For the service connection between your system and SAP, you always require a SAProuter (refer to Note 30289). The SAProuter is already contained in the R/3 System or it is available free of charge from SAP Service Marketplace for different platforms.
Note that you must adjust the parameters in Transaction OSS1 (for more information, see Notes 17285 and 29784).
For the service connection, you need a VPN/IPSec-enabled router/firewall that MUST fulfill the following requirements:
- Encapsulating Security Protocol (ESP)
- Internet Key Exchange (IKE), with support of the Diffie-Hellman Group2 (1024-bit key)
- Encryption Algorithm 3DES
- Authentication Algorithm HMAC-MD5 (or HMAC-SHA1)
- Authentification with pre-shared key (generated by SAP)
- Support of the Diffie-Hellman Group2 (1024-bit key)
- Key exchange with Internet PKIs
3.) Official IP address
For the VPN connection, official (static) IP addresses are required for the WAN interface (at the router/firewall) andfor the SAProuter. You must provide the official IP addresses. You cannot use private IP addresses according to RFC 1597 and RFC 1918. Detailed information is available on the Internet under: http://www.iana.com
4.) Transport medium
For the service connection, you require an Internet access with a bandwidth of at least 64kbps.