Saprouter Installation Step By Step

INTRODUCTION:

I found a lot of notes and documents when i wanted to configure saprouter. Here i would like to collaborate all how-to’s into a single document.

SAProuter is kind application level firewall, allows your SAP servers to be accessed globally in a secured way. Nowadays it is a basic requirement for every customer who uses Solution manager for getting support from SAP. Following are the situations where you need SAPRouter.

  1. You want your users access SAP server out of LAN without having VPN .
  2. You want to get support from SAP.
  3. You are planning to implement SAP Solution manager.
  4. You want to download SAP notes and corrections via snote assistant

This document is targeted for those who have following environment.

OS platform : Windows 2008 or higher (indeed for windows 7)

Clint brown i want to be more like you lyrics. Architecture : nt-x86_64

SAP Router Install and configuration: Pre-request Steps: 1. Login to root user. 2.Create the directory usr/sap/saprouter. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement. STEP 11: Create SAProuter service on Windows with the command: (download ntscmgr from Sap note 618053) and run the command – ntscmgr install SAProuter -b C: saprouter saprouter.exe -p “service -r -R C: saprouter saprouttab -W 60000 -K ^p:^”. Step by Step Procedure for SAP Router Installation procedure from the Beginning to END 1- Register the global IP in SAP site (send the message to SAP on SAP servicemarket place). 2- Configur the network card private and global SAProuter system.

PREREQUISITES:

1.Get a Public IP from your ISP for SAProuter.


2. Create message on support portal as in this note 28976 – Remote connection data sheet

Saprouter Installation Step By Step

You would receive a confirmation from SAP with a Destination SAP IP and Distinguished name.

3. NAT policy in firewall with permission to the TCP ports 3200-3299 for the above registered public IP

(TCP ports for message servers 32<instance_no> and any free TCP port as a dedicated port for SAProuter)

4. Download latest version of SAPRouter from support portal.

(visit Support Packages –> Browse Download catalogue –> Additional components– >SAProuter)

5. Download latest version of SAPCRYPTOLIB from support portal.

(visit Support Packages –> Browse Download catalogue –> Additional components– >SAPCRYPTOLIB)

6. Download latest version of SAPCAR to extract the above downloaded software.

(visit Support Packages –> Browse Download catalogue –> Additional components– >SAPCAR)

PREPARATIONS:

1. Copy all the above downloaded files in to temporary dir and uncar the Saprouter and cryptolib files.

2. Open cmd and navigate to above temp location and execute sapcar_<version>.exe -xvf <filename>.sar

3. Make new directory (ex: D:usrsapsaprouter) and paste the extracted files of router and cryptolib files.

4. I recommend you to create an exclusive local user “sncadm” and set password never expires.

(in my case i use to change pwd for sidadm and this caused issues in starting router)

5. Logon with user for saprouter and set following user environmental variables.

SECUDIR = <dir_saprouter> (ex: SECUDIR = D:usrsapsaprouter)

Saprouter Installation Step By Step Learn 2020

SNC_LIB = <dir_saprouter>nt-x86_x64sapcrypto.dll(ex: D:usrsapsaprouternt-x86_x64sapcrypto.dll)


CONFIGURATION:
1. Generating a new certificate request.

a. Goto SAProuter Certificates –> click Apply Now and copy your distinguished name and click next

b. Open cmd as administrator and navigate to <path_saprouter>nt-x86_x64 and execute,

sapgenpse get_pse -v -r certreq -p local.pse “<Distinguished Name>

example: sapgenpse get_pse -v -r certreq -p local.pse“CN=example, OU=00123456, OU=SAProuter, O=SAP, C=DE”

c. It will ask to enter and re-enter a PIN. This is used to access the local.pse, so better note it down.

b. A file “local.pse” will be created in the saprouter directory. (Ex: D:usrsapsaprouterlocal.pse)

d. A file “certreq” will under <dir_saprouter>nt-x86_x64 (Ex: D:usrsapsaproutercertreq)

2. Aquiring certificate signed by CA.

a. Open the “certreq” file with notepad and copy the text (including BEGIN and END)

b. Paste it on the above opened certificate page and click next.

c. You would get a certificate (series of jumbled characters) copy this (including BEGIN and END)

d. create a new file “routcert.txt” under <dir_saprouter>nt-x86_x64 and paste the above certificate text.

3. Importing router certificate.

a. Open cmd as administrator and navigate to <dir_saprouter>nt-x86_x64 and execute,

sapgenpse import_own_cert -c routcert.txt -p local.pse

Running the above command would ask you to enter PIN, enter the one you have given on step 1c

4. Authorizing windows user for accessing SAPRouter.

Execute the following cmd with the saprouter user (sncadm).

sapgenpse seclogin -p local.pse -O <exclusive_user_SAProuter>

Christine Lakin

example: sapgenpse seclogin -p local.pse -O hostnamesncadm


Now you will prompted to enter the PIN. enter the one you have given on step 1c

Brandon Call

Check whether a file “cred_v2” is created under saprouter directory.

5. Verifying authorization for the sncadm of saprouter.

log on to user for saprouter, open cmd and navigate to <dir_saprouter>nt-x86_x64 and execute

sapgenpse get_my_name -v -n Issuer

You should get an output like this. CN=SAProuter CA, OU=SAProuter, O=SAP, C=DE

Voila ! you have configured your SAPRouter successfully.

But wait. We have to check whether the router works or not.

Start your sap router using command <dir_saprouter>saprouter.exe -r

You should be getting an out put “trcfile dev_rout no logging active“. This shows that the router started successfully. But if you close the above cmd prompt, then your SAPRouter will shutdown.

We can avoid this by registering SAProuter as windows service, so that it can run on background


Registering SAProuter as Windows service:


1. open command prompt as administrator, and navigate to <dir_saprouter>


2. execute following commands as it is. Replace the <path> with your saprouter directory path and <your distinguished name>

sc.exe create SAPRouter binPath= “<path>saprouter.exe service -r -S 3299 -W 60000 -R <path>saprouttab -K ^p:<distinguished name>^”

example: sc.exe create SAPRouter binPath= “D:usrsapsaproutersaprouter.exe service -r -S 3299 -W 60000 -R

D:usrsapsaproutersaprouttab -K ^p:CN=example, OU=00123456, OU=SAProuter, O=SAP, C=DE^”


3. You would get an output saying service “SAPRouter” created successfully.


4. Open “regedit.exe” and edit the string “ImagePath” under following location.

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServices saprouter

Angela Watson


5. Replace ^with and click OK. The updated value should look like below

<path>saprouter.exe service -r -S 3299 -W 60000 -R<path>saprouttab -K “p:CN=example, OU=00123456, OU=SAProuter, O=SAP, C=DE


Saprouter Installation Step By Step On Linux

6. Now open “services” right click “SAPRouter” and choose properties. click on “Log On” tab and choose “This account”.

Type the user ID created for configuring saprouter (sncadm), type password and then click apply.

Saprouter Installation Step By Step Ladders

7. Now start the saprouter service and you’re done.

Congrats !! You have implemented SAP ROUTER successfully.