cancel
Showing results for 
Search instead for 
Did you mean: 

Sap access wia internet

Former Member
0 Kudos
99

Dear Guru,

We had the windows ECC6 server.Our customers & Vendors needs to acessing the sap server from there place.

If any possible to access our production sever through internet with highy secured .

But we are not interested to buy a third party tool for the access the server through internet.

guna

Accepted Solutions (0)

Answers (4)

Answers (4)

Former Member
0 Kudos

Hi,

There is one solution to your problem is that you can have EP system which allows to access your system our internet and is highly secured means of access

Just you have to add EP system to your existing Java Box

and configure accordingly to access your system over internet.

Thanks and Regard

Khurshid

Former Member
0 Kudos

You probably already have a SAPRouter set up, it's typically used for remote connections to SAP (the company). Go to transaction OSS1, parameters>technical settings and see if you have anything under SAProuter1.

That said, for SAProuter to be secure you'll need to have all your vendors and customers to also have a SAPRouter set up with static IPs. And I'm not sure you're allowed to do this under the terms of use for SAProuter and the cryptographic libraries.

I'd be more inclined to use a web dispatcher and the integrated ITS for the webgui. If you can live with HTTP connections that won't cost you anything. If you need HTTPS you'll need to spring for a certifcation authority.

nelis
Active Contributor
0 Kudos

Hi,

Another option..

With strict firewall(using demilitarized zone) and using the SAP Web Dispatcher for load balancing and a single entry point you can use the integrated Internet Transaction Server with HTMLgui.

Regards,

Nelis

Former Member
0 Kudos

HI,

You have two option

1) Setup secure VPN connection between two sides.

2) Connect using Secured saprouter ( SNC SAPROUTER)

in both case you need one public IP address ( Live IP )

regards,

kaushal

Former Member
0 Kudos

This message was moderated.

former_member227600
Contributor
0 Kudos

Hi,

Follow the following steps:-

1:-Create a saprouter subdirectory under [Ex:-usr/sap/saproter]

2:-Download saprouter.sar file from service.sap.com . Extract this file using SAPCAR in

Saprouter directory. Saprouter.sar file containing two files saprouter & nipping.

3:-Download the SAP cryptographic software from service.sap.com/swdc.Extract this file

& place all files in saprouter subdirectory [sapcrypto.dll,sapgenpse.exe,ticket}.

4:-Set the environment variable for SECUDIR & SNC_LIB

CERTIFICATE FOR SAPROUTER

Note:- Owner is <sid>adm

1:-Now login on service.sap.com/tcsSAPtrust Center Service in Detail SAProuter

Certificatesapply now continue.

2:-Note down your distinguished name.

Ex:- CN=XXXXXs, OU=XXXXX, OU=SAProuter, O=SAP, C=DE

3:- Execute the following command in the saprouter/ntintel directory.

sapgenpse get_pse u2013v u2013r certreq u2013p local..pse u201CCN=XXXX, OU=XXXXX,

OU=SAProuter, O=SAP, C=DEu201D

4:- Enter PIN:-

Re Enter PIN:-

5.The "certreq" file is created in the /saprouter/ntintel directory.

5:-File cretreq is created in the /usr/sap/saprouter/ntintel directory.

6:- Open u201Ccertrequ201D file in text editor

Copy the text of certreq & paste in the space provided in sapmarket place .This space

Is available after step 1: under certificate for saprouter section.

7:-After that please click on u201C Request Certificateu201D anew screen will be displaying your

Certificate issued by SAP Certification Authority.

8:-Now using text editor copy the contect (from start to end) & save it as u201Csrcertu201D in to

usr/sap/saprouter/ntintel .(without any extension ex .txt).

IMPORTING THE CERTIFICATE

1:-To import the certificate into SAProuter execute the following command in /saprouter

/ntintel directory.

sapgenpse import_own_cert u2013c srcert u2013p local.pse

And enter PIN (same as 4 point of section certificate for saprouter)

2:- This will create a file u201Ccred_v2u201D in the same directory.

3:- Check whether the certificate has been import correctly. Execute the following

Command in saprouter/ntintel directory.

sapgenpse get_my_name u2013v u2013n Issuser

The result should be u201CCN=XXXX CA=XXXXX, OU=SAProuter, O=SAP, C=DEu201D

ROUTE PERMISSION TABLE

1:- Create a text file using text editor under usr/sap/saprouter & save it as saprouttab

Without any extension.

2:- Example of saprouttab file

#SNC-connection from and to SAP

KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 194.39.131.34 *

  1. SNC-connection from SAP to local R/3-system for Support SID DEV

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 102.108.70.10 3200

  1. SNC - connection from SAP to local R/3 - system for Support SID PRD

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 102.108.70.9 3200

  1. SNC - connection from SAP to local R/3 - system for Support SID QAS

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 102.108.70.2 3210

  1. SNC - connection from SAP to local R/3-System for SAPtelnet

KP "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 102.108.70.1 23

KT "p:CN=sapserv2, OU=SAProuter, O=SAP, C=DE" 102.108.70.4 *

#Access from the local Network to SAPnet - R/3 Frontend (OSS)

P 102.108.70.1 194.39.131.34 3299

P * 194.39.131.34 3299

  1. Deny all other connections

D * * *

3:- Start the SAProuter with the following command:-

Saprouter u2013r u2013S <port> -K u201Cp:CN=XXXX,OU= XXXX0,OU=SAProuter,O=SAP,

C=DEu201D

MAINTAIN SYSTEM DATA ON SAPMARKETPLACE

1:- Login on service.sap.com/access-support.

2:- Click on the Maintain Connection as you see in the following screen.

3:-Select your system (Ex:- PRD or DEV)

4:-Click on connection type.

5:- after select connection type click on System data. Maintain the date.

Now you can start sap router.

Karan