Register Login

SAP Router Configuration

Updated May 18, 2018

OSS- Connectivity through SNC over Internet

Following things were done in regards of making snc communication over internet setup using our SAP router as saplanco (192.1.47.230).

1. PC with Windows 2000 or 2003 server SP Pack /latest mcafee antivirus/routing enabled.

2. Hostname:. saplanco user id is idsadm and password lancoides1

3. Downloading of latest saprouter file from SAP Service market Place.

4. Installation of Saprouter in the directory D:usrsapsaprouter

5. Host file entry for sapserv2 as 194.39.131.34 and host file entry in sap servers as Development Systen and Production System

6. Live IP addresses is 116.214.29.83

7. Ping test to sapserv2 was successful with time response as 400-500 ms.

8. “idsadm” admin user created for saplanco server in local login.

9. Registration with SAP for our new sap router gilsolman and distinguished name was get from SAP as “CN=saplanco, OU=0000881410, OU=SAProuter, O=SAP, C=DE”

It will get from this site (service.sap.com/saprouter-sncadd and configuration document will be getting from this site ( service.sap.com/saprouter-sncdoc)

10. Downloading of sapcrypto.car sap cryptographic component file from service.sap.com

11. As user soladm we have set the environment variables SECUDIR = as D:usrsapsaprouter

12. Installation of sapcrypto.car file using the command

sapcar -xvf SAPCRYPTO.CAR.

This command unpacks following files:

sapcrypto.dll

sapgenpse.exe

ticket

These files were installed in D:usrsapsaprouter directory. It will be created one directory D:usrsapsaprouter intel. These two files will be created in D:usrsapsaprouter intel sapcrypto.dll, sapgenpse.exe during the uncar of the SAPCRYPTO.CAR. You have to copy the ticket file from D:usrsapsaprouter to C:Documents and settings idsadmsec you have to create this directory before copying the ticket file) and D:usrsapsaprouter intel

13.Then generation of certificate request using the steps:

Generating the certificate Request with the command from command prompt ( D:usrsapsaprouter intel)

sapgenpse get_pse -v -r certreq -p local.pse “CN=saplanco, OU=0000881410, OU=SAProuter, O=SAP, C=DE” Asking PIN and you have to give admin123 ( anything you can give).

certreq file will be created into the D:usrsapsaprouter intel

14.This command created one file named certreq

  1. The output file "certreq" was copied and contents were inserted into the certificate request text area of the same form on the SAP Service Marketplace.
  2. In response we received the certificate signed by the CA in the Service Marketplace, The text was cut & pasted into a local file named srcert (D:usrsapsaprouter intel). Remove the extension after creating the file srcert.

15. With this file srcert in turn we installed the certificate in our saprouter by calling

sapgenpse import_own_cert -c srcert -p local.pse

16. Now credentials for the SAProuter with the same program is created . the credentials are created for the logged in user account)

sapgenpse seclogin -p local.pse -O idsadm

his will create a file called cred_v2 in the C:Documents and settings idsadmsec directory and copy this to D:usrsapsaprouter

To check that certificate has been imported correctly sapgenpse get_my_name -v -n Issuer

The name of the Issuer found to be: CN=SAProuter CA, OU=SAProuter, O=SAP, C=DE

17. After restarting the sap router using the command. saprouter -r -S 3299 -K "p: CN=saplanco, OU=0000881410, OU=SAProuter, O=SAP, C=DE” or saprouter -r -S 3299 –R F:usrsapsaproutersaprouttab -K "p: CN=saplanco, OU=0000881410, OU=SAProuter, O=SAP, C=DE” we got the error as sncgss32..dll file missing and sap router was unable to load.

18. It was identified that the file is gss32api.dll found in Sap kernel CD.

This file was taken and copied into saprouter directory.

As a user idsadm you have to set the environment variables SNC_LIB = D:usrsapsaprouter intelsapcrypto.dll

Read more about Step by Step Procedure for SAP Router Installation procedure from the Beginning to END

19. Then some additions were done in sap routing table named as saprouttab (D:usrsapsaprouter) The entries of this file are as follows:

# outbound connections to will use SNC

# SNC connection to SAP KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *

# SNC-connection from SAP to local R/3-System for Support KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.1.47.235 3200

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.1.47.235 3201

3201 KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.1.47.235 8000

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.1.47.235 8001

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.1.47.240 3201

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.1.47.245 3202

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.1.47.240 8001

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.1.47.245 8002

# SNC-connection from SAP to local R/3-System for pcAnywhere

# SNC-connection from SAP to local R/3-System for SAPtelnet

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.1.47.240 23

# Access from your local Network to SAPNet - R/3 Frontend

P * 194.39.131.34 3299

# All other connections will be permitted

P * * *

20. Then saprouter was restarted using the command

saprouter -r -S 3299 –R D:usrsapsaproutersaprouttab -K "p: CN=saplanco, OU=0000881410, OU=SAProuter, O=SAP, C=DE” -V 2 trace file name is dev_rout.

SAProuter creation as a Service : Command : ( Note no. 525751)

ntscmgr install SAProuter –b D:usrsapsaproutersaprouter.exe – p “service –r –W 60000 -K ^p: CN=saplanco, OU=0000881410, OU=SAProuter, O=SAP, C=DE^”

Edit the string in the registry under MyComputerHKEY_LOCAL_MACHINESYSTEMCurrentControlSetServices saprouter and change ^ to " under ImagePath

Manually you can add this in ImagePath if you have no value in imagePath.

D:usrsapsaproutersaprouter.exe service –r –R

D:usrsapsaproutersaproutab-W 60000 -S 3299 -K "p:

CN=saplanco, OU=0000881410, OU=SAProuter, O=SAP, C=DE"

After that you have to change SAProuter Service logon details with the user soladm and password(lancoides1). – goto OSS1- Parameter-Technical setting

1. After saving this technical, RFC connection of SAPOSS will be created automatically.

2. After executing the Tcode SDCC, RFC connection of SAPNET_RFC will be created automatically

3. After executing the Program RTCCTOOL, RFC connection of SAPNET_RTCC will be created automatically

User ID OSS_RFC and password is rfc in RFC connection SAPOSS , SAPNET_RFC and SAPNET_RTCC ,

Target system : OSS

Client : 001

Msg. Server : /H/192.1.47.230/S/sapdp99/H/194.39.131.34/S/sapdp99/H/oss001

Port No. for saprouter in firewall : 3299,3200,3201,3300,4700,3600,telnet (23),5632(PcAnywhere) and 3389 (Terminal Service)

Nating command : static (inside,outside) 116.214.29.83 netmask 255,255,255,255

Command for port open in firewall “ Access_list act_out extended permit tcp any host 116.214.29.83 eq 3299

Sh run

In order to avoid this warning message and to get a proper (green: successful) connection status displayed in the SAP Service Marketplace, your firewall would have to allow only the following additional rules:

194.39.131.34 -> 116.214.29.83:icmp (echo-request, type 8)

116.214.29.83-> 194.39.131.34:icmp (echo-reply, type 0)


Comments

  • 11 Aug 2017 4:13 pm Sugandh Helpful Answer

    Configuration in the SAP system for using OSS1 transaction.

    Login to SAP from saplogon
    Call T-code OSS1
    Parameters  Technical Settings

    Fill related info

    SAPRouter (customer)

    SAPRouter 1
    Name: SAP-ROUTER
    IP address: 172.18.9.8  Local IP!!!!
    Instance no. 99

    SAPRouter and OSS Message Server
    SAPRouter (SAP)    OSS Message Server
    Name: sapserv2    Name: oss001
    IP address : 194.39.131.34    DB name: O01
    Instance no. 99    Instance no. 01

    Save the data and click on Log on to check the connectivity. When prompted provide the OSS username and password.

  • 12 Apr 2009 1:52 am rekha
    When i renew the sap router i need to stop the sap router or not?
  • 12 Apr 2009 1:52 am Shalesh Singh Visen
    Need not required. You can do online.
  • 01 Nov 2009 4:49 am saperpguru
    You may secatt tool.

×