cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP Router

Former Member

on ‎02-15-2014 3:14 AM

0 Kudos

Beside niping is there any other ways to test a SNC SAP Router configuration is working?

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (4)

Answers (4)

Sriram2009
Active Contributor
‎02-16-2014 6:30 PM
0 Kudos

Hi Toh

Kindly refer the SAP Notes & Link

  1628296 - SAProuter installation process

Installing the SAProuter - SAProuter - SAP Library

Regards

Sriram

Show replies
Show replies
Former Member
‎02-15-2014 6:59 PM
0 Kudos

Hello,

After the configuration you can test your SAP Router connection in the following ways:

- Star SAPRouter with the opion -G for generate logs and analise this logs. Detais in http://help.sap.com/saphelp_47x200/helpdata/en/4f/992ed3446d11d189700000e8322d00/frameset.htm

- In any ABAP system configure tx. OSS1. This transaction generate in SM59 SAPOSS RFC connection. You can test the connection

- Create a OSS message for any system, open the system in marketplace, put the credencials in secure area and ask to SAP forn test this conccection

- You can use the niping command, details can find where http://help.sap.com/saphelp_nw04/helpdata/en/4f/992dd7446d11d189700000e8322d00/content.htm

Best regards

Joao Vagarinho

Show replies
Show replies
former_member188883
Active Contributor
‎02-15-2014 5:43 AM
0 Kudos

Hi Corinna,

Niping is a tool to perform self test whether SAProuter is working or not.

Other alternatives are

1) Raise and OSS to SAP and request them to check connection from SAP OSS to your sap system

   => This will ensure SAP can login to your systems

2) You can test connection to SAP system using SAProuter string in SAPlogon pad.

  => This will ensure users can login to SAP systems via internet mode.

Hope this helps.

Regards,

Deepak Kori

Show replies
Show replies
former_member182034
Active Contributor
‎02-15-2014 5:25 AM
0 Kudos

hi Corinna,

You can check via OSS1 --> Logon To SAPNet  (click on it)

If you get Select A Group window. Its mean it is working fine and SAP AG can access your system.

Regards,

Show replies
Show replies
Former Member
‎02-15-2014 5:54 AM
0 Kudos

Is OSS1 is a tcode?

Former Member
‎02-15-2014 7:19 AM
0 Kudos

Yes.

former_member182034
Active Contributor
‎02-15-2014 9:45 AM
0 Kudos

yes. It is tcode. If the Select A Group window does not prompt then check the RFC SAPOSS via SM59 tcode. If this RFC works properly then oss1 will work with saprouter configuration.

Regards,

Former Member
‎02-18-2014 2:05 AM
0 Kudos

I'm getting this error message. any idea how to solve?

I've already set permission in saprouttab is P * * *  but still getting denied error message.

Former Member
‎02-18-2014 2:58 AM
0 Kudos

btw, my connection test from SM59 to SAPOSS is successful.

Sriram2009
Active Contributor
‎02-18-2014 3:18 AM
0 Kudos

H Corinna

1. Transaction Code OSS1 check the SAP system logon? and also refer the SAP Note

33135 - Guidelines for OSS1

2. Kindly follow the point 1 mention by Deepak

Regards

Former Member
‎02-18-2014 3:24 AM
0 Kudos

Hi SS,

I've follow the point as mentioned by everyone here. Using tcode OSS1 and SM59.

In SM59, I've an entry for SAPOSS and when I use the test connection, is successful but in OSS1, it is giving me error for permission denied.

So I'm not sure where else had I gone wrong.

I tried to follow the guide you gave me by restricting instead of using P * * * but it is giving me the same error.

Sriram2009
Active Contributor
‎02-18-2014 3:28 AM
0 Kudos

Hi 



So I'm not sure where else had I gone wrong.




I tried to follow the guide you gave me by restricting instead of using P * * * but it is giving me the same error.

Kindly follow the SAP Note 33135 - Guidelines for OSS1

Regards

SS

Former Member
‎02-18-2014 4:07 AM
0 Kudos

Hi SS,

I've followed the your guide but still having the same error.

Sriram2009
Active Contributor
‎02-18-2014 4:38 AM
0 Kudos

HI CT

Transaction OSS1 -  Select the Parameter as mention in the below screen shot

Press the Technical settings.

NAME - (HOST Name of the SAProuter)

IP address -(NAT IP address)

Regards

SS

Former Member
‎02-18-2014 4:50 AM
0 Kudos

Hi SS,

Below is my OSS1 setting.

The setting in SM59 is showing:

As mention when I click on the connection test in SM59, it is showing me:

All these had been done when Jamail mention about OSS1 and SM59.

former_member182034
Active Contributor
‎02-18-2014 5:24 AM
0 Kudos

hi Corinna,

Please follow the instruction from below link.

Configuring SNC: SAProuter

Hopes, It gives you complete idea regarding SAP Route Table.

Regards,

Sriram2009
Active Contributor
‎02-18-2014 5:25 AM
0 Kudos

HI CT

As per the SAP Note 33135 you have to change the Name -  sapserv2 and  IP Address 194.39.131.34 for connection via Internet SNC Kindly refer the screen shot



Regards

Former Member
‎02-18-2014 5:33 AM
0 Kudos

Hi SS,

I've changed the settings to sapserv2 as mention but I'm still having similar error.

Sriram2009
Active Contributor
‎02-18-2014 5:38 AM
0 Kudos

Hi

Sorry man you have to change the same in RFC connection " SAPOSS"

Regards

Former Member
‎02-18-2014 6:11 AM
0 Kudos

Do you mean make the changes in SM59 for SAPOSS? If so, I've checked. It is already updated when I make the changes in OSS1.

Former Member
‎02-18-2014 6:20 AM
0 Kudos

Hi Jamil,

I've simplified the saprouttab to:

KT "p:CN=sapserv9, OU=SAProuter, O=SAP, C=DE" 169.145.197.110 *

KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *

KP "p:CN=sapserv9, OU=SAProuter, O=SAP, C=DE" xxx.xxx.xxx.xxx 3200

P * * *

P xxx.xxx.xxx.* 169.145.197.110 3299

but still the same error.

Sriram2009
Active Contributor
‎02-18-2014 6:25 AM
0 Kudos

Hi

Just press the "connection test" in SAPOSS RFC

Regards

Former Member
‎02-18-2014 6:29 AM
0 Kudos

Hi SS,

As mention earlier, I've no problem using the test connection of SM59.

former_member182034
Active Contributor
‎02-18-2014 7:46 AM
0 Kudos

hi Corina,

did you restart the saprouter after made change? please have a look at below sap help.

Saprouter - Route permission denied

Do this try...

the below line should be on top in saprouttab and try again after restart the saprouter.

KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *

Regards,

Former Member
‎02-18-2014 8:04 AM
0 Kudos

Yes, each time I make changes I'll stop saprouter and start it again.

Yes, I've change it to the top but still having the same error.

former_member182034
Active Contributor
‎02-18-2014 8:06 AM
0 Kudos

please share your saprouttab again.

Regards,

Former Member
‎02-18-2014 8:14 AM
0 Kudos

KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *

KT "p:CN=sapserv9, OU=SAProuter, O=SAP, C=DE" 169.145.197.110 *

KP "p:CN=sapserv9, OU=SAProuter, O=SAP, C=DE" xxx.xxx.xxx.xxx 3200

P * * *

P xxx.xxx.xxx.* 169.145.197.110 3299

former_member182034
Active Contributor
‎02-18-2014 9:36 AM
0 Kudos

dear,

Please make a copy of current saprouttab and put following text and retry.

KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" xxx.xxx.xxx.xxx 3200

P xxx.xxx.*.* 194.39.131.34 3299

P * * *

share the log.

Note....

Please enter your local SAPRouter information in the "SAPRouter" fields. Now save the settings.

sapserv1 (194.117.106.129) connection via Internet VPN

sapserv2 (194.39.131.34)  connection via Internet SNC

sapserv3 (147.204.2.5)    for customers with connection to Germany

sapserv4 (204.79.199.2)    for customers in America

sapserv5 (194.39.138.2)    for customers with connection to Japan

sapserv6 (194.39.139.16)  for customers in Australia and New Zealand

sapserv7 (194.39.134.35)   for customers in Asia

sapserv9  (169.145.197.110)     for Singapore (SNC)

check: Note 40024


Regards,

Former Member
‎02-19-2014 1:34 AM
0 Kudos

Do you mean to add or edit the current saprouttab?

What do you mean by enter in the SAPRouter fields?

In the notes 40024, http://service.sap.com/sap/support/notes/40024 is talking about transfering files to SAP via ftp. What should I transfer to them?

former_member182034
Active Contributor
‎02-19-2014 2:06 AM
0 Kudos

hi Corina,

Just put the above highlighted text only and Retry after restart the saprouter.

I just mentioned this note to retrive the local saprouter information.

Regards,

Former Member
‎02-19-2014 2:21 AM
0 Kudos

Hi Jamil,


I've change saprouttab to what you had mentioned:


saprouttab:

KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" xxx.xxx.xxx.rrr 3200

P 10.11.*.* 194.39.131.34 3299

P * * *

saprouter_log:

Wed Feb 19 10:11:00 2014 INIT LOGFILE

Wed Feb 19 10:11:00 2014 READ ROUTTAB ./saprouttab o.k.

Wed Feb 19 10:11:08 2014 CONNECT FROM C9/- host xxx.xxx.xxx.yy/4055

Wed Feb 19 10:11:08 2014 CONNECT TO   S9/17 host 194.39.131.34/sapdp99 (194.39.131.34) (p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE)

Wed Feb 19 10:11:09 2014 ESTABLISHED  S9/17 (-/SNC)

Wed Feb 19 10:11:10 2014 DISCONNECT   C9/17 host xxx.xxx.xxx.yy/4055 (xxx.xxx.xxx.yy)

Wed Feb 19 10:11:15 2014 CONNECT FROM C18/- host xxx.xxx.xxx.zzz/50656

Wed Feb 19 10:11:15 2014 CONNECT TO   S18/10 host 194.39.131.34/sapdp99 (194.39.131.34) (p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE)

Wed Feb 19 10:11:16 2014 CONNECT ERR  S18/10 NIEROUT_PERM_DENIED on 'SAProuter 40.4 on 'spwdfvml0575''

Wed Feb 19 10:11:16 2014 DISCONNECT   S18/10 host 194.39.131.34/3299 (194.39.131.34)

dev_rout:

---------------------------------------------------

trc file: "dev_rout", trc level: 1, release: "720"

---------------------------------------------------

Wed Feb 19 10:11:00 2014

SAP Network Interface Router, Version 40.4

command line arg 0:     ./saprouter

command line arg 1:     -r

command line arg 2:     -G

command line arg 3:     routerlog

command line arg 4:     -W

command line arg 5:     60000

command line arg 6:     -S

command line arg 7:     3299

command line arg 8:     -K

command line arg 9:     p:CN=XXX, OU=XXX, OU=SAProuter, O=SAP, C=DE

SncInit(): Initializing Secure Network Communication (SNC)

      AMD/Intel x86_64 with Linux (st,ascii,SAP_UC/size_t/void* = 8/64/64)

      UserId="xxx" (1001), envvar USER="xxx"

SncInit(): Trying environment variable SNC_LIB as a

      gssapi library name: "/usr/sap/saprouter/lib/libsapcrypto.so".

"dev_rout" 33L, 1424C                                         1,0-1         Top

former_member182034
Active Contributor
‎02-19-2014 2:53 AM
0 Kudos

please mentioend IP on saprouter configured against xxx.xxx in below line then try.

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" xxx.xxx.xxx.rrr 3200


Regards,


Former Member
‎02-19-2014 3:24 AM
0 Kudos

xxx.xxx.xxx.rrr refers to the internal IP address for SAP Router

former_member182034
Active Contributor
‎02-19-2014 6:57 AM
0 Kudos

yes...

Please mentioned the IP address of that system on which SAProuter is configured.

Regards,

Former Member
‎02-19-2014 7:23 AM
0 Kudos

Hi Jamil, I've done that.

former_member182034
Active Contributor
‎02-19-2014 7:39 AM
0 Kudos

This message was moderated.

Former Member
‎02-20-2014 2:22 AM
0 Kudos

the log is same as above.

former_member182034
Active Contributor
‎02-20-2014 3:52 AM
0 Kudos

hi Corinna,

SncInit(): Initializing Secure Network Communication (SNC)  AMD/Intel x86_64 with Linux

Please download this SAP Cryptographic Library Linux for X86_64 (AMD64) from service.sap.com and replace in saprouter\crypto\

Issue is , for 64bit sapcrypto is required for 64bit saprouter and right now, SAProuter initialization fails because 64bit saprouter binary can not load the 32bit libsapcrypto.so.



Regards,


Former Member
‎02-20-2014 6:29 AM
0 Kudos

Hi Jamil,

I redo the SAP Router and it is still not working. I'm still having the same error of "permission denied".

dev_rout

---------------------------------------------------

trc file: "dev_rout", trc level: 1, release: "720"

---------------------------------------------------

Thu Feb 20 14:17:33 2014

SAP Network Interface Router, Version 40.4

command line arg 0:     ./saprouter

command line arg 1:     -r

command line arg 2:     -G

command line arg 3:     routerlog

command line arg 4:     -W

command line arg 5:     60000

command line arg 6:     -S

command line arg 7:     3299

command line arg 8:     -K

command line arg 9:     p:CN=xxxxxx, OU=xxxxxxx, OU=SAProuter, O=SAP, C=DE

SncInit(): Initializing Secure Network Communication (SNC)

      AMD/Intel x86_64 with Linux (st,ascii,SAP_UC/size_t/void* = 8/64/64)

"dev_rout" 33L, 1424C                                         1,0-1         Top

SAProuter log

Thu Feb 20 14:17:33 2014 INIT LOGFILE

Thu Feb 20 14:17:33 2014 READ ROUTTAB ./saprouttab o.k.

Thu Feb 20 14:17:49 2014 CONNECT FROM C9/- host xxx.xxx.xxx.yy/3032

Thu Feb 20 14:17:49 2014 CONNECT TO   S9/17 host 194.39.131.34/sapdp99 (194.39.131.34) (p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE)

Thu Feb 20 14:17:50 2014 ESTABLISHED  S9/17 (-/SNC)

Thu Feb 20 14:17:51 2014 DISCONNECT   C9/17 host xxx.xxx.xxx.yy/3032 (xxx.xxx.xxx.yy)

Thu Feb 20 14:17:57 2014 CONNECT FROM C18/- host xxx.xxx.xxx.zz/55529

Thu Feb 20 14:17:57 2014 CONNECT TO   S18/10 host 194.39.131.34/sapdp99 (194.39.131.34) (p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE)

Thu Feb 20 14:17:58 2014 CONNECT ERR  S18/10 NIEROUT_PERM_DENIED on 'SAProuter 40.4 on 'spwdfvml0575''

Thu Feb 20 14:17:58 2014 DISCONNECT   S18/10 host 194.39.131.34/3299 (194.39.131.34)

former_member182034
Active Contributor
‎02-20-2014 7:36 AM
0 Kudos

hi,

now you are facing this issue due to incorrect entry in saprouttab.

please add following entry in host file and try after restart the saprouter.

194.39.131.34     sapserv2

Please confirm mentioned things of this SAP note   1178684

Regards,

majamil1@gmail.com(add it  and come online)

former_member182034
Active Contributor
‎02-20-2014 10:04 AM
0 Kudos

hi,

Please have a look at these threads.

Regards,

Former Member
‎02-25-2014 10:00 AM
0 Kudos

Hi,

In this thread, SAProuter and Telnet 3299 with error it mention to add hostname but I'm not too sure what is the domain

Exemple:

192.168.1.10 hostname

192.168.1.10 hostname.domain

The domain is referring to the Windows domain or ?

SAP Router Issue

According to some sites, they mention to add 2 lines but others said to add 4 lines. I've added 4, any issue?

export SECUDIR=/usr/sap/saprouter/

export SNC_LIB=/usr/sap/saprouter/lib/libsapcrypto.so

export LD_LIBRARY_PATH=/usr/sap/saprouter/lib

export LIBPATH=/usr/sap/saprouter/lib

former_member182034
Active Contributor
‎02-25-2014 10:18 AM
0 Kudos 


In this thread, SAProuter and Telnet 3299 with error it mention to add hostname but I'm not too sure what is the domain

If your computer is the part of domain then you just add the IP and hostname only.

According to some sites, they mention to add 2 lines but others said to add 4 lines. I've added 4, any issue?

usually, we set only 2 variables (SNC_LIB, SECUDIR ).

while you can check with 2 and 4 respectively because these are the variables.

Regards,

Ask a Question