Remote Networks Overview Doku en PDF

Application Description  03/2017
IP-based Remote Networks

SCALANCE M, SCALANCE S, CP x43-1 Advanced, CP 1x43-1,
TS Adapter IE Advanced, SINEMA Remote Connect
https://support.industry.siemens.com/cs/ww/de/view/26662448
Table of Contents
Warranty and Liability

Note The Application Examples are not binding and do not claim to be complete
regarding the circuits shown, equipping and any eventuality. The Application
Examples do not represent customer-specific solutions. They are only intended
to provide support for typical applications. You are responsible for ensuring that
the described products are used correctly. These Application Examples do not
relieve you of the responsibility to use safe practices in application, installation,
operation and maintenance. When using these Application Examples, you
recognize that we cannot be made liable for any damage/claims beyond the
liability clause described. We reserve the right to make changes to these
Application Examples at any time without prior notice.
If there are any deviations between the recommendations provided in these
Application Examples and other Siemens publications – e.g. Catalogs – the
contents of the other documents have priority.
We do not accept any liability for the information contained in this document.
Any claims against us – based on whatever legal reason – resulting from the use of
the examples, information, programs, engineering and performance data etc.,
described in this Application Example shall be excluded. Such an exclusion shall
not apply in the case of mandatory liability, e.g. under the German Product Liability
Act (“Produkthaftungsgesetz”), in case of intent, gross negligence, or injury of life,
body or health, guarantee for the quality of a product, fraudulent concealment of a
deficiency or breach of a condition which goes to the root of the contract
 Siemens AG 2017 All rights reserved
(“wesentliche Vertragspflichten”). The damages for a breach of a substantial

contractual obligation are, however, limited to the foreseeable damage, typical for
the type of contract, except in the event of intent or gross negligence or injury to
life, body or health. The above provisions do not imply a change of the burden of
proof to your detriment.
Any form of duplication or distribution of these Application Examples or excerpts
hereof is prohibited without the expressed consent of the Siemens AG.
Security Siemens provides products and solutions with industrial security functions that
informa- support the secure operation of plants, systems, machines and networks.
tion In order to protect plants, systems, machines and networks against cyber
threats, it is necessary to implement – and continuously maintain – a holistic,
state-of-the-art industrial security concept. Siemens’ products and solutions only
form one element of such a concept.
Customer is responsible to prevent unauthorized access to its plants, systems,
machines and networks. Systems, machines and components should only be
connected to the enterprise network or the internet if and to the extent necessary
and with appropriate security measures (e.g. use of firewalls and network
segmentation) in place.
Additionally, Siemens’ guidance on appropriate security measures should be
taken into account. For more information about industrial security, please visit
http://www.siemens.com/industrialsecurity.
Siemens’ products and solutions undergo continuous development to make them
more secure. Siemens strongly recommends to apply product updates as soon
as available and to always use the latest product versions. Use of product
versions that are no longer supported, and failure to apply latest updates may
increase customer’s exposure to cyber threats.
To stay informed about product updates, subscribe to the Siemens Industrial
Security RSS Feed under http://www.siemens.com/industrialsecurity.
IP-based Remote Networks Warranty

Entry ID: 26662448, V2.1, 03/2017
and
Liability
Table of Contents
Table of Contents
Warranty and Liability ................................................................................................. 2
1 Remarks on this Document .............................................................................. 5
1.1 Purpose and objective .......................................................................... 5
1.2 Features and benefits........................................................................... 5
1.3 Structure of this document ................................................................... 6
2 Introduction into Remote Networks ................................................................. 8
2.1 Remote networks & industrial security ................................................. 8
2.2 Security Integrated product portfolio .................................................. 10
2.2.1 SINEMA Remote Connect.................................................................. 11
2.2.2 SCALANCE S612 and S62x .............................................................. 13
2.2.3 SOFTNET Security Client .................................................................. 13
2.2.4 SCALANCE M-800 ............................................................................. 13
2.2.5 CP x43-1 Advanced ........................................................................... 15
2.2.6 CP 1x43-x ........................................................................................... 15
2.2.7 CP 1628.............................................................................................. 16
2.2.8 TS Adapter IE Advanced .................................................................... 16
2.2.9 LOGO! ................................................................................................ 16
3 SCALANCE S ................................................................................................... 17
3.1 VPN tunnel between SCALANCE S (VPN server) and
SCALANCE S using a static IP address ............................................ 18

SCALANCE M81x-1 using a static IP address .................................. 19
SOFTNET Security Client using a static IP address .......................... 20
3.4 VPN tunnel between SCALANCE S (VPN server) and CP x43-1
Advanced using a static IP address ................................................... 21
SCALANCE M874-x using a static IP address .................................. 22
3.6 VPN tunnel between SCALANCE S (VPN server) and a mobile
client using a static IP address ........................................................... 23
4 SCALANCE M-800/ S615 ................................................................................. 24
4.1 VPN tunnel between SCALANCE M81x-1 (VPN server) and
4.2 VPN tunnel between SCALANCE S615 (VPN server) and
4.3 VPN tunnel between SCALANCE M874-x (VPN server) and CP
x43-1 Advanced using a static IP address ......................................... 27
4.4 VPN tunnel between SCALANCE M874-x (VPN server) and CP
1x43-1 using a static IP address ........................................................ 28
4.5 VPN tunnel between SCALANCE M874-x (VPN server) and
4.6 VPN tunnel between SCALANCE M874-x (VPN server) and a
mobile client using a static IP address ............................................... 30
5 SINEMA Remote Connect ............................................................................... 31
5.1 VPN tunnel between SINEMA Remote Connect Server and a
tablet (iOS) ......................................................................................... 32
5.2 VPN tunnel between SINEMA RC Server and a smartphone
(Android) ............................................................................................. 33
5.3 VPN tunnel between SCALANCE S615 and SINEMA RC client
via the SINEMA RC server ................................................................. 34

Entry ID: 26662448, V2.1, 03/2017
and
Liability
Table of Contents
5.4 VPN tunnel between SCALANCE S615 and a tablet (iOS) via
the SINEMA RC server ...................................................................... 35
5.5 VPN tunnel between SCALANCE S615 and a smartphone
(Android) via the SINEMA RC server ................................................. 36
5.6 VPN tunnel between two identical cells with S615 and SINEMA
RC Client via the SINEMA RC Server by using the NAT function ..... 37
5.7 JumpHost application with SINEMA RC Server ................................. 39
6 CP x43-1 Advanced ......................................................................................... 41
6.1 VPN tunnel between CP x43-1 Advanced (VPN server) and
SCALANCE S using a static IP address ............................................ 42
6.4 VPN tunnel between CP x43-1 Advanced (VPN server) and CP
x43-1 Advanced using a static IP address ......................................... 45
6.6 VPN tunnel between CP x43-1 Advanced (VPN server) and a
mobile client using a static IP address ............................................... 47
7 CP 1x43-x .......................................................................................................... 48
7.1 VPN tunnel between CP 1x43-1 (VPN server) and SCALANCE
S using a static IP address ................................................................. 49

M81x-1 using a static IP address ....................................................... 50
7.3 VPN tunnel between CP 1x43-1 (VPN server) and SOFTNET
Security Client using a static IP address ............................................ 51
7.4 VPN tunnel between CP 1x43-1 (VPN server) and CP x43-1
Advanced using a static IP address ................................................... 52
7.5 VPN tunnel between CP 1x43-1 (VPN server) and CP 1x43-1
using a static IP address .................................................................... 53
M874-x using a static IP address ....................................................... 54
7.7 VPN tunnel between CP 1x43-1 (VPN server) and a mobile
client using a static IP address ........................................................... 55
8 TS Adapter IE Advanced/ LOGO! ................................................................... 56
8.1 VPN tunnel between TS Adapter IE Advanced (VPN server)
and Windows SSTP client using a static IP address ......................... 57
8.2 VPN tunnel between TS Adapter IE Advanced (VPN server)
and TIA Portal using a static IP address ............................................ 58
8.3 VPN tunnel between LOGO! (VPN server) and a PC using a
static IP address ................................................................................. 59
9 Links & Literature ............................................................................................ 60
10 History............................................................................................................... 61

Entry ID: 26662448, V2.1, 03/2017
and
Liability
1 Remarks on this Document
1.1 Purpose and objective

1.1 Purpose and objective
Purpose
Based on the Security Integrated product portfolio, there are numerous different
ways of implementing a secure communication that are always customized to the
application. For the user, looking for the perfect solution involves the following
questions:
 Which solutions are available?
 What are the differences between the solutions?
Objective
The Security Integrated portfolio includes several products that can be combined
with each other. This results in a large number of configuration options.
This document helps you find an optimal solution for secure communication
based on VPN.
1.2 Features and benefits

Properties
The document has the following features:
 Clear, compact structure
 Concisely outlines the contents and provides an overview graphic of the
individual configurations
 Does not describe details; the details are provided in the individual
configurations.
Benefits
The document offers the following benefits to the reader:
 Support in planning and configuration
 Quick finding of information regarding configuration options
 Short, compact overview of the features
 Reference to the individual configurations

Entry ID: 26662448, V2.1, 03/2017
and
Liability
1.3 Structure of this document

Siemens' Security Integrated portfolio includes several products that can be
combined with each other. This results in a large number of configuration options.
To present these options in a clear manner, the possible configurations are

classified based on specific criteria.
This document gives you an overview of the configurations with the modules from
the Remote Networks portfolio.
Classification based on SIMATIC dependency

The VPN solutions with the SCALANCE modules or TS Adapter are independent
of SIMATIC, i.e. the application behind the VPN tunnel does not have to be a
SIMATIC application. Access to other applications via the SCALANCE modules or
TS Adapter is possible as well.
The VPN solutions with the CPs are SIMATIC-based, since a SIMATIC CPU is
required to operate the CP. However, these configurations also allow access to
“non-SIMATIC” plant components via the CP.
Classification of the configurations

The possible configurations of an IP-based remote network are divided into groups.
The criterion for this subdivision is the module that acts as the VPN server.
There is a separate group for each module that can be configured as a VPN
server. This results in the following subdivision of VPN server groups:
 SCALANCE S
 SCALANCE M874
 SCALANCE M810
 SINEMA Remote Connect
 CP x43-1 Adv.
 CP 1x43-1
 CP 1628
 TS Adapter IE Advanced
 LOGO! CMR
Note For configuration examples for the CP 1628, use the following link: \10.
Contents of a group
A group can in turn consist of multiple configurations. All these configurations have
one thing in common: for all configurations, the VPN server is the same security
module - specified by the group. They differ in the module used as the VPN client.
For all possible configurations of a group, Siemens Industry Online Support
provides a document with a specific configuration guide for the settings of the VPN
modules.
The figure below shows the subdivision of the configurations.

Entry ID: 26662448, V2.1, 03/2017
and
Liability
Figure 1-1
Oerview Remote Access

doc
(IP based)
Group VPN server VPN server VPN server VPN server VPN server VPN server
SCALANCE TS-
SINEMA
SCALANCE M-800 CP x43-1 Adapter
Remote CP 1x43-x
S SCALANCE Adv. LOGO!
Connect
S615 CMR
Configurati
on
Configurations that belong to the same group have the same color (e.g., yellow for
the SCALANCE S group).
In the relevant chapter, each configuration is
 presented homogeneously in an overview graphic,
 including a list of requirements and
 the link for the detailed configuration description.

Entry ID: 26662448, V2.1, 03/2017
and
Liability
2 Introduction into Remote Networks
2.1 Remote networks & industrial security

Remote networks
Remote networks are public or private communications infrastructures for covering
wide areas or long distances, for example mobile or fixed telephone networks.
The geographical distribution of automation cells increases the demand for
telecontrol (remote control) and teleservice (remote maintenance/diagnostics) in a
remote network.
The comprehensive Remote Networks portfolio from Siemens offers connection to
both conventional (dedicated line, telephone) and IP-based infrastructures (e.g.,
the Internet).
Applications
Possible remote access applications in a remote network:
 Telecontrol
Connection of outstations (remote terminal units - RTUs) distributed over a
wide geographical area to one or more central control systems for the purpose
of operator control and monitoring.

Teleservice
Data exchange with distant technical systems such as machines, plants and
computers for the purpose of error detection, diagnostics, maintenance, repair
and optimization.
Integration into the industrial security concept

This document focuses on IP-based networks.
Since remote access to the plant is implemented via a public network (e.g., the
Internet), protection against data manipulation and spying is particularly
important. For this purpose, virtual private networks (VPN) are used.
VPN
A VPN is a private network that uses a public network (e.g., the Internet) as a
transit network for transmitting data to a private destination network. The private
networks and the transit network need not be compatible with one another.
Although VPN uses the addressing mechanisms of the transit network, it
nevertheless uses its own network packets to separate the transport of private data
packets from the others. Due to this fact, the private networks appear as a shared,
logical (virtual) network.
VPN routers are required to set up a VPN.
The VPN Security Integrated products (VPN routers) by Siemens (SCALANCE S/M
and CPs) support IPsec (IP Security) protocol.
SINEMA Remote Connect as VPN server enables VPN connections via OpenVPN
and IPsec.
LOGO! CMR support the VPN server function with pre-shared key.
SCALANCE S615 supports the IPsec protocol, however, it can also be used as
OpenVPN client.
The TS Adapter IE Advanced uses Microsoft's SSTP (Secure Socket Tunneling
Protocol).

Entry ID: 26662448, V2.1, 03/2017
and
Liability
VPN client and VPN server

The nodes of a secured data communication via VPN take on different roles:
 VPN server
 VPN client
The tunnel endpoint that actively starts the VPN connecting process is referred to
as VPN client.
The remote end that waits for the VPN client is called the VPN server.
Note For more information on the Siemens Security Concept, use the following link:
\3\.

Entry ID: 26662448, V2.1, 03/2017
and
Liability
2.2 Security Integrated product portfolio

Through a combination of different security measures such as firewalls and VPN,
the security modules protect individual devices or even entire automation cells
against:
 Data espionage
 Data manipulation
 Unwanted access
The figure below shows the remote access cells.
Figure 2-1
Service PCs
SINEMA
SSC SCALANCE
RC
M874-x
Smartphone with
IPSec Client App
Internet Internet
Router Router Windows
SCALANCE S SSTP
SCALANCE
Internet
M81x-1
Router
Internet
Router
Automation Cells
Internet
SCALANCE S Router
Internet SCALANCE
SIMATIC S7 Router M874-x
Stations
Internet Internet
Router Router
SIMATIC S7
Stations
TS Adapter IE
Advanced SIMATIC S7
Stations
SIMATIC S7-300 or SIMATIC S7-1200
S7-400 with CP x43-1 or S7-1500 SCALANCE SIMATIC S7
Advanced with CP 1x43-1 M81x-1 Stations
To help you select products, the following sections describe the most important
features of the respective security modules.

Entry ID: 26662448, V2.1, 03/2017
and
Liability
2.2.1 SINEMA Remote Connect
SINEMA Remote Connect is a management platform for remote networks that

centrally manages secure tunnel connections. Distributed plants or machines can
be conveniently and safely serviced via remote access. Even if the machines are
integrated in third-party networks; for example, in the plants at the end customers
of machine constructors.
Components of a solution with SINEMA Remote Connect:
 SINEMA Remote Connect as VPN server
 Endgeräte (VPN client):
– SCALANCE S615 (with KEY-PLUG)
– SCALANCE S612, S623, S627
– SCALANCE M-800 (with KEY-PLUG)
– SINEMA Remote Connect Client
– SOFTNET Security Client
– OpenVPN client
SINEMA Remote Connect Server

SINEMA Remote Connect Server is a server application and provides an
integrated connection management of distributed networks via the internet.
It coordinates the secure connecting process between users, distributed plants,

and machines.
The following functions are handled by the SINEMA Remote Connect server:
 Management and establishing of encrypted connections with OpenVPN.
 Verification via CA certificate or finger print.
 User management with the configuration of privileges.
 Establishing permanent or event-based connections (connecting via wake up
SMS or via a signal at the digital input).
 Supporting routing and NAT for connecting subnets behind SCALANCE S615.
 Provision of secure remote access to subordinate networks for servicing,
control and diagnostic purposes.
 Web Based Management (WBM) for configuring the server.

Entry ID: 26662448, V2.1, 03/2017
and
Liability
SCALANCE S615
SCALANCE S615 is a Security module for securing devices, automation cells, or
network segments in Ethernet networks against external and internal dangers.
It provides the same functionality and features as the previous SCALANCE M
variants. In addition, there are some specific LAN functions which enable optimized
connection with SINEMA Remote Connect.
Amongst others, SCALANCE S615 is distinguished by the following characteristics:
 Support of VPN for secure authentication of network nodes, for data encryption
and verifying data integrity.
– IPsec VPN tunnel (server and client functionality)
– OpenVPN for connecting to SINEMA Remote Connect (client function)
 High-quality stateful inspection firewall with filtering of IP-based data traffic and
communication protocols.
 Support of NAT/NAPT; also in connection with IPsec and OpenVPN.
 Supporting VLAN.
 Flexible, reaction-free and protocol-independent protection.
 Support of multiple VPN tunnels at a time.
 Simplest connection to SINEMA Remote Connect via Auto configuration
interface (can be enabled via KEY-PLUG SINEMA REMOTE CONNECT).
SINEMA Remote Connect Client

SINEMA Remote Connect Client is an OpenVPN Client software for optimal
connection of programming devices, PCs and notebooks to the SINEMA Remote
Connect server.
It is characterized by the following features:
 Support of VPN (OpenVPN) for secure authentication of network nodes, for
data encryption and verifying data integrity.
 Simplest connection to SINEMA Remote Connect via auto configuration
interface.
 Address book with all devices assigned to a user.
 Proxy server for communication with networks behind a proxy server
infrastructure.
 Support of HTTPS and SOCKS Proxy Server.
 Selecting a device for performing teleservice within the SIMATIC environment.

Entry ID: 26662448, V2.1, 03/2017
and
Liability
2.2.2 SCALANCE S612 and S62x
The security modules of the SCALANCE S family are designed specifically for use
in automation but integrate seamlessly with the security structures of the office and
IT world.
The SCALANCE S612, SCALANCE S623 and SCALANCE S627-2M modules
additionally provide the following features:
 Simultaneous protection of multiple devices by IPsec tunnels (support of up to
128 VPN tunnels at a time).
 IP addresses are automatically obtained from the internet service provider
using PPPoE; therefore, it is no longer necessary to use a separate DSL
router; a DSL modem can be used instead.
 Use of DNS for VPN tunnels using public dynamic IP addresses from the
Internet service provider.
 User-specific IP firewall to distinguish and differentiate access to specific plant
parts.
Note For the technical specifications of the SCALANCE S modules, use the following
link: \4\.
2.2.3 SOFTNET Security Client
The SOFTNET Security Client allows programming devices, PCs and notebook
computers access to network nodes or automation systems protected by
SCALANCE S, SCALANCE M or CPs.
It is characterized by the following features:
 Secure access of programming devices or notebook computers to entire
automation cells.
 Easy use on mobile PCs.
 Non-secure devices can be integrated into the secure data traffic.
 Supports the DNS client function.
2.2.4 SCALANCE M-800
SCALANCE M874
The SCALANCE M874-3 (HSPA+ router) and SCALANCE M874-2 (GPRS/EDGE
router) routers are suited for cellular networks. These modules are characterized
by the following features:
 Broad range of applications; can be used wherever a GPRS/UMTS network is
available.
 Connection of stationary stations and/or mobile stations.
 Simplicity of connecting local networks by means of IP communication via
WAN.
parts.

Entry ID: 26662448, V2.1, 03/2017
and
Liability
Note For the technical specifications of the SCALANCE M874 modules, use the
following link: \5\.
SCALANCE M81x-1
SCALANCE M812-1 and SCALANCE M816-1 are DSL routers for cost-effective,
secure connection of Ethernet-based subnets and programmable controllers to
wired telephone or DSL networks. They support ADSL2+ (Asynchronous Digital
Subscriber Line).
These modules are characterized by the following features:
 VPN and DSL router in a single device; therefore, it is no longer necessary to
use a separate DSL router.
 Broad range of applications due to high bandwidth, performance and speed.
 Reduced travel expenses and personnel costs due to remote programming
and remote diagnostics via wired telephone or DSL networks.
parts.
Note For the technical specifications of the SCALANCE M810 modules, use the
following link: \6\.

Entry ID: 26662448, V2.1, 03/2017
and
Liability
2.2.5 CP x43-1 Advanced
CP 343-1 Advanced and CP 443-1 Advanced are communications processors for

connecting SIMATIC S7-CPUs to PROFINET / Industrial Ethernet networks.
For the SIMATIC S7-300/S7-400, they are the bridge between the field level and
the MES level and integrate seamlessly with the security structures of the office
and IT world.
 Firewall, VPN gateway and communications processor in a single device
 Protection of S7-300/S7-400 controllers and their lower-level networks by
IPsec tunnels (support of up to 32 VPN tunnels at a time).
Note For the technical specifications of CP 343-1 Advanced, use the following link:
\7\.
Note For the technical specifications of CP 443-1 Advanced, use the following link: \8\.
2.2.6 CP 1x43-x
The CP 1243-x communication processor securely connects the SIMATIC S7-1200

controller to Ethernet networks.
The CP 1543-1 communication processor securely connects the SIMATIC S7-1500
controller to Ethernet networks.
 Firewall, VPN gateway and communications processor in a single device
 Protection of S7-1200/S7-1500 controllers and their lower-level networks by
IPsec tunnels (support of up to 16 VPN tunnels at a time).
Note For the technical specifications of the CP 1243-x, use the following link: \13\
Note For the technical specifications of CP 1543-1, use the following link: \14\.

Entry ID: 26662448, V2.1, 03/2017
and
Liability
2.2.7 CP 1628
CP 1628 is a communications module for securely connecting a PG/PC to

Industrial Ethernet. With a dedicated processor for automation/security tasks, the
CP 1628 reduces the host PC's load and provides constant, stable and secure data
communication.
This module is characterized by the following features:
 Firewall, VPN gateway and communications processor in a single device.
Note For the technical specifications of CP 1628, use the following link: \9\.
2.2.8 TS Adapter IE Advanced
In conjunction with TIA Portal (V12 SP1 or higher), the TS Adapter IE Advanced
allows access, through the Internet, to all automation components of a plant (e.g.,
S7 controllers) that are connected to Industrial Ethernet.
This module is characterized by the following features:

 Aside from TIA Portal, no other software or hardware is required to establish
1
the VPN connection (VPN client).
 Protection of S7 controllers and their lower-level networks by SSTP.
Note For the technical specifications of TS Adapter IE Advanced, use the following
link: \11.
2.2.9 LOGO!
LOGO! Siemens is an intelligent logic module and ideally suitable for the realization
of simple automation tasks in industry and building technology. The use of
expansion modules enables LOGO! to control even complex plants without any
problems.
Using LOGO! CMR in combination with the LOGO! 8 basic modules (BM) makes it
possible for you to monitor and control distributed plants and systems via text
messages. You can remotely access the web interface of LOGO! CMR and LOGO!
BM via mobile wireless network. The remote access makes it possible, for
example, to install the LOGO! BM program remotely.
Note For the technical specifications of LOGO! use the following link: \16.
1
Internet access and a DSL modem are required to access the Internet.

Entry ID: 26662448, V2.1, 03/2017
and
Liability
3 SCALANCE S
3 SCALANCE S
This chapter describes the configurations in which the SCALANCE S is configured as the VPN server.
This group is marked in yellow.
Table 3-1
VPN server VPN client Access type
SCALANCE S VPN remote end Static IP address
Characteristics
 The SCALANCE S can be located either behind a DSL router or a DSL modem.
 A static or dynamic public IP address can be used for the DSL router/modem on the VPN server side.
 Up to 128 VPN tunnels can be established simultaneously; therefore, multiple secure connections can run simultaneously and
independently of one another.
 A service employee or system on the VPN client side can establish the VPN tunnel only when necessary; a permanent tunnel
connection is not necessary.
 By selecting the routing function, the networks at the internal and external interface become separate subnets.

Entry ID: 26662448, V2.1, 03/2017 17
3 SCALANCE S
3.1 VPN tunnel between SCALANCE S (VPN server) and SCALANCE S using a static IP address
3.1 VPN tunnel between SCALANCE S (VPN server) and SCALANCE S using a static IP address
Overview
Figure 3-1
Service PC Automation Cell

SCALANCE S Internet Internet SCALANCE S
Router Modem/Router
Static
WAN IP Address
VPN Server VPN Client
VPN Tunnel SIMATIC S7
Industrial Ethernet Stations
Table 3-2
SCALANCE S SCALANCE S Static IP address
Requirements
 Static public IP address for the Internet router of the VPN server
 Internet router with port forwarding functionality (on the VPN server side)
 Standard Internet modem, router or UMTS router, for example SCALANCE M873 (on the VPN client side)
Link to the configuration description:

http://support.automation.siemens.com/WW/view/en/99681360

Entry ID: 26662448, V2.1, 03/2017 18
3 SCALANCE S
3.2 VPN tunnel between SCALANCE S (VPN server) and SCALANCE M81x-1 using a static IP address
3.2 VPN tunnel between SCALANCE S (VPN server) and SCALANCE M81x-1 using a static IP
address
Overview
Figure 3-2

SCALANCE
SCALANCE S Internet M81x-1
Router
Static
WAN IP Address
VPN Tunnel VPN Client SIMATIC S7

VPN Server Stations
Industrial Ethernet
Table 3-3
SCALANCE S SCALANCE M81x-1 Static IP address
Requirements
 Static public IP address for the Internet router of the VPN server.
 Internet router with port forwarding functionality (on the VPN server side).


Entry ID: 26662448, V2.1, 03/2017 19
3 SCALANCE S
3.3 VPN tunnel between SCALANCE S (VPN server) and SOFTNET Security Client using a static IP address
3.3 VPN tunnel between SCALANCE S (VPN server) and SOFTNET Security Client using a static
IP address
Overview
Figure 3-3
Service PC with Automation Cell

SOFTNET Security Client Internet Internet SCALANCE S
Modem/Router Router
SSC
Static
WAN IP Address
VPN Client VPN Server
Table 3-4
SCALANCE S SOFTNET Security Client Static IP address
Requirements
 Standard Internet modem, router or UMTS router, for example SCALANCE M873 (on the VPN client side).


Entry ID: 26662448, V2.1, 03/2017 20
3 SCALANCE S
3.4 VPN tunnel between SCALANCE S (VPN server) and CP x43-1 Advanced using a static IP address
3.4 VPN tunnel between SCALANCE S (VPN server) and CP x43-1 Advanced using a static IP
address
Overview
Figure 3-4

SCALANCE S Internet Internet SIMATIC S7-300 or S7-400
Router Modem/Router with CP x43-1 Advanced
Static
WAN IP Address
VPN Tunnel
VPN Server
Industrial Ethernet VPN Client
Table 3-5
SCALANCE S CP x43-1 Advanced Static IP address
Requirements


Entry ID: 26662448, V2.1, 03/2017 21
3 SCALANCE S
3.5 VPN tunnel between SCALANCE S (VPN server) and SCALANCE M874-x using a static IP address
3.5 VPN tunnel between SCALANCE S (VPN server) and SCALANCE M874-x using a static IP
address
Overview
Figure 3-5

SCALANCE
SCALANCE S Internet M874-x
Router
Static
WAN IP Address

Table 3-6
SCALANCE S SCALANCE M874-x Static IP address
Requirements
 Mobile network operator's default APN (on the VPN client side).


Entry ID: 26662448, V2.1, 03/2017 22
3 SCALANCE S
3.6 VPN tunnel between SCALANCE S (VPN server) and a mobile client using a static IP address
3.6 VPN tunnel between SCALANCE S (VPN server) and a mobile client using a static IP
address
Overview
Figure 3-6
Automation Cell
Smartphone with
IPSec Client App Internet SCALANCE S
Router
Static
WAN IP Address
Table 3-7
SCALANCE S Mobile client Static IP address
Requirements
 Smartphone with IPSec Client app and Android operating system (on the VPN client side).


Entry ID: 26662448, V2.1, 03/2017 23
4 SCALANCE M-800/ S615

This chapter describes the configurations in which the SCALANCE M-800/ S615 is configured as the VPN server.
This group is marked in light red.
Table 4-1
SCALANCE M-800, SCALANCE S615 VPN remote end Static IP address
Characteristics
 The plant with the SCALANCE M-800/ S615 as the VPN server can be both stationary and mobile.
 A static or dynamic public IP address can be used for the SCALANCE M-800/ S615.
 Several VPN tunnels can be established in parallel; therefore, multiple secure connections can run simultaneously and independent of
one another.

Entry ID: 26662448, V2.1, 03/2017 24

4.1 VPN tunnel between SCALANCE M81x-1 (VPN server) and SCALANCE M81x-1 using a static IP address
4.1 VPN tunnel between SCALANCE M81x-1 (VPN server) and SCALANCE M81x-1 using a static
IP address
Overview
Figure 4-1

SCALANCE SCALANCE
M81x-1 M81x-1
Static
WAN IP Address
VPN Tunnel VPN Server VPN Client SIMATIC S7
Table 4-2
SCALANCE M81x-1 SCALANCE M81x-1 Static IP address
Requirements
 Static public IP address for the VPN server.


Entry ID: 26662448, V2.1, 03/2017 25

4.2 VPN tunnel between SCALANCE S615 (VPN server) and SOFTNET Security Client using a static IP address
4.2 VPN tunnel between SCALANCE S615 (VPN server) and SOFTNET Security Client using a
static IP address
Overview
Figure 4-2
Service PC with S615 Automation Cell

SOFTNET Security Client Internet Internet
Modem/Router Router
SSC
Static
WAN IP Address
VPN Client
VPN Server
Table 4-3
SCALANCE S615 SOFTNET Security Client Static IP address
Requirements
 Static public IP address from the mobile network operator that can also be accessed from the Internet (on the VPN server side).


Entry ID: 26662448, V2.1, 03/2017 26

4.3 VPN tunnel between SCALANCE M874-x (VPN server) and CP x43-1 Advanced using a static IP address
4.3 VPN tunnel between SCALANCE M874-x (VPN server) and CP x43-1 Advanced using a static
IP address
Overview
Figure 4-3

SCALANCE
M874-x Internet SIMATIC S7-300 or S7-400
Modem/Router with CP x43-1 Advanced
Static
WAN IP Address
VPN Tunnel
Industrial Ethernet
Table 4-4
SCALANCE M874-x CP x43-1 Advanced Static IP address
Requirements
 Mobile network operator's default APN (on the VPN server side).

Entry ID: 26662448, V2.1, 03/2017 27

4.4 VPN tunnel between SCALANCE M874-x (VPN server) and CP 1x43-1 using a static IP address
4.4 VPN tunnel between SCALANCE M874-x (VPN server) and CP 1x43-1 using a static IP
address
Overview
Figure 4-4

SCALANCE
M874-x Internet SIMATIC S7-1200 or
Modem/Router S7-1500 with CP 1x43-1
Static
WAN IP Address
VPN Tunnel VPN Client
VPN Server
Industrial Ethernet
Table 4-5
SCALANCE M874-x CP 1x43-1 Static IP address
Requirements
 Mobile network operator's default APN (on the VPN server side).

In progress

Entry ID: 26662448, V2.1, 03/2017 28

4.5 VPN tunnel between SCALANCE M874-x (VPN server) and SCALANCE M874-x using a static IP address
4.5 VPN tunnel between SCALANCE M874-x (VPN server) and SCALANCE M874-x using a static
IP address
Overview
Figure 4-5

SCALANCE SCALANCE
M874-x M874-x
Static
WAN IP Address
Table 4-6
SCALANCE M874-x SCALANCE M874-x Static IP address
Requirements
 Mobile to mobile communication (depending on the mobile network operator).

Entry ID: 26662448, V2.1, 03/2017 29

4.6 VPN tunnel between SCALANCE M874-x (VPN server) and a mobile client using a static IP address
4.6 VPN tunnel between SCALANCE M874-x (VPN server) and a mobile client using a static IP
address
Overview
Figure 4-6
Automation Cell
Smartphone with SCALANCE
IPSec Client App M874-x
Static
WAN IP Adress
VPN Client
VPN Server
Table 4-7
SCALANCE M874-x Mobile client Static IP address
Requirements
 Mobile to mobile communication (depending on the mobile network operator).

Entry ID: 26662448, V2.1, 03/2017 30
5 SINEMA Remote Connect

This chapter describes the configurations in which the SINEMA Remote Connect is configured as the VPN server.
This group is marked in light blue color.
Table 5-1
SINEMA Remote Connect VPN remote end Static IP address
Characteristics
 The VPN client can either be a PC with SINEMA Remote Connect Client or a smartphone/tablet with an “OpenVPN-Client” app.

Entry ID: 26662448, V2.1, 03/2017 31

5.1 VPN tunnel between SINEMA Remote Connect Server and a tablet (iOS)
5.1 VPN tunnel between SINEMA Remote Connect Server and a tablet (iOS)
Overview
Figure 5-1
Service technician with

Central Station
mobile end device
SINEMA Remote Internet Internet
Connect Server Router Router
WAN
Static
VPN Server
WAN IP Address
Industrial Ethernet
Table 5-2
SINEMA Remote Connect Tablet (iOS) with “OpenVPN Client” app Static IP address
Requirements
 Tablet with “OpenVPN Client” app and iOS operating system (VPN client side).
 Standard internet router with WLAN functionality (VPN client side).


Entry ID: 26662448, V2.1, 03/2017 32

5.2 VPN tunnel between SINEMA RC Server and a smartphone (Android)
5.2 VPN tunnel between SINEMA RC Server and a smartphone (Android)

Overview
Figure 5-2
Central Station
Service technician with
SINEMA Remote Internet mobile end device
Connect Server Router
WAN
Static
VPN Server
WAN IP Address VPN Client
VPN Tunnel
Industrial Ethernet
Table 5-3
SINEMA Remote Connect Smartphone (Android) with “OpenVPN Client” app Static IP address
Requirements
 Smartphone with “OpenVPN Client” app and Android operating system (VPN client side).

Entry ID: 26662448, V2.1, 03/2017 33

5.3 VPN tunnel between SCALANCE S615 and SINEMA RC client via the SINEMA RC server
5.3 VPN tunnel between SCALANCE S615 and SINEMA RC client via the SINEMA RC server
Overview
Figure 5-3
Central Station Automation Cell

S615
SINEMA Remote Connect
Server Internet Internet
Router Router
WAN
VPN Server Static
WAN IP Address
VPN Client
Service Technician
Internet
Router
VPN Tunnel
Industrial Ethernet VPN Client
Table 5-4
VPN server VPN clients Access type
SINEMA Remote Connect SCALANCE S615, SINEMA Remote Connect client Static IP address
Requirements


Entry ID: 26662448, V2.1, 03/2017 34

5.4 VPN tunnel between SCALANCE S615 and a tablet (iOS) via the SINEMA RC server
5.4 VPN tunnel between SCALANCE S615 and a tablet (iOS) via the SINEMA RC server
Overview
Figure 5-4

S615
Router Router
WAN
VPN Server Statische
WAN IP Address
Service Technician VPN Client
Internet
Router
VPN Tunnel
VPN Client
Industrial Ethernet
Table 5-5
SINEMA Remote Connect SCALANCE S615, tablet (iOS) with “OpenVPN Client” app Static IP address
Requirements
 Tablet with “OpenVPN Client” app and iOS operating system (VPN client side).

Entry ID: 26662448, V2.1, 03/2017 35

5.5 VPN tunnel between SCALANCE S615 and a smartphone (Android) via the SINEMA RC server
5.5 VPN tunnel between SCALANCE S615 and a smartphone (Android) via the SINEMA RC
server
Overview
Figure 5-5

S615
Router Router
WAN
Static
VPN Server WAN IP Address
Service Technician VPN Client

Industrial Ethernet
Table 5-6
SINEMA Remote Connect SCALANCE S615, smartphone (Android) with “OpenVPN Client” app Static IP address
Requirements
 Smartphone with “OpenVPN Client” app and Android operating system (VPN client side).
Entry ID: 26662448, V2.1, 03/2017 36
5.6 VPN tunnel between two identical cells with S615 and SINEMA RC Client via the SINEMA RC
Server by using the NAT function
Overview
Figure 5-6
Service
Cell 1
VPN client S615
WAN Central
Server
VPN client
VPN server Cell 2

S615
VPN tunnel
Industrial Ethernet
VPN client

Entry ID: 26662448, V2.1, 03/2017 37
Table 5-7
SINEMA Remote Connect SCALANCE S615, SINEMA Remote Connect client Static IP address
Requirements
 Static public IP address and port forwarding for the Internet router of the VPN server.
 Identical IP subnet in the automation cells


Entry ID: 26662448, V2.1, 03/2017 38
5.7 JumpHost application with SINEMA RC Server

Übersicht
Figure 5-7
Service technician
VPN client
WAN
Data center/ DMZ
SINEMA Cell network

JumpHost
RC Server Virtual S615
Desktop
VPN server VPN client
VPN client
enterprise
VPN Tunnel network
Industrial Ethernet

Entry ID: 26662448, V2.1, 03/2017 39
Table 5-8
VPN-Server VPN-Clients Zugriffsart
SINEMA Remote Connect SCALANCE S615, SINEMA Remote Connect-Client Static IP address
Voraussetzungen
 Static public IP address and port forwarding for the Internet router of the VPN server.
 DMZ with SINEMA Remote Connect Server and JumpHost Virtual Desktop


Entry ID: 26662448, V2.1, 03/2017 40
6 CP x43-1 Advanced
6 CP x43-1 Advanced
This chapter describes the configurations in which the CP x43-1 Advanced is configured as the VPN server.
This group is marked in dark blue.
Table 6-1
CP x43-1 Advanced VPN remote end Static IP address
Characteristics
 The firewall, VPN server and communication settings are made directly in the CP x43-1 Advanced; the security functions are integrated
in the communications processor.
 A static or dynamic public IP address can be used for the DSL router on the VPN server side.

Entry ID: 26662448, V2.1, 03/2017 41
6 CP x43-1 Advanced
6.1 VPN tunnel between CP x43-1 Advanced (VPN server) and SCALANCE S using a static IP address
6.1 VPN tunnel between CP x43-1 Advanced (VPN server) and SCALANCE S using a static IP
address
Overview
Figure 6-1

SCALANCE S Internet Internet SIMATIC S7-1200 or
Modem/Router Router S7-1500 with CP 1x43-1
Static
WAN IP Address
VPN Tunnel VPN Client VPN Server

Industrial Ethernet
Table 6-2
CP x43-1 Advanced SCALANCE S Static IP address
Requirements


Entry ID: 26662448, V2.1, 03/2017 42
6 CP x43-1 Advanced
6.2 VPN tunnel between CP x43-1 Advanced (VPN server) and SCALANCE M81x-1 using a static IP address
6.2 VPN tunnel between CP x43-1 Advanced (VPN server) and SCALANCE M81x-1 using a static
IP address
Overview
Figure 6-2

SCALANCE
M81x-1 Internet SIMATIC S7-1200 or
Router S7-1500 with CP 1x43-1
Static
WAN IP Address
VPN Tunnel VPN Client VPN Server

Industrial Ethernet
Table 6-3
CP x43-1 Advanced SCALANCE M874-x Static IP address
Requirements


Entry ID: 26662448, V2.1, 03/2017 43
6 CP x43-1 Advanced
6.3 VPN tunnel between CP x43-1 Advanced (VPN server) and SOFTNET Security Client using a static IP address
6.3 VPN tunnel between CP x43-1 Advanced (VPN server) and SOFTNET Security Client using a
static IP address
Overview
Figure 6-3

SOFTNET Security Client Internet Internet SIMATIC S7-1200 or
Modem/Router Router S7-1500 with CP 1x43-1
SSC
Static
WAN IP Address
VPN Client
VPN Tunnel VPN Server
Industrial Ethernet
Table 6-4
CP x43-1 Advanced SOFTNET Security Client Static IP address
Requirements


Entry ID: 26662448, V2.1, 03/2017 44
6 CP x43-1 Advanced
6.4 VPN tunnel between CP x43-1 Advanced (VPN server) and CP x43-1 Advanced using a static IP address
6.4 VPN tunnel between CP x43-1 Advanced (VPN server) and CP x43-1 Advanced using a static
IP address
Overview
Figure 6-4
Automation Cell A Automation Cell B
SIMATIC S7-300 or S7-400 Internet Internet SIMATIC S7-300 or S7-400

mit CP x43-1 Advanced Router Modem/Router with CP x43-1 Advanced
Static
WAN IP Address
VPN tunnel
Industrial Ethernet VPN Server VPN Client
Table 6-5
CP x43-1 Advanced CP x43-1 Advanced Static IP address
Requirements


Entry ID: 26662448, V2.1, 03/2017 45
6 CP x43-1 Advanced
6.5 VPN tunnel between CP x43-1 Advanced (VPN server) and SCALANCE M874-x using a static IP address
6.5 VPN tunnel between CP x43-1 Advanced (VPN server) and SCALANCE M874-x using a static
IP address
Overview
Figure 6-5

SCALANCE
M874-x Internet SIMATIC S7-300 or S7-400
Router with CP x43-1 Advanced
Static
WAN IP Address
VPN tunnel
Industrial Ethernet VPN Client VPN Server
Table 6-6
CP x43-1 Advanced SCALANCE M874-x Static IP address
Requirements


Entry ID: 26662448, V2.1, 03/2017 46
6 CP x43-1 Advanced
6.6 VPN tunnel between CP x43-1 Advanced (VPN server) and a mobile client using a static IP address
6.6 VPN tunnel between CP x43-1 Advanced (VPN server) and a mobile client using a static IP
address
Overview
Figure 6-6
Automation Cell
Smartphone with
IPSec Client App Internet SIMATIC S7-300 or S7-400
Router with CP x43-1 Advanced
Static
WAN IP Address
VPN Client
VPN tunnel
Industrial Ethernet VPN Server
Table 6-7
CP x43-1 Advanced Mobile client Static IP address
Requirements


Entry ID: 26662448, V2.1, 03/2017 47
7 CP 1x43-x
7 CP 1x43-x
This chapter describes the configurations in which the CP 1x43-x is configured as the VPN server.
This group is marked in gray.
Table 7-1
CP 1x43-1 VPN remote end Static IP address
Characteristics
 The firewall, VPN server and communication settings are made directly in the CP 1x43-x; the security functions are integrated in the
communications processor.
 A static or dynamic public IP address can be used for the DSL router on the VPN server side.

Entry ID: 26662448, V2.1, 03/2017 48
7 CP 1x43-x
7.1 VPN tunnel between CP 1x43-1 (VPN server) and SCALANCE S using a static IP address
7.1 VPN tunnel between CP 1x43-1 (VPN server) and SCALANCE S using a static IP address
Overview
Figure 7-1

SCALANCE S Internet Internet SIMATIC S7-1200 or
Modem/ Router Router S7-1500 with CP 1x43-1
Static
WAN IP Address
VPN tunnel VPN Client VPN Server

Industrial Ethernet
Table 7-2
CP 1x43-1 SCALANCE S Static IP address
Requirements

Entry ID: 26662448, V2.1, 03/2017 49
7 CP 1x43-x
7.2 VPN tunnel between CP 1x43-1 (VPN server) and SCALANCE M81x-1 using a static IP address
7.2 VPN tunnel between CP 1x43-1 (VPN server) and SCALANCE M81x-1 using a static IP
address
Overview
Figure 7-2

SCALANCE
M81x-1 Internet SIMATIC S7-1200 or
Static
WAN IP Address

Industrial Ethernet
Table 7-3
CP 1x43-1 SCALANCE M81x-1 Static IP address
Requirements

Entry ID: 26662448, V2.1, 03/2017 50
7 CP 1x43-x
7.3 VPN tunnel between CP 1x43-1 (VPN server) and SOFTNET Security Client using a static IP address
7.3 VPN tunnel between CP 1x43-1 (VPN server) and SOFTNET Security Client using a static IP
address
Overview
Figure 7-3

SOFTNET Security Client Internet Internet SIMATIC S7-1200 or
Modem/ Router Router S7-1500 with CP 1x43-1
SSC
Static
WAN IP Address
VPN Client
VPN tunnel VPN Server
Industrial Ethernet
Table 7-4
CP 1x43-1 SOFTNET Security Client Static IP address
Requirements

https://support.industry.siemens.com/cs/ww/en/view/109737290

Entry ID: 26662448, V2.1, 03/2017 51
7 CP 1x43-x
7.4 VPN tunnel between CP 1x43-1 (VPN server) and CP x43-1 Advanced using a static IP address
7.4 VPN tunnel between CP 1x43-1 (VPN server) and CP x43-1 Advanced using a static IP
address
Overview
Figure 7-4

SIMATIC S7-1200 or Internet Internet SIMATIC S7-300 or S7-400
S7-1500 with CP 1x43-1 Router Modem/Router with CP x43-1 Advanced
Static
WAN IP Address
VPN tunnel
Industrial Ethernet VPN Server VPN Client
Table 7-5
CP 1x43-1 CP x43-1 Advanced Static IP address
Requirements

In progress

Entry ID: 26662448, V2.1, 03/2017 52
7 CP 1x43-x
7.5 VPN tunnel between CP 1x43-1 (VPN server) and CP 1x43-1 using a static IP address
7.5 VPN tunnel between CP 1x43-1 (VPN server) and CP 1x43-1 using a static IP address
Overview
Figure 7-5

SIMATIC S7-1200 or Internet Internet SIMATIC S7-1200 or
S7-1500 with CP 1x43-1 Router Modem/Router S7-1500 with CP 1x43-1
Static
WAN IP Address
VPN tunnel VPN Server VPN Client

Industrial Ethernet
Table 7-6
CP 1x43-1 CP 1x43-1 Static IP address
Requirements

https://support.industry.siemens.com/cs/ww/en/view/109737287

Entry ID: 26662448, V2.1, 03/2017 53
7 CP 1x43-x
7.6 VPN tunnel between CP 1x43-1 (VPN server) and SCALANCE M874-x using a static IP address
7.6 VPN tunnel between CP 1x43-1 (VPN server) and SCALANCE M874-x using a static IP
address
Overview
Figure 7-6

SCALANCE
M874-x Internet SIMATIC S7-1200 or
Static
WAN IP Address

Industrial Ethernet
Table 7-7
CP 1x43-1 SCALANCE M874-x Static IP address
Requirements

Entry ID: 26662448, V2.1, 03/2017 54
7 CP 1x43-x
7.7 VPN tunnel between CP 1x43-1 (VPN server) and a mobile client using a static IP address
7.7 VPN tunnel between CP 1x43-1 (VPN server) and a mobile client using a static IP address
Overview
Figure 7-7
Automation Cell
Smartphone with
IPSec Client App Internet SIMATIC S7-1200 or
Static
WAN IP Address
VPN Client
VPN tunnel VPN Server
Industrial Ethernet
Table 7-8
CP 1x43-1 Mobile client Static IP address
Requirements

Entry ID: 26662448, V2.1, 03/2017 55
8 TS Adapter IE Advanced/ LOGO!

This chapter describes the configurations in which the TS Adapter IE Advanced and LOGO! are configured as the VPN server.
This group is marked in dark yellow.
Table 8-1
TS Adapter IE Advanced VPN remote end Static IP address
Characteristics
 Aside from a PC, no other hardware is required on the VPN client side to establish the VPN connection.
 Using the TS Adapter, either TIA Portal or the Windows SSTP client can be used as the VPN client.
 Using the LOGO!, the OpenVPN client must support
– OpenVPN V2.3.11 or higher
– Pre-Shared Key coding.

Entry ID: 26662448, V2.1, 03/2017 56

8.1 VPN tunnel between TS Adapter IE Advanced (VPN server) and Windows SSTP client using a static IP address
8.1 VPN tunnel between TS Adapter IE Advanced (VPN server) and Windows SSTP client using
a static IP address
Overview
Figure 8-1
Service
Service
PC PC Automatisierungszelle
Automation Cell
SCALANCE
TS Adapter
Internet
Internet Internet M874-x
IE Advanced
Modem/
Modem/
Router
Router Router
Statische Static
WAN-IP-Adresse WAN IP Address
VPN tunnel
VPN tunnel SIMATIC S7
VPN-Server
IndustrialEthernet
Industrial Ethernet Stationen
Stations
Table 8-2
TS Adapter IE Advanced Windows SSTP client Static IP address
Requirements
 Windows 7 or Windows Server 2008 or higher.

Entry ID: 26662448, V2.1, 03/2017 57

8.2 VPN tunnel between TS Adapter IE Advanced (VPN server) and TIA Portal using a static IP address
8.2 VPN tunnel between TS Adapter IE Advanced (VPN server) and TIA Portal using a static IP
address
Overview
Figure 8-2

TS Adapter
Internet Internet IE Advanced
TIA Modem/ Router Router
Portal
Static
WAN IP Address
VPN tunnel SIMATIC S7
Table 8-3
TS Adapter IE Advanced TIA Portal Static IP address
Requirements
 TIA Portal V12 SP1 or higher.


Entry ID: 26662448, V2.1, 03/2017 58

8.3 VPN tunnel between LOGO! (VPN server) and a PC using a static IP address
8.3 VPN tunnel between LOGO! (VPN server) and a PC using a static IP address
Overview
Figure 8-3
Service PC LOGO! CMR with

LOGO! BM
Internet
Router
WAN
VPN client
VPN Tunnel VPN server

Industrial Ethernet
Table 8-4
LOGO! CMR OpenVPN client Static IP address
Requirements
 Static public IP address for the SIM card of the VPN server.


Entry ID: 26662448, V2.1, 03/2017 59
9 Links & Literature
9 Links & Literature

Table 9-1
Topic Title
\1\ Siemens Industry http://support.automation.siemens.com
Online Support
\2\ Download page of https://support.industry.siemens.com/cs/ww/de/view/26662
the entry 448https://support.industry.siemens.com/cs/ww/en/view/26662448
\3\ Security with http://support.automation.siemens.com/WW/view/en/27043887

SIMATIC NET
\4\ SIMATIC NET http://support.automation.siemens.com/WW/view/en/63207600
Industrial Ethernet
Security
SCALANCE S V4
Industrial Remote
Communication
Remote Networks
SCALANCE M874,
M876 Operating
Instructions
Industrial Remote
Communication
Remote Networks
SCALANCE M812,
M816 Operating
Instructions
S7-300 - Industrial
Ethernet S7-CPs for
Industrial Ethernet
CP 343-1 Advanced
Manual Part B
S7-400 - Industrial
Ethernet CP 443-1
Advanced (GX30)
Manual Part B
PG/PC - Industrial
Ethernet CP 1628
Operating
Instructions
\10\ Industrial Ethernet http://support.automation.siemens.com/WW/view/en/63207571
Security
Setting up security
\11\ TS Adapter IE http://support.automation.siemens.com/WW/view/en/85517232
Advanced Manual
\12\ TIA Selection Tool http://www.siemens.en/tia-selection-tool
\13\ SIMATIC NET S7- http://support.automation.siemens.com/WW/view/en/67700710
1500 - Industrial
Ethernet CP 1543-1
Manual
\14\ SIMATIC NET S7- http://support.automation.siemens.com/WW/view/en/103948898

Entry ID: 26662448, V2.1, 03/2017
10 History
Topic Title
1200 - TeleControl
CP 1243-1
Operating
Instructions
\15\ Getting Started with http://support.automation.siemens.com/WW/view/en/64721753
Industrial Remote
Communication
\16\ SIMATIC NET https://support.industry.siemens.com/cs/ww/en/view/10947
LOGO! - Industrial 7418
Ethernet LOGO!
CMR2020, LOGO!
CMR2040 -
Operating
Instructions
10 History
Table 10-1
Version Date Modifications
V1.0 08/2014 First version
V1.1 09/2015 Integrating SINEMA Remote Connect as new VPN server

V2.0 11/2015 New Cluster (Merging SCALANCE M and integration of
SCALANCE S615)
Deleting Chapter for dynamic IP
V2.1 03/2017 New Example (chapter 5.6)

Entry ID: 26662448, V2.1, 03/2017

Remote Networks Overview Doku en PDF

Загружено:

Сведения о документе

Исходное описание:

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Remote Networks Overview Doku en PDF

Загружено:

Авторское право:

Доступные форматы

Application Description  03/2017

IP-based Remote Networks

Warranty and Liability

(“wesentliche Vertragspflichten”). The damages for a breach of a substantial

IP-based Remote Networks Warranty

3.2 VPN tunnel between SCALANCE S (VPN server) and

IP-based Remote Networks Warranty

7.2 VPN tunnel between CP 1x43-1 (VPN server) and SCALANCE

IP-based Remote Networks Warranty

1 Remarks on this Document

1.2 Features and benefits

IP-based Remote Networks Warranty

1.3 Structure of this document

To present these options in a clear manner, the possible configurations are

Classification based on SIMATIC dependency

Classification of the configurations

IP-based Remote Networks Warranty

Oerview Remote Access

IP-based Remote Networks Warranty

2 Introduction into Remote Networks

Integration into the industrial security concept

IP-based Remote Networks Warranty

VPN client and VPN server

IP-based Remote Networks Warranty

2.2 Security Integrated product portfolio

The figure below shows the remote access cells.

IP-based Remote Networks Warranty

2.2.1 SINEMA Remote Connect

SINEMA Remote Connect is a management platform for remote networks that

SINEMA Remote Connect Server

It coordinates the secure connecting process between users, distributed plants,

IP-based Remote Networks Warranty

SINEMA Remote Connect Client

IP-based Remote Networks Warranty

2.2.2 SCALANCE S612 and S62x

2.2.3 SOFTNET Security Client

2.2.4 SCALANCE M-800

IP-based Remote Networks Warranty

IP-based Remote Networks Warranty

2.2.5 CP x43-1 Advanced

CP 343-1 Advanced and CP 443-1 Advanced are communications processors for

The CP 1243-x communication processor securely connects the SIMATIC S7-1200

IP-based Remote Networks Warranty

CP 1628 is a communications module for securely connecting a PG/PC to

2.2.8 TS Adapter IE Advanced

This module is characterized by the following features:

IP-based Remote Networks Warranty

IP-based Remote Networks

Service PC Automation Cell

Link to the configuration description:

IP-based Remote Networks

Service PC Automation Cell

VPN Tunnel VPN Client SIMATIC S7

Link to the configuration description:

IP-based Remote Networks

Service PC with Automation Cell

Link to the configuration description:

IP-based Remote Networks

Service PC Automation Cell

Link to the configuration description:

IP-based Remote Networks

Service PC Automation Cell