Siemens SCALANCE S615 Manual page 28

2 UseCases at a Glance
Process flow (active connection establishment from CPU2 to CPU1):
The additional NAT IP address 192.168.1.2 is used by the SCALANCE S615.
CPU2 accesses the local IP address 192.168.1.2 as the destination.
Using the definition in its NAT table, the SCALANCE S615 replaces the source and
destination IP address and sends the packet to CPU1.
Due to the change of the source IP address, all packets, from CPU1's perspective,
are from CPU2 from the local subnet VLAN1. Therefore, CPU1 can reply directly
without a gateway entry.
In all reply packets from CPU1 to CPU2, the source and destination IP address is
automatically replaced.
Advantages
The advantage of the NAT table is that, due to the use of an additional address, all
ports can be forwarded or used.
Subsequent changes to the CPUs' hardware configuration are not required
(reaction-free).
Disadvantages
The disadvantage is that only active connection establishment from CPU2 to CPU1
is possible. Furthermore, an additional IP address from the subnet of VLAN2 is
required that must be configured accordingly.
NAT and firewall rules
The destination NAT table of the SCALANCE S615 translates packets from VLAN2
with the destination IP address 192.168.1.2 to the CPU's IP address 192.168.2.20.
Figure 2-19
The source NAT table of the SCALANCE S615 translates packets with the source
IP address 192.168.1.10 to its own VLAN1 IP address 192.168.2.1.
Figure 2-20
The firewall must allow communication between CPU2 (VLAN2) and CPU1
(VLAN1). The services are limited to TCP port 102.
Figure 2-21
NAT_S615
Entry ID: 109744660, V1.1, 08/2017
28