on 02-22-2011 4:21 PM
Hi people,
I´ve the doubt about the saprouttab entries.The entries are the followings:
1. SNC connection to and from SAP
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *
1. SNC connection to local system for R/3-Support
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" * 3200
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" * 3201
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" * 3300
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" * 3301
1. SNC connection to local WINDOWS system for WTS, if applicable
2. Default WTS port: 3389
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" * 3389
1. SNC connection to local UNIX system for SAPtelnet
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" * 23
1. SNC connection to local Portal system for URL access, if applicable
2. Portal server: myserver.mydomain
3. Port number: 50003
#KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" myserver.mydomain 50003
1. Access from local network to SAP
P 192.168.. 194.39.131.34 3299
P 192.168.. 194.39.131.34 *
P * 192.168.0.* *
1. deny all other connections
D * * *
If the saprouttab have this entries, then works correctly, but I want to limit the public ip, I will put the entries:
P 192.168.0.* *
then It´s impossible to access via saprouter. The message error are:
host: route permission denied (192.168.0.254 to 192.168.0.128, sapdp00)
How can do this?
More thanks
HI
Check that ports is open in firewall. If yes, paste DEV_ROUTE log file here
Regards
William Neira
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
The dev_rout is the next
-
trc file: "dev_rout", trc level: 1, release: "700"
-
Tue Feb 22 17:02:18 2011
SAP Network Interface Router, Version 38.10
command line arg 0: D:\usr\sap\saprouter\saprouter.exe
command line arg 1: -r
command line arg 2: -W
command line arg 3: 6000
command line arg 4: -R
command line arg 5: D:\usr\sap\saprouter\saprouttab
command line arg 6: -K
command line arg 7: p:CN=devsap00, OU=0000972864, OU=SAProuter, O=SAP, C=DE
SncInit(): Initializing Secure Network Communication (SNC)
PC with Windows NT (mt,ascii,SAP_UC/size_t/void* = 8/64/64)
SncInit(): Trying environment variable SNC_LIB as a
gssapi library name: "D:\usr\sap\saprouter\sapcrypto.dll".
File "D:\usr\sap\saprouter\sapcrypto.dll" dynamically loaded as GSS-API v2 library.
The internal Adapter for the loaded GSS-API mechanism identifies as:
Internal SNC-Adapter (Rev 1.0) to SECUDE 5/GSS-API v2
main: pid = 596, ppid = 0, port = 3299, parent port = 0 (0 = parent is not a saprouter)
reading routtab: 'D:\usr\sap\saprouter\saprouttab'
Tue Feb 22 17:02:28 2011
NiHsLGetHostName: to get 172.26.0.254 failed in 4497ms (tl=2000ms)
checkRoute: route not permitted (9)
ERROR => NiRClientHandle: NiRExRouteCon for C1/-1 '172.26.0.254' failed (rc=-94) [nirout.cpp 2251]
Tue Feb 22 17:04:44 2011
checkRoute: route not permitted (9)
ERROR => NiRClientHandle: NiRExRouteCon for C1/-1 '172.26.0.254' failed (rc=-94) [nirout.cpp 2251]
Tue Feb 22 17:04:56 2011
reading routtab: 'D:\usr\sap\saprouter\saprouttab'
Tue Feb 22 17:05:22 2011
reading routtab: 'D:\usr\sap\saprouter\saprouttab'
Tue Feb 22 17:05:26 2011
checkRoute: route not permitted (10)
ERROR => NiRClientHandle: NiRExRouteCon for C1/-1 '172.26.0.254' failed (rc=-94) [nirout.cpp 2251]
Tue Feb 22 17:05:48 2011
reading routtab: 'D:\usr\sap\saprouter\saprouttab'
Tue Feb 22 17:49:22 2011
***LOG Q0I=> NiIRead: recv (10054: WSAECONNRESET: Connection reset by peer) [nixxi.cpp 4424]
ERROR => NiIRead: SiRecv failed for hdl 3 / sock 260
(SI_ECONN_BROKEN/10054; I4; ST; 172.26.0.254:39060) [nixxi.cpp 4424]
Wed Feb 23 08:50:58 2011
checkRoute: route not permitted (10)
ERROR => NiRClientHandle: NiRExRouteCon for C4/-1 '172.26.0.254' failed (rc=-94) [nirout.cpp 2251]
Wed Feb 23 09:37:37 2011
reading routtab: 'D:\usr\sap\saprouter\saprouttab'
Wed Feb 23 09:37:44 2011
checkRoute: route not permitted (13)
ERROR => NiRClientHandle: NiRExRouteCon for C1/-1 '172.26.0.254' failed (rc=-94) [nirout.cpp 2251]
Wed Feb 23 09:38:25 2011
checkRoute: route not permitted (13)
ERROR => NiRClientHandle: NiRExRouteCon for C1/-1 '172.26.0.254' failed (rc=-94) [nirout.cpp 2251]
Wed Feb 23 09:39:22 2011
reading routtab: 'D:\usr\sap\saprouter\saprouttab'
-
Wed Feb 23 09:39:25 2011
checkRoute: route not permitted (13)
ERROR => NiRClientHandle: NiRExRouteCon for C1/-1 '172.26.0.254' failed (rc=-94) [nirout.cpp 2251] ----------
Wed Feb 23 09:41:16 2011
reading routtab: 'D:\usr\sap\saprouter\saprouttab'
*The error is between lines.
More thanks
HI
Do you have issue with access to your network from internet? or your isue is connect to sap?
Try Put this lines in saprouttab.
P 172.26.0.254 * 3200
P * 172.26.0.254 3200
If don't work please enable all connections temporarily with line:
P * * *
The last line enable all conections, this is only temporarily for check your issue.
After every change in saprouttab you must to restart saprouter
Regards
William Neira
Excuse my English:
I need to set restrictions for connecting via SAProuter, we do not allow anyone who knows the string of SAProuter can connect, we would like to restrict by mac address or otherwise functional, I'm new to this but I want to demonstrate the effectiveness and flexibility of the SAP
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
85 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.