cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAProuter: saprouttab entry for 3rd party connection

Go to solution
former_member449168
Participant

on ‎06-04-2018 7:56 AM

0 Kudos

Hi.

We would like to set up a SAProuter connection to a 3rd party for them to access our SAP server.

I'm unclear about the saprouttab entry.
Can someone please assist?

We have:

KP "p:CN=Our_Certificate_Name" *  Our_SAP_IP
KP "p:CN=Our_Certificate_Name" *  3298
P * * * *

I'm concerned about P * * * *
From the documentation I can see that:
P/S/D <source-host> <dest-host> <dest-serv> <password>

But what is our host and destination?
Is the host our SAProuter server IP and the destination the 3rd parties SAProuter IP?

Should it thus be something like:

P 10.0.0.4 41.45.85.148 * *

where 10.0.0.4 is our local SAProuter IP, and 41.45.85.148 is the IP of the 3rd party's SAProuter server?

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Matt_Fraser
Active Contributor
‎06-06-2018 4:00 PM

Hi Patricio,

I think you're right to be concerned about the "P * * * *" line. If this saprouter is connecting to the Internet to reach your 3rd party, then I would definitely remove this line, even if you have a firewall between the saprouter and the Internet (which you definitely should have; saprouter is not a substitute for a proper firewall).

So, you're on the right track. However, in your scenario, I believe the "source host" is your 3rd party's saprouter, and the "destination host" is your own SAP system, since your intent is for them to be able to connect to your system, right? Also, the "destination service" represents the ports you intend to expose on your SAP system. So, if this is an ABAP system, and the system number is 00, you'll probably need three otherwise identical lines, but with ports 3200, 3300, and 3600 listed.

So, in your example, if the 3rd party's saprouter is at 41.45.85.148, and your SAP system is at 10.0.0.10 (not your saprouter), and it's system number is 00, you might have three lines like this:

P 41.45.85.148 10.0.0.10 3200
P 41.45.85.148 10.0.0.10 3300

P 41.45.85.148 10.0.0.10 3600

This isn't getting into questions of establishing SNC connections and so forth, which you may (probably) also want to explore, but this should establish the basic connection.

Cheers,
Matt

Show replies
Show replies
isaias_freitas
Advisor
Advisor
‎06-07-2018 12:48 AM

Hello Patricio, Matt,

Just a small observation about the line with all "*": the saprouter does not open all ports in this case.

If the port number is defined as "*", the saprouter allows the connection only to the port range 3200-3299.

Even so, I would definitely advise against having such a line at your saprouttab ;-).

Cheers!

Isaías

Answers (1)

Answers (1)

bim6kor
Discoverer
‎05-09-2022 7:25 AM
0 Kudos

Hi Matt,

How to establish a SNC connection to third party software from SAP router and vice versa.

Thanks!!

Bineesh

Show replies
Show replies
isaias_freitas
Advisor
Advisor
‎05-09-2022 1:12 PM
0 Kudos

Hello Bineesh,

You will establish the connection from the third party software through the saprouter and to your SAP system.

However, the SNC trust and encryption is made directly between the third party software and the SAP system.

A saprouter can establish an SNC connection only with another saprouter.

About how to configure the third party software, this is a question to the support team of that software.

Regards,

Isaías

Ask a Question