RV042 dual VPN connections between locations with load balance

Similar Messages

• RFC connection (SM59) fails with load balancing enabled.

  Hello All,
  We have an RFC connection setup between two SAP systems. The RFC connection works fine if it points to the destination system. But if we enable load balancing, the connection fails with this error:
  ERROR                partner not reached (host <hostname>, service sapms<SID>)
  LOCATION             SAP-Server <source system> on host <host name of source> (wp 1)
  DETAIL               NiPConnect2
  CALL                 SO_ERROR
  COMPONENT            NI (network interface)
  COUNTER              3027
  ERROR TEXT           Connection refused
  ERROR NUMBER         79
  MODULE               niuxi.c
  LINE                 1069
  RETURN CODE          -10
  SUBRC                    0
  RELEASE              46D
  TIME                 Mon Aug 18 18:33:30 2008
  VERSION              34
  I've checked the /etc/services file, the following entries exist
  sapms<SID> 3606/tcp
  sapms<SID>s 3600/tcp
  lstst at the source system works fine
  lgtst -H <target host name> -S sapms<SID>
  niping at the target system has a problem
  > niping -c -S 3606
  Mon Aug 18 10:23:14 2008
  connect to server o.k.
  ERROR => NiTClientLoop: NiTReadLoop (rc=-6) [nixxtst.cpp  2629]
  ERROR       connection to partner broken
  TIME        Mon Aug 18 10:23:14 2008
  RELEASE     640
  COMPONENT   NI (network interface)
  VERSION     37
  RC          -6
  MODULE      niuxi.c
  LINE        905
  DETAIL      NiPRead (0.0.0.0/0, hdl 1)
  SYSTEM CALL recv
  COUNTER     1
  Please help me figure out the problem.
  regards,
  Roshni

  Hi,
  I think you have added wrong port entry in services file.
  The entry of sap servers in services file for load balancing are
  sapms<SID>  36<instance number>/tcp
  so please check once again and add the entry using above formula in services file.
  Also add the entry of all SAP servers in your hosts file.
  <IP> <HOSTNAME>

• VPN connection between ASA5520 and RV215w

  Hello everyone,
  I am trying to setup a vpn connection between ASA5520 with 9.1.(3) and rv215w 1.1.0.6
  Here is my setup ...
  But the vpn connection fails with an error message on ASA.
  RV215w shows ipsec established but i cannot ping the network behind.
  You can find asa-config and show-tech as attachment. I have added also some screenshots from RV215w.
  Any hint or help is appreciated.
  Cengiz

  Hi Cengiz,
  Dynamic CRYPTO maps mostly used in a Remote Access or Client to site VPN because end users working from home can have IP address new every time or like different whcn connect from home or from Internet cafe , hence ASA cant make a fix IP as Peer.
  But for site to site also Dynamic Crypto Map can be used but only at one side , else if you use Dynamic crypto map at both ends , both peer will wait for each other to initiate a tunnel Request as the device n this case ASA) configured with Dynamic Crypto map can only REPLY for a tunnel initiation , it can never send tunned initilaization request as it never know the IP address of the peer. Hence never make both device as dynamic crypto map or else they both never initiate and wait for each pther and tunnel will never happen.
  The main steps to be configured on the ASA end in order to establish dynamic tunnel:
      Phase 1 ISAKMP related configuration
      Nat exemption configuration
      Dynamic crypto map configuration
  The Cisco IOS router has a static crypto map configured because the ASA is assumed to have a static public IP address. Now this is the list of main steps to be configured on the Cisco IOS Router end to establish dynamic IPSEC tunnel.
      Phase 1 ISAKMP related configuration
      Static crypto map related configuration
  !---1. Configure the IPsec transform-set
  crypto ipsec transform-set myset esp-des esp-md5-hmac
  !--- 2. Configure the dynamic crypto map. Always rememeber to bind a dynamic crypto map to a blank static crypto map and then call that static crypto map to a ASA OUTSIDE Interface as Dynamic Crypto maps cannot be bind directly to ASA OUTSIDE Interface or say any interface.
  crypto dynamic-map MY_DYNAMIC_MAP 1 set transform-set myset
  crypto dynamic-map MY_DYNAMIC_MAP 1 set reverse-route
  !--- Enable Reverse Route Injection (RRI), which allows the ASA
  !--- to learn routing information for connected clients hence the static route will come above defaut route and hence
  !... will make the routing decision fast else every time for the other side router dynamic IP , default route have to get a hit but only after checking the entire routing table and when no match then use default route , so to save this entire route matchin process always good to use reverse route enjection so that other side non dynamic crypt peer can insert a static route enrty in ASA.
  !--- 2A. Always Bind dynamic crypto map named MY_DYNAMIC_MAP to a static crypto map named STATIC_MAP_CALLING_DYMANIC_MAP using a keyword dynamic in the last 
  crypto map STATIC_MAP_CALLING_DYMANIC_MAP 10 IPSec-isakmp dynamic MY_DYNAMIC_MAP
  !--- 2B.now apply static map on ASA OUTSIDE Interface
  crypto map STATIC_MAP_CALLING_DYMANIC_MAP interface outside
  !--- 3. Configure the phase I ISAKMP policy
  crypto isakmp policy 10
  authentication pre-share
  encryption des
  hash md5
  group 2
  lifetime 86400
  !--- 4. Configure the default L2L tunnel group parameters
  tunnel-group DefaultL2LGroup IPSec-attributes
  pre-shared-key *
  Plase rate if you like my post.
  Best Regards
  Sachin Garg

• Connection Between BIEE with ESSBASE?

  Hi
  could you please provide documment how to give the connection Between BIEE with ESSBASE?
  thanks

  Hi,
  You should check Venkat's blog:
  http://oraclebizint.wordpress.com/2008/06/07/hyperion-financial-reporting-getting-started/
  Good Luck,
  Daan Bakboord

• How to configure R/3 System with Load Balancing?

  Hello,
  I've created a Web DynPro Application and I would like to case an iView on  it. According to SAP tutorials I first need to configure an R/3 System with Load Balancing.
  My problem is how to configure the "WAS Host Name".
  According to the tutorial:
  WAS Host Name = <host>.<domain>:port (this corresponds to the Web Dynpro server location and the port on which it is running eg. PXYZ.wdf.sap.corp:50000.)
  I am using NW 04 and my portal is running on this address:
  http://ep6sp9test:50000/irj/portal
  When I set the WAS Host Name to ep6sp9test:50000 the Test connection fails (I have privildges and created an alias and User mapping). What should I put at this field then?

  Hi
  I think you have to specify the HTTP port og the WAS running the R/3 system. The 50000 port is the HTTP port of your portal - not the R/3 system.  You can see the HTTP port of the R/3 system using transactioncode SMICM - services in the R/3 system.
  BR
  Tom

• Error in creation of JCO with Load balancing server

  Hi,
  We are using a ABAP user base for our WEBAS server 6.40 (with ABAP+JAVA). i have created a Public group in concerned ECC 5.0 system. I have already configured SLD, and then i maintain data supplier bridge in SLD and run RZ70 in ECC 5.0 system to load system information.. i can see details in SLD ..
  now i am trying to create JCO connections .. here i am unable to create JCO with load balancing option..  i get
  com.sap.mw.jco.JCO$Exception: (102) RFC_ERROR_COMMUNICATION: Connect to message server host failed Connect_PM  TYPE=B MSHOST=<servername> GROUP=PUBLIC R3NAME=SID MSSERV=sapms<SID> PCS=1 ERROR       service 'sapms<SID>' unknown TIME        Fri Jun 16 12:41:20 2006 RELEASE     640 COMPONENT   NI (network interface) VERSION     37 RC          -3 MODULE      ninti.c LINE        505 DETAIL      NiPGetServByName2: service 'sapms<SID>' not found SYSTEM CALL getservbyname_r COUNTER     1
  i am able to create single server JCO, but it fails in load balancing.. is there anything i have  missed out in settings...
  Thanks and regards,
  Sudhir

  Thanks, Bogdan Rokosa
  I have the same problem,and solved it following the steps provided by Bogdan Rokosa  :
  you must insert an entry for your R3 system
  (like: sapms<SID> 3600/tcp)
  in services file
  (C:\WINDOWS\system32\drivers\etc\services) on Java WAS.
  I test the Jco successful without restart J2EE Engine.

• HTTPS with load balancing

  Hi guys,
  We have a portal system with instance 08, so we typically connect to the portal using port 50800 for HTTP, and 50801 for HTTPS.
  We have just created a second server node for this portal (in the config tool).
  When we connect to 50800, does this automatically load balance the user to the better server? From some reading on these forums, it seemed to indicate that load balancing will only occur if I connect using port 8109. (where 09 is the instance number for the SCS of our portal)
  When connecting to port 8109, we are redirected to port 50800, as I'd expect.
  Question 1 - do we need to use 8109 for load balancing, or can we still use 50800?
  Question 2 - If we need to use 8109, which is a HTTP port, how can we achieve load balancing with HTTPS. Is there a different port we need to use to have HTTPS with load balancing?
  Question 3 - Is the creation of a second server node the best way to accomodate additional users and load on the portal system, or is there a better way to do things?
  Thanks,
  Michael.

  Better late than never.
  The load balancing you describe through the message server has its limitation. It redirects you to one of the dialog server hosts which means that any bookmarks will always point directly to a dialog server which may be down at that moment.
  Access directly to a dialog server on port 50800 will sort of load balanc on the java server instances that are on that server but not on other servers.
  The general recommendation is to setup an external loadbalancer and SAP Web dispatcher is a good match if the load is not very high. SAP webdispatcher will then bind up the cluster address and act as a proxy towards the dialog servers of the portal. The user will therefore only see one address. This will also work for HTTPS.
  Regards
  Dagfinn

• Recommended configuration for load balanced Portal with load balancer, multiple gateways and multiple servers.

  Does anyone have a recommended network, hardware and software configuration guide for a Portal installation running with multiple gateways load balanced (ie one URL) that talk to multiple servers?

  David,
  We've used Resonate (software) to load balance the gateways. It allows
  you to group all the gateways under 1 virtual URL and load balance the
  incoming connections over each gateway depending on the rules that you
  define in Resonate. Look in the SUN portal whitepapers there is one that
  talks about it specifically.
  As far as load balancing the calls to the portals, the gateways will
  automatically load balance across all the portals that they know about
  using a simple round-robin rotation. You may be able to use Resonate in
  front of the portals but you may need to activate persistance within
  Resonate to ensure that the user always ends up on the portal that he
  established his initial connection on (if you want that), check with Sun
  on this one.
  David Broeren wrote:
  Recommended configuration for load balanced Portal with load balancer,
  multiple gateways and multiple servers.
  Does anyone have a recommended network, hardware and software
  configuration guide for a Portal installation running with multiple
  gateways load balanced (ie one URL) that talk to multiple servers?
  Try our New Web Based Forum at http://softwareforum.sun.com
  Includes Access to our Product Knowledge Base!

• BM clustering with load balancing

  I want to implement BM clustering with load balancing according to AppNote written by Steve Aitken from March 25, 2005.
  It's clear that I need to use two private addresses (from the example, these are 10.10.10.10 and 10.10.10.11). However, I'm not sure what are IP addresses 10.10.10.1 and 10.10.10.2 used for?
  Existing BM servers have two NICs: first defined as private and the second as public addresses connected directly to Internet (they are from different subnets).
  Sinisa

  Originally Posted by phxazcraig
  In article <[email protected]>, Tnelson 2000
  wrote:
  > I've set this up per the appnote and aren't able to get out through any
  > of the ip addresses. I get a 504 Gateway Time out error. I also noticed
  > that the cluster master ip address is different, 10.10.10.12, for
  > example. Do you know what I need to look at to verify I have this
  > configured correctly?
  >
  What do you mean "aren't able to get out through any of the ip
  addresses"?
  Do the addresses show up in any of the proxy nodes with display secondary
  ipaddress? Does the proxy console option 17 show the server listening on
  those addresses?
  Is the gateway timeout error a BorderManager (or Windows) error? If
  BMgr, then check that BMgr has a correct default gateway, DNS is working
  (option 4 on proxy console screen) and try dropping filters for a test.
  Craig Johnson
  Novell Knowledge Partner
  *** For a current patch list, tips, handy files and books on
  BorderManager, go to Craig Johnson Consulting - BorderManager, NetWare, and More ***
  Got it working. I noticed that my dns setting in BM2 didn't coincide with settings in BM1. So, I made them the same and reinitialized the system on both servers. Of course, when I did that, it added the secondary IP addresses. So, I'm really not sure what was stopping it from working before, unless I have something misconfigured that's preventing the secondary addresses from loading. Go figure.

• Trouble in a SAP system with load balancing

  Hello masters:
  I had a trouble with workitems that came from a SAP system with load balancing. They doesn't receive the workitem ID in the UWL.
  I created another system in the portal as a "dedicated application server", and made the necessary configuration in order to replace the first one, and then my workitems worked fine.
  However, I would like to know what appened with the first system created as "system with load balancing". Why this system didn´t pass the workitem ID to the application (web dynpro abap) that execute the workitems?
  Thank you.

  I hope there was some missing configuration in the first case which was not replicating the workitem from SAP Inbox to UWL.
  Thanks
  Arghadip

• System with load balancing server

  Hi All,
  We are having SAP NW 7.0 Portal and back end we have R3 implemented in a cluster environment.  The system object in EP have used "System with Load balancing" template; using the LOGON group and the other related parameters.
  But we have some problem with the ITS and WAS parameters; since we are using some Transaction iViews.
  Let me explain.. for the R3 cluster we have 2 systems PROD1.domain.ext and PROD2.domain.ext. Now in the system object in portal, how to specify the parameters for ITS and WAS parameters? Since the host name in these we need to specify a single server which defeats the basic purpose of having clustered environment.
  Can any one please help in resolving this issue.
  Thanks,
  Sravanthi

  Hi Sravanthi,
  Please check the below for finding ITS and WAS parameters from backend :
  For ITS - Go to SE37 >> Utilities >> Setting >> Click on ICON Right Top Corner in popup window >> Select Internet Transaction Server >> you will find the Standard Path and HTTP URL.
  For WAS - Go to SE37 >> Run FM - RSBB_URL_PREFIX_GET >> Execute it >> you will find PRefix and PAth paramter for WAS.
  Please refer to this may help step-by-step : How-to create a portal system for using it in Visual Composer
  Hope it helps
  Regards
  Arun

• Moving SMTP server to Azure with Load balancer

  How to
   move SMTP server to Azure with Load balancer???

  Hi TechM,
  Base on my experience, Windows Azure Platform does not provide out-of-the-box mail server (neither SMTP nor POP3). You could use SendGrid to sent mail. About this issue, I recommend you could refer to
  http://stackoverflow.com/questions/10631585/email-sending-approaches and
  http://blogs.msdn.com/b/patrick_butler_monterde/archive/2010/10/11/sending-e-mail-from-windows-azure-part-1-of-2.aspx
  Hope it helps.
  Will
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
  Click
  HERE to participate the survey.

• OCS on a cluster with Load balancing and fail safe environment

  Dear all,
  i want to ask is there any documat or hints on how to do an OCS R2 installaiotn on 3 server with RAC option (clustered Fail Safe), how can i install OCS on a cluster with Load balancing and fail safe environment.
  plz i need ur help
  thanking u
  [email protected]

  Dear all,
  i want to ask is there any documat or hints on how to do an OCS R2 installaiotn on 3 server with RAC option (clustered Fail Safe), how can i install OCS on a cluster with Load balancing and fail safe environment.
  plz i need ur help
  thanking u
  [email protected]

• Difference between Clustering and Load balancing

            What is the difference between Clustering and Load balancing?
            For example, We use Cisco Arrowpoint to do load balancing and it works fine for 3
            Sun solaris boxes/WebLogic 6.1 SP1.
            So what is the value addition to buy clustering license?
            Thanks
            Selvaraj
            

  Hi.
            Among other things, clustering allows you to share app data (such as http session
            data) across cluster members, allowing you to failover should one cluster member
            crash.
            If your app is stateless then this doesn't mean much - load balancing alone would
            probably be ok for you.
            Regards,
            Michael
            Selvaraji wrote:
            > What is the difference between Clustering and Load balancing?
            >
            > For example, We use Cisco Arrowpoint to do load balancing and it works fine for 3
            > Sun solaris boxes/WebLogic 6.1 SP1.
            >
            > So what is the value addition to buy clustering license?
            >
            > Thanks
            >
            > Selvaraj
            Michael Young
            Developer Relations Engineer
            BEA Support
            

• Two active active ISPs with load balancing, publishing and VPN connection

  Hi,
  I wonder how to enable a scenario where i have to use  two ISP's to share 30/70 load on our internet traffic, have to configure almost 60 internal websites already published using microsoft TMG firewall and connect client VPN connections and site-to-site vpn connections. I know that ASA firewall has limitation when using security contexts. Is good idea that how to achieve this gool?
  I previously tried connecting four sites running ASA devices with this fifth site running Microsoft TMG firewall but i was able to connect only two ASA firewalls using site-to-site VPN, though I was able to connect remaining two as well but last two were not able to access ASA-TMG resources. furthermore behavious of two ASA-TMG connected sites was strange: sometime i was not able to access cross site resources from one machine but was able to do so from another machine.
  I noticed that two of ASA sites connected with TMG site has different internal IP class (e.g site one 192.168.0.* and site two using 172.16.*.*) while remaining two have same class like the first site e.g 192.168.128.* and 192.168.100.*
  Did anyone has experiance connecting TMG-ASA with multiple sites within same IP class scenario?
  OR
  How to enable same features using Cisco devices as they are on a single Microsoft TMG?
  Best,
  Saulat (Contact# 0092-321-4025587)

  Sulat,
  You can load balance between the two ISPs. That is not possible. But, we do have some options that I have discussed here:
  Hope the above link gives you some ideas to utilize both your ISP links.
  -Kureli