1. Manuals
  2. Brands
  3. Siemens Manuals
  4. Control Unit
  5. SIMATIC NET CP 1243-1 DNP3
  6. Configuration manual

Establishment Of Vpn Tunnel Communication Between The Cp And Scalance M; Cp As Passive Subscriber Of Vpn Connections - Siemens SIMATIC TeleControl DNP3 Configuration Manual

Hide thumbs Also See for SIMATIC TeleControl DNP3:
Table of Contents

Advertisement

Configuration
3.17 Security (CP) and certificates
VPN tunnel communication works only if the internal node is disabled
Under certain circumstances the establishment of VPN tunnel communication between
SOFTNET Security Client and the CP fails.
SOFTNET Security Client also attempts to establish VPN tunnel communication to a lower-
level internal node. This communication establishment to a non-existing node prevents the
required communication being established to the CP.
To establish successful VPN tunnel communication to the CP, you need to disable the
internal node.
Use the procedure for disabling the node as explained below only if the described problem
occurs.
Disable the node in the SOFTNET Security Client tunnel overview:
1. Remove the checkmark in the "Enable active learning" check box.
The lower-level node initially disappears from the tunnel list.
2. In the tunnel list, select the required connection to the CP.
3. With the right mouse button, select "Enable all members" in the shortcut menu.
The lower-level node appears again temporarily in the tunnel list.
4. Select the lower-level node in the tunnel list.
5. With the right mouse button, select "Delete entry" in the shortcut menu.
Result: The lower-level node is now fully disabled. VPN tunnel communication can be
established.
3.17.4.4

Establishment of VPN tunnel communication between the CP and SCALANCE M

Create a VPN tunnel between the CP and a SCALANCE M router as described for the
stations.
VPN tunnel communication will only be established if you have selected the check box
"Perfect Forward Secrecy" in the global security settings of the created VPN group ("VPN
groups > Authentication").
If the check box is not selected, the CP rejects establishment of the tunnel.
3.17.4.5

CP as passive subscriber of VPN connections

Setting permission for VPN connection establishment with passive subscribers
If the CP is connected to another VPN subscriber via a gateway, you need to set the
permission for VPN connection establishment to "Responder".
This is the case in the following typical configuration:
VPN subscriber (active) ⇔ gateway (dyn. IP address) ⇔ Internet ⇔ gateway (fixed IP
address) ⇔ CP (passive)
80
Configuration Manual, 11/2018, C79000-G8976-C508-01
Configuration - DNP3
Show Quick Links

Hide quick links:

Advertisement

Table of Contents
loading

Related Manuals for Siemens SIMATIC TeleControl DNP3

Related Content for Siemens SIMATIC TeleControl DNP3

Table of Contents