VPN with INSYS routers Connecting two Siemens S7-300 in different networks. Configuration Guide



Similar documents
VPN with INSYS routers Configuring OpenVPN server with certificate-based authentication. Configuration Guide

VPN with INSYS Connectivity Service OpenVPN Connection to INSYS Connectivity Service under Android. Configuration Guide

VPN with INSYS routers Creating X509.v3 Certificates for VPNs with XCA. Configuration Guide

Configuration Guide. Replacing a Leased Line with INSYS GPRS 5.x serial

INSYS IMON - Monitoring Function Switching an output via SMS. Configuration Guide

Evaluation Board. i-modul and Socket. Manual

How to access peers with different VPN through IPSec. Tunnel

Linking 2 Sites Together Using VPN How To

ENDIAN Topologies Setup of different Network topologies with Endian Firewalls

Sophos UTM. Remote Access via SSL Configuring Remote Client

If you have questions or find errors in the guide, please, contact us under the following address:

IPSecuritas 3.x. Configuration Instructions. Collax Business Server. for

KNX IP Interface 730 KNX IP Router 750 KNX IP LineMaster 760 KNX IP BAOS 770 KNX IP BAOS 771 KNX IP BAOS 772 KNX IP BAOS 777

Parallels Plesk Panel. VPN Module for Parallels Plesk Panel 10 for Linux/Unix Administrator's Guide. Revision 1.0

PePWave Surf Series PePWave Surf Indoor Series: Surf 200, AP 200, AP 400

VPN Configuration Guide. Cisco Small Business (Linksys) WRV210

Sophos UTM. Remote Access via PPTP. Configuring UTM and Client

Remote Access to Embedded WEB by NAT Port Forwarding

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Cisco Firewall. Overview

Talk2M ewon Internet Connection How To

Astaro Security Gateway V8. Remote Access via L2TP over IPSec Configuring ASG and Client

How To Configure Apple ipad for Cyberoam L2TP

VPN Tracker for Mac OS X

Web Authentication Application Note

VPN Configuration Guide. Parallels Remote Desktop for Mac

Wireless G Broadband quick install

Sophos UTM. Remote Access via PPTP Configuring Remote Client

Chapter 9 Monitoring System Performance

Access Schneider Electric PLCs through an existing Talk2M connection

LANCOM Advanced VoIP Client 1.20 EN. Notes on Installation

Remote Connection to a WAGO using a High-Speed Internet connection Application note

VPN L2TP Application. Installation Guide

VPN Configuration Guide DrayTek Vigor / VigorPro

vcloud Director User's Guide

VPN Tracker for Mac OS X

bintec Workshop WAN Partner Configuration Copyright November 8, 2005 Funkwerk Enterprise Communications GmbH Version 0.9

Configuring a Check Point FireWall-1 to SOHO IPSec Tunnel

VPN Configuration Guide. Cisco Small Business (Linksys) WRVS4400N / RVS4000

Broadband Router ESG-103. User s Guide

Sophos UTM. Remote Access via IPsec Configuring Remote Client

Multifunctional Broadband Router User Guide. Copyright Statement

Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding

Millbeck Communications. Secure Remote Access Service. Internet VPN Access to N3. VPN Client Set Up Guide Version 6.0

CREATING AN IKE IPSEC TUNNEL BETWEEN AN INTERNET SECURITY ROUTER AND A WINDOWS 2000/XP PC

OvisLink 8000VPN VPN Guide WL/IP-8000VPN. Version 0.6

VPN Configuration Guide. Cisco Small Business (Linksys) RV016 / RV042 / RV082

SSL SSL VPN

Astaro User Portal: Getting Software and Certificates Astaro IPsec Client: Configuring the Client...14

ETRX2 and ETRX357 Wireless Mesh Networking Modules. Application Note Accessing Modules over the Internet

Establishing a VPN tunnel to CNet CWR-854 VPN router using WinXP IPSec client

Application Notes for Configuring a SonicWALL VPN with an Avaya IP Telephony Infrastructure - Issue 1.0

ecatcher Talk2M Pro - Remote Connection Quick Start How To

How To Check If Your Router Is Working Properly On A Nr854T Router (Wnr854) On A Pc Or Mac) On Your Computer Or Ipad (Netbook) On An Ipad Or Ipa (Networking

LUCOM GmbH * Ansbacher Str. 2a * Zirndorf * Tel / * Fax / *

Manual. Traffic Exchange

SECON-X. Technical Documentation. SECON-Vap user manual. Version: 1 Edition: Article no.:

Astaro Security Gateway V8. Remote Access via SSL Configuring ASG and Client

How To Connect To An Egrabit With A Vpn On A Pc Or Mac Or Ipad (For Pc Or Ipa) With A Pv (For Mac) Or Ipv (Femalese) With An Ipv Or Ip

Enabling NAT and Routing in DGW v2.0 June 6, 2012

Technical Support Information

AirStation VPN Setup Guide WZR-RS-G54

Quick Setup Guide. 2 System requirements and licensing Kerio Technologies s.r.o. All rights reserved.

Setup Reference Guide for KX-NS1000 to SBC SIP Trunking

JP1 Version 11: Example Configurations

Configuring IPsec between a Microsoft Windows XP Professional (1 NIC) and the VPN router

Application note. A103202, English Version 1.0.1

VPN Configuration Guide SonicWALL with SonicWALL Simple Client Provisioning

Chapter 8 Router and Network Management

VPN Configuration Guide D-Link DFL-800

Chapter 6 Using Network Monitoring Tools

Windows XP VPN Client Example

Configuration Guide. How to Configure SSL VPN Features in DSR Series. Overview

How To Configure L2TP VPN Connection for MAC OS X client

Appendix C Network Planning for Dual WAN Ports

Sophos UTM. Remote Access via SSL. Configuring UTM and Client

HOWTO: How to configure IPSEC gateway (office) to gateway

Configuring TheGreenBow VPN Client with a TP-LINK VPN Router

Virtual Address Mapping

How to Guide: StorageCraft Cloud Services VPN

Configuring Network Address Translation (NAT)

VPN PPTP Application. Installation Guide

M2M Series Routers. Port Forwarding / DMZ Setup

VPN Direct connection How To

How to Create a Basic VPN Connection in Panda GateDefender eseries

1 Axis camera configuration IP configuration Setting up date and time Installing an IPS Analytics Application...

SonicOS Enhanced Release Notes

Accessing the Media General SSL VPN

LevelOne. User Manual. FBR-1430 VPN Broadband Router, 1W 4L V1.0

VPN Tracker for Mac OS X

Sophos UTM. Remote Access via IPsec. Configuring UTM and Client

Virtual Private Network and Remote Access Setup

Controlling Ashly Products From a Remote PC Location

VPN Quick Configuration Guide. Astaro Security Gateway V8

BROADBAND INTERNET ROUTER USER S MANUAL. Version Page 1 of 13 -

Connecting your Omega/BetaPAT PLUS to a PC via a USB

Overview of ServerView Windows Agent This chapter explains overview of ServerView Windows Agent, and system requirements.

Configuring Microsoft RADIUS Server and Gx000 Authentication. Configuration Notes. Revision 1.0 February 6, 2003

Virtual Private Network and Remote Access

Transcription:

VPN with INSYS routers Connecting two Siemens S7-300 in different networks Configuration Guide

Pos: 1 /Datenkommunikation/Configuration Guide/=== ORGA - Module ===/1 Einführung: Prinzipschaltbild und Ziel/1-0 h1 --- Einführung --- @ 5\mod_1243351890374_91.doc @ 20029 @ 1 Introduction Copyright 2013 INSYS MICROELECTRONICS GmbH Any duplication of this üublication is prohibited. All rights on this publication and the devices are with INSYS MICROELECTRONICS GmbH Regensburg. Trademarks The use of a trademark not shown below is not an indication that it is freely available for use. MNP is a registered trademark of Microcom Inc. IBM PC, AT, XT are registered trademarks of International Business Machine Corporation. Windows is a registered trademark of Microsoft Corporation. Linux is a registered trademark of Linus Torvalds. INSYS is a registered trademark of INSYS MICROELECTRONICS GmbH. The principles of this publication may be transferred to similar combinations. INSYS MICROELECTRONICS GmbH does not assume liability or provide support in this case. Moreover, it cannot be excluded that other effects or results than described here are produced, if other, similar components are combined and used. INSYS MICROELECTRONICS GmbH is not liable for possible damages. Publisher INSYS MICROELECTRONICS GmbH Hermann-Köhl-Str. 22 D-93049 Regensburg Germany Phone +49 941 58692 0 Fax +49 941 58692 45 E-mail info@insys-icom.com URL http://www.insys-icom.com Print 31. Jul. 2013 Item No. - Version 1.0 Language EN 2 Connecting two Siemens S7-300 in different networks EN Vers. 1.0 31. Jul. 2013 www.insys-icom.com

Pos: 2 /Datenkommunikation/Configuration Guide/=== ORGA - Module ===/1 Einführung: Prinzipschaltbild und Ziel/1-1 TE Ziel allgemein @ 5\mod_1259744063976_91.doc @ 22643 @ Pos: 3 /Datenkommunikation/Configuration Guide/MoRoS/Verbinden zweier S7-300/1-1 TE Ziel: Verbinden zweier Siemens S7-300 über einen VPN-Tunnel @ 7\mod_1339665519927_91.doc @ 32138 @ Pos: 4 /Datenkommunikation/Configuration Guide/MoRoS/Verbinden zweier S7-300/1-2 TE Prinzipschaltbild: Verbinden zweier Siemens S7-300 über einen VPN-Tunnel @ 7\mod_1339665521221_91.doc @ 32144 @ Pos: 5 /Datenkommunikation/Configuration Guide/=== ORGA - Module ===/2 Kurzfassung/2-00 h1 --- Kurzfassung --- @ 5\mod_1259746860297_91.doc @ 22649 @ 1 Introduction 1 Introduction General The present publication refers to a combination of selected hardware and software components of INSYS MICROELECTRONICS GmbH as well as other manufacturers. All components have been combined with the target to realize certain results and effects for certain applications in the field of professional data transfer. All components have been prepared, configured and used as described in this publication. Thus, the desired results and effects have been achieved. The exact descriptions of all used components, to which this publication refers, are described in the tables Hardware, Accessories and Software at the end of this publication. The symbols and formattings used in this publication are explained in the correspondent section at the end of this publication. Some configurations or preparations, which are precondition in this publication, are described in other publications. Therefore, always refer to the related device manuals. INSYS devices with web interface provide you with helpful information about the configuration possibilities, if you click on "display help text" in the header. Target of this Publication Two PLCs Siemens S7-300 at different locations are to be connected via Internet. Usually, the sender address of one control is replaced by the router address for communication (NAT). Then, the remote control sends its response to this router address. In case of the S7-300, the local control rejects any further communication, because this new target address of the response does not match its original sender address. Use this publication to find out how to establish a secure VPN connection using two INSYS routers in order to realise such a connection nevertheless by disabling NAT (Network Address Translation) for incoming packets and route the packets without change through a VPN tunnel. Figure 1: Connecting two Siemens S7-300 via a VPN tunnel Connecting two Siemens S7-300 in different networks 3 www.insys-icom.com 31. Jul. 2013 Vers. 1.0 EN

Pos: 6 /Datenkommunikation/Configuration Guide/MoRoS/Verbinden zweier S7-300/2-10 TÄ Kurzfassung: Verbinden zweier Siemens S7-300 über einen VPN-Tunnel @ 7\mod_1339674138447_91.doc @ 32187 @ Pos: 7 /Datenkommunikation/Configuration Guide/=== ORGA - Module ===/3 Konfiguration/3-0 h1 --- Konfiguration --- @ 4\mod_1239201153573_91.doc @ 18709 @ 1 Summary 2 Summary Configuration of a VPN Connection Without NAT How to configure an INSYS router for a VPN connection without NAT. You will find detailed step by step instructions in the following section. 1. Open in the menu Dial-In / Dial-Out / LAN (ext) the page Routing 2. Disable "Activate NAT for incoming packets" 3. Save settings 4. In case of OpenVPN connections, open in the menu Dial-In / Dial-Out / LAN (ext) the page OpenVPN client/server 5. Disable "Masquerade packets before tunnelling" 6. Save settings 7. Open in the menu System the page Reset 8. Select "Restart" and restart the device 4 Connecting two Siemens S7-300 in different networks EN Vers. 1.0 31. Jul. 2013 www.insys-icom.com

Pos: 8 /Datenkommunikation/Configuration Guide/=== ORGA - Module ===/3 Konfiguration/3-00 TÄ Vorbereitungen @ 5\mod_1249050937179_91.doc @ 21049 @ Pos: 10 /Datenkommunikation/Configuration Guide/MoRoS/Verbinden zweier S7-300/3-05 HA Verbinden zweier Siemens S7-300 über einen VPN-Tunnel @ 7\mod_1339674493504_91.doc @ 32199 @ Configuration 3 Configuration Provisions Please prepare the following items before starting the configuration: Pos: 9 /Datenkommunikation/Configuration Guide/MoRoS/Verbinden zweier S7-300/3-01 HA Vorbereitungen @ 7\mod_1339674493082_91.doc @ 32193 @ Both controls are connected to their INSYS routers and ready for operation. Both INSYS routers are connected to power supply and ready for operation. You have access to each INSYS router via your web browser. Both INSYS routers are configured ready for operation for a connection via the WAN interface. Both INSYS routers are configured ready for operation for a VPN connection. Information and instructions about this can be found in the appropriate manuals and other Configuration Guides, which describe further necessary steps to establish a VPN connection, e.g. creating certificates or configuring server/client, under http://www.insys-icom.com/cg. Configuring an INSYS Router for a VPN Connection Without NAT How to disable Network Address Translation (NAT) for the VPN connection and masking the packets through the VPN tunnel. The networks, in which both controls are located, must have different network address ranges. The following settings must be made for both INSYS routers. 1. Select in the menu the page Routing. This page is under the menu item Dial-In, Dial-Out, or LAN (ext) depending on the used INSYS router. 2. Remove the checkmark in the checkbox "Activate NAT for incoming packets". Connecting two Siemens S7-300 in different networks 5 www.insys-icom.com 31. Jul. 2013 Vers. 1.0 EN

Pos: 11 /Datenkommunikation/Configuration Guide/=== ORGA - Module ===/5 Verwendete Komponenten / Weiterführende Informationen/5-0 h1 --- Verwendete Komponenten --- @ 5\mod_1253000236681_91.doc @ 21647 @ 1 Configuration 3. Click OK at "Confirm all" to save the settings. If you use an OpenVPN connection, you must also disable masking of the packets before tunnelling. This step is not necessary in case of an IPsec connection. 4. Select in the menu the page OpenVPN client. This page is under the menu item Dial-In, Dial-Out, or LAN (ext) depending on the used INSYS router. If the currently configured INSYS router acts as an OpenVPN server, the OpenVPN server page must be selected here. 5. Remove the checkmark in the checkbox "Masquerade packets before tunnelling". 6. Click OK at "Confirm all" to save the settings. 7. Select in the menu the page System Reset. 8. Select the option "Restart" and click on OK. NAT is disabled for the VPN connection after the restart with this. 6 Connecting two Siemens S7-300 in different networks EN Vers. 1.0 31. Jul. 2013 www.insys-icom.com

Pos: 13 /Datenkommunikation/Notizen - Leere Seite zum Auffüllen auf Seitenumfang "x mal 4" @ 5\mod_1242998978108_91.doc @ 19977 @ Used Components 4 Used Components Pos: 12 /Datenkommunikation/Configuration Guide/MoRoS/Verbinden zweier S7-300/5-1 TE Verwendete Komponenten @ 7\mod_1339674494393_91.doc @ 32211 @ Please observe: The power supply units required to operate devices are not listed here in detail. Take care for a provision at the site, if they are not part of the scope of delivery. Hardware Description Manufacturer Type Version Router INSYS MoRoS PRO or MLR from firmware 2.2.0 PLC Siemens S7-300 - Table 1: Used hardware Software Description Manufacturer Type Version Operating system Microsoft Windows XP Pro latest Browser Mozilla Firefox latest Table 2: Used software Connecting two Siemens S7-300 in different networks 7 www.insys-icom.com 31. Jul. 2013 Vers. 1.0 EN

Germany INSYS MICROELECTRONICS GmbH Hermann-Köhl-Str. 22 93049 Regensburg Germany Phone +49 941 58692 0 Fax +49 941 58692 45 E-mail info@insys-icom.com URL www.insys-icom.com Great Britain INSYS MICROELECTRONICS UK Ltd. The Venture Centre Univ. of Warwick Science Park Sir William Lyons Road Coventry, CV4 7EZ Great Britain Phone +44 2476 323 237 Fax +44 2276 323 236 E-mail info@insys-icom.co.uk URL www.insys-icom.co.uk Czech Repulic INSYS MICROELECTRONICS CZ, s.r.o. Slovanská alej 1993 / 28a 326 00 Plzen-Východní Předměstí Czech Republic Phone +420 377 429 952 Fax +420 377 429 952 Mobile +420 777 651 188 E-mail info@insys-icom.cz URL www.insys-icom.cz

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information