Two servers on one linksys router to internet

September 18, 2009 at 07:06:59
Specs: Windows Windows 2003 server
Folks,

I have two servers running sap applications, and they are connected through one linksys router to one static ip address on the internet

In ipconfig, I see individual servers ip address:

Server A-> 192.168.1.100
Server B-> 192.168.1.101

External users should be able to access both servers, not just one . The problem is how to do it.

Regards


See More: Two servers on one linksys router to internet

Report •


#1
September 18, 2009 at 07:22:30
I suspect the easiest way would be to create a VPN and set the remote users up with a VPN client. Then they can login and have access as if they were sitting at the console of a PC within in the LAN.

Report •

#2
September 18, 2009 at 07:29:41
Hello Sir,

Can u explain me a bit more how to create a VPN and set the remote users with VPN client?
I appreciate yr help.


Report •

#3
September 18, 2009 at 07:31:38
google.com

Try searching VPN

google is your friend.........................


Report •

Related Solutions

#4
September 18, 2009 at 07:35:55
I think I found the VPN link on google. I will try to work with it, and hopefully it should work. I will keep u posted. Thanks for yr help. If it works for me, many thanks to you and many will appreciate yr help in future.

http://www.onecomputerguy.com/netwo...


Report •

#5
September 18, 2009 at 08:56:36
This depends on how your clients are connecting now to the one server. Sounds like you are rdp-ing using port forwarding. Solution is to change the listening port on one server to a different port like 3390 and then forward to that server in the router. Then access by wanipaddress:portnumber

http://support.microsoft.com/kb/306759


Report •

#6
September 19, 2009 at 07:02:58
Hello Wanderer,

You are right-> The default port on both servers in the registry file :portnumber" is "d3d" or equivalent 3389.

I can change one of them to 3390 That is not a problem, and then as already specified in port forwarding of linksys router 3390 is matched to this server ip address.

I believe I have to reboot this server for this change to be effective.

However I am concerned if this will have any affect on the starting of the window on reboot, and specially if this will make my sap application running on this server go corrupt in any way. IF this port number 3389 in any way is attached to sap application then this change in sap server must also reflect and must match to 3390 changed value also. I am not sure where to look for it and how to make this change in sap installed application.

Any light on this issue will be appreciated.

Regards .


Report •

#7
September 21, 2009 at 14:28:27
Hello folks,

I changed the default port number 3389 of one of my server in windows registry through "regedit" to port number 3390.
Still I am not able to access the server through my sap gui externally.
Also I opened the two ports in linksys port forwarding and matched the respective 3389 and 3390 to their ping ip addrss namely 192.168.1.x1 and 192.168.1.x2 But no luck


Report •

#8
September 21, 2009 at 14:35:34
This almost sounds like a routing issue. Can you ping an external address from both servers. Do a Ping Yahoo.com from both servers and see what happens. If they both ping then do a Tracert and see what happens.

Also this sounds like a Client Server application. If so then the client may be only able to talk to one server at a time. Can you give us more information on how the client is configured? I am assuming it uses ODBC DSN to establish a connection with the server is this correct?

If this is the case then let us know a little more about how you are getting these servers to be public facing? It sounds like you are port forwarding the port to the specific address?


Report •

#9
September 21, 2009 at 14:55:23
"Still I am not able to access the server through my sap gui externally"

It does not appear you understand Remote Desktop access. A simple search on SAP ports shows 33xx are not used by sap.

what exactly are you doing? In other words how are you accessing these servers remotely?

If via rdp then the "sap app" is being run on the server. Can you run it when you are physically at the server?

Can you RDP access server1 by
wanipaddress:3389
and access server2 by
wanipaddress:3390
???????????????????????????????????????????


Note: you would NOT be running the sap app from your laptop remotely. That is not how you do it. You run the app from the server you logged on to.

This also raises the question of why access both servers. SAP app can do that for you if you are connected to just one server.


Report •

#10
September 22, 2009 at 07:15:36
Can you RDP access server1 by
wanipaddress:3389
and access server2 by
wanipaddress:3390

NO-> I cannot access through RDP using above URL

To access the servers A or B, we use sapgui front end, and we need to put the individual address in application server box of sapgui.

What address do one need to put in this sap application server box to access the individual server ?


Say for example->
ISP WAN address: 99.M1.M2.M3 (static IP address)
Server A->Local IP addres->192.1681.1.X1
Server B->Local IP address->192.1681.1.X2

What port forwarding # should I provide in linksys-> is it 33NN series like 3389 or 3390 or 80NN series like 8001, and 8002

So if external users around the globe wants to access:
So if someone wants to log to server A-> Then in sapgui front end, what application server address one needs to place to access server A?
Also if someone wants to log to server B-> Then in sapgui front end, what application server address one needs to place to access server B?

Both servers are accessible on the same network local ip address that is 192.1681.1.X1, 192.168.1.X2 to which it can ping from third computer internally, and I can login to sap easy access.
But the question what address an user places for global access?

Regards


Report •

#11
September 22, 2009 at 07:32:15
One thing more:

which ever local ip address I provide in DMZ of Linksys, that server is accessible externally by users around the globe.
Server A->Local IP addres->192.1681.1.X1 If I place this address in DMZ of linksys, then server A is accessible across the globe by external users.
Server B->Local IP address->192.1681.1.X2. If I place this address in DMZ of linksys, then server B is accessible across the globe by external users.
However I want both servers accessible by external users, and I can provide only one address in DMZ not both ip address of server A and server B.

Ofcourse:
I have assoicated 192.1681.1.X1 Server A with port 3389 in port forwarding

I have assoicated 192.1681.1.X2 Server B with port 3389 in port forwarding


Report •

#12
September 22, 2009 at 08:52:59
sivibe how many external users at the same time are we talking about here?

You write:
I have assoicated 192.1681.1.X1 Server A with port 3389 in port forwarding
I have assoicated 192.1681.1.X2 Server B with port 3389 in port forwarding

You can't do that. The router will not allow you to forward both ips to the same port. That is why server B needs to be 3390

You do not forward a range of ports like your example "What port forwarding # should I provide in linksys-> is it 33NN series like 3389 or 3390 or 80NN series like 8001, and 8002"

You only forward 3389 for server1 and 3390 for server2

Putting your SAP server in the DMZ is crazy. You are begging to be hacked.

"NO-> I cannot access through RDP using above URL "
Why not? Did you not configure port forwarding to server1 successfully?

I am not seeing you make the connections between what I post and what you do.

sivibe we have a problem here with understanding how all this works. You have two roads to go down. You need to choose which one fits your needs.

Road1 - Terminal Services
Depending on the amount of concurrent users you want logged in remotely..
[2 RDP accesses is by default.}
[if you want more you have to purchase Terminal Server Cals and engage TS server]
You then configure port forwarding as I described previously.
To access each server you go wanipaddress:portnumber.
3389 is server1
3390 is server2
A TS session is just like you are on the server itself. You would load the sapgui in this session NOT from your remote laptop or workstation but from the servers desktop shortcut to the sapgui.
The remote user connects to the internet
The remote user brings up MMC and the configured RDP connection to the server
The remote user launches the RDP session and is presented a server logon screen.
The remote user authenicates to the server.
The remote user launches the sapgui from the servers console.


Road2 - VPN
You would replace your router with one that is a firewall/vpn appliance. I use SonicWalls.
Remote users load the vpn client software on their pc/laptops.
They start their internet connection
They start the vpn client software
The authenicate to the vpn appliance and gain a local to the servers ip address.
They then authenicate to Active Directory or what ever you are using for your server authenication.
They then run the sapgui from their pc/laptop


Report •

#13
September 22, 2009 at 09:16:09
I appreciate yr fast response.
a) Sorry, the port number is disitinct 3389 (Server A) , and 3390 (Server B) in Linksys. It was just typo error.
b) If I do not specify one of the server ip address in DMZ in linksys, then the neither A or B server does not connect at all.
c) Number of external users _> There is no limit as long as HW requirement is sufficient to take the load.
d) I did port forwading to both server A and B correctly 3389 to A and 3390 to B. But only the server ip which is in DMZ gets connected. If I disable DMZ, none of the two servers get connected. Thus out of no choice, I had to use DMZ understanding the risk involved.
e) Wanip:3389, and wanip:3390 either in internet explorer URL or in Application Server box of sapgui does not work.
where Wanip is ISP (static address) of serveice provider.
d) Is it possible we may do nett meeting, and u can help in proper configuration. You r an expert, and I am sure u will accomplish it in no time.


Report •

#14
September 22, 2009 at 09:27:52
Sorry I have two full time jobs right now. I barely have time slots to pee.

bring up mmc
add rdp
configure rdp sessions for server1 and server2
put in the wanip:port number.
Now launch the rdp session for server1
do you connect?


Report •

#15
September 23, 2009 at 06:22:12
Can u kindly provide step by atep process so that I may try it.

Report •

#16
September 23, 2009 at 08:15:36
post 14 has how you do it with RDP/terminal services assuming you forwarded the ports in the router and changed the listening port on server2 to 3390

Report •

#17
September 23, 2009 at 08:28:28
Listening port on server 2 ->:3390
I have changed in win2003 using regedit, and opened this port in linksys port forwarding..
If there is any other way to do, and do in some other location like sap listener.....oracle listener.... kindly specify the ...????procedure....???

Report •

#18
September 23, 2009 at 09:57:04
confirm you can access the servers via rdp as described in post 14. Lets see if your config has been successful then we will move on to the sapgui.

Report •

#19
September 23, 2009 at 18:07:57
a) bring up mmc-> Can u kindly explain what is MMC and how to bring it up>>

b)
add rdp -> Wanip:3389 and 3390 ->How to do it>>>

Kindly excuse me for my ignorance.


Report •

#20
September 24, 2009 at 05:38:13
I am able to connect to my two servers through Wanip:port number. However still I need to find out how to log in to sap server through sapgui front end. I tried but it does not work.

Report •

#21
September 24, 2009 at 08:09:20
Simple: install the sapgui on the servers.

When you rdp into the server(s) is what you see running on your computer? Answer is no. All you computer is going is acting as the end point for keyboard/mouse/video. Your screen is that of the server just like you were physically there.

By installing the gui on the server it will be available to be used during your rdp session.


Report •

#22
September 25, 2009 at 07:39:10
In sapgui window, for saprouter string, what address do I need to give. After checking document on web for saprouter,
I placed
/H/WANIP/S/3390/H/LANIP/S/3200
for saprouter string, where I have opened port 3390 on my windows2003 server using "regedit" cmd, and since sap system Number is 00, I have provided service address 3200. WAN ID is ISP IP.
It says partner not reachable.

Bottom line is what address should I provide in saprouter string in sapgui window?

Thx


Report •

#23
September 25, 2009 at 08:19:58
If the sapgui is installed on the servers and you rdp to that server... you would put in the servers address not wan ip:port.

So on:

Server A-> 192.168.1.100
Server B-> 192.168.1.101

This is the point I keep trying to make. Where are you when you RDP to the server? You are ON THAT SERVER. Where do you run the sapgui from? ON THAT SERVER. What ip address should you put in the sapgui? THAT SERVERS IP just like you were sitting at the server.

Make sense?

You would not use the sapgui on your laptop but on the server you are attaching to.


Report •

#24
September 25, 2009 at 08:42:43
Each remote user installs sapgui on his PC, and puts the remote sap server information in the sapgui as in thread#22, so as to access the remote sap server in some part of the globe. Each user places the information in his own sapgui which is installed on the user PC remotly.

The document describes nicely, based on which I have filled the info in discussion#22.
http://www.elec.ucl.ac.be/SAP/Manua...


Report •

#25
September 25, 2009 at 12:52:58
*sigh*

According to that document you need a saprouter.

Might want to re-review that document after you have read this one on saprouters.

http://help.sap.com/saphelp_nw04/he...

I believe your confusion is due to mixed concepts between saprouting and rdp/ direct server access via rdp and what that means to a internet based workstation.

In post 22 you are mixing rdp port with sap ports.

This tells me you really didn't undestand what was being proposed concerning RDP or VPN connections.

From what you have posted you have no saprouter but a linksys router. Your post #22 is for saprouters not a linksys router. The linksys is never going to require a 'secret'.

Both the vpn or rdp with TS services solutions do not require the saprouter.

Note: you were referring sapgui to be the saprouter. Wish I caught this earlier
"In sapgui window, for saprouter string". I thought you meant by sapgui that we were dealing with the sap logon/administration.

If you want a saprouter then you need a server/pc with two nics. One connected to the router and one connected to the sap server network.

As per this diagram
http://help.sap.com/saphelp_nw04/he...

You would forward port 3200 in the linksys to this proxy/saprouter wan port. The saprouter command would be as follows as per the saprouter documentation;

Example for a simple connection string with an application server's IP address (172.16.64.17) and portnumber (3200):

/H/172.16.64.17/S/3200


Before you go any further I highly recommend you bring in a SAP consultant. You don't know the correct questions to ask concerning this configuration. I would hate to see you get it working only to find out you opened your sap servers to being hacked.

Perhaps this can get you started;

http://forums.sdn.sap.com/index.jspa


Report •


Ask Question