gateway client fails, but straight vpn client works
- From: "jlyon" <jlyon@xxxxxxxxxxxxx>
- To: isalist@xxxxxxxxxxxxx
- Date: Mon, 4 Jul 2005 06:54:42 -0600
Any help is MOST appreciated.
Setup prior to issue ocurring:
NT 4 domain
Multiple routed subnets on same frame backbone
Serveral gateway to gateway segments using ISA 2004
SAP systems on separate domain operating on NT 4
Clients behind a gateway connection could utilize the SAP GUI (uses pure
IP / TCP routing) and connect just fine.
Setup changes:
NT 4 domain upgraded to AD on 2003
SAP servers upgraded to 2000 servers except PDC/BDC (still NT4 domain
separate from corporate domain)
Issue:
Currently ANY sap gui user can connect from a corporate network/frame
connection.
Currently clients behind a gateway connection can not connect to sap via
the gui with error "WSAEConnRefused" which points to firewall, or such,
blocking access.
HOWEVER, if same client creates a client side vpn connection to the main
office Gateway ISA server the gui works fine. Note that the SAP domain and
the Main office gateway set on the same subnet, so the vpn client
connection is obtaining an IP that is local to the SAP systems.
Further notes:
With a normal gateway connection, clients behind the gateway, can ping and
tracert route the SAP server IP addresses. Routing is in place and
functioning.
All ISA gateway servers are on windows 2k, sp4, ISA sp2, FeaturePk 1 with
all updates. They are also all in the RAS and IAS group in AD.
Firewall logs show NO blocks of any connections to SAP IP's or their
utilized ports.
Folks, what am I missing here. Why are only gateway clients failing and
why do they work on client vpn connection just fine.
I really need some insight on this one and I have tried everything I know
to try.
Thanks
-John
Other related posts:
