Siemens SCALANCE S615 Manual page 17

2 UseCases at a Glance
For the reply packets of the two CPUs to find their way back to VLAN2, the IP
address of the SCALANCE S615 (VLAN1) must be entered in the two CPUs as the
gateway.
Process flow (active connection establishment from PC to CPU):
The additional NAT IP addresses 192.168.1.2 and 192.168.1.3 are used by the two
SCALANCE S615 modules.
The PC accesses the local IP address 192.168.1.2 or 192.168.1.3 as the
destination.
Using the definition in its NAT table, the associated SCALANCE S615 replaces the
destination IP address and sends the packet to CPU1 or CPU2.
The source IP address (in this document: 192.168.1.10) is not changed; from the
CPU's perspective, the packet is from a non-local subnet.
That is why the CPU requires an additional entry for the gateway (IP address of the
associated SCALANCE S615 for VLAN1).
In all reply packets from the CPU to the PC, the source IP address 192.168.2.10 is
automatically replaced with 192.168.1.2 or 192.168.1.3.
Advantages
The advantage of the NAT table is that, due to the use of an additional address, all
ports can be forwarded or used.
Disadvantages
The disadvantage is that only active connection establishment from the PC to the
CPU is possible. Furthermore, each plant part requires an additional IP address
from the subnet of VLAN2 and each single one must be configured accordingly.
NAT and firewall rules
The NAT table of the SCALANCE S615 for the first plant part translates packets
from VLAN2 with the destination IP address 192.168.1.2 to the CPU's IP address
192.168.2.10.
Figure 2-9
The NAT table of the SCALANCE S615 for the second plant part is configured
accordingly.
Figure 2-10
NAT_S615
Entry ID: 109744660, V1.1, 08/2017
17