Hi All,
We would like to replace our ISDN dial up connection for OSS and I have some questions regarding setting up SAProuter and SNC.
I've got Volker's very good document from http://www.easymarketplace.de/snc-iseries-setup.php but my questions are more to do with the setup outside of SAP.
In the Technical Specification document under https://service.sap.com/saprouter-sncdoc it states that the SAProuter machine should be in the DMZ with a non-private ip address.
<u><b>Question</b></u>: Can the SAProuter be on the internal network with a private IP address but accessed by via the Public address of our firewall and proxied through?
In Note 84243 it states that the following ports must be accessible.
for OSS access, a TCP link to the SAProuter must be allowed on sapservX: (in Cisco Notation, similar for other routers or firewalls)
permit tcp host host eq 3299
permit tcp host host gt 1023 established
for the remote link from SAP to the customer, a TCP link and a ping must be allowed from sapservX to the SAProuter at the customer site:
permit tcp host host eq 3299
permit tcp host host gt 1023 established
permit icmp host host eq echo echo-reply
permit icmp host host eq echo-reply echo
<u><b>Question</b></u>: Must all these ports be opened? Elsewhere Volker has stated only one port is required to be opened through the firewall.
<u><b>Question</b></u>: Exactly how secure is this connection? What measures have others taken to protect the connection.
Sorry for the long post and the not strictly Basis questions, but I know there is a fountain knowledge out there.
Regards
Steve
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.