Skip to Content
Aug 13, 2021 at 10:13 AM

Enabling SNC encryption on SAProuter traffic

189 Views Last edit Aug 13, 2021 at 01:08 PM 5 rev


I'm setting up a SAProuter connection between 2 of our servers and our SAP box.

The connection is working, but in the trace file I do notice this line, which I assume means that the traffic is not encrypted.

NiSncGetPeer: hdl 11 not SNC enabled

My question is, how can I enable SNC encryption on the traffic between the routers and SAP?

Here is my setup and saprouttab files:

SAProuter 1 (external network) --> SAProuter 2 (internal network) --> SAP

- I have installed a certificate from SAProuter 1 in the pse file of SAProuter 2.

- I have also installed the certificate from SAProuter 2 into the pse file of SAProuter 1

- Both saprouters are started with the -K param followed by the name of its own certificate.

saprouttab of SAProuter 1:

KT "p:CN=SAPRouter2cert"    [Public_IP_SAProuter2]   3299
P  [Private_IP_SAProuter1]  [Public_IP_SAProuter2]   *

saprouttab of SAProuter 2:

KT "p:CN=SAPRouter1cert" [Public_IP_SAProuter1]  3299<
KP "p:CN=SAPRouter1cert" [SAP_Internal_IP] *
P [Public_IP_SAProuter1] [SAP_Internal_IP] *
#Note that if this P line comes out then the connection does not work anymore.