Table of Contents
Advertisement
Use Cases
F.5
SICAM CMIC with IPSec VPN
Features:
·
Communication with the control system via IEC 60870-104
(Ethernet-Interface X1 or X4 can be set by parameter)
·
1 or 2 IP addresses
·
1 subnet-mask
·
1 default router
·
Network settings | Security | IP Security enabled
Afterwards, the parameters which are required for the configuration of the IPSec connec-
tion, are available under
─ IP security
− ICMP ping reply
− IPSec VPN tunnel 1 enabled
− IPSec VPN tunnel 2 enabled
─ Local site
− Identifier (Local ID)
− VPN client IP-address
− VPN client default gateway
− VPN client subnet mask
─ Remote site 1
− Identifier (Remote ID)
− IP-Address
− Subnet IP-Address
− Subnet mask
─ IKE security associations 1
− Internet key exchange (IKE) Version
− SA lifetime (timeout)
− Auto-selection of authentication & encryption
─ IPSec authentication
− Pre-shared Key
─ IPSec security associations 1
− SA lifetime (timeout)
− SA lifetime (data size limit)
− Auto-selection of authentication & encryption
─ IPSec tunnel supervision by ping 1
− Ping enabled
− Ping cycle time
− Ping peer IP-address
Note for network configuration
· SICAM CMIC and the remote station must be configured in different networks when IPSec VPN is used
· The parameters
are necessary for the SICAM CMIC internal router function
· The certificate SHA256 must be used (obsolete: SHA1).
· In Google Chrome ® the cache must be deleted before the logon with SICAM WEB via https.
· For routing in two channels it is necessary to define both remote stations (Remote site 1 and remote
site 2)
400
Network settings | Security | IP Security
Remote site |Subnet IP-address
=
YES
und
Remote site |Subnet IP-Address
SICAM RTUs, User Manual SICAM CMIC
DC8-001-2.09, Edition 08.2016
.
Advertisement
Table of Contents
