Siemens SINAUT MD741-1 System Manual
  1. Manuals
  2. Brands
  3. Siemens Manuals
  4. Network Router
  5. SINAUT MD741-1
  6. System manual

Siemens SINAUT MD741-1 System Manual

Simatic net egprs/gprs-router
Hide thumbs Also See for SINAUT MD741-1:
Table of Contents

Advertisement

Quick Links

See also: System Manual
EGPRS/GPRS-Router
System manual
Release 4/2008
Preface, Contents
Setup
Local interface
External interface
Security functions
Remote access
Status, log and diagnosis
Technical Data
Applied Standards and
Approvals
Glossary
1
2
3
4
5
6
7
8
9
10
11

Advertisement

Table of Contents
loading

Related Manuals for Siemens SINAUT MD741-1

Summary of Contents for Siemens SINAUT MD741-1

  • Page 1: Table Of Contents

    Preface, Contents SIMATIC NET Applications and functions EGPRS/GPRS-Router Setup SINAUT MD741-1 Configuration System manual Local interface External interface Security functions Remote access Status, log and diagnosis Additional functions Technical Data Applied Standards and Approvals Glossary C79000-G8976-C212 Release 4/2008...

  • Page 2: Release

    Trademarks All names identified by ® are registered trademarks of the Siemens AG. The remaining trademarks in this publication may be trademarks whose use by third parties for their own purposes could violate the rights of the owner.
  • Page 3 The power supply unit to supply the SINAUT MD741-1 must comply with the requirements for a Limited Power Source according to IEC/EN 60950-1 The power supply unit to supply the SINAUT MD741-1 must comply with NEC Class 2 circuits as outlined in the National Electrical Code ® (ANSI/NFPA 70) only.
  • Page 4 0185 (DIN EN 62305) Sections 1 to 4 for buildings with lightning protection, or the standard VDE 0855 (DIN EN 60728-11) in case there is no lightning protection. This work must be carried out by qualified personnel only. SINAUT MD741-1 C79000- G8976-C212...
  • Page 5 Requirements for compliance to Safety, Telecom, EMC and other standards Caution Observe the regulations listed in chapter 12 before putting the SINAUT MD741-1 into operation. Operating costs Caution: GPRS costs Note that data packets exchanged for setting up connections, reconnecting, connect attempts (e.g.
  • Page 6 Firmware with Open Source GPL/LGPL The firmware of the SINAUT MD741-1 includes open Source Software under terms of GPL/LGPL. According to section 3b of GPL and of section 6b of LGPL we provide you the source code. Please write to s_opsource@gmx.net...
  • Page 7 Purpose of this documentation This documentation will support you on your way to successful application of GSM/GPRS modem SINAUT MD741-1. It will introduce you to the topic in clear and straightforward steps and provide you with an overview of the hardware of the SINAUT MD741-1 GSM/GPRS modem.

  • Page 8: Simatic Net

    22550242. Do you still have questions relating to the use of the products described in the manual? If so, then please talk to your local Siemens contact. You will find the addresses in the following sources: On the Internet at: http://www.siemens.com/automation/partner •...
  • Page 9 Access parameters to EGPRS/GPRS ............... 49 EGPRS/GPRS Connection Monitoring.............. 51 Hostname via DynDNS..................53 Security functions ......................57 Packet Filter....................... 57 Port Forwarding ....................62 Advanced security functions................64 Firewall Log ....................... 66 VPN connection ......................67 SINAUT MD741-1 C79000- G8976-C212...
  • Page 10 Technical Data ......................115 Applied Standards and Approvals................119 12.1 Equipment......................119 12.2 EU Declaration of Conformance..............119 12.3 Compliance to FM, UL and CSA ..............121 12.4 Compliance to FCC ..................122 Glossary ........................125 SINAUT MD741-1 C79000- G8976-C212...

  • Page 11: Sinaut Md741-1

    Applications and functions The SINAUT MD741-1 provides a wireless connection to the Internet or to a private network. The SINAUT MD741-1 can provide this connection in any location where a GSM network (Global System for Mobile Communication = mobile phone network) is available which provides the services EGPRS (Enhanced General Packet Radio Service = EDGE) or GPRS (General Packet Radio Service).

  • Page 12: Configuration

    Applications and functions Application examples of the SINAUT MD741-1 S7-300 Central Station ST7cc MD741-1 VPN-Router DSL-Modem INTERNET (E-)GPRS VPN-Tunnel Figure 1-1 Connection between CPU and Central Station Central Station ST7cc MD741-1 VPN-Tunnel DSL-Modem VPN-Router Logical connection INTERNET (E-)GPRS MD741-1 VPN-Tunnel...

  • Page 13: Additional Functions

    (E-)GPRS Web browser PC with Web browser Figure 1-3 Configuration Firewall functions The SINAUT MD741-1 provides the following firewall functions in order to protect the local network and itself from external attacks: Stateful inspection firewall ● Anti-spoofing ● Port forwarding ●...
  • Page 14 Applications and functions SINAUT MD741-1 C79000- G8976-C212...

  • Page 15: Setup

    Connect a PC with a Web browser (Admin PC) to the local interface (X2) of the SINAUT MD741-1. Using the Web user interface of the SINAUT MD741-1, enter the PIN (Personal Identification Number) of the SIM card. Disconnect the SINAUT MD741-1 from the power supply.

  • Page 16: Preconditions For Operation

    Setup Preconditions for operation In order to operate the SINAUT MD741-1, the following information must be on hand and the following preconditions must be fulfilled: Antenna An antenna, adapted to the frequency bands of the GSM network operator you have chosen: 850 MHz, 900 MHz, 1800 MHz or 1900 MHz. Use only antennas from the accessories for the SINAUT MD741-1.

  • Page 17: Device Front

    Operating elements Service button (SET) On the front side of the SINAUT MD741-1 there is a small hole (see B) which is SET marked and has a button behind it. Use a pointed object, e.g. a straightened- out paperclip, to press this button.

  • Page 18: Operating State Indicators

    Setup Operating state indicators The SINAUT MD741-1 has 7 indicator lamps (LEDs) to indicate the operating state. The 3 indicator lamps on the left-hand side of the device indicate the state of the EGPRS wireless modem: State Meaning Flashing slowly...

  • Page 19: Connections

    Ethernet interface for remote monitoring, or a notebook or desktop PC. To set up the SINAUT MD741-1, connect the Admin PC with Web browser here. The interface supports autonegation. It is thus detected automatically whether a transmission speed of 10 Mbit/s or 100 Mbit/s is used on the Ethernet.
  • Page 20 Power supply Figure 2-2 Screw terminals The SINAUT MD741-1 operates with direct current of from 12-30 V DC, nominally 24 V DC. This power supply is connected at the screw terminals on the left-hand side of the device. Connect the positive supply voltage to one or both screw terminals marked 24V and the negative supply voltage to one or both screw terminals marked 0V.

  • Page 21: Inserting The Sim Card

    When the button is pressed the SIM card drawer comes out of the housing. 3. Place the SIM card in the drawer so that its gold-plated contacts remain visible. 4. Then push the drawer with the SIM card completely into the housing. SINAUT MD741-1 C79000- G8976-C212...

  • Page 22: Top Rail Mounting

    Doing so could damage the SIM card and the SINAUT MD741-1. Top rail mounting The SINAUT MD741-1 is suitable for top-hat rail mounting on DIN EN 50022 rails. A corresponding bracket can be found at the rear of the device.

  • Page 23: Configuration

    ● either connected directly to the Ethernet jack of the SINAUT MD741-1 via a network cable or it must have direct access to the SINAUT MD741-1 via the local network. The network adapter of the computer (Admin PC) that you use to carry out ●...

  • Page 24: Tcp/Ip Configuration Of The Network Adapter In Windows Xp

    The path leading to the dialog box Properties of LAN Connection depends on your Windows settings. If you are not able to find this dialog box, search in the Windows Help function for LAN Connection or Properties of Internet Protocol (TCP/IP). Figure 3-1 Properties of Windows Internet Protocol SINAUT MD741-1 C79000- G8976-C212...

  • Page 25: Establishing A Configuration Connection

    You can define the following as the domain name server: The DNS address of the network operator, ● The local IP address of the SINAUT MD741-1, as long as it is configured for ● breaking out host names into IP addresses (see Chapter 4.3;...
  • Page 26 Configuration Calling up the start page of the SINAUT MD741-1 3. In the address line of the browser, enter the address of the SINAUT MD741-1 in full. In the factory settings this is: https://192.168.1.1 Result: A security message appears. In Internet Explorer 7, for example, this...
  • Page 27 If after several tries the browser still reports that the page cannot be displayed, try the following: Check the hardware connection. On a Windows computer, go to the DOS ● prompt (Menu Start, Programs, Accessories, Command Prompt) and enter the following command: ping 192.168.1.1 SINAUT MD741-1 C79000- G8976-C212...

  • Page 28: Start Page Of The Web User Interface

    Start page of the Web user interface After the Web user interface of the SINAUT MD741-1 is called up and the user name and password are entered, an overview of the current operating state of the SINAUT MD741-1 appears.
  • Page 29 No connection to the GSM network ● Assigned IP address Shoes the IP address at which the SINAUT MD741-1 can be reached in EGPRS or GPRS. This IP address is assigned to the SINAUT MD741-1 by EGPRS or GPRS. Note...
  • Page 30 Configuration Remote HTTPS Shows whether remote access to the Web user interface of the SINAUT MD741-1 via EGPRS, GPRS or CSD is permitted (see Chapter 8.1). White check mark at green dot: Access is allowed. ● White cross at red dot: Access is not allowed.

  • Page 31: Language Selection

    Configuration Language selection The Web user interface of the SINAUT MD741-1 supports English and German language. Figure 3-5 Language selection Automatic The SINAUT MD741-1 selects the language of the Web user interface in accordance to the selected language of the used Web browser: German, if the Web browser uses the German language, ●...

  • Page 32: Configuration Procedure

    Figure 3-6 Configuration Note Depending on how you configure the SINAUT MD741-1, you may then have to adapt the network interface of the locally connected computer or network accordingly. When entering IP addresses, always enter the IP address component numbers without leading zeros, e.g.: 192.168.0.8.

  • Page 33: Configuration Profiles

    Configuration Configuration Profiles The settings of the SINAUT MD741-1 can be saved in configuration profiles (files) and re-loaded at any time. Figure 3-8 Maintenance > Configurations Profiles Upload Profile Loads to the SINAUT MD741-1 a configuration profile that was created before and saved on the Admin PC.

  • Page 34: Changing The Password

    The profile Default configuration contains the factory settings, and cannot be deleted. Changing the password Access to the SINAUT MD741-1 is protected by an access password. This access password protects access both via the local interface to the Web user interface, and ●...

  • Page 35: Reboot

    Reset can be used to discard any entries that have not yet been saved. Save accepts the new password. Reboot Although the SINAUT MD741-1 is designed for continuous operation, in such a complex system faults may occur, often triggered by external influences. A reboot can rectify these faults.
  • Page 36 The reboot is carried out automatically once a day if you switch the function on with Yes. Specify the Time of the daily reboot. The reboot will be carried out at the specified system time. Existing connections will be interrupted. Factory setting Enable daily reboot: Time of the daily reboot: 01:00 SINAUT MD741-1 C79000- G8976-C212...

  • Page 37: Load Factory Settings

    Configuration Load factory settings The factory settings of the SINAUT MD741-1 can be restored by the following means: Figure 3-11 Maintenance > Factory Reset Reset to factory settings A click on the push button Reset loads the factory settings, resets the passwords and deletes the stored certificates, the configuration profiles and the archived log files.
  • Page 38 Configuration SINAUT MD741-1 C79000- G8976-C212...

  • Page 39: Local Interface

    Local interface The local interface is the interface of the SINAUT MD741-1 for connecting the local network. The interface is labeled X2 on the device. This is an Ethernet interface with a data rate of 10Mbit/s or 100Mbit/s. The Local network is the Network connected to the local interface of the SINAUT MD741-1.
  • Page 40 Admin PC Figure 4-2 Local interface You can define additional addresses at which the SINAUT MD741-1 can be reached by local applications. This is useful, for example, when the local network is subdivided into subnetworks. Then multiple local applications from different subnetworks can reach the SINAUT MD741-1 under various addresses.

  • Page 41: Dhcp Server To Local Network

    DHCP function on local interface Figure 4-4 Local Network > Basic Settings > Local IPs Start DHCP server Start DHCP server – Yes switches on the DHCP server of the SINAUT MD741-1; No switches it off. SINAUT MD741-1 C79000- G8976-C212...
  • Page 42 Here enter the DNS server that should be assigned to the local applications. Enable dynamic IP address pool With Yes the IO addresses that the DHCP server of the SINAUT MD741-1 assigns are drawn from a dynamic address pool. With No the IP addresses must be assigned to the MAC addresses of the local application under Static Leases.

  • Page 43: Dns To Local Network

    The SINAUT MD741-1 provides a domain name server (DNS) to the local network. If you enter the IP address of the SINAUT MD741-1 in your local application as the domain name server (DNS), then the SINAUT MD741-1 answers the DNS queries from its cache.
  • Page 44 DNS addresses. These are then used. Root Nameserver Queries are directed to the root nameservers on the Internet whose IP addresses are stored in the SINAUT MD741-1. Select this setting only if the alternative settings do not work. User Defined As the user you select your preferred DNS.

  • Page 45: Local Hostname

    To do this, define a host name, e.g. MD741. Figure 4-7 Local Network > Basic Settings > DNS The SINAUT MD741-1 can then be called up, for example from a Web browser as MD741. Note The security concept of the SINAUT MD741-1 requires the creation of an outgoing firewall rule for each local application that is to use this hostname function.

  • Page 46: System Time/Ntp

    Local interface System Time/NTP This is where you set the system time for the SINAUT MD741-1. This system time used as a time stamp for all log entries, and ● serves as a time basis for all time-controlled functions. ●...
  • Page 47 To activate this function select Yes. The NTP time server in the SINAUT MD741-1 can be reached via the local IP address set for the SINAUT MD741-1, see Chapter 4.1. Factory setting...

  • Page 48: Additional Internal Routes

    IP address of the gateway via which the subnet is connected. ● You can define any desired number of internal routes. To delete an internal route, click on Delete. Factory setting The factory settings for the SINAUT MD741-1 are as follows: Additional Internal Routes Default for new routes: Network: 192.168.2.0/24 Gateway: 192.168.0.254...

  • Page 49: External Interface

    External interface The external interface of the SINAUT MD741-1 connects the SINAUT MD741-1 to the external network. EGPRS, GPRS or GSM are used for the communication at this interface. External networks are the Internet or a private intranet. External remote stations are network components in an external network, e.g. Web servers on the Internet, routers on an intranet, a central company server, an Admin PC, and much more.
  • Page 50 Enter the PIN for your SIM card here. You will receive the PIN from your network operator. The SINAUT MD741-1 also works with SIM cards that have no PIN; in this case enter NONE. In this case the input box is left empty.

  • Page 51: Egprs/Gprs Connection Monitoring

    EGPRS or GPRS and to the connected external networks, such as the Internet or an intranet. To do this, the SINAUT MD741-1 sends ping packets (ICMPs) to up to four remote stations (target hosts) at regular intervals. This takes place independently of the user data connections.
  • Page 52 Enable connection check Yes activates the function. Ping Targets – Hostname Select up to four remote stations that the SINAUT MD741-1 can ping. The remote stations must be available continuously and must answer pings. Note Make sure that the selected remote stations will not be disturbed.

  • Page 53: Hostname Via Dyndns

    Internet under a hostname (e.g. myHost.org), even if these applications do not have a fixed IP address and the hostname is not registered. If you log the SINAUT MD741-1 on to a DynDNS service, you also can reach the SINAUT MD741-1 from external network under a hostname, e.g.
  • Page 54 Figure 5-5 DynDNS Function Figure 5-6 External Network > DynDNS Log this SINAUT MD741-1 on to a DynDNS server Select Yes if you want to use a DynDNS service. DynDNS provider The SINAUT MD741-1 is compatible to dyndns.org. DynDNS username / password Enter here the username and the password that authorise you to use the DynDNS service.
  • Page 55 Here enter the hostname that you have agreed with your DynDNS provider for the SINAUT MD741-1, e.g. myMD741.dyndns.org. Factory setting The factory settings for the SINAUT MD741-1 are as follows: Log the MD741-1 on to DynDNS server No (switched off)
  • Page 56 External interface SINAUT MD741-1 C79000- G8976-C212...

  • Page 57: Security Functions

    ● It is different for a SINAUT MD741-1 with a stateful inspection firewall. Here a firewall rule is only created for the query direction from the source to the destination.
  • Page 58 (e.g. the Internet) via EGPRS or GPRS. The source is the sender of this IP packet. The destination is the local applications on the SINAUT MD741-1. In the factory setting, no incoming firewall rule is set initially, i.e. no IP packets can go through.
  • Page 59 Enter the IP address of the local application that is allowed to send IP packets to the external network. Do this by specifying the IP address or an IP range for the local application. 0.0.0.0/0 means all addresses. To specify a range, use the CIDR notation - see the Glossary. SINAUT MD741-1 C79000- G8976-C212...
  • Page 60 - set Log to No (factory setting) ● The log is kept in the firewall log, see Chapter 6.4. Log Unknown Connection Attempts This logs all connection attempts that are not covered by the defined rules. SINAUT MD741-1 C79000- G8976-C212...
  • Page 61 Security functions Factory setting The factory settings for the SINAUT MD741-1 are as follows: Incoming firewall Firewall Rules (Incoming) - (Everything blocked) Protocol From IP 0.0.0.0/0 From port To IP 0.0.0.0/0 To port Action Accept No (switched off) Log Unknown Connection Attempts...

  • Page 62: Port Forwarding

    If a rule has been created for port forwarding, then data packets received at a defined IP port of the SINAUT MD741-1 from the external network will be forwarded. The incoming data packets are then forwarded to a specified IP address and port number in the local network.
  • Page 63 - set Log to No (factory setting) ● The log is kept in the firewall log, see Chapter 6.4. Factory setting The factory settings for the SINAUT MD741-1 are as follows: Forwarding Rules Protocol Destination port Forward to IP 127.0.0.1...

  • Page 64: Advanced Security Functions

    Security functions Advanced security functions The advanced security functions serve to protect the SINAUT MD741-1 and the local applications against attacks. For protective purposes it is assumed that only a certain number of connections or received PING packets are permissible and desirable in normal operation, and that a sudden burst represents an attack.
  • Page 65 External ICMP to the SINAUT MD741-1 You can use this option to affect the response when ICMP packets are received that are sent from the external network in the direction of the SINAUT MD741-1. You have the following options: Drop: All ICMP packets to the SINAUT MD741-1 are discarded.

  • Page 66: Firewall Log

    The application of individual firewall rules is recorded in the firewall log. To do this, the LOG function must be activated for the various firewall functions. Figure 6-4 Security > Firewall Log Caution The firewall log is lost in the event of a reboot. SINAUT MD741-1 C79000- G8976-C212...

  • Page 67: Vpn Connection

    VPN connection The SINAUT MD741-1 can connect the local network to a friendly remote network via a VPN tunnel. The IP data packets that are exchanged between the two networks are encrypted, and are protected against unauthorised tampering by the VPN tunnel. This means that even unprotected public networks like the Internet can be used to transfer data without endangering the confidentiality or integrity of the data.
  • Page 68 VPN connection For the VPN tunnel, the SINAUT MD741-1 uses the IPsec method in tunnel mode. In this method the IP data packets to be transmitted are completely encrypted and provided with a new header before they are sent to the remote station's VPN gateway.

  • Page 69: Vpn Roadwarrior Mode

    IP address or the hostname of the remote station. Figure 7-3 IPsec VPN > Connections Set the SINAUT MD741-1 up in accordance with what has been agreed with the system administrator of the remote station. SINAUT MD741-1 C79000- G8976-C212...
  • Page 70 Figure 7-4 IPsec VPN > Connection Settings Function Set the SINAUT MD741-1 up in accordance with what has been agreed with the system administrator of the remote station. Authentication method Select the authentication method in accordance with what you have agreed with the system administrator of the remote station.
  • Page 71 Remote certificate If you have selected X.509 certificate as the authentication method, then a list of the remote certificates that you have already loaded into the SINAUT MD741-1 is displayed here. Select the certificate for the VPN connection. Remote ID, Local ID The Local ID and the Remote ID are used by IPsec to identify the remote stations uniquely when establishing the VPN connection.
  • Page 72 Roadwarrior Mode Edit IKE Here you can define the properties of the VPN connection according to your requirements and what you have agreed with the system administrator of the remote station. Figure 7-5 IPsec VPN > IKE bearbeiten SINAUT MD741-1 C79000- G8976-C212...
  • Page 73 VPN connection ISAKMP-SA encryption, IPsec-SA encryption Agree with the administrator of the remote station which encryption method will be used for the ISAKMP-SA and the IPsec-SA. The SINAUT MD741-1 supports the following methods: 3DES-168 ● AES-128 ● AES-192 ● AES-256 ●...
  • Page 74 It may therefore be necessary to encapsulate the IPsec data packets in UDP packets so that they can go through the NAT router. If the SINAUT MD741-1 detects a NAT router that does not let the IPsec data packets through, then UDP encapsulation is started automatically.
  • Page 75 VPN connection Dead peer detection is switched on. Independently of the transmission of user data, the SINAUT MD741-1 detects if the connection is lost, in which case it waits for the connection to be re-established by the remote stations. Dead peer detection is switched off.

  • Page 76: Vpn Ipsec Standard Mode

    (Enabled = No) each individual connection. You can use New to add additional VPN connections, Edit Settings and Advanced Settings to set them up, and Delete to remove a connection. Figure 7-6 IPsec VPN > Connections SINAUT MD741-1 C79000- G8976-C212...
  • Page 77 IPsec VPN > Connection Settings Connection name Give the new connection a connection name here. Remote host Specify the address of the remote station here, either as a hostname (e.g. myadress.com) or as an IP address. SINAUT MD741-1 C79000- G8976-C212...
  • Page 78 Chapter 7.3. CA certificate The public keys are exchanged between the SINAUT MD741-1 and the remote station's VPN gateway via the data connection when the VPN connection is established. Manual exchange of the key files is not necessary.
  • Page 79 If you have loaded a Scalance S certificate, by clicking the Scalance S button, you can load the Remote ID from the certificate. Wait for remote connection The SINAUT MD741-1 waits for the VPN gateway of the remote network to initiate establishment of the VPN connection. The SINAUT MD741-1 initiates establishment of the connection.
  • Page 80 See Chapter 7.4 VPN Standard Mode - Edit IKE Here you can define the properties of the VPN connection according to your requirements and what you have agreed with the system administrator of the remote station. SINAUT MD741-1 C79000- G8976-C212...
  • Page 81 Figure 7-10 IPsec > IKE Settings ISAKMP-SA encryption, IPsec-SA encryption Agree with the administrator of the remote station which encryption method will be used for the ISAKMP-SA and the IPsec-SA. The SINAUT MD741-1 supports the following methods: 3DES-168 ● AES-128 ●...
  • Page 82 The keys for an IPsec connection are renewed at certain intervals in order to increase the effort required to attack an IPsec connection. Specify the lifetime (in seconds) of the keys agreed on for the ISAKMP-SA and IPsec-SA. The lifetime can be defined differently for ISAKMP-SA and IPsec-SA. SINAUT MD741-1 C79000- G8976-C212...
  • Page 83 It may therefore be necessary to encapsulate the IPsec data packets in UDP packets so that they can go through the NAT router. If the SINAUT MD741-1 detects a NAT router that does not let the IPsec data packets through, then UDP encapsulation is started automatically.
  • Page 84 DPD requests. DPD – maximum failures Number of failed attempts permitted before the IPsec connection is considered to be interrupted. Factory setting The factory settings for the SINAUT MD741-1 are as follows: Name NewConnection Enabled No (switched off)

  • Page 85: Loading Vpn Certificates

    Here load key files (*.pem, *.cer or *.crt) with remote certificates and public key from remote stations into the SINAUT MD741-1. To do this, the files must be saved on the Admin PC. A remote certificate is only required for the authentication method with X.509 certificate.
  • Page 86 SINAUT MD741-1 C79000- G8976-C212...

  • Page 87: Firewall Rules For Vpn Tunnel

    The user interface for setting up the firewall rules for VPN tunnels can be found under IPsec VPN > Connections: Figure 7-12 IPsec > Connection Settings IPsec VPN – Edit Firewall Rules Figure 7-13 IPsec > Edit Firewall Rules SINAUT MD741-1 C79000- G8976-C212...

  • Page 88: Advanced Settings For Vpn Connections

    If NAT-T is enabled (cf. Chapter 7.2), then keepalive data packets will be sent periodically by the SINAUT MD741-1 through the VPN connection. The purpose of this is to prevent a NAT router between the SINAUT MD741-1 and the remote station from interrupting the connection during idle periods without data traffic.
  • Page 89 VPN connection Phase 1 timeout (seconds) The Phase 1 timeout determines how long the SINAUT MD741-1 waits for completion of an authentication process of the ISAKMP-SA. If the set timeout is exceeded, the authentication will be aborted and restarted. Here you change the timeout.

  • Page 90: Status Of The Vpn Connections

    (SA) has been successfully established- A white cross on a red dot indicates that the Security Association does not exist. Download VPN protocol This function can be used to download the VPN protocol file to the Admin PC. SINAUT MD741-1 C79000- G8976-C212...

  • Page 91: Remote Access

    HTTPS remote access The HTTPS remote access (= HyperText Transfer Protocol Secure) allows secure access to the Web user interface of the SINAUT MD741-1 from an external network via EGPRS, GPRS or CSD. Configuration of the SINAUT MD741-1 via the HTTPS remote access then takes place exactly like configuration via a Web browser via the local interface (see chapter 3).
  • Page 92 IP address when specifying the address. Example: If this SINAUT MD741-1 can be accessed via the Internet using the address 192.144.112.5, and if port number 442 has been defined for the remote access, then the following must be specified in the Web browser at the external remote station: https://192.144.112.5:442...

  • Page 93: Ssh Remote Access

    The SSH remote access (= Secured SHell) allows secure access to the file system of the SINAUT MD741-1 from an external network via EGPRS, GPRS or CSD. To do this, a connection must be established using an SSH-capable program from the external remote station to the SINAUT MD741-1.
  • Page 94 Remote access Enable SSH remote access Access to the file system of the SINAUT MD741-1 from the external network via SSH is allowed. Access via SSH is not allowed. SSH remote access port Default: 22 (factory setting) You can define a different port. However, if you have defined a different port, then the external remote station conducting the remote access must specify the port number defined here in front of the IP address when specifying the address.

  • Page 95: Remote Access Via Dial-In Connection

    SINAUT MD741-1 via a dial-in data connection (CSD = Circuit Switched Data). To do this, call the SINAUT MD741-1 at the data call number using an analogue modem, or at the voice or data call number of its SIM card using a GSM modem.
  • Page 96 The telephone connection must support Calling Line Identification Presentation (CLIP), and this function must be activated. The call number entered in the SINAUT MD741-1 must be exactly the same as the call number reported, any may also have to include the country code and prefix, e.g.
  • Page 97 Adds a new approved call number for CSD remote access that you can then fill out. Delete Removes a firewall rule for CSD remote access. Factory setting The factory settings for the SINAUT MD741-1 are as follows: Enable CSD dial-in No (switched off) PPP username...
  • Page 98 Remote access SINAUT MD741-1 C79000- G8976-C212...

  • Page 99: Status, Log And Diagnosis

    Status, log and diagnosis System status display The System-Status gives an overview about the current operating status of the SINAUT MD741-1. Figure 9-1 System > Status Note Use the Refresh function of the Web browser to update the displayed values.
  • Page 100 Status, log and diagnosis Current system time Shows the current system time of the SINAUT MD741-1 in the format: Year – Month – Day, Hours – Minutes Connection Shows if a wireless connection exists, and which one: EDGE connection (IP connection via EGPRS) ●...
  • Page 101 Status, log and diagnosis Assigned IP address Shoes the IP address at which the SINAUT MD741-1 can be reached in EGPRS or GPRS. This IP address is assigned to the SINAUT MD741-1 by the EGPRS or GPRS service. Signal (CSQ level) Indicates the strength of the GSM signal as a CSQ value.
  • Page 102 The counter is reset when the factory settings are loaded. Remote HTTPS Shows whether remote access to the Web user interface of the SINAUT MD741-1 via EGPRS or GPRS is permitted. White check mark at green dot: Access is allowed.

  • Page 103: Log

    ● and operating messages ● The log is saved to the log archive of the SINAUT MD741-1 when a file size 1 MByte, is reached, but after 24 hours at the latest. Download current logfile Download - the current log is loaded to the Admin PC. You can select the directory to save the file to, and can view the file there.
  • Page 104 STAT = 3 = Login rejected STAT = 5 = Logged in to third-party network (roaming) Column E: Indication of the network operator identification with the 3-digit country code (MCC) and the 2-3-digit network operator code (MNC). SINAUT MD741-1 C79000- G8976-C212...

  • Page 105: Remote Logging

    TX, RX (IP packets transmitted since the last factory settings reboot) ● Remote logging The SINAUT MD741-1 can transfer the system log once per day via FTP (= File Transfer Protocol) to an FTP server. The current system log and the system log files in the archive are transferred. After successful transfer the transferred logs are deleted in the SINAUT MD741-1.
  • Page 106 The address can be specified as a hostname (e.g. ftp.server.de) or as an IP address. Username Specifies the username for logging in to the FTP server. Password Specifies the password for logging in to the FTP server. SINAUT MD741-1 C79000- G8976-C212...

  • Page 107: Snapshot

    The service snapshot downloads important log files and current device settings that could be important for fault diagnosis and saves them in a file. If you contact our Hotline in the event of a problem with the SINAUT MD741-1, in many cases they will ask you for the snapshot file.
  • Page 108 The service snapshot downloads important log files and current device settings that could be important for fault diagnosis and saves them in a file. If you contact our Hotline in the event of a problem with the SINAUT MD741-1, in many cases they will ask you for the snapshot file.

  • Page 109: Hardware Information

    Status, log and diagnosis Hardware information Shows important information for hardware identification. This information is often needed in the event of queries to our Hotline. Figure 9-5 Maintenance > Hardware info SINAUT MD741-1 C79000- G8976-C212...

  • Page 110: Software Information

    Software information Shows important information for software identification. This information is often needed in the event of queries to our Hotline. Planned updates are additionally shown. See also Chapter 10.2. Figure 9-6 Maintenance > Software info SINAUT MD741-1 C79000- G8976-C212...

  • Page 111: Additional Functions

    Additional functions 10.1 Alarm SMS The SINAUT MD741-1 can transmit short alarm messages via the SMS (= Short Message Service) of the GSM network. Two events can trigger transmission of an alarm message via SMS: Event 1: No GPRS connection ●...

  • Page 112: Software Update

    After that the actual update process begins, which is indicated by the LEDs lighting up in sequence. The settings of the SINAUT MD741-1 will be accepted insofar as the settings still have the same effect in the new software version as they did before the update.
  • Page 113 Specify the Year – Month – Day – Hour – Minute. Select update file Use Browse to select the file, which includes the new operating software, for example: MD741_v1.024-v1.027.tgz Load the firmware to the device with Open. SINAUT MD741-1 C79000- G8976-C212...
  • Page 114 Additional functions Submit With Submit the operating software is either activated immediately or the operating software is activated at the specified time. SINAUT MD741-1 C79000- G8976-C212...

  • Page 115: Technical Data

    GPRS Multislot Class 8 (1Tx) from GPRS Multislot Class 10 (2Tx slots) to GPRS Multislot Class 8 (1Tx) CSD / MTC V.110, RLP, non-transparent 2.4, 4.8, 9.6, 14.4kbps SMS (TX) Point to point, MO (outgoing) SINAUT MD741-1 C79000- G8976-C212...
  • Page 116 4.0 W typical at 24 V 4.5 W typical at 30 V Current See table below. consumption Input current [mA] characteristic at 12V Burst 1400 1200 1000 [ms] 4,62ms burst repeat rate [mA] at 24V Burst [ms] 4,62ms burst repeat rate SINAUT MD741-1 C79000- G8976-C212...
  • Page 117 [mA] [mA] [mA] [mA] Operating mode 1000 GSM-CSD 1260 EGPRS / GPRS Measured at GSM900 Power Level 5 (33dBm transmitting power) Measured at GSM900 Power Level 10 (23dBm transmitting power) USB port not used SINAUT MD741-1 C79000- G8976-C212...
  • Page 118 Technical Data SINAUT MD741-1 C79000- G8976-C212...

  • Page 119: Applied Standards And Approvals

    Applied Standards and Approvals Applied Standards and Approvals 12.1 Equipment Product name SINAUT MD741-1 Manufacturer Siemens Aktiengesellschaft, Industry Automation Intended purpose (E-)GPRS-VPN-Router for industrial application 12.2 EU Declaration of Conformance Marking Applied European directives When used within the intended purpose, the equipment is compliant to the...
  • Page 120 Telecommunication equipment, Radio equipment, Device class 1 irective (LVD) 2006/95/EC Applied standards EN 60950:2006 ● Directive 2004/108/EC (EMC) Applied standards EN55022: 2006 Limit A ● EN55024:1998 + A1 : 2001 + A2 : 2003 ● EN61000-6-2: 2001 ● SINAUT MD741-1 C79000- G8976-C212...

  • Page 121: Compliance To Fm, Ul And Csa

    Applied Standards and Approvals Warning The SINAUT MD741-1 is a Class A device. This device can cause radio interference in residential areas; in this case the user may be required to take appropriate measures. Directive 94/9/EC (ATEX) – Approval pending – applied for approval...

  • Page 122: Compliance To Fcc

    • UL 60950, 1st edition • CSA C22.2 No.60950 12.4 Compliance to FCC Approval pending – applied for approval Marking SINAUT MD741-1 FCC ID: LYHMD741-1 contains MC75 FCC ID: QIPMC75 Applied standards FCC Part 15 ● FCC Part 15.19 ●...
  • Page 123 You may only use the SINAUT MD741-1 with an antenna of the SINAUT MD741-1 accessory program. The installation of the SINAUT MD741-1 and the antenna as well as servicing is to be performed by qualified technical personnel only. When servicing the antenna, or working at distances closer than those listed below, ensure the transmitter has been disabled.
  • Page 124 RF exposure compliance. Antennas used for this OEM module must not exceed 4.4dBi gain (GSM 1900) and 2.9dBi (GSM 850) for mobile and fixed operating configurations. This device is approved as a module to be installed in other devices. SINAUT MD741-1 C79000- G8976-C212...

  • Page 125: Glossary

    Internet or a private company network that is connected via a dedicated line. The APN designates the transfer point to the other network. It is communicated to the user by the network operator. SINAUT MD741-1 C79000- G8976-C212...
  • Page 126 Netmask: 255.255.255.0 Additional internal routes Network A is connected to the SINAUT MD741-1 and via it to a remote network. Additional internal routes show the path to additional networks (networks B, C), which are connected to each other via gateways (routers). For the SINAUT MD741-1, in the example shown networks B and C can both be reached via gateway 192.168.11.2 and...
  • Page 127 This method is described in RFC 1518. In order to specify a range of IP addresses to the SINAUT MD741-1, or when configuring the firewall, it may be necessary to specify the address space in the CIDR notation.
  • Page 128 In data communication, a computer that establishes a connection to a server (or host) is also referred to as a client. That means that the client is the computer that is calling and the server (or host) is the one being called. SINAUT MD741-1 C79000- G8976-C212...
  • Page 129 (source port) • the port of the recipient (destination port) • a checksum for the TCP Header and a few items of information from the IP Header (source and destination IP addresses, etc.) SINAUT MD741-1 C79000- G8976-C212...
  • Page 130 IP address the computer has at the moment. Its domain name server registers the current hostname - IP address assignment and reports this to other domain name servers in the Internet. If now an external computer wants to establish a connection with a SINAUT MD741-1 C79000- G8976-C212...
  • Page 131 An IP address has 2 parts: the network address and the host address. All hosts of a network have the same network address, but different host addresses. Depending on the size of the network in question - a SINAUT MD741-1 C79000- G8976-C212...
  • Page 132 The Tunnel Mode is used in the VPN: the devices at the tunnel ends perform the encryption and decryption of the datagrams, while the datagrams themselves remain completely protected as they pass through the tunnel, i.e. during transmission via a public network. SINAUT MD741-1 C79000- G8976-C212...
  • Page 133 UDP/TCP and the application processes takes place via these port numbers. The assignment of port numbers to application processes is performed dynamically and randomly. Fixed port numbers are assigned for certain frequently-used application processes. These are called Assigned Numbers. SINAUT MD741-1 C79000- G8976-C212...
  • Page 134 Anti-spoofing means mechanisms to reveal or prevent spoofing. SSH (Secure Shell) is a protocol that enables secure, encrypted data exchange between computers. Secure SHell is used for remote access to the input console from LINUX-based machines. SINAUT MD741-1 C79000- G8976-C212...
  • Page 135 With symmetrical encryption the data are encrypted and decrypted Symmetrical using the same key. Examples of symmetrical encryption algorithms encryption are DES and AES. These are fast, but require complex administration as the number of users increases. SINAUT MD741-1 C79000- G8976-C212...
  • Page 136 (subnets) via a public network, e.g. the Internet, to form a Network) shared network. Confidentiality and authenticity are ensured by using cryptographic protocols. A VPN therefore provides an inexpensive alternative to dedicated lines when it comes to setting up a supraregional corporate network. SINAUT MD741-1 C79000- G8976-C212...
  • Page 137 Involving certification authorities means that not every key owner needs to know the other one, but only the certification authority used. The additional key information also simplifies the administrability of the key. X.509 certificates are employed, e.g. in e-mail encryption, using S/MIME or IPsec. SINAUT MD741-1 C79000- G8976-C212...

Table of Contents