Nating Entire Subnets Via Netmap And Destination Nat - Siemens SCALANCE S615 Manual

2 UseCases at a Glance
2.4 NATing entire subnets via NETMAP and Destination
NAT
Starting situation
The PC shall communicate with several or all devices in an automation network.
The destination port is not defined and can be changed when establishing the
connection.
Figure 2-
Prerequisites
For network separation, the SCALANCE S615 has two VLANs with different
network IDs. As a result, the device has a separate IP address for each VLAN
(in this document: VLAN1: 192.168.2.1 and VLAN2: 192.168.1.1).
To translate the PC's message frames to a different IP address, a NAT table is
additionally defined in the SCALANCE S615. This requires an additional free
subnet (in this document: 172.16.1.0/24). The additional virtual subnet only exists
within the SCALANCE S. It is freely selectable and completely independent from
the subnet at VLAN 1.
Depending on the VLAN it belongs to, this IP address of the SCALANCE S615
must be entered in the terminal (in this document: PC or automation device) as the
gateway.
NAT_S615
Entry ID: 109744660, V1.1,
VLAN2: 192.168.1.0/24
SRC IP:
192.168.1.10
192.168.1.1
DST IP:
172.16.1.x
SRC IP:
192.168.1.10
192.168.2.1
DST IP:
192.168.2.x
CPU1:
192.168.2.20
Gateway:
192.168.2.1
VLAN1: 192.168.2.0/24
08/2017
PC:
192.168.1.10
Gateway:
192.168.1.1
Additional subnet
172.16.1.0/24
module-internal, from
VLAN2 only accessible
via routing.
CPU2:
192.168.2.25
Gateway:
SCALANCE:
192.168.2.1
192.168.2.30
Gateway:
192.168.2.1
13