Siemens SIMATIC NET SCALANCE S615 Configuration Manual page 145

Industrial ethernet security web based management

Hide thumbs Also See for SIMATIC NET SCALANCE S615:

Operating instructions manual (68 pages)

Configuration manual (320 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

page of 180

/ 180
Contents
Table of Contents
Bookmarks

Table of Contents

Examples

Example 1

● Type: Source

● Source Interface: vlan1

● Destination Interface: vlan2

● Source IP Subnet: 192.168.1.0/24

● Translated Source IP Subnet: 10.100.1.0/24

● Destination IP Subnet: 10.10.10.0/24

● Translated Destination IP Subnet: -

The rule applies to packets sent from vlan1 (internal) to vlan2 (external). With the packets

that arrive at vlan1 there is a check to establish whether the rule applies.

If the source IP address in the subnet of the sender (Source IP Subnet) and the destination

IP address in the subnet of the recipient (Destination IP Subnet), the source IP address is

replaced by the suitable IP address from the "Translated Source IP Subnet". The subnet part

of the source IP address is changed and the host part remains unchanged. A packet, for

example with the source IP address 192.168.1.102 is changed to 10.100.1.102. For the

devices connected to vlan2 it appears as if the packets were sent from the IP subnet

10.100.1.0/24. This allows for example overlaps of IP subnets to be resolved. The rule is

only specified for the send direction. The retranslation is performed implicitly.

If the rule does not apply, the packets are forwarded without translation.

Example 2:

● Type: Destination

● Source Interface: vlan2

● Destination Interface: vlan1

● Source IP Subnet: 10.10.10.0/24

● Translated Source IP Subnet: -

● Destination IP Subnet: 10.100.1.0/24

● Translated Destination IP Subnet: 192.168.1.0/24

The rule applies to packets sent from vlan2 (external) to vlan1 (internal). With the packets

that arrive at vlan2 there is a check to establish whether the rule applies.

If the source IP address in the subnet of the sender (Source IP Subnet) and the destination

IP address in the subnet of the recipient (Destination IP Subnet), the source IP address is

replaced by the suitable IP address from the "Translated Destination IP Subnet". A packet,

for example with the source IP address 10.10.10.102 is changed to 192.168.1.102. The

devices connected to vlan1 can communicate with the devices connected to vlan2. This

assumes that the corresponding firewall rule is set. The devices connected to vlan2 must

address the devices connected to vlan1 with the virtual IP address from the subnet

10.100.1.0.

SCALANCE S615 Web Based Management

Configuration Manual, 05/2015, C79000-G8976-C388-02

Configuring with Web Based Management

4.7 "Layer 3" menu

145

Table of Contents

Show Quick Links

Quick Links:
Configuration Examples
Ipv4 Address, Subnet Mask and Address...

Hide quick links:

Table of Contents

Siemens SIMATIC NET SCALANCE S615 Configuration Manual page 145

Hide quick links:

Related Manuals for Siemens SIMATIC NET SCALANCE S615

Related Products for Siemens SIMATIC NET SCALANCE S615

Table of Contents