Can't Access BorderManager Server over Client-Site VPN - Dec. 18, 2004

For a long time, there has been an issue accessing the private IP address of a BorderManager server when you connect to that server via Client-Site VPN. The issue is related to NAT, and you can easily test by disabling NAT on the BorderManager server, and making a Client-Site VPN connection to it. Suddenly you can access the server's private IP address. Of course you may not be able to use the server with NAT disabled in many environments, so a solution is needed that allows NAT to work.

Prior to BorderManager 3.8, there was a simple fix, which I have shown in my BorderManager 3.x book - static NAT the private IP address to itself. One does this by going into the NAT configuration for the public IP address, specifying Static and Dynamic NAT, and adding a static NAT mapping of the private IP address to the private IP address. You get an error message when saving this, but it is fine.

Problem is that trick didn't work for BorderManager 3.8 servers, or at least did not work for most of them. I had one client who says he fixed the issue by backrevving NAT.NLM to the version that shipped with NW 6.5, and using the static NAT trick.

Now, there is a new solution from Novell, requiring NW65SP3. (Currently beta B1NW65SP3.EXE as of this writing). Using the NAT.NLM from that patch, and (I think) coupled with the TCPIP files from that patch is reported to fix the problem. I do not know the status of a fix for NW 5.1 or 6.0 servers, but it may be that the NAT.NLM alone work on those servers, perhaps also if the static NAT mapping to itself trick is used.



Return to the Main Page