Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

LANCO SAP Router Configuration

advertisement 
LANCO SAP Router Configuration
-----------------------------------------------------------------------------------------------------------“OSS- Connectivity through SNC over internet”
Following things were done in regards of making snc communication
over internet setup using our SAP router as saplanco
(192.1.47.230).
1. PC with Windows 2000 or 2003 server SP Pack /latest mcafee
antivirus/routing enabled.
2. Hostname:. saplanco user id is idsadm and password
lancoides1
3. Downloading of latest saprouter file from SAP Service
market Place.
4. Installation of Saprouter
D:\usr\sap\saprouter
in the directory
5. Host file entry for sapserv2 as 194.39.131.34 and host file
entry in sap servers as Development Systen and Production
System
6. Live IP addresses is 116.214.29.83
7. Ping test to sapserv2 was successful with time response as
400-500 ms.
8. “idsadm” admin user created for saplanco server in local
login.
9. Registration with SAP for our new sap router gilsolman and
distinguished name was get from SAP as “CN=saplanco,
OU=0000881410, OU=SAProuter, O=SAP, C=DE”
It will get from this site (service.sap.com/saprouter-sncadd
and configuration document will be getting from this site (
service.sap.com/saprouter-sncdoc)
10. Downloading of sapcrypto.car sap cryptographic component
file from service.sap.com
11. As user soladm we have set the environment variables
SECUDIR = <directory_of_saprouter> as
D:\usr\sap\saprouter\
-----------------------------------------------------------------------------------------------------------Page 1 of 6
LANCO SAP Router Configuration
-----------------------------------------------------------------------------------------------------------12. Installation of sapcrypto.car file using the command
sapcar -xvf SAPCRYPTO.CAR.
This command unpacks following files:
sapcrypto.dll
sapgenpse.exe
ticket
These files were installed in D:\usr\sap\saprouter directory. It
will be created one directory D:\usr\sap\saprouter\ntintel.
These two files will be created in D:\usr\sap\saprouter\ntintel
sapcrypto.dll, sapgenpse.exe during the uncar of the
SAPCRYPTO.CAR. You have to copy the ticket file from
D:\usr\sap\saprouter to C:\Documents and settings \idsadm\sec
(you have to create this directory before copying the ticket
file) and D:\usr\sap\saprouter\ntintel
13. Then generation of certificate request using the steps:
Generating the certificate Request with the command from command
prompt ( D:\usr\sap\saprouter\ntintel)
sapgenpse get_pse -v -r certreq -p local.pse “CN=saplanco,
OU=0000881410, OU=SAProuter, O=SAP, C=DE”
Asking PIN and you have to give admin123 ( anything you can
give).
certreq file will be created into the
D:\usr\sap\saprouter\ntintel
14. This command created one file named certreq
1. The output file "certreq" was copied and contents were
inserted into the certificate request text area of the
same form on the SAP Service Marketplace .
2. In response we received the certificate signed by the CA
in the Service Marketplace, The text was cut & pasted
into a local file named srcert
(D:\usr\sap\saprouter\ntintel). Remove the extension
after creating the file srcert.
15. With this file srcert in turn we installed the certificate
in our saprouter by calling
sapgenpse import_own_cert -c srcert -p local.pse
-----------------------------------------------------------------------------------------------------------Page 2 of 6
LANCO SAP Router Configuration
-----------------------------------------------------------------------------------------------------------16. Now credentials for the SAProuter with the same program
is created . the credentials are created for the logged
in user account)
sapgenpse seclogin -p local.pse -O idsadm
This will create a file called cred_v2 in the C:\Documents
and settings \idsadm\sec directory and copy this to
D:\usr\sap\saprouter
To check that certificate has been imported correctly
sapgenpse get_my_name -v -n Issuer
The name of the Issuer found to be:
CN=SAProuter CA, OU=SAProuter, O=SAP, C=DE
17. After restarting the sap router using the command.
saprouter -r -S 3299 -K "p: CN=saplanco, OU=0000881410,
OU=SAProuter, O=SAP, C=DE”
or saprouter -r -S 3299 –R F:\usr\sap\saprouter\saprouttab -K
"p: CN=saplanco, OU=0000881410, OU=SAProuter, O=SAP, C=DE”
we got the error as sncgss32..dll file missing and sap router was
unable to load.
18. It was identified that the file is gss32api.dll found
in Sap kernel CD.
This file was taken and copied into saprouter directory.
As a user idsadm you have to set the environment variables
SNC_LIB = D:\usr\sap\saprouter\ntintel\sapcrypto.dll
19. Then some additions were done in sap routing table
named as
saprouttab (D:\usr\sap\saprouter)
The entries of this file are as follows:
# outbound connections to <sapservX> will use SNC
# SNC connection to SAP
KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *
# SNC-connection from SAP to local R/3-System for Support
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.1.47.235
3200
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.1.47.235
3201
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.1.47.235
8000
-----------------------------------------------------------------------------------------------------------Page 3 of 6
LANCO SAP Router Configuration
-----------------------------------------------------------------------------------------------------------KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.1.47.235
8001
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.1.47.240
3201
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.1.47.245
3202
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.1.47.240
8001
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.1.47.245
8002
# SNC-connection from SAP to local R/3-System for pcAnywhere
# SNC-connection from SAP to local R/3-System for SAPtelnet
KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 192.1.47.240 23
# Access from your local Network to SAPNet - R/3 Frontend
P * 194.39.131.34 3299
# All other connections will be permitted
P * * *
20. Then saprouter was restarted using the command
saprouter -r -S 3299 –R D:\usr\sap\saprouter\saprouttab -K "p:
CN=saplanco, OU=0000881410, OU=SAProuter, O=SAP, C=DE” -V 2
trace file name is dev_rout.
SAProuter creation as a Service :
Command : ( Note no. 525751)
ntscmgr install SAProuter –b D:\usr\sap\saprouter\saprouter.exe –
p “service –r –W 60000 -K ^p: CN=saplanco, OU=0000881410,
OU=SAProuter, O=SAP, C=DE^”
Edit the string in the registry under
MyComputer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
saprouter
and change ^ to " under ImagePath
Manually you can add this in ImagePath if you have no value in
imagePath.
D:\usr\sap\saprouter\saprouter.exe service –r –R
D:\usr\sap\saprouter\saproutab-W 60000 -S 3299 -K "p:
CN=saplanco, OU=0000881410, OU=SAProuter, O=SAP, C=DE"
-----------------------------------------------------------------------------------------------------------Page 4 of 6
LANCO SAP Router Configuration
-----------------------------------------------------------------------------------------------------------After that you have to change SAProuter Service logon details
with the user soladm and password(lancoides1). – goto OSS1Parameter-Technical setting
1. After saving this technical,
RFC connection of SAPOSS will
be created
automatically.
2. After executing the Tcode SDCC, RFC connection of SAPNET_RFC
will be created
automatically
3. After executing the Program RTCCTOOL, RFC connection of
SAPNET_RTCC will
be created automatically
User ID OSS_RFC and password is rfc in RFC connection SAPOSS ,
SAPNET_RFC and SAPNET_RTCC ,
Target system : OSS
Client
: 001
Msg. Server
:
/H/192.1.47.230/S/sapdp99/H/194.39.131.34/S/sapdp99/H/oss001
-----------------------------------------------------------------------------------------------------------Page 5 of 6
LANCO SAP Router Configuration
-----------------------------------------------------------------------------------------------------------Port No. for saprouter in firewall :
3299,3200,3201,3300,4700,3600,telnet (23),5632(PcAnywhere) and
3389 (Terminal Service)
Nating command : static (inside,outside) 116.214.29.83
255,255,255,255
netmask
Command for port open in firewall “
Access_list act_out extended permit tcp any host 116.214.29.83 eq
3299
Sh run
In order to avoid this warning message and to get a proper
(green:
successful) connection status displayed in the SAP Service
Marketplace,
your firewall would have to allow only the following additional
rules:
194.39.131.34 -> 116.214.29.83:icmp (echo-request, type 8)
116.214.29.83-> 194.39.131.34:icmp (echo-reply, type 0)
-----------------------------------------------------------------------------------------------------------Page 6 of 6
Related documents
Sample Parent / Teacher Conference Form
Sample Parent / Teacher Conference Form
Delphi
Delphi
Sample Mission Statements for SAP
Sample Mission Statements for SAP
School name here - Prevention First
School name here - Prevention First
SAP PP Training Course Syllabus in Chennai
SAP PP Training Course Syllabus in Chennai
PPM RDS Marketing Flyer
PPM RDS Marketing Flyer
Short Presentation Title
Short Presentation Title
1. Developer
1. Developer
it media presentation - Kenya Ports Authority
it media presentation - Kenya Ports Authority
Download
advertisement