The rising demand of accessing SAP systems of clients from offsite, I govern two solutions first is VPN and second is via-SAPROUTER.
In this paper I will compare both the solutions, introduction of SAPROUTER and configuration of ‘via-SAPROUTER’ access.
VPN vs via-SAPROUTER
Accessing client’s network, VPN is ultimate solution, but it requires lot of configuration efforts, hardware prerequisites, VPN-clients and its administration.
In case of saprouter , its normal BASIS activity for giving remote access to SAP India/AG. This saprouter we can use to give SAP system access to our consultants!
But using via-saprouter we can only access SAP system, we can not take telnet and trouble shoot the system in basis point of view.
Working of via-SAPROUTER
Working of saprouter is very simple. Whenever some one ask for the access via saproute string, it comes to the NI interface of system on which given public IP is configure and tries to access router application on given port. Running application then checks the permission matrix in saprouttab and as per that gives access to the SAP system.
Configuration on GUI
On GUI all the settings should keep as it is but only addition is on saprouter string.
Configuration on SAPROUTTAB
To give access to the other incoming request, we should know his Public IP address by which request is going to come on NI interface.
Eg. Requesters ip address is 184.108.40.206 then we need to add permission entry for that IP as follow
p 220.127.116.11 * *
here ‘p’ stands for permit ,second field is ip address which to be permitted, third field is which system to be access where * stands for wildcard meaning all available and last field is on which port.
But never forget to keep last line as,
D * * *
Which will denies all other request than permitted list.
Last step is to start saprouter using command ‘saprouter –r’
Once above configuration is done, system is ready to use in remote connectivity.
Now the simplest way of remote connectivity to SAP system is explained and it takes hardly 5 minute of time to configure.