VPN from WinXP thru Pix515 to Netware6 LAN

[gillis]

Hi,

I have a VPN connection happening between remote WinXP laptop and our Pix515; I can see Windows shared resources "inside" on the Novell LAN but cannot do any more. Is there some configuration necessary on the Novell LAN to allow me to browse or map drives / login, etc...?

We are running IP on the server.

Thanks greatly!

gillis

 

[Psychoid]

I need you to clear something up here...
You claim that you can see Windows shares on a Novell LAN.
The only way that this is possible is if you're using Native File Access on your NetWare 6 server. Is that the case?

I'll assume that you're using NetWare 6 and have Native File Access (CIFS). In that case there are three ways to get to your files: VPN, NetWare Web Services, iFolder & NetStorage clients

1) If you're using a PIX, I'll assume that you're also using the Cisco VPN client. In the client options/preferences, you can choose to open your VPN tunnel before logging in. This will enable you to establish your tunnel then log into the NDS tree using the Novell client. You should then pick up all of your drive mappings, etc
2) Using NetWare 6 Web Services, you can get to your files without using ANY VPN client. This is accomplished securely using SSL.
3) Using the iFolder and NetStorage clients is my preferred solution. I can get to my files from anywhere without using a VPN client. Again, this is secured with SSL and NDS authentication/public key encryption. I've found that this is the best solution for typical users because VPN clients can be intimidating when they don't work right.

Hope that info helps


------------
Bill
Consultant / Network Engineer
CNE, CCNA

 

[gillis]

I'm not sure about the NFA (CIFS) stuff; however, from inside the LAN, if a PC is "sharing" resources, I can browse to it using Network Neighborhood, Entire Network...

Yesterday when connecting with the VPN client, I was able to "see" those workgroups who were "sharing" resources on the LAN from the remote laptop. Today for some reason I can't. Not sure what happened there.

Upon connecting I have a status screen that tells me Local LAN Access is disabled, even though in the Properties it acknowledges that I have it checked??? The status screen tells me I'm connected but that's about it. I can't ping anything inside from the remote, nor can I ping the dynamically assigned remote IP from my desktop inside the LAN.

The Cisco tech. had mentioned a possible need for DNS config. on the Novell server. Is that possibly what's stopping me?

Thanks for any ideas... gillis

 

[Psychoid]

Ok. Thanks for clearing that up.
I seriously doubt that this is a Novell issue since your shares aren't on any NetWare servers.

I also highly doubt that this is a DNS issue..... WINS I would believe.

You should not have the local LAN function turned on unless you are also accessing a home network from your workstation.

The root of your problem, though, sounds like you can't resolve names. For some reason, the Cisco VPN client gets really flaky when resolving NetBIOS names. I've seen this before with the Cisco VPN client & the best fix always seems to be the use of a LMHOSTS file.

What you want to do is:
1)go to c:\winnt\system32\drivers\etc and open the LMHOSTS.SAM file in Notepad.
2) Add an entry for each machine that you'll need access to. The syntax is IPADDRESS NAME
3)Save the file as LMHOSTS (without the SAM extension)
4) Open your network settings, TCPIP, Advanced, WINS & check the box called "enable LMHOSTS lookup"
5) Close all windows & reboot your computer.

Good luck

------------
Bill
Consultant / Network Engineer
CNE, CCNA

 

[gillis]

Thanks Bill,

I tried a different PC at home and successfully got a more recent VPN client installed and connected. Once in I can ping the IP of the server; however, the Novell login can't "see" the tree or any server.

I agree with your comment about it being a name resolution issue but I've created LMHosts and Host files but that doesn't seem to solve it.

??

gillis

 

[gillis]

Bill, thanks for your help and ideas. The host files I created must have kicked in - finally got a successful Novell logon today. Everything seems to be working for the moment.

I appreciate your assistance.

Jerry Giles

 

[Psychoid]

The Novell login problem could have been caused by an SLP issue. You may need to put the IP address of your DA into your Novell client.

If you need help with this, let me know.

------------
Bill
Consultant / Network Engineer
CNE, CCNA

 

[gillis]

Yes, I need help! Looked up the acronyms so I at least know what you're referring to; however, haven't a clue 1) how it might affect this situation or 2) how to implement it.

thanks,

Jerry

 

[Psychoid]

Many people don't know about SLP, so don't feel bad.

SLP is used for finding services on the network

Here is an excellent document on how to set up SLP on your NetWare boxes/NDS tree

http://www.novell.com/documentation...mentation/lg/nw6p/scommenu/data/hg2i9c88.html

Follow the documentation and you should be OK.

It's often necessary to specify the SLP DA in your Novell client's properties. In order to do this, right click on the big red N in your systray, choose Novell Client Properties, Go to Service Location, put in the DA's IP address, then reboot your PC.

If you run into any troubles, there are plenty of people here who can help.

Good luck

------------
Bill
Consultant / Network Engineer
CNE, CCNA

 

[renewennekes]

I have the sampe problem. Cannot make a connection with a Novell 4.83 (sp1/sp2) client with 2000/xp or thru the explorer.

We have two local networks (only tcp/ip) thru VPN over the Internet.

Connection to Microsoft hosts, printer and server are working and also is it possible to transfer files from or to the Netare 6 server thru FTP.

But we can simply not use the client or see the NW6 server on the network area in the browser.

With kind regards,

Rene