Vpn Communication With Softnet Security Client (Pc / Engineering Station); Cp As Passive Subscriber Of Vpn Connections - Siemens SIMATIC S7-1200 CP 1243-8 IRC Operating Instructions Manual

For telecontrol
Hide thumbs Also See for SIMATIC S7-1200 CP 1243-8 IRC:
Table of Contents

Advertisement

4.16.8.4

VPN communication with SOFTNET Security Client (PC / engineering station)

Setting up VPN tunnel communication between the SOFTNET Security Client and CP has
essentially same requirements and procedure as described in the section Creating a VPN
tunnel for S7 communication between stations (Page 113).
VPN tunnel communication works only if the internal node is disabled
Under certain circumstances the establishment of VPN tunnel communication between
SOFTNET Security Client and the CP fails.
In addition to the CP, SOFTNET Security Client also attempts to establish VPN tunnel
communication to a lower-level internal subscriber. This communication establishment to a
non-existing node prevents the required communication being established to the CP.
To establish successful VPN tunnel communication to the CP, you need to disable the
internal subscriber of the CP as follows.
Follow the steps below in the SOFTNET Security Client tunnel overview:
1. Deactivate the option "Learn internal nodes" under "settings" > "SOFTNET Security
client-settings".
The lower-level node initially disappears from the tunnel list.
2. In the tunnel overview , select the required connection to the CP.
3. With the right mouse button, select "Activate connection to the internal subscribers" in the
shortcut menu.
The lower level node appears temporarily in the tunnel overview.
4. Select the lower-level node in the tunnel overview.
5. Select "Delete Entry" in the shortcut menu.
Result: The lower-level node is now fully disabled. VPN tunnel communication to the CP can
be established.
4.16.8.5

CP as passive subscriber of VPN connections

Setting permission for VPN connection establishment with passive subscribers
If the CP is connected to another VPN subscriber via a gateway, you need to set the
permission for VPN connection establishment to "Responder".
This is the case in the following typical configuration:
VPN subscriber (active) ⇔ gateway (dyn. IP address) ⇔ Internet ⇔ gateway (fixed IP
address) ⇔ CP (passive)
Configure the permission for VPN connection establishment for the CP as a passive
subscriber as follows:
1. In STEP 7, go to the devices and network view.
2. Select the CP.
CP 1243-8 IRC
Operating Instructions, 02/2018, C79000-G8976-C385-03
Configuration
4.16 Security
115

Hide quick links:

Advertisement

Table of Contents
loading

Table of Contents