Scribd
Upload
361 views6 pages

SAPROUTER Configuration For LANCO11239501081

1. The document outlines the configuration of a SAP router named saplanco with the IP address 192.1.47.230 to enable SNC communication over the internet. 2. Key steps included downloading and installing SAP router files, generating a certificate request, receiving a signed certificate, importing the certificate, and configuring firewall ports and routing tables. 3. The saprouter service was also configured to automatically start on system startup.

Uploaded by

Raymond Yambao
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
361 views6 pages

SAPROUTER Configuration For LANCO11239501081

1. The document outlines the configuration of a SAP router named saplanco with the IP address 192.1.47.230 to enable SNC communication over the internet. 2. Key steps included downloading and installing SAP router files, generating a certificate request, receiving a signed certificate, importing the certificate, and configuring firewall ports and routing tables. 3. The saprouter service was also configured to automatically start on system startup.

Uploaded by

Raymond Yambao
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

LANCO SAP Router Configuration

------------------------------------------------------------------------------------------------------------

“OSS- Connectivity through SNC over internet”

Following things were done in regards of making snc communication


over internet setup using our SAP router as saplanco
(192.1.47.230).

1. PC with Windows 2000 or 2003 server SP Pack /latest mcafee


antivirus/routing enabled.

2. Hostname:. saplanco user id is idsadm and password


lancoides1

3. Downloading of latest saprouter file from SAP Service


market Place.

4. Installation of Saprouter in the directory


D:\usr\sap\saprouter

5. Host file entry for sapserv2 as 194.39.131.34 and host file


entry in sap servers as Development Systen and Production
System

6. Live IP addresses is 116.214.29.83

7. Ping test to sapserv2 was successful with time response as


400-500 ms.

8. “idsadm” admin user created for saplanco server in local


login.

9. Registration with SAP for our new sap router gilsolman and
distinguished name was get from SAP as “CN=saplanco,
OU=0000881410, OU=SAProuter, O=SAP, C=DE”
It will get from this site (service.sap.com/saprouter-sncadd
and configuration document will be getting from this site (
service.sap.com/saprouter-sncdoc)

10. Downloading of sapcrypto.car sap cryptographic component


file from service.sap.com

11. As user soladm we have set the environment variables


SECUDIR = <directory_of_saprouter> as
D:\usr\sap\saprouter\

------------------------------------------------------------------------------------------------------------
Page 1 of 6
LANCO SAP Router Configuration
------------------------------------------------------------------------------------------------------------

12. Installation of sapcrypto.car file using the command

sapcar -xvf SAPCRYPTO.CAR.


This command unpacks following files:
sapcrypto.dll
sapgenpse.exe
ticket
These files were installed in D:\usr\sap\saprouter directory. It
will be created one directory D:\usr\sap\saprouter\ntintel.
These two files will be created in D:\usr\sap\saprouter\ntintel
sapcrypto.dll, sapgenpse.exe during the uncar of the
SAPCRYPTO.CAR. You have to copy the ticket file from
D:\usr\sap\saprouter to C:\Documents and settings \idsadm\sec
(you have to create this directory before copying the ticket
file) and D:\usr\sap\saprouter\ntintel

13. Then generation of certificate request using the steps:

Generating the certificate Request with the command from command


prompt ( D:\usr\sap\saprouter\ntintel)

sapgenpse get_pse -v -r certreq -p local.pse “CN=saplanco,


OU=0000881410, OU=SAProuter, O=SAP, C=DE”
Asking PIN and you have to give admin123 ( anything you can
give).

certreq file will be created into the


D:\usr\sap\saprouter\ntintel

14. This command created one file named certreq


1. The output file "certreq" was copied and contents were
inserted into the certificate request text area of the
same form on the SAP Service Marketplace .
2. In response we received the certificate signed by the CA
in the Service Marketplace, The text was cut & pasted
into a local file named srcert
(D:\usr\sap\saprouter\ntintel). Remove the extension
after creating the file srcert.

15. With this file srcert in turn we installed the certificate


in our saprouter by calling

sapgenpse import_own_cert -c srcert -p local.pse

------------------------------------------------------------------------------------------------------------
Page 2 of 6
LANCO SAP Router Configuration
------------------------------------------------------------------------------------------------------------
16. Now credentials for the SAProuter with the same program
is created . the credentials are created for the logged
in user account)
sapgenpse seclogin -p local.pse -O idsadm
This will create a file called cred_v2 in the C:\Documents
and settings \idsadm\sec directory and copy this to
D:\usr\sap\saprouter

To check that certificate has been imported correctly


sapgenpse get_my_name -v -n Issuer

The name of the Issuer found to be:


CN=SAProuter CA, OU=SAProuter, O=SAP, C=DE
17. After restarting the sap router using the command.
saprouter -r -S 3299 -K "p: CN=saplanco, OU=0000881410,
OU=SAProuter, O=SAP, C=DE”
or saprouter -r -S 3299 –R F:\usr\sap\saprouter\saprouttab -K
"p: CN=saplanco, OU=0000881410, OU=SAProuter, O=SAP, C=DE”
we got the error as sncgss32..dll file missing and sap router was
unable to load.

18. It was identified that the file is gss32api.dll found


in Sap kernel CD.
This file was taken and copied into saprouter directory.

As a user idsadm you have to set the environment variables


SNC_LIB = D:\usr\sap\saprouter\ntintel\sapcrypto.dll

19. Then some additions were done in sap routing table


named as
saprouttab (D:\usr\sap\saprouter)
The entries of this file are as follows:
# outbound connections to <sapservX> will use SNC
# SNC connection to SAP
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *
# SNC-connection from SAP to local R/3-System for Support
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.1.47.235
3200
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.1.47.235
3201
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.1.47.235
8000

------------------------------------------------------------------------------------------------------------
Page 3 of 6
LANCO SAP Router Configuration
------------------------------------------------------------------------------------------------------------
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.1.47.235
8001
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.1.47.240
3201
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.1.47.245
3202
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.1.47.240
8001
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.1.47.245
8002
# SNC-connection from SAP to local R/3-System for pcAnywhere
# SNC-connection from SAP to local R/3-System for SAPtelnet
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.1.47.240 23
# Access from your local Network to SAPNet - R/3 Frontend
P * 194.39.131.34 3299
# All other connections will be permitted
P * * *
20. Then saprouter was restarted using the command

saprouter -r -S 3299 –R D:\usr\sap\saprouter\saprouttab -K "p:


CN=saplanco, OU=0000881410, OU=SAProuter, O=SAP, C=DE” -V 2

trace file name is dev_rout.

SAProuter creation as a Service :


Command : ( Note no. 525751)

ntscmgr install SAProuter –b D:\usr\sap\saprouter\saprouter.exe –


p “service –r –W 60000 -K ^p: CN=saplanco, OU=0000881410,
OU=SAProuter, O=SAP, C=DE^”
Edit the string in the registry under
MyComputer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
saprouter
and change ^ to " under ImagePath

Manually you can add this in ImagePath if you have no value in


imagePath.

D:\usr\sap\saprouter\saprouter.exe service –r –R
D:\usr\sap\saprouter\saproutab-W 60000 -S 3299 -K "p:
CN=saplanco, OU=0000881410, OU=SAProuter, O=SAP, C=DE"

------------------------------------------------------------------------------------------------------------
Page 4 of 6
LANCO SAP Router Configuration
------------------------------------------------------------------------------------------------------------

After that you have to change SAProuter Service logon details


with the user soladm and password(lancoides1). – goto OSS1-
Parameter-Technical setting

1. After saving this technical, RFC connection of SAPOSS will


be created
automatically.
2. After executing the Tcode SDCC, RFC connection of SAPNET_RFC
will be created
automatically
3. After executing the Program RTCCTOOL, RFC connection of
SAPNET_RTCC will
be created automatically

User ID OSS_RFC and password is rfc in RFC connection SAPOSS ,


SAPNET_RFC and SAPNET_RTCC ,
Target system : OSS
Client : 001
Msg. Server :
/H/192.1.47.230/S/sapdp99/H/194.39.131.34/S/sapdp99/H/oss001

------------------------------------------------------------------------------------------------------------
Page 5 of 6
LANCO SAP Router Configuration
------------------------------------------------------------------------------------------------------------
Port No. for saprouter in firewall :
3299,3200,3201,3300,4700,3600,telnet (23),5632(PcAnywhere) and
3389 (Terminal Service)

Nating command : static (inside,outside) 116.214.29.83 netmask


255,255,255,255

Command for port open in firewall “


Access_list act_out extended permit tcp any host 116.214.29.83 eq
3299
Sh run

In order to avoid this warning message and to get a proper


(green:
successful) connection status displayed in the SAP Service
Marketplace,
your firewall would have to allow only the following additional
rules:

194.39.131.34 -> 116.214.29.83:icmp (echo-request, type 8)


116.214.29.83-> 194.39.131.34:icmp (echo-reply, type 0)

------------------------------------------------------------------------------------------------------------
Page 6 of 6

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy