VPN Client: IPX WAN Negotiation Failed
(Last modified: 02Jan2003)
This document (10011001) is provided subject to the disclaimer at the end of this document.
goal
VPN Client: IPX WAN Negotiation Failed
fact
Novell BorderManager 3.x
symptom
Error: "Failed IPX WAN Negotiation"
fix
Troubleshooting:
Verify that Client workstation has the following protocols bound to the Novell Virtual Private Adapter: IPX 32-bit Protocol, IPX/SPX, and TCP/IP
If four adapters have already been configured, Novell VPN Adapter will not bind. It will be necessary to remove one of the other adapters
VPN Client: IPX WAN Negotiation Failed under the "Advanced Options" setting of the IPX 32-bit Protocol for the Novell VPN Adapter
REASON: The following items have not been specified: Primary Logical Board and Frame Types.
-------------
Troubleshooting:
1. Verify that VPN was installed properly on the BorderManager server review Configuration information in VPNCFG.nlm verify that Client to Site VPN was configured by reviewing information in NWADMN32, BorderManager Setup, VPN tab.
2. View the output from CONFIG, on the System Console.
IPX should be bound to the PPP Remote Node Service (VPN Tunnel Interface). IPX network address will indicate: 00000000.
IPX is not bound to the interface
Review the NETINFO.cfg, verify that the bind command is listed.
If the bind command is listed, then try binding at the System Console with the following command:
"Bind IPX VPTunnel"
(VPTunnel must be loaded before the bind statement is used).
-------------
Review the "WAN Client IPX Network Address" that has been entered in the Client to Site VPN settings - compare that with the output from "Display Networks" at the System Console.
The "Display Networks" does not indicate this network segment (The VPN
Network segment should have been displayed with a "hop" count of 11).
---------------
Internal IPX Routing Tables did not have correct information regarding the VPN Network segment.
Unload and reload IPXRTR.nlm on the BorderManager server to reset the internal IPX
Routing tables.
To do this, it was necessary to unload and reload IPXRTRNM.nlm
-------------
Verify that IPXRTR is loaded with a routing protocol of RIP/SAP
INTECFG --->Protocols ---->IPX --->Routing Protocol
This can also be set in the AUTOEXEC.NCF
-------------
BorderManager VPN server is to be used behind a third-party firewall
Must allow VPN packets destined to TCP and UDP port 353, UDP port 2010, and TCP port 213 with a protocol ID of 57 to pass through the firewall.
Example:
Cisco Routers that are using access lists will need to add the following to the access list.
permit 57 any host [AddressOfBorderManagerPublicInterface]
document
| Document Title: | VPN Client: IPX WAN Negotiation Failed |
| Document ID: | 10011001 |
| Solution ID: | 3.0.328778.2205046 |
| Creation Date: | 26Jun1999 |
| Modified Date: | 02Jan2003 |
| Novell Product Class: | NetWare Novell BorderManager Services |
disclaimer
The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.