Connection To The Telecontrol Server; Cp As Passive Subscriber Of Vpn Connections; Syslog - Siemens CP 1243-7 LTE Operating Instructions Manual

The CP itself can only communicate with a single communications partner via VPN.
4.11.6.5

Connection to the telecontrol server

No VPN connection between CP and TCSB
For secure communication via a VPN tunnel, the communications partners are assigned to a
common VPN group. The configuration of a VPN connection between CP and TCSB is not
possible because the telecontrol server cannot be configured in STEP 7.
Thanks to the encrypted telecontrol protocol, the connection between the CP and telecontrol
server is already protected.
4.11.6.6

CP as passive subscriber of VPN connections

Setting permission for VPN connection establishment with passive subscribers
If the CP is connected to another VPN subscriber via a gateway, you need to set the
permission for VPN connection establishment to "Responder".
This is the case in the following typical configuration:
VPN subscriber (active) ⇔ gateway (dyn. IP address) ⇔ Internet ⇔ gateway (fixed IP
address) ⇔ CP (passive)
Configure the permission for VPN connection establishment for the CP as a passive
subscriber as follows:
1. In STEP 7, go to the devices and network view.
2. Select the CP.
3. Open the parameter group "VPN" in the local security settings.
4. For each VPN connection with the CP as a passive VPN subscriber, change the default
setting "Initiator/Responder" to the setting "Responder".
4.11.6.7

SYSLOG

Use of SYSLOG only with 1 VPN connection
If you want to use SYSLOG with level 7 (debug) via Vpn connections, this is only possible
with a single established VPN connection.
CP 1243-7 LTE
Operating Instructions, 04/2017, C79000-G8976-C381-03
Configuration
4.11 Security
73