This blog intends to support all consultants who work with SAP ROUTER setup and maintenance.
The step by step configuration procedure is to install SAP ROUTER on Windows platform (The same procedure can be used in Unix environment)
Importantly, if the system is in Domain, perform entire operation with domain admin user only. Not with local admin.
OSS message to SAP: Raise an OSS message to SAP for component XX-SER-NET-NEW with following information.
“Request you to please register our Public IP & Host Name for SNC connection for SAP Router <saprouter box hostname>
Public ip:<public of your saprouter server>
Hostname:<hostname of your saprouter server>
Please contact <name> and <number > for more information on this“
Response from SAP would be:
We’ve registered your data for the SNC connection to SAP Support.
Please do the following:
– Go to the http://service.sap.com/saprouter-sncadd
– Click on “Apply Now!”
– Follow the steps detailed in the documentation
– More details can be found on the following page:
>>> http://service.sap.com/saprouter-sncdoc <<<<)>
You can test the connection with the following parameter:
Destination IP address at SAP side: <18.104.22.168>
Hostname of this machine : <sapserv9>
Hostname SAProuter : <SAPROUTER HOSTNAME >
IP address SAProuter : <SAPROUTER IP ADDRESS>
Your Distinguished Name:
“CN=<HOSTNAME>, OU=<OU GIVEN BY SAP>, OU=SAProuter, O=SAP, C=DE“
Request SAP ROUTER Certificate:
Go to the http://service.sap.com/saprouter-sncadd
Copy this distinguished name which is required to execute below commands.
Once you copied distinguished name then click on continues.
Creating SAP Router folder in /usr/sap
In SAPRouter box create a folder saprouter in /usr/sap
Check if <sid>adm has got all permissions to this user.
Copy downloaded cryptographic Binary to SAPROUTER folder and extracts it with SAPCAR –xvf.
Set Environment variable
Generate or register the certificate/(local pse) request –
Open command prompt as “run as administrator” in your SAPROUTER box.
>sapgenpse.exe get_pse –v –r certreq –p local.pse “CN=<hostname>, OU=<OU number>, OU=SAProuter, O=SAP, C=DE”
After executing above commands, you will get two additional files get created in SAPROUTER folder.
Local.pse – created in /saprouter/nt-x86_64 folder
Certreq – created in /saprouter folder
Copy the content of certreq file and past in the certificate request text area of last SMP window.
Then click “Request certificate”
Create a file “srcert” in /ntx86_64 and copy the above contents of the screen to created file.
Importing certificate and creating credentials.
Once the file srcert is created in /ntx86_64 , run the import command to install the certificate in SAP Router.
>sapgenpse import_own_cert –c srcert –p local.pse
Creating credentials for user responsible to start SAPRouter service:
After importing the certificate create credential for user <sid>adm (or a user who have domain admin access) who will be responsible to start
>sapgenpse seclogin –p local.pse -0 <sidadm>
Verifying the configuration:
>sapgenpse get_my_name -v -n Issuer
Post configuration activity:
One of the important configuration step in SAP Router installation, is to create SAPROUTTAB.
SAPROUTTAB is a file which contains information on who should be able to access SAP system using SAP Router.
(who would be allowed to access SAP system)
Create a file with name saprouttab and copy the same in /usr/sap/saprouter folder
<sap server ip> is ip address of the server which is need to be access via SAP Router
<port> is port of sap application for access.
D * * * meaning reject all the connection accept the entry of the server ip which mention in saprouttab.
Register the service in windows box:
You need to create saprouter service explicitly on this windows machine.
This will be visible in services in windows box and will be up and running all the time.
You can check the log file dev_rout in /usr/sap/saprouter which could give information on service start and stop.
Start the service in UNIX:
# saprouter -r -S 3299 -V 3 -K “p:CN=<saprouter hostname>, OU=<Customer Name>, OU=SAPRouter, O=SAP, C=DE” &
Not a bad blog, but it just details how you have configured the SAPRouter in a narrow set of circumstances and does not point to additional documentation which would assist a reader if their scenario did not fit your description.
From what I remember SAPRouter used to have 3 methods of connection - IPSec VPN, ISDN and Internet SNC. Now SAP have removed the IPSec VPN from the general options (it appears), and SAP Note 28976 does not list it as an option in the Remote connectivity data sheet. Which you should fill out and send in your message to SAP.
Also there is great documentation SAPRoutetab file, which is probably the most important part of the installation, it would be good if you could add the link to either the SAPHelp documentation or the Marketplace documentation to help people do the configuration.