

aaa-server RADIUS protocol radius

http server enable

http 10.0.20.83 255.255.255.255 inside

no snmp-server location

no snmp-server contact

snmp-server community public

no snmp-server enable traps

no floodguard enable

no sysopt route dnat

telnet timeout 5

ssh timeout 5

terminal width 80

All clients can get out with http or icmp. The novell server(unfortunately serves mail) cannot get out at all. The furthest the Novell box goes is the internal 501 int, even before the static command. The static command does not block all traffic when pointing to another internal host, only the Novell box.

I've since tried setting the internal ip(501) to 10.0.20.3 and then setting the default route in tcpcon on the Novell box to the same but w/no results. I'd love to blame the Novell server but the watchgaurd box lets it all through.

Thanks for the time.

New Member

Re: Novell Server can't reach outside?

I really hope that the IP Addresses and passwords listed are dummy ones that replaced the actual ones.

It's customary to use obviously invalid IPs, like 1.1.1.1 or 10.10.10.10, to ensure no one acquires knowledge of the network that is not for public consumption.

Same thing with passwords: Use obvious password replacements, like or . Even though these are scrambled, it is not secure.

Regarding the problem, can you tell if a translation slot was opened? Do a SH CONN LOCAL 1.1.1.1, where 1.1.1.1 is the inside Novell address. You can also enable some logging to a syslog server while you try to connect and search through to find the transactions between the PIX and Novell server to see what the deal is.

New Member

Re: Novell Server can't reach outside?

Yes, they are dummy ips and dns names. And thanks for the concern. I can use "debug icmp trace", then ping an external ip from a client and the console shows the traffic. Pinging the same ext. address from the server yields no result on the console. Pinging the internal interface from the server will show on the console. Does that help much? I keep finding articles about Novell IP not working well with NAT but mainly for client/server communications(login, file sharing, etc.). I just need smtp to and from this box.

Any suggestions are appreciated. Thanks again.

New Member

Re: Novell Server can't reach outside?

ip address outside 205.25.2.115 255.255.255.252

route outside 0.0.0.0 0.0.0.0 205.25.2.115 1

Shouldn't you be routing to the next hop in line. ie

route outside 0.0.0.0 0.0.0.0 205.25.2.114 or something like that?

ie the next hop to your ISP or something like that?

My config is completely different there.

I have ip address outside XXXXXX

and a "next hop" router in line to route all traffic to...

New Member

Re: Novell Server can't reach outside?

Yes. I apologize, my paranoia was not well thought out. The default route as well as the ips are different so I was reckless in the typing. It's as you guessed(let's say 205.25.2.114).

102
Views
0
Helpful
6
Replies