KEMBAR78
Create SAP Router | PDF | Router (Computing) | Computer File
Scribd
Upload
221 views8 pages

Create SAP Router

This document provides installation instructions for an SAP router in 14 steps. It includes pre-requisite information like host name, IP addresses, user accounts and passwords. The steps cover downloading files, setting environment variables, generating certificates, creating user credentials, installing the router service, and configuring SAP systems to use the router. Commands are provided to start, stop, and check the status of the router once installed.

Uploaded by

barun581
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
221 views8 pages

Create SAP Router

This document provides installation instructions for an SAP router in 14 steps. It includes pre-requisite information like host name, IP addresses, user accounts and passwords. The steps cover downloading files, setting environment variables, generating certificates, creating user credentials, installing the router service, and configuring SAP systems to use the router. Commands are provided to start, stop, and check the status of the router once installed.

Uploaded by

barun581
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 8

INSTALLATION PROCEDURE

Pre-requisite :

Host Name : SAPROUT


Internal IP : 192.100.1.153
Public IP : 219.65.73.134

User Account : Administrator


Password : HiddenP@$$2017

User Account : SAPDemo


Password : HiddenPA$$2017

PIN : 123456789

Router String : /H/219.65.73.134/S/3299/H/

192.100.1.153
SAPROUT\SAPDemo
saprouter

Create SAP Router :

https://support.sap.com/remote-support/help/installing-saprouter.html

Step 1 : Download the SAPROUTER, SAPCAR and SAPCRYPTOLIB files from market place.

Step 2 : Create following directory structure : <SID>

D:\saprouter\ —> Here copy saprouter and cryptolib files along with sapcar.

Step 3 : Now Install the Sap-Router

D:\saprouter>SAPCAR -xvf saprouter_34-70000855.sar


SAPCAR: processing archive saprouter_34-70000855.sar
x niping.exe
x patches.mf
x saprouter.exe
SAPCAR: 3 file(s) extracted

D:\saprouter>saprouter.exe version

SAP Network Interface Router, Version 40.4


Compiled Jan 26 2016 19:05:11

start router : saprouter.exe -r


stop router : saprouter.exe -s
soft shutdown: saprouter.exe -p
router info : saprouter.exe -l (-L)
new routtab : saprouter.exe -n
toggle trace : saprouter.exe -t
cancel route : saprouter.exe -c id
dump buffers : saprouter.exe -d
flush " : saprouter.exe -f
hide errInfo : saprouter.exe -z
start router with third-party library: saprouter.exe -a library
generate encrypted password : saprouter.exe -h password_to_encrypt

additional options
-R routtab : name of route-permission-file (default ./saprouttab)
-G logfile : name of log file (default no logging)
-T tracefile : name of trace file (default dev_rout)
-V tracelev : trace level to run with (default 1)
-H hostname : of running SAProuter (default localhost)
-S service : service-name / number (default 3299)
-P infopass : password for info requests
-C clients : maximum no of clients (default 800)
-Y servers : maximum no of servers to start (default 1)
-K [myname] : activate SNC; if given, use 'myname' as own sec-id
-A initstring: initialization options for third-party library
-D : switch DNS reverse lookup off
-E : append log- and trace-files to existing
-J filesize : maximum log file size in byte (default off)
-6 : IPv6 enabled
-Z : hide connect error information for clients

expert options
-B quelength : max. no. of queued packets per client (default 1)
-Q queuesize : max. total size for all queues (default 20000000 bytes)
-W waittime : timeout for blocking net-calls (default 5000 millisec)
-M min.max : portrange for outgoing connects, like -M 1.1023
-I address : address for outgoing connects, like -I 155.56.76.6
--sock_buf_size=bufsize : socket send/receive buffer size in bytes
(only set if larger than OS defaults)
default: 32768
valid range: 32768 - 10000000 (0 = OS defaults)

# this is a sample routtab : -----------------------------------------


D host1 host2 serviceX
D host3
P * * serviceX
P 155.56.*.* 155.56
P 155.57.1011xxxx.*
P host4 host5 * xxx
P host6 localhost 3299
P host7 host8 telnet
S host9
P0,* host10
KP sncname1 * *
KS * host11 *
KD "sncname "abc" * *
KT sncname3 host11 *

# deny routes from host1 to host2 serviceX


# deny all routes from host3
# permit routes from anywhere to any host using serviceX
# permit all routes from/to addresses matching 155.56
# permit ... with 3rd byte matching 1011xxxx
# permit routes from host4 to host5 if password xxx supplied
# permit information requests from host6
# permit native-protocol-routes to non-SAP-server telnet
# permit ... excluding native-protocol-routes (SAP-servers only)
# permit ... if number of preceding/succeeding hops (SAProuters) <= 0/*
# permit SNC-connection with partnerid = 'sncname1' to any host
# permit all SAP-SAP SNC-connections to host11
# deny all SNC-connections with partnerid = 'sncname "abc'
# open connects to host11 with SNC enabled and partnerid = 'sncname3'

# first match [host/sncname host service] is used


# permission is denied if no entry matches
# service wildcard (*) does not apply to native-protocol-routes
# --------------------------------------------------------------------

D:\saprouter>

Step 4 : Set the Environmental Variable

Right Click My Computer in Start Menu -> Properties -> Advanced Settings -> Advance Tab ->
Environmental Variables.

Add the below mentioned entries.

Variable name Variable value

SECUDIR D:\saprouter

SNC_LIB D:\saprouter\sapcrypto.dll

Step 5 : Run following command to generate Certificate.

sapgenpse get_pse -v -r D:\usr\sap\saprouter\certreq -p D:\usr\sap\saprouter\local.pse


“<Distinguished name>”

sapgenpse get_pse -v -r D:\saprouter\certreq -p D:\saprouter\local.pse "CN=SAPROUT,


OU=0001184582, OU=SAProuter, O=SAP, C=DE"

CN=SAPROUT, OU=0001184582, OU=SAProuter, O=SAP, C=DE

You will be prompted for a PIN. Please give some pin and remember for future.

PIN : 123456789

Certreq file will be generated in the specified path.


Copy the certreq file content.

Now goto below link in Service Market place

https://support.sap.com/remote-support/saprouter/saprouter-certificates.html

SAProuter Target (on SAP-


Distinguished Name (Parameter for SAPGENPSE)
Name side)
SAPROUT CN=SAPROUT, OU=0001184582, OU=SAProuter, sapserv9
O=SAP, C=DE

Go to SAP Router system :


-----BEGIN CERTIFICATE REQUEST-----
MIICmzCCAYMCAQAwVjELMAkGA1UEBhMCREUxDDAKBgNVBAoTA1NBUDESMBAGA1UE
CxMJU0FQcm91dGVyMRMwEQYDVQQLEwowMDAxMTg0NTgyMRAwDgYDVQQDEwdTQVBS
T1VUMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3iS1kKJALOJ4TL+B
hfSTPajJ1YUfN6t4lIYBgk7XFIOMrWD2N4ALrBT2VecYGqW0JkOSE0Zp1kZrR9Vq
eW0i0fF2UeNcoABNI3aiWg1cpXxb8xnknoVTMMFC12JyA+0Y0t2/vM0euaZ+9G71
AU8oLQpv+XJC6jfrMMSGI+IBgarddUEEQ+bCtV+LSzanaGuDmySA/jbcFwHq7ki2
c2dZ/IIBwoanWXcMNP7bc98eXNGQf6xUv7PmYlyLbKV2IoCvHFXA6x9wT0ZZLtc+
yp/IN63Ii85Vpwd1Zi8HiPJRRjfaFiZEDcnEJ3vmNb737fP01YDjYi5rqz6kh47Q
sqlU5QIDAQABoAAwDQYJKoZIhvcNAQELBQADggEBANewsMMwtVP3HK4tWdyTdrg8
lD0MkUzO11qy08r4MRI59ckob2lVqGmEN+KEqNyKc9pEdGm3Q5vcl5dA0B2B+HqJ
IWDfSL2yWVfCpq3MktwafR0i4rV7UhOmi/kgp1+RR7SOt9OpZOFVPNKrbmEEshwO
d2UFGMobLJMmuBhCMDopEbeq49MOurNIrS53krebsKQphPy1osNB3jxv4FIfZLQs
sVu69AsNOfMgDGvfZDCzvFaLvMZVF9ZrCpT+9XuXFq6Aet2hBwWy0W7mBmSBstRQ
4qpfYMGg7wW3ybfYwLET9os+y5VWdZTvGxAJSOfSOnsFZTCPmBQBQSy/VFdr8Jg=
-----END CERTIFICATE REQUEST-----
STEP 7: This will generate a certificate details: then copy the contents and create a file srcert (without
any extension) in C:\Saprouter and copy the certificate details and paste it in this file.

STEP 8:  Run the command -


sapgenpse import_own_cert -c C:\saprouter\srcert -p C:\saprouter\local.pse

sapgenpse import_own_cert -c D:\saprouter\srcert -p D:\saprouter\local.pse

D:\saprouter>sapgenpse import_own_cert -c D:\saprouter\srcert -p D:\saprouter\local.pse

Please enter PSE PIN/Passphrase: *********

CA-Response successfully imported into PSE "D:\saprouter\local.pse"

D:\saprouter>

(This will create files dev_rout etc.  In C:\saprouter folder then create a file saprouttab (Without any
extension and copy the following contents the  file.

STEP 9: To generate credentials for the user that's running the SAProuter service, run command:

sapgenpse seclogin -p C:\saprouter\local.pse -O administrator

sapgenpse seclogin -p D:\saprouter\local.pse -O SAPDemo

SAPROUT\SAPDemo

(this will create the file "cred_v2"    in  C:\saprouter folder )


STEP 10: Check the configuration by running command:

sapgenpse get_my_name -v -n Issuer


(This should always give the answer "CN=SAProuter CA, OU=SAProuter, O=SAP, C=DE")
sapgenpse get_my_name (to find the validity of license)

STEP 11: Create SAProuter service on Windows with the command :(download ntscmgr from Sap note
618053) and run the command  -

ntscmgr install SAProuter -b C:\saprouter\saprouter.exe -p


"service -r -R C:\saprouter\saprouttab -W 60000 -K ^p:<Distinguished Name>^"

STEP 12: Edit the Windows Registry key as below: (regedit)

MyComputer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SAProuter\
ImagePath --> Change both the (^) to (")

RECOMMENDED TO RESTART

STEP 13: Start the SAProuter service (there maintain logon user details as administrator and password.)

STEP 14: Enter the below parameters in OSS1 -> Menu - Technical Settings

a). Click on Change -

Saprouter at Customer Site:

Name:
IP Address:
Instance no:

Saprouter at SAP:

Name:
IP Address:
Instance no:

Save the settings.

Now you can log on to SAPNet by clicking on Logon to SAPNet.

Use your OSS ID and password.

 Controls:
Start router : saprouter -r
Stop router  : saprouter -s
Soft shutdown: saprouter -p
Router info  : saprouter -l (-L)
new routtab  : saprouter -n
toggle trace : saprouter -t
cancel route : saprouter -c id
dump buffers : saprouter -d
flush   "    : saprouter -f

You might also like