Follow the steps Normaly saprouter is installed on Solution Manager and solman sidadm user will be used to administer saprouter. Login using saprouter administrator user. In my case it is same as solman sidadm. Locate saprouter root directory. Normally it will be found at /usr/sap/saprouter command: cd /usr/sap/saprouter 3. SAP Router - Installation and Configuration in Linux and Windows Step 1. Download newest version of SAPCAR, SAProuter xx.SAR and Cryp. This is the primary step in How to create Customized Authorization Objects (SU21) SAP Authorization Objects The SAP Authorization Objects, as the name itself suggests, is a method of restricting users to access any particular application created in the system.
- Saprouter Installation Step By Step Ladders
- Saprouter Installation Step By Step Learn 2020
- Saprouter Installation Step By Step For Windows
- Saprouter Installation Step By Step Video New Kids
- Angela Watson
- Staci Keanan
IMPORTANT – NEW METHOD OF TO RENEW SAPROUTER CERTIFICATE:
Refer to SAP Note 2131531 and below link,
• Prepare a Public IP Address.
• Download SAProuter and SAP Cryptographic from the SAP Service Marketplace.
• Ensure both 3299 & 3298 are open to SAP.
SAProuter SNC Setup
Create a new folder name saprouter under the /usr/sap/ directory. Extract both downloaded files (SAProuter & SAP Cryptographic) into the saprouter folder.
Set the following environment,
Create an OSS message to SAP by referring to the SAP Note 28976. Send the message by attaching the remote connection data sheet to the message. Put the component as XX-SER-NET-NEW and the short text for that message as “Remote Connection Data Sheet“.
Once SAP reply saying that the registration is done – You can navigate to this link http://service.sap.com/saprouter-sncadd. Click on Apply Now.
Select the SAProuter which you want to register with SAP. Click Continue.
Saprouter Installation Step By Step Ladders
The following page is to create the CSR on SAProuter.
To get over this, go back to the /usr/sap/saprouter directory and execute the below commnad (single line command) – As result, 2 files will be generate – certreq and local.pse. You will be asked to enter 4 pin code – Just enter 4 digit number eg 1234. [Note: Distinguished Name = “CN=ITsiti, OU=000012345, OU=SAProuter, O=SAP, C=DE”]
Open the certreq, copy and paste the content to text area of Certificate Signing Request (above screenshot). Click Request Certificate.
Now, copy the generated certificate from the Import Certificate into SAProuter. Create a new file name srcert(with no extension) and paste the certificate inside.
Install the SAP certificate (srcert) into your SAP router. The command will create dev_rout file.
Next, assign the credentials to the user which running the saprouter (normally, just use sidadm). The file named cred_v2 will be created.
Check your SAProuter configuration.
Create a saprouttab file.
Saprouter Installation Step By Step Learn 2020
sapserv1 (188.8.131.52) connection via Internet VPN
sapserv2 (184.108.40.206) connection via Internet SNC
sapserv3 (220.127.116.11) for customers with connection to Germany
sapserv4 (18.104.22.168) for customers in America
sapserv5 (22.214.171.124) for customers with connection to Japan
sapserv7 (126.96.36.199) for customers in Asia
sapserv9 (188.8.131.52) for customers in Asia.
Now, start the SAProuter using below command,
Finally, configure the OSS1 connection and verify the connection is working fine.
SAProuter - How to setup the saprouter ? What is the saprouter ?
The program SAProuter is the router (software) for the connection from customers to SAP and vice versa.
- SAProuter in a SAP System
- What ports to open for a SAProuter ?
- How to setup the SAProuter for an SNC Internet-Connection ?
- How to setup the SAProuter for an VPN-Internet-Connection ?
- How to setup the SAProuter for NON-Internet-Connection ?
- How to download the latest version ?
- SAProuter online help with all supported command line options and further examples
SAProuter in a SAP System
This tool SAProuter is designed, to connect different IP Networks even when the IP adresses are in conflict as it does a network adress translation itself. So, this is always used in order to connect SAP with the customer's systems. This is the case for the way from SAP to the customers and mostly the case as well for logging on into the SAP systems from customer's site as well. If the customer uses the SAPNet R/3 Frontend, he has to use the SAProuter on his site.
Further information is available in the very good note 30289.
What ports to open for a SAProuter ?
From external to the SAProuter (mostly from Internet to DMZ)
The SAProuter is running (listening) on port 3299 by default. When you change this with the option '-S' you have to open a different service. But, by default it is just the port 3299 inbound that needs to be available from external partners. The SAProuter now changes the ports to the 'original' ones on the computer where the SAProuter is running. So, it looks like for the target system, as if the request would always come from the computer where the SAProuter is running.From the SAProuter to the internal systems (mostly from DMZ to intranet)
The SAProuter rerouts all requests from the port 3299 where it is receiving the data to the original ports. Therefore, it is necessary, that you open all ports from the SAProuter to your intranet, that are used in your environment.
This is normally at least the SAP system. The SAP systems dispatcher is running on port 32nn where nn is the system number. So, you might have to open port 3200 - keep in mind, that 3299 to the intranet normally is NOT necessary.
Overview of a few typical applications and their port needs (especially for the access from SAP to your system):
- 32nn: R3 Support Connection
- 23: Telnet
- 1503: Netmeeting
- 5601: PC-Anywhere
- 3389: Windows Terminal Server (WTS)
How to setup the SAProuter for an VPN-Internet-Connection ?
Even when VPN often sounds horrible complicated this is pretty easy in this scenario ...
You just grap the 'Remote Connection Data Sheet' from note 28976 and return it filled in to SAP either via Fax or via SAPNet R/3 Frontend (OSS) with componente XX-SER-NET-OSS-NEW (The short text for that message must be 'Remote Connection Data Sheet').
In this 'Remote Connection Data Sheet' you mainly have to let SAP know the official IP adress of your VPN Server and the second official IP adress of your SAProuter. You then forward this second IP to the server of your choice where you want to run the SAProuter.
SAP will setup the VPN access for you and will return the necessary preshared key with the official SAP IP adresses in a few days to you. You then setup your end of the VPN and everything is fine.
Installation of the SAProuter itself for VPN works identically to the way via a private line for non internet connections as described below.
Saprouter Installation Step By Step For Windows
How to setup the SAProuter for NON-Internet-Connection ?
The following description is designed for Windows, but for other platforms, there is documentation available as well in the SAP Help Portal.
- First you have to setup a physically direct connection to SAP. This can be an ISDN-, Frame-Relay or similar connection. If a direct connection from your site is not feasable, you can have a look to some service providers, if they can offer you a 'OSS-Connection' to SAP for a useful fee.
Then you receive a special official IP-Adress from SAP (mostly 2 IPs). One of the IP adresses has to become attached to the server you want to run SAProuter on. This means, that this server can receive several IP adresses (at least your normal local one and the official one from SAP).
- Create the subdirectory saprouter in the directory <drive>:usrsap.
- Copy the SAProuter.exe either from <drive>:usrsap<SID>SYSexerun or get the latest one as described below from the SAP Service Marketplace.
- Install the SAProuter as service as follows:
ntscmgr install SAProuter -b <drive>:usrsapsaproutersaprouter.exe -p 'service -r <parameter>'
(The 'parameter' has to become replaced with the additional parameters you are using. This is mostly not necessary at all)
- Define the general attributes of the service:
Control Panel->Services, set the startup type to “automatic” and enter a user. SAProuter should not run under the SystemAccount.
- To avoid the error message “The description for Event ID (0)” in the Windows NT event log, you must enter the following in the registry: Under HKEY_LOCAL_MACHINE->SYSTEM->CurrentControlSet->Services->Eventlog->Application, create the key saprouter and define the following values under it:
EventMessageFile (REG_SZ): <drive>:usrsapsaproutersaprouter.exe
TypesSupported (REG_DWORD): 0x7
- Every SAProuter needs a file called 'saprouttab'. This is normally expected in the same directory as saprouter.exe is located. You should have a look at the end of this web-site or to the SAP Help Portal how to setup this for productive use.
Right for the moment for tests, the following line in the file <drive>:usrsapsaproutersaprouttab is sufficient:
P * * *
(Please change this as soon as your tests are done, as this file opens all ports and all of your systems!)
- Now, have fun with your SAProuter after starting it via the Windows Service Manager!
How to download the latest version ?
You can download the latest version of all the SAP Executables in the SAP Service Marketplace. As the binaries are different for each platform, you should have a look at the following link:
Download Executable Patches on the SAP Service Marketplace
SAProuter online help with all supported command line options and further examples
Saprouter Installation Step By Step Video New Kids
If you have some more ideas to this topic, please let us know via the Feedback Area.