Scribd Logo
Upload

Welcome to Scribd!

  • Create SAP Router

    Uploaded by

    barun581
    47 views8 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    47 views8 pages

    Create SAP Router

    Uploaded by

    barun581

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 8

    INSTALLATION PROCEDURE

    Pre-requisite :

    Host Name : SAPROUT


    Internal IP : 192.100.1.153
    Public IP : 219.65.73.134

    User Account : Administrator


    Password : HiddenP@$$2017

    User Account : SAPDemo


    Password : HiddenPA$$2017

    PIN : 123456789

    Router String : /H/219.65.73.134/S/3299/H/

    192.100.1.153
    SAPROUT\SAPDemo
    saprouter

    Create SAP Router :

    https://support.sap.com/remote-support/help/installing-saprouter.html

    Step 1 : Download the SAPROUTER, SAPCAR and SAPCRYPTOLIB files from market place.

    Step 2 : Create following directory structure : <SID>

    D:\saprouter\ —> Here copy saprouter and cryptolib files along with sapcar.

    Step 3 : Now Install the Sap-Router

    D:\saprouter>SAPCAR -xvf saprouter_34-70000855.sar


    SAPCAR: processing archive saprouter_34-70000855.sar
    x niping.exe
    x patches.mf
    x saprouter.exe
    SAPCAR: 3 file(s) extracted

    D:\saprouter>saprouter.exe version

    SAP Network Interface Router, Version 40.4


    Compiled Jan 26 2016 19:05:11

    start router : saprouter.exe -r


    stop router : saprouter.exe -s
    soft shutdown: saprouter.exe -p
    router info : saprouter.exe -l (-L)
    new routtab : saprouter.exe -n
    toggle trace : saprouter.exe -t
    cancel route : saprouter.exe -c id
    dump buffers : saprouter.exe -d
    flush " : saprouter.exe -f
    hide errInfo : saprouter.exe -z
    start router with third-party library: saprouter.exe -a library
    generate encrypted password : saprouter.exe -h password_to_encrypt

    additional options
    -R routtab : name of route-permission-file (default ./saprouttab)
    -G logfile : name of log file (default no logging)
    -T tracefile : name of trace file (default dev_rout)
    -V tracelev : trace level to run with (default 1)
    -H hostname : of running SAProuter (default localhost)
    -S service : service-name / number (default 3299)
    -P infopass : password for info requests
    -C clients : maximum no of clients (default 800)
    -Y servers : maximum no of servers to start (default 1)
    -K [myname] : activate SNC; if given, use 'myname' as own sec-id
    -A initstring: initialization options for third-party library
    -D : switch DNS reverse lookup off
    -E : append log- and trace-files to existing
    -J filesize : maximum log file size in byte (default off)
    -6 : IPv6 enabled
    -Z : hide connect error information for clients

    expert options
    -B quelength : max. no. of queued packets per client (default 1)
    -Q queuesize : max. total size for all queues (default 20000000 bytes)
    -W waittime : timeout for blocking net-calls (default 5000 millisec)
    -M min.max : portrange for outgoing connects, like -M 1.1023
    -I address : address for outgoing connects, like -I 155.56.76.6
    --sock_buf_size=bufsize : socket send/receive buffer size in bytes
    (only set if larger than OS defaults)
    default: 32768
    valid range: 32768 - 10000000 (0 = OS defaults)

    # this is a sample routtab : -----------------------------------------


    D host1 host2 serviceX
    D host3
    P * * serviceX
    P 155.56.*.* 155.56
    P 155.57.1011xxxx.*
    P host4 host5 * xxx
    P host6 localhost 3299
    P host7 host8 telnet
    S host9
    P0,* host10
    KP sncname1 * *
    KS * host11 *
    KD "sncname "abc" * *
    KT sncname3 host11 *

    # deny routes from host1 to host2 serviceX


    # deny all routes from host3
    # permit routes from anywhere to any host using serviceX
    # permit all routes from/to addresses matching 155.56
    # permit ... with 3rd byte matching 1011xxxx
    # permit routes from host4 to host5 if password xxx supplied
    # permit information requests from host6
    # permit native-protocol-routes to non-SAP-server telnet
    # permit ... excluding native-protocol-routes (SAP-servers only)
    # permit ... if number of preceding/succeeding hops (SAProuters) <= 0/*
    # permit SNC-connection with partnerid = 'sncname1' to any host
    # permit all SAP-SAP SNC-connections to host11
    # deny all SNC-connections with partnerid = 'sncname "abc'
    # open connects to host11 with SNC enabled and partnerid = 'sncname3'

    # first match [host/sncname host service] is used


    # permission is denied if no entry matches
    # service wildcard (*) does not apply to native-protocol-routes
    # --------------------------------------------------------------------

    D:\saprouter>

    Step 4 : Set the Environmental Variable

    Right Click My Computer in Start Menu -> Properties -> Advanced Settings -> Advance Tab ->
    Environmental Variables.

    Add the below mentioned entries.

    Variable name Variable value

    SECUDIR D:\saprouter

    SNC_LIB D:\saprouter\sapcrypto.dll

    Step 5 : Run following command to generate Certificate.

    sapgenpse get_pse -v -r D:\usr\sap\saprouter\certreq -p D:\usr\sap\saprouter\local.pse


    “<Distinguished name>”

    sapgenpse get_pse -v -r D:\saprouter\certreq -p D:\saprouter\local.pse "CN=SAPROUT,


    OU=0001184582, OU=SAProuter, O=SAP, C=DE"

    CN=SAPROUT, OU=0001184582, OU=SAProuter, O=SAP, C=DE

    You will be prompted for a PIN. Please give some pin and remember for future.

    PIN : 123456789

    Certreq file will be generated in the specified path.


    Copy the certreq file content.

    Now goto below link in Service Market place

    https://support.sap.com/remote-support/saprouter/saprouter-certificates.html

    SAProuter Target (on SAP-


    Distinguished Name (Parameter for SAPGENPSE)
    Name side)
    SAPROUT CN=SAPROUT, OU=0001184582, OU=SAProuter, sapserv9
    O=SAP, C=DE

    Go to SAP Router system :


    -----BEGIN CERTIFICATE REQUEST-----
    MIICmzCCAYMCAQAwVjELMAkGA1UEBhMCREUxDDAKBgNVBAoTA1NBUDESMBAGA1UE
    CxMJU0FQcm91dGVyMRMwEQYDVQQLEwowMDAxMTg0NTgyMRAwDgYDVQQDEwdTQVBS
    T1VUMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3iS1kKJALOJ4TL+B
    hfSTPajJ1YUfN6t4lIYBgk7XFIOMrWD2N4ALrBT2VecYGqW0JkOSE0Zp1kZrR9Vq
    eW0i0fF2UeNcoABNI3aiWg1cpXxb8xnknoVTMMFC12JyA+0Y0t2/vM0euaZ+9G71
    AU8oLQpv+XJC6jfrMMSGI+IBgarddUEEQ+bCtV+LSzanaGuDmySA/jbcFwHq7ki2
    c2dZ/IIBwoanWXcMNP7bc98eXNGQf6xUv7PmYlyLbKV2IoCvHFXA6x9wT0ZZLtc+
    yp/IN63Ii85Vpwd1Zi8HiPJRRjfaFiZEDcnEJ3vmNb737fP01YDjYi5rqz6kh47Q
    sqlU5QIDAQABoAAwDQYJKoZIhvcNAQELBQADggEBANewsMMwtVP3HK4tWdyTdrg8
    lD0MkUzO11qy08r4MRI59ckob2lVqGmEN+KEqNyKc9pEdGm3Q5vcl5dA0B2B+HqJ
    IWDfSL2yWVfCpq3MktwafR0i4rV7UhOmi/kgp1+RR7SOt9OpZOFVPNKrbmEEshwO
    d2UFGMobLJMmuBhCMDopEbeq49MOurNIrS53krebsKQphPy1osNB3jxv4FIfZLQs
    sVu69AsNOfMgDGvfZDCzvFaLvMZVF9ZrCpT+9XuXFq6Aet2hBwWy0W7mBmSBstRQ
    4qpfYMGg7wW3ybfYwLET9os+y5VWdZTvGxAJSOfSOnsFZTCPmBQBQSy/VFdr8Jg=
    -----END CERTIFICATE REQUEST-----
    STEP 7: This will generate a certificate details: then copy the contents and create a file srcert (without
    any extension) in C:\Saprouter and copy the certificate details and paste it in this file.

    STEP 8:  Run the command -


    sapgenpse import_own_cert -c C:\saprouter\srcert -p C:\saprouter\local.pse

    sapgenpse import_own_cert -c D:\saprouter\srcert -p D:\saprouter\local.pse

    D:\saprouter>sapgenpse import_own_cert -c D:\saprouter\srcert -p D:\saprouter\local.pse

    Please enter PSE PIN/Passphrase: *********

    CA-Response successfully imported into PSE "D:\saprouter\local.pse"

    D:\saprouter>

    (This will create files dev_rout etc.  In C:\saprouter folder then create a file saprouttab (Without any
    extension and copy the following contents the  file.

    STEP 9: To generate credentials for the user that's running the SAProuter service, run command:

    sapgenpse seclogin -p C:\saprouter\local.pse -O administrator

    sapgenpse seclogin -p D:\saprouter\local.pse -O SAPDemo

    SAPROUT\SAPDemo

    (this will create the file "cred_v2"    in  C:\saprouter folder )


    STEP 10: Check the configuration by running command:

    sapgenpse get_my_name -v -n Issuer


    (This should always give the answer "CN=SAProuter CA, OU=SAProuter, O=SAP, C=DE")
    sapgenpse get_my_name (to find the validity of license)

    STEP 11: Create SAProuter service on Windows with the command :(download ntscmgr from Sap note
    618053) and run the command  -

    ntscmgr install SAProuter -b C:\saprouter\saprouter.exe -p


    "service -r -R C:\saprouter\saprouttab -W 60000 -K ^p:<Distinguished Name>^"

    STEP 12: Edit the Windows Registry key as below: (regedit)

    MyComputer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SAProuter\
    ImagePath --> Change both the (^) to (")

    RECOMMENDED TO RESTART

    STEP 13: Start the SAProuter service (there maintain logon user details as administrator and password.)

    STEP 14: Enter the below parameters in OSS1 -> Menu - Technical Settings

    a). Click on Change -

    Saprouter at Customer Site:

    Name:
    IP Address:
    Instance no:

    Saprouter at SAP:

    Name:
    IP Address:
    Instance no:

    Save the settings.

    Now you can log on to SAPNet by clicking on Logon to SAPNet.

    Use your OSS ID and password.

     Controls:
    Start router : saprouter -r
    Stop router  : saprouter -s
    Soft shutdown: saprouter -p
    Router info  : saprouter -l (-L)
    new routtab  : saprouter -n
    toggle trace : saprouter -t
    cancel route : saprouter -c id
    dump buffers : saprouter -d
    flush   "    : saprouter -f

    You might also like