5 Replies Latest reply: Oct 5, 2012 5:20 AM by deepa awasthi RSS

How to setup saprouter.

deepa awasthi
Currently Being Moderated

Hi Experts,

 

I've to setup saprouter as a pre-requisite for MOPZ in solution manager.

How can I decide if I should go for VPN internet connection or Non Internet connection.

I need some criteria on basis on which I can decide which option I should go for saprouter Installation on windows box.

Please suggest.

 

Regards,

Deepa.

  • Re: How to setup saprouter.
    jagadish gudla
    Currently Being Moderated

    Hi Deepa,

     

    Please check the below link,

     

    http://help.sap.com/saphelp_nwpi711/helpdata/en/48/6ca4616c0707dce10000000a42189d/frameset.htm

     

    You have a topic called SAP Router config where you can find how to define SAP Route string..

     

    You need to discuss with your network team and parellely you can open a message with SAP Network Support.

     

    Thanks,

    Jagadish.

  • Re: How to setup saprouter.
    Vinod B
    Currently Being Moderated
  • Re: How to setup saprouter.
    Vinod B
    Currently Being Moderated

    Hello Deepa,

     

    If you got the Answer to this question please mark it as Answered.

     

    Regards,

    Vinod Palli

  • Re: How to setup saprouter.
    Ramesh Nair
    Currently Being Moderated

    Hi,

     

    Here is the complete step.

     

     

    1) First of all get Public IP address. Public IP need to be configured to you local SAP Router IP address.

     

    2) Get port 3299 & 3298 open from SAP router ip host to SAP AG.

     

    3) Create a Customer Message with the Following details. Open a customer message under the component XX-SER-NET Customer

        Number, Hostname(on which SAPRouter is installed),Private IP Address, Public IP Address etc.

     

    4) Create the subdirectory saprouter in the directory \usr\sap.

     

    5) Now download the SAP ROUTER Software and Cryptographic Library Software. www.service.sap.com/saprouter-sncadd

     

    6) Once the software is downloaded copy the saprouter and cryptographic software into E:\usr\sap\saprouter

        eg: saprouter_15_XXXXX.sar, 9000XXXXX.sar

     

    7) Uncar the file

     

    8) Set environmental variable

     

       SECUDIR= <drive>:\usr\sap\saprouter

       SNC_LIB =<drive>:\usr\sap\saprouter\nt-xxx\sapcrypto.dll

     

     

    9) Generating the Registering the Key and Certificate

     

    Go to the link https://websmp201.sap-ag.de/SAPROUTER-SNCADD

     

    Click on Apply Now!


     

    10) Copy the Distinguished name (eg  CN=XXXXXX, OU=XXXXXXXXX, OU=SAProuter, O=SAP, C=DE)

     

    11) Create saprouttab text file without any extension in saprouter folder (<drive>:\usr\sap\saprouter)

     

    12) Now create a “certreq” textfile without any extension in the <drive>:\usr\sap\saprouter\nt-xxx

     

    13) Generate the certificate Request on SAP router OS with the Following command (execute from  <drive>:\usr\sap\saprouter

          \nt-xxx)directory

     

         sapgenpse get_pse -v -r certreq -p local.pse "<Your Distinguished Name>"

         sapgenpse get_pse –v -onlyreq -r certreq -p local.pse

     

        You will be asked twice for a PIN here. Please choose a PIN and document it, you have to enter it identically both times. Then you    

        will have to enter the same PIN every time you want to use this PSE.


    14) Display the output file "certreq" and with copy & paste (including the BEGIN and END statement) insert the certificate request into   

        the text area of the same form on the SAP Service Marketplace from which you copied the Distinguished Name.

     

    15) In response you will receive the certificate signed by the CA in the Service Marketplace. copy the content

         Create a “srcert” file without any extension in the same location (<drive>:\usr\sap\saprouter\nt-xxx) and paste it


    16) Importing the Certificate & Creating Credential

         Now Import the certificate using the below command

         sapgenpse import_own_cert -c srcert -p local.pse  (execute from  <drive>:\usr\sap\saprouter\nt-xxx)

         enter pin which you have already saved.

         Out of the command should show

         CA-Response successfully imported into PSE XXXX\saprouter\local.pse


    17) Creating the credential for User responsible to start SAP Router

         After importing the certificate create Credential for user <sid>adm who will be responsible to start the stop SAP Router


    18) sapgenpse seclogin –p local.pse –O <sidadm> (entered in full <domainname>\<username>)


    19) Verifying the Configuration

     

         sapgenpse get_my_name -v -n Issuer

     

         Out of the command should show

         Name of the Issuer as : CN=SAProuter CA, OU=SAProuter, O=SAP, C=DE

     

    20) Post Configuration Activity. Now we need to maintain the details in the saprouttab file. SAPROUTTAB is nothing but permission file which has information who should be communicate through SAP Router

     

    21) Following is an example content of saprouttab

    ---------------------------------------------------------------------------------------

    # SNC connection to and from SAP

    KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *

    # SNC-connection from SAP to local system for R/3-Support

    KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" < sap server ip > < port >

    # Access from your local Network to SAP

    P < sap server ip > 194.39.131.34 3299

    # All other connections will be denied

    #D

    -------------------------------------------------------------------------------------

    < Sap server ip > is nothing but ip address of the sap server which is need to be access via SAP Router

    < Port > is nothing but the port of SAP Application for e.g. 3200 ( dispatcher port )

    D * * * mean reject all the connection accept the entry of the server ip which mention in saprouttab

     

    22) How to Start & Stop SAP Router

     

          saprouter -r -S 3299 -V 3 -K "p:CN=<saprouter hostname>, OU=< Customer number >,

         OU=SAProuter,O=SAP, C=DE" &

     

    23) How to Stop SAP Router

        
         saprouter –s

     

    24) If we want to create as a service go through  Note 525751

     

     

    ntscmgr install saprouter -b <path>\saprouter.exe -p "service -r -W 60000 -R

    <path>\saprouttab -K ^p:<your_distinguished_name>^"

     

    (eg : ntscmgr install saprouter -b <drive>\usr\sap\saprouter.exe -p "service -r -W 60000 -R

    <drive>\usr\sap\saprouter\saprouttab -K ^p:CN=XXXXXX, OU=XXXXXXXXX, OU=SAProuter, O=SAP, C=DE^")

     

     

    Thanks

    Ramesh Nair

Actions