cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAProuter + VPN Tunnel

steven_schaeper
Explorer

on ‎06-01-2012 1:51 PM

0 Kudos

Hello Gurus,

my company wants to set up connection between our SAP Systems and SAP.

We already have a working VPN Tunnel between our IPfire and the VPN-Firewall of SAP (194.39.131.174). (Ping on 194.39.131.174 succesful, ping on 194.117.106.129(sapserv1) not)

SAProuter is installed as service on a Windows XP machine. SAPROUTTAB is P * * * for testing. SAPRouter service runs without problems.

The network looks like this:

SAP <--> SAP-VPN-Firewall <---> OUR-VPN-Firewall <--> SAProuter <--> OUR-SAP-Machines.

I have 2 public IPs for this scenario. One is used for the VPN-Tunnel. The other should be used for SAProuter.

SAProuter is connected to OUR-VPN-Firewall via local IP. SAPRouter is able to ping SAP-VPN-Firewall(194.39.131.174). SAP-Machines are able to ping SAP-VPN-Firewall(194.39.131.174). Nobody is able to ping 194.117.106.129(sapserv1).

Transaction OSS1 in SAP-Machines is configured but is not able to connect.

So my questions are:

- How should i give my SAProuter the public IP? Does it need a direct internet connection? Why do I need VPN then?

- Is there anything I oversaw?

- Am I following the right concept?

- What about the IPFire port forwarding? What ports are needed? Do I forward them to SAPRouters public IP or the local?

Any help is very, very welcome. Thank you for your attention.

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

isaias_freitas
Advisor
Advisor
‎06-02-2012 5:18 PM
0 Kudos

Hello Steven,

Did you already take a look at the SAP Notes 486688, 35010 and 33135?

And the SAPROUTTAB rule "P * * *" actually does not open all the ports. For security reasons, the saprouter interprets the port definition "*" only as commonly used SAP ports (e.g., 3200 to 3299).

To open other ports (e.g., 23, for remote telnet access) you need to add an explicit rule for that.

Regards,

Isaias

Show replies
Show replies
steven_schaeper
Explorer
‎06-04-2012 1:08 PM
0 Kudos

Hello Isaias,

thank you very much for your answer. I am going to work myself through the notes today and report back later.

Regards,

Steven

steven_schaeper
Explorer
‎06-06-2012 3:12 PM
0 Kudos

Hello Isaias,

unfortunately the notes did not help me very much.

My biggest question right now is how the structure is meant to be between my VPN-Firewall and my SAPRouter.

One of the notes says that i need 2 public IPs. One for the SAPRouter and one for the VPN-Firewall. But my VPN-Firewall and SAPRouter are communicating via local IPs to each other. So how do I need to configure the second public IP on SAPRouter?

Regards,

Steven

isaias_freitas
Advisor
Advisor
‎06-09-2012 12:44 AM
0 Kudos

Hello Steven,

The SAP note 35010 refers to the weblink http://service.sap.com/internetconnection.

There, you can find the "Technical specifications" document (in PDF format).

I believe that this document can help you.

Regards,

Isaias

Ask a Question