Saprouter Download

SAProuter - How to setup the saprouter ? What is the saprouter ?

The program SAProuter is the router (software) for the connection from customers to SAP and vice versa.

STEP 11: Create SAProuter service on Windows with the command:(download ntscmgr from Sap note 618053) and run the command - ntscmgr install SAProuter -b C:saproutersaprouter.exe -p 'service -r -R C:saproutersaprouttab -W 60000 -K ^p:^' STEP 12: Edit the Windows Registry key as below: (regedit). SAP Web dispatcher Installation – Windows Login with adm. Create folder SAPWEBDISP in usr sap Download latest web dispatcher from services.sap.com and save it to above folder To extract the file Start Run Cmd Browse to SAPWEBDISP folder Execute sapcar –xvf sapdispatcher.sar Create a profile by executing: sapwebdisp.exe –bootstrap You will be prompted for some details. For download and installation instructions see SAP Note 2573790. You can either place the DLL's in your project output folder or put them in a folder available in the systems PATH (Windows), LDLIBRARYPATH (Linux) or DYLDLIBRARYPATH (macOS) environment variable. If you can't access sapservx directly, you can also download saprouter for Linux from the SAP Service Marketplace alias /patches SAP R/3 - SAP R/3 4.6B or 4.6C - Binary Patches - SAP KERNEL 4.6D 32-BIT - LINUX32 - Database independent - SAPROUTER.CAR. Install Saprouter – Download, Extract, copy to right place (in right case: /usr/sap/saprouter/ in my case it was /usr/local/sbin/) Extract sapcrypto: SAPCAR -xvf SAPCRYPTOLIBXX-XXXXXXXX.SAR (where XXX are version and date numbers) Copy sapcrypto files where you had installed saprouter – In my case it was /usr/local/sbin/.

  • SAProuter in a SAP System
  • What ports to open for a SAProuter ?
  • How to setup the SAProuter for an SNC Internet-Connection ?
  • How to setup the SAProuter for an VPN-Internet-Connection ?
  • How to setup the SAProuter for NON-Internet-Connection ?
  • How to download the latest version ?
  • SAProuter online help with all supported command line options and further examples

SAProuter in a SAP System

This tool SAProuter is designed, to connect different IP Networks even when the IP adresses are in conflict as it does a network adress translation itself. So, this is always used in order to connect SAP with the customer's systems. This is the case for the way from SAP to the customers and mostly the case as well for logging on into the SAP systems from customer's site as well. If the customer uses the SAPNet R/3 Frontend, he has to use the SAProuter on his site.

Further information is available in the very good note 30289.

What ports to open for a SAProuter ?

From external to the SAProuter (mostly from Internet to DMZ)

The SAProuter is running (listening) on port 3299 by default. When you change this with the option '-S' you have to open a different service. But, by default it is just the port 3299 inbound that needs to be available from external partners. The SAProuter now changes the ports to the 'original' ones on the computer where the SAProuter is running. So, it looks like for the target system, as if the request would always come from the computer where the SAProuter is running.

From the SAProuter to the internal systems (mostly from DMZ to intranet)

The SAProuter rerouts all requests from the port 3299 where it is receiving the data to the original ports. Therefore, it is necessary, that you open all ports from the SAProuter to your intranet, that are used in your environment.
This is normally at least the SAP system. The SAP systems dispatcher is running on port 32nn where nn is the system number. So, you might have to open port 3200 - keep in mind, that 3299 to the intranet normally is NOT necessary.
Overview of a few typical applications and their port needs (especially for the access from SAP to your system):

  • 32nn: R3 Support Connection
  • 23: Telnet
  • 1503: Netmeeting
  • 5601: PC-Anywhere
  • 3389: Windows Terminal Server (WTS)

How to setup the SAProuter for an VPN-Internet-Connection ?


Even when VPN often sounds horrible complicated this is pretty easy in this scenario ...

You just grap the 'Remote Connection Data Sheet' from note 28976 and return it filled in to SAP either via Fax or via SAPNet R/3 Frontend (OSS) with componente XX-SER-NET-OSS-NEW (The short text for that message must be 'Remote Connection Data Sheet').
In this 'Remote Connection Data Sheet' you mainly have to let SAP know the official IP adress of your VPN Server and the second official IP adress of your SAProuter. You then forward this second IP to the server of your choice where you want to run the SAProuter.
SAP will setup the VPN access for you and will return the necessary preshared key with the official SAP IP adresses in a few days to you. You then setup your end of the VPN and everything is fine.
Installation of the SAProuter itself for VPN works identically to the way via a private line for non internet connections as described below.

How to setup the SAProuter for NON-Internet-Connection ?

The following description is designed for Windows, but for other platforms, there is documentation available as well in the SAP Help Portal.

  • First you have to setup a physically direct connection to SAP. This can be an ISDN-, Frame-Relay or similar connection. If a direct connection from your site is not feasable, you can have a look to some service providers, if they can offer you a 'OSS-Connection' to SAP for a useful fee.
    Then you receive a special official IP-Adress from SAP (mostly 2 IPs). One of the IP adresses has to become attached to the server you want to run SAProuter on. This means, that this server can receive several IP adresses (at least your normal local one and the official one from SAP).
  • Create the subdirectory saprouter in the directory <drive>:usrsap.
  • Copy the SAProuter.exe either from <drive>:usrsap<SID>SYSexerun or get the latest one as described below from the SAP Service Marketplace.
  • Install the SAProuter as service as follows:
    ntscmgr install SAProuter -b <drive>:usrsapsaproutersaprouter.exe -p 'service -r <parameter>'
    (The 'parameter' has to become replaced with the additional parameters you are using. This is mostly not necessary at all)
  • Define the general attributes of the service:
    In Control Panel->Services, set the startup type to “automatic” and enter a user. SAProuter should not run under the SystemAccount.
  • To avoid the error message “The description for Event ID (0)” in the Windows NT event log, you must enter the following in the registry: Under HKEY_LOCAL_MACHINE->SYSTEM->CurrentControlSet->Services->Eventlog->Application, create the key saprouter and define the following values under it:
    EventMessageFile (REG_SZ): <drive>:usrsapsaproutersaprouter.exe
    TypesSupported (REG_DWORD): 0x7
  • Every SAProuter needs a file called 'saprouttab'. This is normally expected in the same directory as saprouter.exe is located. You should have a look at the end of this web-site or to the SAP Help Portal how to setup this for productive use.
    Right for the moment for tests, the following line in the file <drive>:usrsapsaproutersaprouttab is sufficient:
    P * * *
    (Please change this as soon as your tests are done, as this file opens all ports and all of your systems!)
  • Now, have fun with your SAProuter after starting it via the Windows Service Manager!

How to download the latest version ?

You can download the latest version of all the SAP Executables in the SAP Service Marketplace. As the binaries are different for each platform, you should have a look at the following link:
Download Executable Patches on the SAP Service Marketplace


SAProuter online help with all supported command line options and further examples

If you have some more ideas to this topic, please let us know via the Feedback Area.

[ go to top ]

back 12/11/2020, 03:48:41



Firstly you have need for SAPCAR, saprouter and sapcrypto.
All of the above you can find from SW download centre from SAP:
Note: You will be asked for a PIN code. Just pick your own 4 numbers, but
you’ll have to use the same PIN every time you’re asked to enter one.

Saprouter.exe Download

  1. Send a customer message to SAP Support (component XX-SER-NET-OSS-NEW) and tell them to register the hostname and IP of your new SAProuter.
    You have to register it with a official IP address (no internal IP’s allowed), but it’s allowed to use NAT in the firewall/router.
  2. Install Saprouter – Download, Extract, copy to right place (in right case: /usr/sap/saprouter/ in my case it was /usr/local/sbin/)
  3. Extract sapcrypto: SAPCAR -xvf SAPCRYPTOLIB_XX-XXXXXXXX.SAR (where XXX are version and date numbers)
  4. Copy sapcrypto files where you had installed saprouter – In my case it was /usr/local/sbin/
  5. Copy libsapcrypto.so to /usr/lib/
  6. Set up SNC_LIB & SECUDIR environment variables (if you are using bash) like:
    vi ~/.bashrc
    Insert following:
    export SECUDIR=/usr/local/sbin/
    export SNC_LIB=/usr/local/sbin/libsapcrypto.so
    – In my case path was where I installed saprouter and copied libsapcrypto.so
    :wq – Save and close
    Make variables to work: source ~/.bashrc
  7. Make folder “sec” under your user with you’ll be running saprouter …
  8. Create new certificate request’s and new local PSE’s file command:
    sapgenpse get_pse -v -r certreq -p local.pse “CN=<your sap router ip>, OU=<your ou_number>, OU=SAProuter, O=SAP, C=DE”
    just press Enter for the PIN – You will get new certreq file
  9. Edit certreq – copy all text inside it
  10. Open browser and go to address https://service.sap.com/saprouter-sncadd.Choose “Apply Now”
  11. Choose “SAProuter” and click “Continue”
  12. Copy-paste the content of file certreq into text area, and click “Request Certificate”.
  13. The web page will create the certificate response (inside text area).
  14. If srcert file exists – delete the current srcert file. Create the new srcert file, and fill with the above certificate response.
  15. Import the response into the local PSE.
    sapgenpse import_own_cert -c srcert -p local.pse
  16. Create the credential for <sid>adm user (Or user under which you are running saprouter – in my case it was root)
    sapgenpse seclogin -p local.pse -O <sid>adm
  17. Registering with the local PSE
    sapgenpse get_my_name -v -n Issuer
  18. Restart saprouter if needed or start it fo first time (in my case):
    /usr/local/sbin/saprouter -r -E -G /var/log/saprouter.log -R /etc/saprouter/saprouttab -K 'p:CN=, OU=, OU=SAProuter, O=SAP, C=DE' &


For reference:


Saprouter Download Path

Mida enam sel sajandil ei kuule…VI commands on Linux