cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP router OSS connection error

Go to solution
Former Member

on ‎04-07-2010 12:12 PM

0 Kudos

Hi Guys,

i have configured SAP router on a seprate host.

i have 1 public ip( 94.49....) and one private ip (10.100.3.20).

telnet to 194.39.131.34 is giving a blank screen.

output for Niping

C:\saprouter>niping -c -O -S 3200 -H 10.100.3.14 ---> this is my SOLMAN

Wed Apr 07 07:48:27 2010

connect to server o.k.

send 10 messages (len 1000)

-

times -

avg 0 usecs

max 0 usecs

min 0 usecs

bw 1.#J kb/sec

excluding max and min:

av2 0 usecs

bw2 1.#J kb/sec

but i cant niping to 10.100.3.15( sandbox)

in sm59 RFC is working fine and market place also connections are made.

i have sonic firewall at 10.100.3.1 which is has access rule source( any) destination(any) service(any) action(allow).

but when SAP is trying to connect to my SOLMAN they are getting reset packet from our firewall.

how to solve the issue.

Regards

Abhishek

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

former_member227283
Active Contributor
‎04-12-2010 4:57 AM
0 Kudos

Hi Abhisek,

Inform SAP to provide logs or screeshot of the error whcih they are getting.

It wil be helpful to debug error.

Thanks

Anil

Show replies
Show replies
Former Member
‎04-12-2010 5:46 AM
0 Kudos

Hi,

Please find the error log from SAP.

Hello,

The following is the complete error message received:

***********************************************************************

*

  • LOCATION SAProuter 40.2 (SP4) on sapserv2

  • ERROR connection to partner '94.56......:3299' broken

*

  • TIME Wed Apr 7 08:29:13 2010

  • RELEASE 720

  • COMPONENT NI (network interface)

  • VERSION 40

  • RC -95

  • MODULE nixxi.cpp

  • LINE 4970

  • DETAIL NiIRead: P=94.56.....:3299; L=???

  • SYSTEM CALL recv

  • ERRNO 232

  • ERRNO TEXT Connection reset by peer

  • COUNTER 27819

*

Regards

Abhishek

Former Member
‎04-19-2010 3:40 AM
0 Kudos

Hi guys,

Please help

Regards

Abhishek

former_member227283
Active Contributor
‎04-19-2010 5:12 AM
0 Kudos

Hi Abhishek,

ERROR connection to partner '94.56......:3299' broken

it mean ports are not open from your end.

Inform your network team to open port BI direction ( two way ports should be open.

your public ip <94.56> -

> <194....> sap public ip> port 3299

sap public ip< 194 ....> -

> your public ip<94.56> port 3299

once the ports are open SAP should be able to access the system.

Thanks

Anil

Former Member
‎04-19-2010 6:26 AM
0 Kudos

Hi,

Please find the access rule that we maintained.

Access Rules (WAN > LAN)

Items to 3 (of 3)

View Style: All Rules Matrix Drop-down Boxes

  1. Priority Source Destination Service Action Users Comment Enable Configure

1 1 Change priority... All WAN IP All Interface IP telnet SAP UDP Allow All Edit this entry Delete this entry

2 2 Change priority... All WAN IP All Interface IP telnet SAP Allow All Edit this entry Delete this entry

3 3 Change priority... Any Any Any Allow All Edit this entry Delete this entry

*Access Rules (LAN > WAN) *

Items to 1 (of 1)

View Style: All Rules Matrix Drop-down Boxes

  1. Priority Source Destination Service Action Users Comment Enable Configure

1 1 Change priority... Any Any Any Allow All Edit this entry Delete this entry

former_member227283
Active Contributor
‎04-19-2010 9:10 AM
0 Kudos

Hi Abhisek,

It is ok that your public ip is exposed on internet .

But , i assume that you have not done natting between you public ip to private ip.

First you have to make natting betweeb you public ip to private ip.

It mean when any body from WAN hit your public ip at that time request should come to you private ip.

Hope this clear you.

Thanks

Anil

Edited by: Anil Bhandary on Apr 19, 2010 10:50 AM

Answers (1)

Answers (1)

JPReyes
Active Contributor
‎04-07-2010 12:24 PM
0 Kudos

have you maintained the saprouttab to allow access to that box?

Regards

Juan

Show replies
Show replies
Former Member
‎04-07-2010 12:28 PM
0 Kudos

Hi,

Please find saprouttab entries.

  1. SNC-connection to SAP

KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *

  1. SNC connection to local system for R/3-Support

  2. R/3 Server: 192.168.1.1

  3. R/3 Instance: 00

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 10.100.3.14 3200

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 10.100.3.15 3201

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 10.100.3.15 3200

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 10.100.3.16 3201

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 10.100.3.14 23

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 10.100.3.15 23

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 10.100.3.14 *

  1. SNC connection to local WINDOWS system for WTS, if applicable

  2. Windows server: 192.168.1.2

  3. Default WTS port: 3389

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 10.100.3.20 3389

  1. SNC connection to local UNIX system for SAPtelnet, if applicable

  2. UNIX server: 192.168.1.3

  3. Default Telnet port: 23

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 10.100.3.20 23

  1. SNC connection to local Portal system for HTTP URL access, if applicable

  2. Portal server: 192.168.1.4

  3. HTTP Port: 50003

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 10.100.3.20 50003

  1. Access from the local Network to SAPNet - R/3 Frontend (OSS)

P * 194.39.131.34 3299

  1. deny all other connections

D * * *

Regards

Abhishek

JPReyes
Active Contributor
‎04-07-2010 12:36 PM
0 Kudos

The saprouttab looks ok.... seems like you have an internal issue with the firewall

Are you having the same problem with any of the other systems?... I presume your SNC router is on the DMZ... can you ping the router address from that box on port 3299?

Regards

Juan

Former Member
‎04-07-2010 1:50 PM
0 Kudos

hi,

I am able to do the normal ping from 10.100.3.15( sandbox) to 10.100.3.20( private ip of router)

but could you please the specfic command to check ping on port 3299.

Regards

Abhishek

JPReyes
Active Contributor
‎04-07-2010 2:05 PM
0 Kudos

router port is 3299.... telnet your router from the sanbox to verify that the port is not blocked by the firewall

Regards

Juan

former_member227283
Active Contributor
‎04-07-2010 6:27 PM
0 Kudos

Hi,

10.100.3.15( sandbox) to 10.100.3.20( private ip of router)

there will not be any firwall issue , becuase both the system are on same ip range i.e 10.100.3.*

Now you have to check your firwall policy where in firewall routing should be as follows

Source :- SAP PUBLIC IP

Target ip :- Your organization public ip

Internal target ip :- your sap router internel ip

Routing should be as below

1.   Source ----> target ip ----- >>( natting between public to private ip )------>Internal traget ip

2.  Internal traget ip ------ >> ( natting between private to public ip ) -------->>  target ip ------>>  source ( sap public ip )

port should be open is 3299

Thanks

Anil

Former Member
‎04-08-2010 4:43 AM
0 Kudos

Hi,

I am able to do the normal telnet ( telnet 10.100.3.20 ) from 10.100.3.14(solman) but not able to telnet ( telnet 10.100.3.20 3299 ) from 10.100.3.14(solman) same goes for 10.100.3.15.

How do i open port 3299 on 10.100.3.20( private ip of router)?

Do i need to open port 3299 on pulic ip (94.56....) of router as well.?

I have Sonic firewall with access rule .

Source Destination Service Action

Any Any Any Any.

Regards

Abhishek

former_member227283
Active Contributor
‎04-08-2010 5:01 AM
0 Kudos

Hi Abhishek,

Login to host of saprouter i.e 10.100.3.20 and try to telnet it seld on port 3299

do steps as below

1. login to OS of saprouter ( 10.100.3.20 )

2. run command telnet 10.100.3.20 3299

let us know the ouput of above command

Do i need to open port 3299 on pulic ip (94.56....) of router as well.?

yes u have to open port 3299 for your public ip

Thanks

Anil

Former Member
‎04-08-2010 5:22 AM
0 Kudos

Hi,

Output from 10.100.3.20

c: elnet 10.100.3.20 3299

▐NI_RTERR& ╞ERR1connection timed out-5NI (network interface)70038nirout.cpp544

1RTPENDLIST::timeoutPend: CONNECTED timeoutThu Apr 08 08:22:02 201067SAProuter 3

8.10 on 'gcc_sap_router'ERR

Connection to host lost.

C:Documents and SettingsAdministrator>

Regards

Abhishek

Former Member
‎04-08-2010 11:58 AM
0 Kudos

Hi Guys,

Please help , i m stuck with this issue.

Regards

Abhishek

former_member227283
Active Contributor
‎04-08-2010 12:08 PM
0 Kudos

Hi Abhishek,

Can you check agian are you able to telnet from solman to sap router

login to Os of solman and run the following command.

telnet <saprouter ip> 3299

let us know the ouput of above command

Thanks

Anil

Former Member
‎04-08-2010 12:34 PM
0 Kudos

Hi,

I am getting the same error message.

Regards

Abhishek

Former Member
‎04-11-2010 6:04 AM
0 Kudos

Hi,

Please help guys..

Regards

Abhishek

Ask a Question