cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ERROR IN SAPROUTER STRING

Go to solution
Former Member

on ‎03-27-2010 7:09 AM

0 Kudos

Dear Team,

We are going to access sap from out side internet without using the office VPN or network.

Now I want to set SAP Router string thru which any person who wants to access our SAP system can do so without getting into our VPN or network. Basically people in Sales when they are at the customer sites.

My saprouter is working fine, as SAP can login to our systems.The NAT is completed so that does not seem any issue.

find the below is our configuration..

Our sap router has configured in SOLMAN SERVER.

For Solman server below are the IP:

132.147.166.3  Private IP for internal access

210.18.50.134Public IP address.

ROUTAB file is in the below path C:\usr\sap\saprouter.

Below is the content of ROUTAB file

  1. SNC connection to and from SAP

KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *

  1. SNC connection to local system for R/3-Support

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 132.147.166.19 3202

  1. Access from the local Network to SAP

P 192.168.. 194.39.131.34 3299

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 132.147.166.11 5631

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 132.147.166.11 23

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 132.147.166.19 3389

P * 194.39.131.34 3299

P "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" * *

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 132.147.166.7 3201

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 132.147.166.5 3200

KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 132.147.166.5 3389

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 132.147.166.7 3389

  1. deny all other connections

D * * *

Now I want to access my production server with ip =132.147.166.11from outside .

So I had configured the below setting in Sap GUI .

Application server=132.147.166.11 [public ip of server where saprouter has installed]

SAProuter String=/H/210.18.50.134/S/3299

system id=ELP

system number=02

but when i click on login it is showing below error..

-

router permission denied(210.18.50.134 to 132.147.166.11 ,sapdp02

location =saprouter 38.10 ON 'SOLMAN'

relese=700

version=38

returncode=-94

counter=012

-

Is it nacessary to make any change in routab file , as net work admin is saying problem is from saprouter to production server

please help us for the same

Regards

Rabin Nayak

SAP Basis Team

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎03-27-2010 9:24 AM
0 Kudos

Rabin,

Next time onwards post your querry in a readable form.

Your router string should be like this: /H/<SAProuter public IP>/H/<Target server IP>/H/.

router permission denied(210.18.50.134 to 132.147.166.11,
sapdp02 location =saprouter 38.10 ON 'SOLMAN' relese=700 
version=38 returncode=-94 counter=012

Check whether your target server IP 132.147.166.11 is talking to public 210.18.50.134.

Add following line to your routtab file if you want all the IPs to access your target server:

P * * *

Also post your routtab file in a neat and clean way.

Regards

Sourabh Majumdar

Show replies
Show replies
Former Member
‎03-27-2010 11:55 AM
0 Kudos

Dear Saurabh,

Thanks for your replay, As per your suggestion i had added [P * * *] at last line in my routab file & used

/H/210.18.50.134/H/132.147.166.5/H/ in Routerstring field in SAP GUI.

But i got again same error.[ Time out while pending for route completion]

Find below is my Routab file after addition of P * * * at last line.

-

  1. SNC connection to and from SAP

KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *

  1. SNC connection to local system for R/3-Support

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 132.147.166.19 3202

  1. Access from the local Network to SAP

P 192.168.. 194.39.131.34 3299

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 132.147.166.11 5631

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 132.147.166.11 23

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 132.147.166.19 3389

P * 194.39.131.34 3299

P "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" * *

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 132.147.166.7 3201

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 132.147.166.5 3200

KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 132.147.166.5 3389

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 132.147.166.7 3389

  1. deny all other connections

D * * *

P * * *

-

Regards

Rabin

Former Member
‎03-27-2010 12:52 PM
0 Kudos

Hi Rabin

Always make sure you carry out the changes in routtab file by stopping the SAProuter. I believe your target server IP is 132.147.166.11 of the production server which you want to access. If yes your router string will be:

/H/210.18.50.134/H/132.147.166.11/H/

Then restart the SAProuter and try again. Have you verified the communication between your target server IP 132.147.166.11 is talking to public 210.18.50.134?

Also is your public IP is registered with SAP? Please check it and make it registered.

Can you paste the contents of dev_rout file and saprouter.log file.

Regards

Sourabh Majumdar

Former Member
‎03-29-2010 7:02 AM
0 Kudos

Dear Sourabh,

Thanks for your support, I am using /H/210.18.50.134/H/132.147.166.11/H/ for production server only

& /H/210.18.50.134/H/132.147.166.5/H/ for my developement server.

Please find the below is the Log of dev_rout file.

-

-

trc file: "dev_rout", trc level: 1, release: "700"

-

Mon Mar 29 10:51:26 2010

SAP Network Interface Router, Version 38.10

command line arg 0: saprouter

command line arg 1: -r

command line arg 2: -S

command line arg 3: 3299

command line arg 4: -K

command line arg 5: p:CN=SOLMAN, OU=0000849045, OU=SAProuter, O=SAP, C=DE

SncInit(): Initializing Secure Network Communication (SNC)

PC with Windows NT (mt,ascii,SAP_UC/size_t/void* = 8/32/32)

SncInit(): Trying environment variable SNC_LIB as a

gssapi library name: "C:\usr\sap\saprouter\sapcrypto.dll".

File "C:\usr\sap\saprouter\sapcrypto.dll" dynamically loaded as GSS-API v2 library.

The internal Adapter for the loaded GSS-API mechanism identifies as:

Internal SNC-Adapter (Rev 1.0) to SECUDE 5/GSS-API v2

main: pid = 5260, ppid = 0, port = 3299, parent port = 0 (0 = parent is not a saprouter)

reading routtab: './saprouttab'

      • ERROR => invalid token (p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE) in IPadr-string, skip line 11 [nirout.cpp 8585]

Mon Mar 29 10:56:20 2010

checkRoute: route not permitted (15)

      • ERROR => NiRClientHandle: NiRExRouteCon for C1/-1 'mail.supremegroup.co.in' failed (rc=-94) [nirout.cpp 2243]

Mon Mar 29 10:56:44 2010

checkRoute: route not permitted (15)

      • ERROR => NiRClientHandle: NiRExRouteCon for C1/-1 'mail.supremegroup.co.in' failed (rc=-94) [nirout.cpp 2243]

Mon Mar 29 11:25:43 2010

checkRoute: route not permitted (15)

      • ERROR => NiRClientHandle: NiRExRouteCon for C1/-1 '210.18.50.134.sify.net' failed (rc=-94) [nirout.cpp 2243]

-

I had addedd another twolines in my routab file as below mentioned Hilited mark.

-

  1. SNC connection to and from SAP

KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *

  1. SNC connection to local system for R/3-Support

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 132.147.166.19 3202

  1. Access from the local Network to SAP

P 192.168.. 194.39.131.34 3299

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 132.147.166.11 5631

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 132.147.166.11 23

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 132.147.166.19 3389

P * 194.39.131.34 3299

P "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" * *

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 132.147.166.7 3201

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 132.147.166.5 3200

KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 132.147.166.5 3389

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 132.147.166.7 3389

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 132.147.166.5 3299

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 132.147.166.7 3299

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 132.147.166.11 3299

  1. deny all other connections

D * * *

P * * *

-

I had checked my Public Ip already registered with SAP,still i am getting same error at time of login.

Regards

Rabin

Edited by: RABIN-SAP BASIS on Mar 29, 2010 8:03 AM

former_member227283
Active Contributor
‎03-29-2010 8:53 AM
0 Kudos

Hi ,

Add the following line in SAP routetab file

P * 132.147.166.11 3202

Once you added the file , run the following command

saprouter -n

Now login to your production system 132.147.166.11 , thorough SAP GUI and in SAP gui setting should as you replied on first thread i.e as below

Application server=132.147.166.11 
SAProuter String=/H/210.18.50.134/S/3299
system id=ELP
system number=02

Thanks

Anil

Edited by: Anil Bhandary on Mar 29, 2010 9:53 AM

Former Member
‎03-30-2010 5:48 AM
0 Kudos

Dear Anil,

Thank you for your support, I had already added [ P * 132.147.166.11 3202] rather i have also added P*** for all access.

when i run the command saprouter -n it shows the below error.

-

C:\usr\sap\saprouter>saprouter -n

Tue Mar 30 10:03:55 2010

SAP Network Interface Router, Version 38.10

Tue Mar 30 10:03:56 2010

***LOG Q0I=> NiPConnect2: connect (10061: WSAECONNREFUSED: Connection refused) [

nixxi.cpp 2770]

      • ERROR => NiPConnect2: SiPeekPendConn failed for hdl 0 / sock 1912

(SI_ECONN_REFUSE/10061; I4; ST; 127.0.0.1:3299) [nixxi.cpp 2770]

      • ERROR => RTADMINREQ::sendAdminReq: NiBufConnect failed (rc=-10) [nirout.cpp

5649]

*****************************************************************************

*

  • LOCATION SAProuter 38.10 on 'SOLMAN'

  • ERROR partner '127.0.0.1:3299' not reached

*

  • TIME Tue Mar 30 10:03:56 2010

  • RELEASE 700

  • COMPONENT NI (network interface)

  • VERSION 38

  • RC -10

  • MODULE nixxi.cpp

  • LINE 2770

  • DETAIL NiPConnect2

  • SYSTEM CALL connect

  • ERRNO 10061

  • ERRNO TEXT WSAECONNREFUSED: Connection refused

  • COUNTER 2

*

*****************************************************************************

Kindly let me know what to do next

former_member227283
Active Contributor
‎03-30-2010 6:21 AM
0 Kudos

Hi,

* LOCATION SAProuter 38.10 on 'SOLMAN'
* ERROR partner '127.0.0.1:3299' not reached

Do the following steps.

1. Login to the host of saprouter i.e i thing 

SOLMAN

is a host of saprouter

2. stopsaprouter 

saprouter -s

3. make following changes in the hosts file of SOLMAN

hosts file will will be located

windows :- C:\WINDOWS\system32\drivers\etc\hosts

add the followig entry

<ip address of your solman> SOLMAN

4. Now Start the saprouter & check whether your problem resolved or not.

Thanks

Anil

Former Member
‎03-31-2010 4:54 AM
0 Kudos

Dear Anil,

Thanks you very much, My problem is resolved.

Actualy there was no any entry in Etc\host for SOLMAN server.

Thanks

Rabin

Former Member
‎07-25-2016 8:40 AM
0 Kudos

Hi Anil,

I configured the router recently. I can do the connection test for the saposs rfc and oss1 is also working. But when  I trying to connect our servers with router string it showing the error as

Partner public ip:3299 not reached

Thanks in advance

Best Regards,

Madan

Former Member
‎07-27-2016 2:35 AM
0 Kudos

Hi Madan,

Is there any firewall or other devices which may block the port?

Or are there any settings which may prevent the access to public ip:3299?

Can you reach the server successfully without sap router?

What is the result of the following commands?

niping -c -H router IP -s 3299

Is the connection to publich IP OK? You can test the connection with niping test:

start from router server:

niping -s -I 0

start from client:

niping -c -H <IP>

Best regards

Helen

Answers (1)

Answers (1)

Former Member
‎08-08-2016 5:57 AM
0 Kudos

Hi,

Thanks for all for helping in the solving the issue. My problem solved now.

Best Regards,

Madan

Show replies
Show replies
Ask a Question