SAP R/3 login problem through tunnel

Discussion in 'Cisco' started by gautamzone, Feb 22, 2006.

  1. gautamzone

    gautamzone Guest

    Hi friends,

    Just a peculiar problem with logging into SAP R/3 through a tunnel

    Remote Clients are unable to login to SAP R/3 Ver 4.7 server at central
    office. However, they are able to ping to the SAP server!!

    The following are the details:

    Remote End router : Cisco 2610
    IOS : 12.0(5)XK1

    Central office router : Cisco 1721
    IOS : 12.3(5e)

    A tunnel has been configured on both ends with IP address range of / 30.
    I am able to ping from one tunnel to the other.

    However, with another alternative link (Leased Line) without tunnel
    confuguration, the remote clients are able to access the SAP server.

    I changed the MTU settings for the tunnel interfaces to 1500, but it
    did not work.

    I would also like to add that there is one more remote location router
    with IOS 12.4(3b) that is having successful SAP server connectivity
    with central office router in a tunnel configuration.

    So, I strongly suspect the IOS version being a cause here. But I am not
    really in a position to upgrade the IOS from 12.0 to a higher version
    as I only have 8MB of flash memory.

    Are there any options that I can try in this scenario? Thanks a lot for
    your help in advance.

    Thanks a lot
    gautamzone, Feb 22, 2006
    1. Advertisements

  2. gautamzone

    Haitingus Guest

    Hi Gautam,

    We encounter the same issue, some version of SAP put the do not fragment bit
    to set. Meaning that if for some reason, the packets needs to be fragmented
    (depending on the path you go through), your packet will be simply dropped.

    Solution we applied was to set the MTU on the server to 1300 (maybe yuou can
    fine tune this), by editing the registry.

    Haitingus, Feb 23, 2006
    1. Advertisements

  3. gautamzone

    ciscodagama Guest

    Try pings with larger packet sizes to see if this is a MTU issue. Like
    the last poster suggested, this could have something to do with the
    don't-fragment (DF) bit having to be cleared. Check out the following
    link that explains interaction between MTU and DF bit being set when
    GRE is involved

    Cisco da Gama
    ciscodagama, Feb 23, 2006
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.