Siemens SCALANCE S615 Manual page 20

2 UseCases at a Glance
In the left SCALANCE S615 (first plant part), the destination NAT is used, in the
right SCALANCE S615 (second plant part), the source NAT.
For the reply packets of the two CPUs to find their way back to VLAN2, the IP
address of the SCALANCE S615 (VLAN1) must be entered in the two CPUs as the
gateway.
Process flow (active connection establishment from CPU2 to CPU1):
The additional NAT IP addresses 192.168.1.2 and 192.168.1.3 are used by the two
SCALANCE S615 modules.
CPU2 accesses the local IP address 192.168.1.2 as the destination.
Using the definition in its NAT table, the associated SCALANCE S615 from the
second plant part replaces the source IP address with 192.168.1.3 and sends the
packet to CPU1.
Using the definition in its NAT table, the associated SCALANCE S615 from the first
plant part replaces the destination IP address with 192.168.2.10 and sends the
packet to CPU1.
The source IP address has been changed; from the CPU1's perspective, the
packet is from a non-local subnet. Changing the source IP address is necessary for
the following reason: CPU1 and CPU2 internally use the same IP address (in this
document: 192.168.2.10). Wthout changing the source IP address, it would look
like for CPU1, as if the packet came from its own IP address.
Advantages
Although both CPUs use the same IP address and subnet, a direct CPU-CPU
communication is possible.
Disadvantages
The disadvantage is that only active connection establishment from CPU2 to CPU1
is possible. For a bidirectional CPU-CPU communication, the same rules also need
to be configured for the opposite direction.
Each plant part requires an additional IP address from the subnet of VLAN2 and
each single one must be configured accordingly.
NAT and firewall rules
The NAT table of the SCALANCE S615 for the first plant part translates packets
from VLAN2 with the destination IP address 192.168.1.2 to the CPU1's IP address
192.168.2.10.
Figure 2-1
NAT_S615
Entry ID: 109744660, V1.1, 08/2017
20