Johnson Controls P2000 Installation Manual
  1. Manuals
  2. Brands
  3. Johnson Controls Manuals
  4. Security System
  5. P2000
  6. Installation manual
Johnson Controls P2000 Installation Manual

Johnson Controls P2000 Installation Manual

Security management system vpn/dsl security option
Hide thumbs Also See for P2000:
Table of Contents

Advertisement

Quick Links

Download this manual
P2000
Security Management System
VPN/DSL Security Option
Installation Manual
April, 2012
24-10618-155 Revision A

Advertisement

Table of Contents
loading

Related Manuals for Johnson Controls P2000

Summary of Contents for Johnson Controls P2000

  • Page 1 P2000 Security Management System VPN/DSL Security Option Installation Manual April, 2012 24-10618-155 Revision A...
  • Page 3 P2000 Security Management System VPN/DSL Security Option Installation Manual April, 2012 24-10618-155 Revision A Security Solutions (805) 522-5555 www.johnsoncontrols.com...
  • Page 4 Copyright 2012 Johnson Controls, Inc. All Rights Reserved No part of this document may be reproduced without the prior permission of Johnson Controls, Inc.
  • Page 5 All other company and product names are trademarks or registered trademarks of their respective owners. If this document is translated from the original English version by Johnson Controls, Inc., all reasonable endeavors will be used to ensure the accuracy of translation. Johnson Controls, Inc.
  • Page 6 The maximum number of Panels that may be connected to the P2000 or P2K system is 1000. The P2000 or P2K shall give priority to signals in the order given below and shall annunciate subsequent signals at a rate no less than one every 10 seconds...
  • Page 7 Authentication Header (AH) and an algorithm capable of Triple-DES (3DES) or better that is NIST certified. 19. For Line Security over the Internet, between the P2000 or P2K server and the controllers D620, D6AP, and S320, the following equipment shall be used.
  • Page 8 30. P2000 or P2K systems use the PC232-S4-1 Protocol Converter to communicate to D620, D6AP and/or S320 controllers; a controller must be connected to the port defined as Loop 1 at the P2000 or P2K for Protocol Converter’s tamper switch to report as an alarm.

  • Page 9: Table Of Contents

    Installing the Digi EtherLite Device (S320 Connection Only) ............2-18 Installing the Digi One® SP (S321 Connection Only) ..............2-19 Appendix A: Glossary 24-10618-155 Rev. A This document contains confidential and proprietary information of Johnson Controls, Inc. © 2012 Johnson Controls, Inc.
  • Page 10 Table of Contents VPN/DSL Security Option viii 24-10618-155 Rev. A This document contains confidential and proprietary information of Johnson Controls, Inc. © 2012 Johnson Controls, Inc.

  • Page 11: Chapter 1: Introduction

    CK721-A, CK721, CK720, S321, or S320 controllers or P2000 workstations using a Virtual Private Network (VPN). A VPN provides a means of securing communications between a P2000 server and one or more remote CK721-A/CK721/CK720/S321/S320 controllers and/or P2000 workstations across an untrusted public Wide Area Network (WAN).
  • Page 12 Introduction VPN/DSL Security Option 24-10618-155 Rev. A This document contains confidential and proprietary information of Johnson Controls, Inc. © 2012 Johnson Controls, Inc.

  • Page 13: Ipsec Parameters

    IP Address: 200.0.0.1 (static IP address) Subnet Mask: 255.255.255.0 VPN Router WAN IP Address IP Address: 201.0.0.2 (static IP address) Subnet Mask: 255.255.255.0 24-10618-155 Rev. A This document contains confidential and proprietary information of Johnson Controls, Inc. © 2012 Johnson Controls, Inc.

  • Page 14: Vpn Router Lan Ip Address

    NSTALLATION AND ONFIGURATION The hardware listed below is not provided in the P2000 hardware package. In order to implement the VPN/DSL Security Option, you must purchase the necessary equipment from your local computer supplier or by contacting the manufacturer directly.
  • Page 15 VPN/DSL Security Option Configuration Figure 2-1: Router Hardware Configuration 24-10618-155 Rev. A This document contains confidential and proprietary information of Johnson Controls, Inc. © 2012 Johnson Controls, Inc.

  • Page 16: P2000 Server To Back End Router Connection

    VPN/DSL Security Option P2000 Server to Back End Router Connection To connect the P2000 Server to the back end router, connect a network cable from one of the Router’s Trusted (or available LAN) ports to the P2000 Server. NetScreen-5XT Router...

  • Page 17: Netscreen-5Xt Router Installation And Configuration

    Trusted ports. This connection will be used to configure the NetScreen’s settings. 3. Back End Installation: Connect a network cable from the P2000 Server to a Trusted port of the NetScreen-5XT router. See Figure 2-4. NetScreen-5XT Back End Router...

  • Page 18: Netscreen-5Xt Configuration

    Follow these steps to access the NetScreen-5XT device with the WebUI management application. 1. Connect a local PC or laptop to one of the Trusted interfaces on the router. 24-10618-155 Rev. A This document contains confidential and proprietary information of Johnson Controls, Inc. © 2012 Johnson Controls, Inc.
  • Page 19 4. Enter netscreen in the User Name and Password fields. Use lowercase letters only. The User Name and Password fields are both case sensitive. 5. Click OK. The Initial Configuration Wizard appears. 24-10618-155 Rev. A This document contains confidential and proprietary information of Johnson Controls, Inc. © 2012 Johnson Controls, Inc.
  • Page 20 Netmask: 255.255.255.0 Gateway: 200.0.0.1 4. Enter the following and click Next. Front End Router: Trust Zone Interface IP: 192.168.1.1 Netmask: 255.255.255.0 24-10618-155 Rev. A This document contains confidential and proprietary information of Johnson Controls, Inc. © 2012 Johnson Controls, Inc.
  • Page 21 200.0.0.3 (Back End Router) Trust Interface Netmask: 255.255.255.0 Untrust Interface: 200.0.0.2 Management Service: Telnet enabled Management Service: Web enabled Management Service: Ping enabled 24-10618-155 Rev. A This document contains confidential and proprietary information of Johnson Controls, Inc. © 2012 Johnson Controls, Inc.
  • Page 22 2. Verify the displayed settings. 3. If the settings require changes, click Edit in the Configure column and edit the settings as necessary. 2-10 24-10618-155 Rev. A This document contains confidential and proprietary information of Johnson Controls, Inc. © 2012 Johnson Controls, Inc.
  • Page 23 4. Enter 200.0.0.xxx (where xxx can be between 2 and 254) in the Remote Gateway IP Address field and click Next. 24-10618-155 Rev. A 2-11 This document contains confidential and proprietary information of Johnson Controls, Inc. © 2012 Johnson Controls, Inc.
  • Page 24 9. Change the Netmask to 255.255.255.0 and click Next. 10. Review the VPN tunnel settings and click Next to continue. 11. Click Finish to complete the configuration. 2-12 24-10618-155 Rev. A This document contains confidential and proprietary information of Johnson Controls, Inc. © 2012 Johnson Controls, Inc.

  • Page 25: Resetting The Netscreen-5Xt Router

    BEFVP41’s available Ports 1-4. This connection will be used to configure the router’s settings. 3. Connect a network cable from the P2000 Server to one of the available Ports 1-4 of the router. See Figure 2-6. Linksys BEFVP41 Back End Router...

  • Page 26: Linksys Befvp41 Configuration

    3. Enter admin in the Password field and leave the User Name field blank. Click OK. 4. On the Linksys Setup window, click the VPN tab. 2-14 24-10618-155 Rev. A This document contains confidential and proprietary information of Johnson Controls, Inc. © 2012 Johnson Controls, Inc.

  • Page 27: Linksys Befsx41 Router Installation And Configuration

    3. Connect a network cable from one of the Linksys BEFSX41’s available Ports 1-4 to the Controller or Workstation. 24-10618-155 Rev. A 2-15 This document contains confidential and proprietary information of Johnson Controls, Inc. © 2012 Johnson Controls, Inc.

  • Page 28: Linksys Befsx41 Configuration

    2. Open your web browser and enter 192.168.1.1 in the Address bar; press <Enter>. Example: http://192.168.1.1 The Enter Network Password dialog box appears. 2-16 24-10618-155 Rev. A This document contains confidential and proprietary information of Johnson Controls, Inc. © 2012 Johnson Controls, Inc.
  • Page 29 9. Click the Connect button to establish a connection. 10. Verify that the Status indicates that the Router is Connected. 24-10618-155 Rev. A 2-17 This document contains confidential and proprietary information of Johnson Controls, Inc. © 2012 Johnson Controls, Inc.

  • Page 30: Resetting The Linksys Router

    VPN Front End Router S320 Trusted (LAN) Port Serial Connection 10Base-T Port Digi EtherLite Figure 2-8: Digi EtherLite Device Connections 2-18 24-10618-155 Rev. A This document contains confidential and proprietary information of Johnson Controls, Inc. © 2012 Johnson Controls, Inc.

  • Page 31: Installing The Digi One® Sp (S321 Connection Only)

    2. Using Belden® 9773 (18 AWG, shielded, 3 twisted pair) or equivalent, wire the pins from the S321 serial port to a DB-9F connector according and Figure 2-10 and Table 2-4. 24-10618-155 Rev. A 2-19 This document contains confidential and proprietary information of Johnson Controls, Inc. © 2012 Johnson Controls, Inc.
  • Page 32  DigiOneSP%20(Working%20Driver)/  Do not install the driver provided with the Digi One SP or on their web site. Use only the driver provided on the Johnson Controls File Transfer Protocol (FTP) site. 2-20 24-10618-155 Rev. A This document contains confidential and proprietary information of Johnson Controls, Inc.
  • Page 33 A key is required to decode the information. To decipher the message, the receiver of the encrypted data must have the proper decryption key. 24-10618-155 Rev. A This document contains confidential and proprietary information of Johnson Controls, Inc. © 2012 Johnson Controls, Inc.

  • Page 34: Appendix A: Glossary

    – The method for exchanging keys for encryption and Internet Key Exchange (IKE) authentication over an unsecured medium, such as the Internet. 24-10618-155 Rev. A This document contains confidential and proprietary information of Johnson Controls, Inc. © 2012 Johnson Controls, Inc.
  • Page 35 (ms)—and the length of Time to Live (TTL) in seconds. Ping works at the IP level and will often respond even when higher-level TCP-based services cannot. 24-10618-155 Rev. A This document contains confidential and proprietary information of Johnson Controls, Inc. © 2012 Johnson Controls, Inc.
  • Page 36 Internet are more cost-effective than dedicated private lines. VPNs are possible because of technologies and standards such as tunneling, screening, encryption, and IPSec. 24-10618-155 Rev. A This document contains confidential and proprietary information of Johnson Controls, Inc. © 2012 Johnson Controls, Inc.

Table of Contents