on 04-07-2010 12:12 PM
Hi Guys,
i have configured SAP router on a seprate host.
i have 1 public ip( 94.49....) and one private ip (10.100.3.20).
telnet to 194.39.131.34 is giving a blank screen.
output for Niping
C:\saprouter>niping -c -O -S 3200 -H 10.100.3.14 ---> this is my SOLMAN
Wed Apr 07 07:48:27 2010
connect to server o.k.
send 10 messages (len 1000)
-
times -
avg 0 usecs
max 0 usecs
min 0 usecs
bw 1.#J kb/sec
excluding max and min:
av2 0 usecs
bw2 1.#J kb/sec
but i cant niping to 10.100.3.15( sandbox)
in sm59 RFC is working fine and market place also connections are made.
i have sonic firewall at 10.100.3.1 which is has access rule source( any) destination(any) service(any) action(allow).
but when SAP is trying to connect to my SOLMAN they are getting reset packet from our firewall.
how to solve the issue.
Regards
Abhishek
Hi Abhisek,
Inform SAP to provide logs or screeshot of the error whcih they are getting.
It wil be helpful to debug error.
Thanks
Anil
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
Please find the error log from SAP.
Hello,
The following is the complete error message received:
***********************************************************************
*
LOCATION SAProuter 40.2 (SP4) on sapserv2
ERROR connection to partner '94.56......:3299' broken
*
TIME Wed Apr 7 08:29:13 2010
RELEASE 720
COMPONENT NI (network interface)
VERSION 40
RC -95
MODULE nixxi.cpp
LINE 4970
DETAIL NiIRead: P=94.56.....:3299; L=???
SYSTEM CALL recv
ERRNO 232
ERRNO TEXT Connection reset by peer
COUNTER 27819
*
Regards
Abhishek
Hi Abhishek,
ERROR connection to partner '94.56......:3299' broken
it mean ports are not open from your end.
Inform your network team to open port BI direction ( two way ports should be open.
your public ip <94.56> -
> <194....> sap public ip> port 3299
sap public ip< 194 ....> -
> your public ip<94.56> port 3299
once the ports are open SAP should be able to access the system.
Thanks
Anil
Hi,
Please find the access rule that we maintained.
Access Rules (WAN > LAN)
Items to 3 (of 3)
View Style: All Rules Matrix Drop-down Boxes
Priority Source Destination Service Action Users Comment Enable Configure
1 1 Change priority... All WAN IP All Interface IP telnet SAP UDP Allow All Edit this entry Delete this entry
2 2 Change priority... All WAN IP All Interface IP telnet SAP Allow All Edit this entry Delete this entry
3 3 Change priority... Any Any Any Allow All Edit this entry Delete this entry
*Access Rules (LAN > WAN) *
Items to 1 (of 1)
View Style: All Rules Matrix Drop-down Boxes
Priority Source Destination Service Action Users Comment Enable Configure
1 1 Change priority... Any Any Any Allow All Edit this entry Delete this entry
Hi Abhisek,
It is ok that your public ip is exposed on internet .
But , i assume that you have not done natting between you public ip to private ip.
First you have to make natting betweeb you public ip to private ip.
It mean when any body from WAN hit your public ip at that time request should come to you private ip.
Hope this clear you.
Thanks
Anil
Edited by: Anil Bhandary on Apr 19, 2010 10:50 AM
have you maintained the saprouttab to allow access to that box?
Regards
Juan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
Please find saprouttab entries.
SNC-connection to SAP
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *
SNC connection to local system for R/3-Support
R/3 Server: 192.168.1.1
R/3 Instance: 00
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 10.100.3.14 3200
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 10.100.3.15 3201
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 10.100.3.15 3200
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 10.100.3.16 3201
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 10.100.3.14 23
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 10.100.3.15 23
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 10.100.3.14 *
SNC connection to local WINDOWS system for WTS, if applicable
Windows server: 192.168.1.2
Default WTS port: 3389
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 10.100.3.20 3389
SNC connection to local UNIX system for SAPtelnet, if applicable
UNIX server: 192.168.1.3
Default Telnet port: 23
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 10.100.3.20 23
SNC connection to local Portal system for HTTP URL access, if applicable
Portal server: 192.168.1.4
HTTP Port: 50003
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 10.100.3.20 50003
Access from the local Network to SAPNet - R/3 Frontend (OSS)
P * 194.39.131.34 3299
deny all other connections
D * * *
Regards
Abhishek
Hi,
10.100.3.15( sandbox) to 10.100.3.20( private ip of router)
there will not be any firwall issue , becuase both the system are on same ip range i.e 10.100.3.*
Now you have to check your firwall policy where in firewall routing should be as follows
Source :- SAP PUBLIC IP
Target ip :- Your organization public ip
Internal target ip :- your sap router internel ip
Routing should be as below
1. Source ----> target ip ----- >>( natting between public to private ip )------>Internal traget ip
2. Internal traget ip ------ >> ( natting between private to public ip ) -------->> target ip ------>> source ( sap public ip )
port should be open is 3299
Thanks
Anil
Hi,
I am able to do the normal telnet ( telnet 10.100.3.20 ) from 10.100.3.14(solman) but not able to telnet ( telnet 10.100.3.20 3299 ) from 10.100.3.14(solman) same goes for 10.100.3.15.
How do i open port 3299 on 10.100.3.20( private ip of router)?
Do i need to open port 3299 on pulic ip (94.56....) of router as well.?
I have Sonic firewall with access rule .
Source Destination Service Action
Any Any Any Any.
Regards
Abhishek
Hi Abhishek,
Login to host of saprouter i.e 10.100.3.20 and try to telnet it seld on port 3299
do steps as below
1. login to OS of saprouter ( 10.100.3.20 )
2. run command telnet 10.100.3.20 3299
let us know the ouput of above command
Do i need to open port 3299 on pulic ip (94.56....) of router as well.?
yes u have to open port 3299 for your public ip
Thanks
Anil
Hi,
Output from 10.100.3.20
c: elnet 10.100.3.20 3299
▐NI_RTERR& ╞ERR1connection timed out-5NI (network interface)70038nirout.cpp544
1RTPENDLIST::timeoutPend: CONNECTED timeoutThu Apr 08 08:22:02 201067SAProuter 3
8.10 on 'gcc_sap_router'ERR
Connection to host lost.
C:Documents and SettingsAdministrator>
Regards
Abhishek
User | Count |
---|---|
87 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.