Skip to Content
Personal Insights
Author's profile photo Mandeep Kauldhar

SAP Gui connection through SAP Router without VPN connectivity

We had a requirement where we need to connect SAP Gui from outside of Organization without VPN connectivity for training purpose.This scenario use three system:

  • SAP Server [Server name SAPDev.domain.com with IP 192.168.131.89]
  • SAP Router [IP 91.76.148.55]
  • Personal Computer [IP 99.656.148.81]
  1. Find IP address of your PC. I found below website handy:

https://www.whatismyip.com/

Note down the value of “My Public IPv4 is:”. Let us assume the IPv4 we got is “99.656.148.81”.

  1. Find the SAP Server IP to which we want to connect and instance number.

Let us assume SAP Server name “SAPDev.domain.com” with IP 192.168.131.89 with 00 instance no.

  1. Find the SAP router external/Public IP, make sure port 3299 is accessible from outside. Let us assume SAP router external IP is “91.76.148.55”.

https://www.yougetsignal.com/tools/open-ports/

  1. Modify the saproutertab file with allowed entry

SAP server port 3200 is made-up of 32<SAP Instance no.>

#Remote connection for SAPDEV.domain.com
P 99.656.148.81 192.168.131.89 3200​

If you want to give access from any where to anyone on this SAP server add below lines.

#Remote connection for SAPDEV.domain.com
P * 192.168.131.89 3200​
  1. Restart SAP router to make the changes effective.
#saprouter -s  
#saprouter -r -K "p:CN=<saprouter_name_registered_with_SAP>, OU=<OU_id>, OU=SAProuter, O=SAP, C=DE"​
  1. Enter SAPRouter string in SAP Gui connection which is based upon your SAP router external IP.

SAPRouter string is built based upon SAP router “/H/<SAPRouter external IP>/S/3299”, in our Example it will be  “/H/91.76.148.55/S/3299”.

So here we learned how easy it is to connect SAP Gui through SAP router without any requirement for VPN connectivity.

Assigned tags

      4 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo Isaias Freitas
      Isaias Freitas

      Hello Mandeep and SAP Community.

      SAP strongly advise not to publish your SAP system to the internet as being shown at this blog.

      You should always use a VPN solution to connect to your company's network.

      At the very least, configure SNC for SAP GUI communication encryption as described at this SAP Help page.

      Best regards,

      Isaías

       

      Author's profile photo Mandeep Kauldhar
      Mandeep Kauldhar
      Blog Post Author

      Hi Isaias, I do agree with you to use VPN solution if possible as first option, but for some reasons i do find this question asked at number of places and not able to find all the information at one place. So the idea was to give full end-to-end info in one blog. I will try to add this information in the blog as a precaution/advice. Your input much appreciated.

      Author's profile photo S Sriram
      S Sriram

      Hi Mandeep.

      Nice information about the SAP Router configuration, but I have one question,

      In the personal Internet connection, IP address is dynamic (not on static) in this case how you will allow the personal computer dynamic IP to access the SAP systems?

      Regards

      Sriram

      Author's profile photo Mandeep Kauldhar
      Mandeep Kauldhar
      Blog Post Author

      Hi Sriram,

      Thanks for appreciation, you can set static IP in your home Router[it might be paid monthly service sometime]. If that is not the option for you can allow a range of IP's as well in saprouttab file. Like you can allow IP of certain range like below if you want to allow IP with specific starting with 99.65.148.[all IPs]. I never tried this but saw in several threads/blogs. Hope it helps.

      #Remote connection for SAPDEV.domain.com
      P 99.656.148.* 192.168.131.89 3200​