on 10-07-2014 11:47 AM
Hi guys,
I know this question was asked a few times, but I need a little help ..
Our customer is using a RFC tool, to upload files, start transactions etc., now they get an update of this tool and we have some network problems.
The main reason of this error is because the SAP systems sends his internal IP address back to the RFC tool, and the tool want to connect to the dispatcher with the given internal IP address.
We tested it with the SAPRouter and without, the problem is the same.
1. The tool (client e.g. 10.10.20.1) connects to the SAP Gateway (e.g. 210.10.10.1) with the given external IP address, and/or with a SAPRouter string.
- this connection works
2. The tool want to start a transaction, so it calls the function "SYSTEM_PREPARE_ATTACH_GUI", SAP sends the interal IP address (e.g. 192.168.1.1) to the client and I get the SAPGUI security prompt to allow to start a SAPGUI, after that, the tool wants to connect to the dispatcher with the internal IP address of the SAP system, but this fails .. I know that this is right ..
During the search for a solution I found this nice tutorial: RFC connections on “NATed” environments - ABAP Connectivity - SCN Wiki
But this is for a connection between two systems via a @back@ RFC connection, I have hand full of clients.
I read also a few notes:
• 21151 - Multiple Network adapters in SAP Servers
• 148832 - IP address conversion with a firewall
• 555162 - Asynchronous RFCs with a dialog using a SAP router
• 1033987 - Remote login using NAT or SAP router fails
I know there must be an option, I don't think I am the first one who wants to use a NAT IP address for RFC.
So, what is the right way to tell the SAP system to send not the internal IP address back to the client, but the external?
Or should I route on the SAPRouter all questions to the internal IP address to the external?
The way to the Clients:
SAP (internal e.g. 192.168.1.1.) > FW (external e.g. 210.10.10.1) > VPN > FW (e.g. 220.10.10.1) > SAPRouter (e.g. 10.10.10.1) > Client (e.g. 10.10.20.1)
Thank you for any help!
Best regards,
Tobias
So, finally we found out what the problem was/is, the firewall itself!
Steps to find the "bug":
- installed a second SAPRouter on our side, to get where the connection breaks
- captured the network traffic between the two SAPRouter and the firewall itself
- after syncing the logs, found the error on the firewall
• a client request (SYN) was directly rejected by the firewall with a RESET, why, we don't really know!
Steps to proof if it's really the firewall:
- installed a second NIC on the client pc and on the server
- routed all traffic from the client directly to the server
• the connection doesn't broke, even after some more tests
Thanks for all your help!
Best regards,
Tobias
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Dear Tobias,
please check:
148832 - IP address conversion with a firewall
Regards Gabriella Kiss
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
After an intensive search, I found an option to get back the external IP address.
I created a separate Logon Group and added the external IP address to the properties.
So the problem is, the RFC program has to call the message server instead of the gateway.
Is there a way to configure the gateway that it sends backup the FQDN instead of the internal IP?
So we can use the windows hosts file which tells the saprouter the right IP address.
Any idea?
Thanks!
Best regards,
Tobias
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Tobias,
This isn't the space for that "Gateway". This is the OData Gateway space, a diffeent beast.
R
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
84 | |
10 | |
10 | |
10 | |
7 | |
6 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.