Personal Insights
SAP Gui connection through SAP Router without VPN connectivity
We had a requirement where we need to connect SAP Gui from outside of Organization without VPN connectivity for training purpose.This scenario use three system:
- SAP Server [Server name SAPDev.domain.com with IP 192.168.131.89]
- SAP Router [IP 91.76.148.55]
- Personal Computer [IP 99.656.148.81]
- Find IP address of your PC. I found below website handy:
Note down the value of “My Public IPv4 is:”. Let us assume the IPv4 we got is “99.656.148.81”.
- Find the SAP Server IP to which we want to connect and instance number.
Let us assume SAP Server name “SAPDev.domain.com” with IP 192.168.131.89 with 00 instance no.
- Find the SAP router external/Public IP, make sure port 3299 is accessible from outside. Let us assume SAP router external IP is “91.76.148.55”.
https://www.yougetsignal.com/tools/open-ports/
- Modify the saproutertab file with allowed entry
SAP server port 3200 is made-up of 32<SAP Instance no.>
#Remote connection for SAPDEV.domain.com
P 99.656.148.81 192.168.131.89 3200
If you want to give access from any where to anyone on this SAP server add below lines.
#Remote connection for SAPDEV.domain.com
P * 192.168.131.89 3200
- Restart SAP router to make the changes effective.
#saprouter -s
#saprouter -r -K "p:CN=<saprouter_name_registered_with_SAP>, OU=<OU_id>, OU=SAProuter, O=SAP, C=DE"
- Enter SAPRouter string in SAP Gui connection which is based upon your SAP router external IP.
SAPRouter string is built based upon SAP router “/H/<SAPRouter external IP>/S/3299”, in our Example it will be “/H/91.76.148.55/S/3299”.
So here we learned how easy it is to connect SAP Gui through SAP router without any requirement for VPN connectivity.
Hello Mandeep and SAP Community.
SAP strongly advise not to publish your SAP system to the internet as being shown at this blog.
You should always use a VPN solution to connect to your company's network.
At the very least, configure SNC for SAP GUI communication encryption as described at this SAP Help page.
Best regards,
Isaías
Hi Isaias, I do agree with you to use VPN solution if possible as first option, but for some reasons i do find this question asked at number of places and not able to find all the information at one place. So the idea was to give full end-to-end info in one blog. I will try to add this information in the blog as a precaution/advice. Your input much appreciated.
Hi Mandeep.
Nice information about the SAP Router configuration, but I have one question,
In the personal Internet connection, IP address is dynamic (not on static) in this case how you will allow the personal computer dynamic IP to access the SAP systems?
Regards
Sriram
Hi Sriram,
Thanks for appreciation, you can set static IP in your home Router[it might be paid monthly service sometime]. If that is not the option for you can allow a range of IP's as well in saprouttab file. Like you can allow IP of certain range like below if you want to allow IP with specific starting with 99.65.148.[all IPs]. I never tried this but saw in several threads/blogs. Hope it helps.