Addressing The Cp When Using Vpn; Creating A Vpn Tunnel For S7 Communication Between Stations - Siemens S7-1200 Operating Instructions Manual

Hubs & controllers telecontrol/lte

Hide thumbs Also See for S7-1200:

System manual (1028 pages)

Operating instructions manual (132 pages)

Programming manualline (74 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

page of 132

/ 132
Contents
Table of Contents
Bookmarks

Table of Contents

Cell protection concept

With Industrial Ethernet Security, individual devices or network segments of an Ethernet

network can be protected:

● Access to individual devices and network segments protected by security modules is

allowed.

● Secure connections via non-secure network structures becomes possible.

Due to the combination of different security measures such as firewall, NAT/NAPT routers

and VPN via IPsec tunnels, security modules protect against the following:

● Data espionage

● Data manipulation

● Unwanted access

4.13.1.2

Addressing the CP when using VPN

IP addresses and VPN ports

In normal mobile wireless networks it is not possible to reach a dynamic IP address assigned

to the CP by the mobile wireless network provider from the Internet. For this reason, for

incoming connections make sure that the CP is assigned a fixed public IP address by the

mobile wireless network provider.

You must also make sure that apart from this IP address, the ports required for VPN are

reachable from the Internet.

4.13.1.3

Creating a VPN tunnel for S7 communication between stations

Requirements

To allow a VPN tunnel to be created for S7 communication between two S7 stations or

between an S7 station and an engineering station with a security CP (for example CP 1628),

the following requirements must be met:

● The two stations have been configured.

● The CPs in both stations must support the security functions.

● The Ethernet interfaces of the two stations are located in the same subnet.

● All receiving stations require a fixed IP address to be reachable via the public networks.

For this, a special mobile wireless contract is normally necessary for the mobile wireless

CP.

Note

Communication also possible via an IP router

Communication between the two stations is also possible via an IP router. To use this

communications path, however, you need to make further settings.

CP 1243-7 LTE

Operating Instructions, 01/2015, C79000-G8976-C381-01

Configuration and operation

4.13 Security functions

Table of Contents

Show Quick Links

Hide quick links:

Table of Contents

This manual is also suitable for:

Cp 1243-7

Addressing The Cp When Using Vpn; Creating A Vpn Tunnel For S7 Communication Between Stations - Siemens S7-1200 Operating Instructions Manual

Addressing the CP when using VPN

Creating a VPN tunnel for S7 communication between stations

Hide quick links:

Related Manuals for Siemens S7-1200

Related Content for Siemens S7-1200

This manual is also suitable for:

Table of Contents