Connection To Control System With Source Nat - Siemens SCALANCE S615 Manual

2 UseCases at a Glance
2.7

Connection to control system with source NAT

Starting situation
Multiple CPUs are to actively establish a connection to the PC. The PC itself has
no gateway entered.
The destination port can be fixed or configurable (S7 connection or TCP/UDP
native).
Figure 2-12
SRC IP:
192.168.1.1
DST IP:
192.168.2.x
SRC IP:
192.168.2.x
DST IP:
192.168.1.10
Requirements
For network separation, the SCALANCE S615 has two VLANs with different
network IDs. As a result, the device has a separate IP address for each VLAN
(in this document: VLAN1: 192.168.2.1 and VLAN2: 192.168.1.1).
In addition, a NAT table is defined in the SCALANCE S615 to translate the CPU's
message frames to a different IP address.
For the message frames of the two CPUs to find their way to VLAN2, the IP
address of the SCALANCE S615 (VLAN1) must be entered in the two CPUs as the
gateway.
Process flow (active connection establishment from CPU to PC):
The destination IP address 192.168.1.10 is not in the local subnet of VLAN1. All
message frames are sent to the gateway (IP address of the SCALANCE S615
(VLAN1)).
NAT_S615
Entry ID: 109744660, V1.1,
VLAN2: 192.168.1.0/24
192.168.1.1
192.168.2.1
CPU: 192.168.2.20
Gateway: 192.168.2.1
VLAN1: 192.168.2.0/24
08/2017
PC:
192.168.1.10
Gateway:
None
CPU: 192.168.2.30
Gateway: 192.168.2.1
22