Siemens SCALANCE S615 Getting Started
  1. Manuals
  2. Brands
  3. Siemens Manuals
  4. Network Router
  5. SCALANCE S615
  6. Getting started

Siemens SCALANCE S615 Getting Started

Industrial ethernet security
Hide thumbs Also See for SCALANCE S615:
Table of Contents

Advertisement

Quick Links

See also: Configuration Manual , Manual
SCALANCE S615 Getting Started
SIMATIC NET
Industrial Ethernet Security
SCALANCE S615 Getting Started
Getting Started
03/2015
C79000-G8900-C390-01
___________________
Preface
Connecting SCALANCE
___________________
S615 to the WAN
OpenVPN tunnel between
___________
SCALANCE S615 and
SINEMA RC Server
1
2

Advertisement

Table of Contents
loading

Related Manuals for Siemens SCALANCE S615

Summary of Contents for Siemens SCALANCE S615

  • Page 1 ___________________ SCALANCE S615 Getting Started Preface Connecting SCALANCE ___________________ S615 to the WAN OpenVPN tunnel between ___________ SCALANCE S615 and SIMATIC NET SINEMA RC Server Industrial Ethernet Security SCALANCE S615 Getting Started Getting Started 03/2015 C79000-G8900-C390-01...
  • Page 2 Note the following: WARNING Siemens products may only be used for the applications described in the catalog and in the relevant technical documentation. If products and components from other manufacturers are used, these must be recommended or approved by Siemens. Proper transport, storage, installation, assembly, commissioning, operation and maintenance are required to ensure that the products operate safely and without any problems.

  • Page 3: Preface

    Preface Purpose The configuration of the SCALANCE S615 is shown based on examples. IP settings for the examples Note The IP settings used in the examples were freely chosen. In a real network, you would need to adapt these IP settings to avoid possible address conflicts.
  • Page 4 You will find this document on the Internet under the following entry ID: 27069465 (http://support.automation.siemens.com/WW/view/en/27069465) SIMATIC NET manuals You will find SIMATIC NET manuals on the Internet pages of Siemens Industry Online Support: ● Using the search function: Link to Siemens Industry Online Support (http://support.automation.siemens.com/) Enter the entry ID of the relevant manual as the search item.
  • Page 5 Siemens recommends strongly that you regularly check for product updates. For the secure operation of Siemens products and solutions, it is necessary to take suitable preventive action (e.g. cell protection concept) and integrate each component into a holistic, state-of-the-art industrial security concept.
  • Page 6 Preface SCALANCE S615 Getting Started Getting Started, 03/2015, C79000-G8900-C390-01...

  • Page 7: Table Of Contents

    Specifying device information ....................19 Setting the time ........................20 Creating IP subnet ........................22 OpenVPN tunnel between SCALANCE S615 and SINEMA RC Server ..........25 Procedure in principle ......................25 Configuring access to the SINEMA RC Serve ................ 29 2.2.1...
  • Page 8 Table of contents SCALANCE S615 Getting Started Getting Started, 03/2015, C79000-G8900-C390-01...

  • Page 9: Connecting Scalance S615 To The Wan

    Connecting SCALANCE S615 to the WAN Procedure in principle In this example the SCALANCE S615 that is in the factory settings status is assigned an IP address. Following this, the device will be configured using Web Based Management (WBM). Access to the WAN via the Ethernet interface P5 of the S615 will be connected.
  • Page 10 1. Setting up SCALANCE S615 and network (Page 11) 2. Launching Web Based Management (Page 12) 3. Logging in to Web Based Management (Page 15) 4. Changing the IP settings of the SCALANCE S615 (Page 17) 5. Configuring SCALANCE S615 – Specifying device information (Page 19) –...

  • Page 11: Setting Up Scalance S615 And Network

    (SELV) complying with IEC950/EN60950/ VDE0805 can be connected to the power supply terminals. The power supply unit for the SCALANCE S615 power supply must meet NEC Class 2, according to the National Electrical Code(r) (ANSI / NFPA 70).

  • Page 12: Launching Web Based Management

    Connecting SCALANCE S615 to the WAN 1.3 Launching Web Based Management Launching Web Based Management In the factory settings, the SCALANCE S615 can be reached at the following IP address: ● IP address: 192.168.1.1 ● Subnet mask: 255.255.255.0 In this configuration example, the Admin PC has the following IP address setting to allow it to access the Web Based Management of the S615.
  • Page 13 Connecting SCALANCE S615 to the WAN 1.3 Launching Web Based Management 5. Enter the values in the table above. SCALANCE S615 Getting Started Getting Started, 03/2015, C79000-G8900-C390-01...
  • Page 14 Connecting SCALANCE S615 to the WAN 1.3 Launching Web Based Management 6. Confirm the dialogs with "OK" and close the Control Panel. 7. Enter the IP address "192.168.1.1" in the address box of the Web browser. If there is a problem-free connection to the device, the login page of Web Based Management (WBM) is displayed.

  • Page 15: Logging In To Web Based Management

    Connecting SCALANCE S615 to the WAN 1.4 Logging in to Web Based Management Logging in to Web Based Management Procedure 1. Log in with the user name "admin" and the password "admin". You will be prompted to change the password.
  • Page 16 Connecting SCALANCE S615 to the WAN 1.4 Logging in to Web Based Management 6. Repeat the password in "Password Confirmation" to confirm it. The entries must match. 7. Click the "Set Values" button. Result The password for the "admin" user is changed. The changes take immediate effect.

  • Page 17: Changing The Ip Settings Of The S615

    Connecting SCALANCE S615 to the WAN 1.5 Changing the IP settings of the S615 Changing the IP settings of the S615 Procedure 1. Click on "Layer 3" > "Subnet" in the navigation area and on the "Configuration" tab in the content area.
  • Page 18 Connecting SCALANCE S615 to the WAN 1.5 Changing the IP settings of the S615 7. Enter the values for the PC from the "Settings used (Page 9)" table. 8. Confirm the dialogs with "OK" and close the Control Panel. 9. In the address box of the Web browser, enter the IP address for vlan1, see table "Settings used (Page 9)".

  • Page 19: Specifying Device Information

    Connecting SCALANCE S615 to the WAN 1.6 Specifying device information Specifying device information To allow better identification of the SCALANCE S615, specify general device information. Procedure 1. Click "System" > "General" in the navigation panel and on the "Device" tab in the content area.

  • Page 20: Setting The Time

    1.7 Setting the time Setting the time The date and time are kept on the SCALANCE S615 to check the validity (time) of certificates and for the time stamps of log entries. You can set the system time yourself manually or have it synchronized automatically with a time server. For this example, the time server is configured using NTP.
  • Page 21 Connecting SCALANCE S615 to the WAN 1.7 Setting the time 3. In "NTP Server IP Address", enter the IP address 192.168.100.87. It is not possible to enter the NTP address as a host name. 4. If necessary, change the port in "NTP Server Port". As default, 123 is set.

  • Page 22: Creating Ip Subnet

    Connecting SCALANCE S615 to the WAN 1.8 Creating IP subnet Creating IP subnet The interfaces are handled differently. ● Ethernet interface P1 (vlan1): Connection to LAN ● Ethernet interface P5 (vlan2): Connection to WAN For this configuration example, only the IP subnet for the Ethernet interface P5 needs to be configured.
  • Page 23 Connecting SCALANCE S615 to the WAN 1.8 Creating IP subnet Result The IP subnets have been created. The IP subnets are displayed in the "Overview" tab. SCALANCE S615 Getting Started Getting Started, 03/2015, C79000-G8900-C390-01...
  • Page 24 Connecting SCALANCE S615 to the WAN 1.8 Creating IP subnet SCALANCE S615 Getting Started Getting Started, 03/2015, C79000-G8900-C390-01...

  • Page 25: Openvpn Tunnel Between Scalance S615 And Sinema Rc Server

    In this sample configuration two distributed stations are connected using a SCALANCE S615. The devices communicate via the SINEMA RC Server located in the master station. A KEY-PLUG SINEMA Remote Connect is required for each SCALANCE S615 device. The KEY-PLUG enables the connection from SCALANCE S615 to SINEMA RC.
  • Page 26 ● 2 x KEY-PLUG SINEMA RC ● 2 x 24 V power supply with cable connector and terminal block plug ● 2 x PC each connected to a SCALANCE S615. ● 1 x PC on which the SINEMA RC Server is installed.
  • Page 27 OpenVPN tunnel between SCALANCE S615 and SINEMA RC Server 2.1 Procedure in principle Settings used For the configuration example, the devices are given the following IP address settings: Name Interface IP address Station -1 S615-1 LAN port P1 192.168.100.1 LAN1 (vlan1) 255.255.255.0...
  • Page 28 Getting Started "SINEMA Remote Connect". SCALANCE S615 ● The S615 is connected to the WAN , refer to "Connecting SCALANCE S615 to the WAN (Page 9)". The steps in configuration are the same for all devices, the only difference being the settings, see table "Settings used (Page 25)".

  • Page 29: Configuring Access To The Sinema Rc Serve

    OpenVPN tunnel between SCALANCE S615 and SINEMA RC Server 2.2 Configuring access to the SINEMA RC Serve Configuring access to the SINEMA RC Serve 2.2.1 Configuring a route The stations and master station are in different IP subnets. So that the stations can communicate with the master station, the appropriate default route is created on the S615.

  • Page 30: Activating Ip Masquerading

    OpenVPN tunnel between SCALANCE S615 and SINEMA RC Server 2.2 Configuring access to the SINEMA RC Serve 2.2.2 Activating IP masquerading IP masquerading is used so that the internal IP addresses are not forwarded to external. In addition to this, no further routing settings are necessary on the router.

  • Page 31: Allow Access

    OpenVPN tunnel between SCALANCE S615 and SINEMA RC Server 2.2 Configuring access to the SINEMA RC Serve 2.2.3 Allow access So that the PC can access the SINEMA RC Server, access from vlan1 to vlan2 is enabled on the device.

  • Page 32: Configure A Remote Connection On The Sinema Rc Server

    OpenVPN tunnel between SCALANCE S615 and SINEMA RC Server 2.3 Configure a remote connection on the SINEMA RC Server Configure a remote connection on the SINEMA RC Server 2.3.1 Creating node groups Users and devices can be put together in participant groups. You can also specify whether the communication between the participants of an individual group is permitted or forbidden.
  • Page 33 OpenVPN tunnel between SCALANCE S615 and SINEMA RC Server 2.3 Configure a remote connection on the SINEMA RC Server Result The participant groups have been created. SCALANCE S615 Getting Started Getting Started, 03/2015, C79000-G8900-C390-01...

  • Page 34: Create Devices

    OpenVPN tunnel between SCALANCE S615 and SINEMA RC Server 2.3 Configure a remote connection on the SINEMA RC Server 2.3.2 Create devices Procedure 1. In the navigation area, click "Remote connections" > "Devices". The devices that have already been created are listed in the content area.
  • Page 35 OpenVPN tunnel between SCALANCE S615 and SINEMA RC Server 2.3 Configure a remote connection on the SINEMA RC Server You will find the device ID and the fingerprint in the device information. Click on the symbol to open the device information.

  • Page 36: Configure Communications Relations

    OpenVPN tunnel between SCALANCE S615 and SINEMA RC Server 2.3 Configure a remote connection on the SINEMA RC Server 2.3.3 Configure communications relations So that participant groups can communicate with each other, communication relations are necessary. A communication relation can be created for every direction.
  • Page 37 OpenVPN tunnel between SCALANCE S615 and SINEMA RC Server 2.3 Configure a remote connection on the SINEMA RC Server Click "Remote connections" > "Communication relations" in the navigation area. The created relations are listed in the content area. SCALANCE S615 Getting Started...

  • Page 38: Configure A Remote Connection On The S615

    OpenVPN tunnel between SCALANCE S615 and SINEMA RC Server 2.4 Configure a remote connection on the S615 Configure a remote connection on the S615 2.4.1 Secure OpenVPN connection with fingerprint Requirement ● On PC1/2 there are two Web browser windows open.
  • Page 39 OpenVPN tunnel between SCALANCE S615 and SINEMA RC Server 2.4 Configure a remote connection on the S615 3. Change to Web browser 1. – Right click in the input box of "Device ID". – In the shortcut menu, select the menu command for inserting.
  • Page 40 OpenVPN tunnel between SCALANCE S615 and SINEMA RC Server 2.4 Configure a remote connection on the S615 Result The device establishes an OpenVPN tunnel to the SINEMA RC Server. You can check in the WBM to see whether the connection was successful.

  • Page 41: Secure Openvpn Connection With Ca Certificate

    OpenVPN tunnel between SCALANCE S615 and SINEMA RC Server 2.4 Configure a remote connection on the S615 2.4.2 Secure OpenVPN connection with CA certificate 2.4.2.1 Loading a certificate Requirement ● The correct time is set on the S615 and the SINEMA RC Server.

  • Page 42: Configure An Openvpn Connection To The Sinema Rc Server

    OpenVPN tunnel between SCALANCE S615 and SINEMA RC Server 2.4 Configure a remote connection on the S615 Result The certificates are loaded. With "Security" > "Certificates", you can display the certificates. The loaded certificates must have the status "valid". 2.4.2.2...
  • Page 43 OpenVPN tunnel between SCALANCE S615 and SINEMA RC Server 2.4 Configure a remote connection on the S615 3. Change to Web browser 1. – Right click in the input box of "Device ID". – In the shortcut menu, select the menu command for inserting.
  • Page 44 OpenVPN tunnel between SCALANCE S615 and SINEMA RC Server 2.4 Configure a remote connection on the S615 Web browser 2: Click "Remote connections" > "Devices" in the navigation area. SCALANCE S615 Getting Started Getting Started, 03/2015, C79000-G8900-C390-01...

Table of Contents