Sie sind auf Seite 1von 18

Part Number D301766X012

August 2014

MOXA® Industrial Secure Router


Installation Guide

Remote Automation Solutions


MOXA Industrial Secure Router Installation Guide
August 2014 D301766X012

Revision Tracking Sheet


August 2014

This manual may be revised periodically to incorporate new or updated


information. The revision date of each page appears at the bottom of the page
opposite the page number. A change in revision date to any page also changes the
date of the manual that appears on the front cover. Listed below is the revision
date of each page (if applicable):

Page Revision
Initial issue August-2014

ii
MOXA Industrial Secure Router Installation Guide
D301766X012 August 2014

Overview
The MOXA® EtherDevice Router (model EDR-810-VPN) provides an Ethernet-based
industrially secure 1GB communications pathway. This guide details the tasks required to
configure a secure communications “tunnel” between two EDR-810 routers (see Figure 1)
to prevent replay attacks and denial of service (DoS) attacks.

Security is achieved by selecting the SHA-256 hash algorithm and AES-256 encryption
algorithm for each EDR and then linking the EDRs with a user-defined pre-shared key for
authentication.

Figure 1: Typical Router Configuration

Note
During the configuration process, you attach a PC to EDR1 and then to EDR2. After
successfully configuring EDR2, you remove that PC.

This guide provides only installation and configuration information, and is intended for
use by personnel familiar with managing network IP information. For technical
specifications or advanced installation options, refer to the MOXA website
(www.moxa.com) or the EDR-810 User’s Manual (provided on the CD that accompanies the
MOXA unit)

1
MOXA Industrial Secure Router Installation Guide
August 2014 D301766X012

Configuration
Note
Ensure that the two MOXA EDR-810 routers have the same firmware level (3.3 or higher).
Otherwise you may encounter difficulties in the configuration process.

To configure the MOXA EDRs, you connect a PC to each EDR and perform a series of
specific tasks (see Figure 2) described in the following sections. These tasks set IP
addresses and various internal settings. Completely configure the first EDR before
proceeding to the second. The configuration tasks are similar, but not identical. Once you
have configured both EDRs, you then connect the EDRs with an Ethernet cable and test
(“ping”) communications between the two EDRs:

Figure 2: EDR Configuration Process Overview

2
MOXA Industrial Secure Router Installation Guide
D301766X012 August 2014

1. EDR1: Configure the PC’s IP address


To initially access a MOXA router, you need to set the IP address for the PC you use to
connect to the router.

Note
All MOXA routers have a factory-set default IP address of 192.168.127.254.

1. Connect the PC to a LAN port on the EDR1 using an Ethernet cable.


2. Click Start and select Control Panel.
3. Select Network and Internet and View network status and tasks.
4. In the View your active networks area, select Local Area Connection. The Local Area
Connection Status dialog displays.
5. Click Properties. The Local Area Connection Properties dialog displays.

Figure 3: Local Area Connection Properties dialog

6. In the This connection uses the following items area, select Internet Protocol Version
4 (TCP/IPv4) and then click Properties. The Internet Protocol version 4 (TCP/IPv4)
Properties dialog displays (Figure 4), showing the General tab.

3
MOXA Industrial Secure Router Installation Guide
August 2014 D301766X012

Figure 4: Properties dialog

7. Set the TCP/IPv4 IP address:


a. Click Use the following IP address.
b. Complete the IP address with 192.168.127.1.
c. Complete the Subnet mask with 255.255.255.0.
d. Click OK, Close, and then Close again.
8. Minimize the Network and Sharing Center screen.

2. EDR1: Define password


MOXA routers provide device-based webpages you use for configuration tasks, which you
access using Microsoft® Internet Explorer® 6.0 (or later) with an installed Java virtual
machine. The PC does not need an active Internet connection to access these webpages.

Define passwords to ensure that only authorized personnel can access your MOXA
routers. As delivered from the factory, MOXA routers use moxa as the default password
for both the admin and user accounts. Change the default password for both accounts.
1. Open the browser on the PC and enter the URL https://192.168.127.254. The MOXA
Secure Router sign-in page displays.

Note
IE may display a caution about this website’s security certificate. Select Continue to
this website (not recommended) to continue.

4
MOXA Industrial Secure Router Installation Guide
D301766X012 August 2014

2. Sign in using admin as the username and moxa as the password (these values are
case-sensitive). Click Login. The MOXA EDR-810 VPN Industrial Secure Router
webpage displays. Select options from the menu on the left side of the page.

Figure 5: MOXA Industrial Secure Router webpage

3. Select System > User Account from the MOXA menu. The User Account webpage
displays.

5
MOXA Industrial Secure Router Installation Guide
August 2014 D301766X012

Figure 6: User Account webpage

By default, the software selects the Admin user name first.


4. Complete the Old Password field with moxa.
5. Complete the New Password and Confirm Password fields with a password
meaningful to your organization.
6. Click Apply. The confirmation message “All new settings are now active” displays.

Note
This message displays whenever you successfully modify a setting.

7. The webserver automatically logs you out. Log back in using your new password.
8. Select System > User Account from the MOXA menu. The User Account webpage
displays.
9. Click the user label to select the User Authority (see Figure 6). The webserver
highlights the selection.
10. Repeat steps 4 through 6, assigning a different password to the User Authority,
depending on your organization’s requirements.

6
MOXA Industrial Secure Router Installation Guide
D301766X012 August 2014

Note
The webserver does not automatically log you out when you change the password for
the User user name.

3. EDR1: Configure the WAN & LAN IP addresses


1. Select Quick Setting Profiles > WAN Routing Quick Setting from the MOXA menu. A
graphic representation of the EDR displays (see Figure 7).
2. Select one of the EDR’s LAN ports. Do not select the LAN port into which you’ve
plugged PC’s Ethernet cable. The label on the selected port changes to WAN and
turns red.

Figure 7: WAN Routing Quick Setting webpage

3. Click Next Step. (Note that the headings at the top of the webpage change.) The LAN
IP Configuration webpage displays.
4. Change EDR1’s LAN IP configuration address to 192.168.128.254.
5. Click Next Step to display the WAN Configuration webpage
6. Change the Connect Type to Static IP and provide the follow IP address information:
a. Set the IP Address to 61.20.223.253.
b. Set the Subnet mask to 255.255.255.0.
c. Set the Gateway to 0.0.0.0.
7. Click Next Step and then click Apply.
8. Close the MOXA webpage.

7
MOXA Industrial Secure Router Installation Guide
August 2014 D301766X012

4. EDR1: Re-set the PC’s IP address


Once you change the LAN IP address (in step 2), you need to also change the IP address
your PC uses to access the router and continue the configuration process.
1. Click Start and select Control Panel.
2. Select Network and Internet and View network status and tasks.
3. In the View your active networks area, select Local Area Connection. The Local Area
Connection Status dialog displays.
4. Click Properties. The Local Area Connection Properties dialog displays.
5. In the This connection uses the following items area, select Internet Protocol Version
4 (TCP/IPv4) and then click Properties. The Internet Protocol version 4 (TCP/IPv4)
Properties dialog displays, showing the General tab.
6. Set the TCP/IPv4 IP address:
a. Click Use the following IP address.
b. Complete the IP address (192.168.128.1).
c. Complete the Subnet mask (255.255.255.0).
d. Complete the Default gateway (192.168.128.254).

Figure 8: Re-configured PC IP Address

e. Click OK, OK, and then Close.


7. Minimize the Network and Sharing Center screen.

5. EDR1: Configure network address translation (NAT)


NAT is a method of modifying network address information so it can be transmitted from
one IP address space to another.
1. Open the browser on the PC and enter the URL https://192.168.128.254. The MOXA
Secure Router sign-in page displays.
2. Sign in using admin and your new password. Click Login.
3. Select NAT > NAT Setting from the MOXA menu. The Network Address Translation
webpage displays.

8
MOXA Industrial Secure Router Installation Guide
D301766X012 August 2014

Figure 9: Network Address Translation webpage

4. Select Enable and select N-1 as the NAT Mode. Verify that the LAN IP Range is
192.168.128.1 to 192.168.128.252 (you may need to change this value from 254).
5. Click Modify and then Apply.

6. EDR1: Configure the firewall


1. Select Firewall > DoS Defense from the MOXA menu. The DoS (Deny of Service)
Setting webpage displays.

9
MOXA Industrial Secure Router Installation Guide
August 2014 D301766X012

Figure 10: DoS webpage

2. Select all the options and click Apply.

7. EDR1: Configure the global IPSec


Internet protocol security (IPSec) is a protocol that provides mutual authentication and
encryption/decryption for IP packets transmitted between the EDRs.
1. Select VPN > IPSec > Global Setting from the MOXA menu. The IPSec Global Setting
webpage displays.

10
MOXA Industrial Secure Router Installation Guide
D301766X012 August 2014

Figure 11: IPSec Global Setting webpage

2. Enable the All IPSec Connection setting.


3. Click Apply.

8. EDR1: Configure the IPSec settings


Internet protocol security (IPSec) is a protocol that provides mutual authentication and
encryption/decryption for IP packets transmitted between the EDRs.
1. Select VPN > IPSec > IPSec Setting from the MOXA menu. The IPSec Setting webpage
displays.

11
MOXA Industrial Secure Router Installation Guide
August 2014 D301766X012

Figure 12: IPSec Setting webpage

2. Define the following settings:


 Select Advanced Setting
 Enable Tunnel Setting and set the name as Test1
 Select Site to Site as the VPN Connection Type
 Define 61.20.223.254 as the Remote VPN Gateway
 Define 192.168.127.0 and 255.255.255.0 as the Remote Network and Netmask
settings
Note
These remote values represent the settings you will define on EDR2.

 Set the Authentication Code as a Pre-shared Key with an eight-digit random


value.

12
MOXA Industrial Secure Router Installation Guide
D301766X012 August 2014

Note
Under no circumstances use 12345678 as shown in Figure 9; that value is only an
example. Determine your own numeric value for this field.

 In the Key Exchange (Phase 1) field, select AES-256 as Encryption Algorithm and
SHA256 as the Hash Algorithm.
 In the Data Exchange (Phase 2) field, select SHA256 as the Hash Algorithm and
SHA256 as the Hash Algorithm.
3. Click Add. The IPSec Connection table at the bottom of the screen redisplays,
showing the new IPSec connection (see Figure 12).
4. Click Apply.
5. Close the website.

9. EDR2: Reset the PC’s IP settings


To begin the process of configuring EDR2, you reset the IP address of the PC you use to
perform the configuration to the MOXA default (192.168.127.254).
1. Disconnect the Ethernet cable from the EDR1 and connect it a LAN port on the EDR2.
2. Click Start and select Control Panel.

Note
If you minimized the Network and Sharing Center screen in Section 4, maximize it
and move to step 4.

3. Select Network and Internet and View network status and tasks.
4. In the View your active networks area, select Local Area Connection. The Local Area
Connection Status dialog displays.
5. Click Properties. The Local Area Connection Properties dialog displays.
6. In the This connection uses the following items area, select Internet Protocol Version
4 (TCP/IPv4) and then click Properties. The Internet Protocol version 4 (TCP/IPv4)
Properties dialog displays (Figure 4), showing the General tab.
7. Set the TCP/IPv4 IP address:
a. Click Use the following IP address.
b. Complete the IP address with 192.168.127.1.
c. Complete the Subnet mask with 255.255.255.0.
d. Complete the Default gateway with 192.168.127.254.

Note
Complete the default gateway value as shown.

e. Click OK, OK, and then Close.


8. Minimize the Network and Sharing Center screen.

10. EDR2: Define the password


1. Open the browser on the PC and enter the URL https://192.168.127.254. The MOXA
Secure Router sign-in page displays.

13
MOXA Industrial Secure Router Installation Guide
August 2014 D301766X012

2. Sign in using admin as the username and moxa as the password (these values are
case-sensitive). Click Login.
3. Select System > User Account from the MOXA menu. The User Account webpage
displays.
4. Complete the Old Password field with moxa.
5. Complete the New Password and Confirm Password fields with a password
meaningful to your organization.
6. Click Apply. The confirmation message “All new settings are now active” displays.
7. The webserver immediately logs you out. Log back in using your new password.
8. Select System > User Account from the MOXA menu. The User Account webpage
displays.
9. Click the user label to select the User Authority. The webserver highlights the
selection.
10. Repeat steps 4 through 6, assigning a different password to the User Authority,
depending on your organization’s requirements.

11. EDR2: Configure the WAN IP address


1. Select Quick Setting Profiles > WAN Routing Quick Setting from the MOXA menu. A
graphic representation of the EDR displays.
2. Select one of the EDR’s LAN ports. Do not select the LAN port into which you’ve
plugged PC’s Ethernet cable. The label on the selected port changes to WAN and
turns red.
3. Click Next Step twice to access the WAN Configuration webpage.
4. Set Connect Type to Static IP.
5. Complete the Address Information fields using:
a. 61.20.223.254 for the IP Address
b. 255.255.255.0 for Subnet mask and
c. 0.0.0.0 for the Gateway.
6. Click Next Step and then Apply.

12. EDR2: Configure NAT


1. Select NAT > NAT Setting from the MOXA menu. The Network Address Translation
webpage displays.
2. Select Enable and select N-1 as the NAT Mode. Verify that the LAN IP Range is
192.168.127.1 to 192.168.127.252 (you may need to change this value from 254).
3. Click Modify and Apply.

13. EDR2: Configure the firewall


1. Select Firewall > DoS Defense from the MOXA menu. The DoS (Deny of Service)
Setting webpage displays.
2. Select all the options and click Apply.

14. EDR2: Configure the global IPSec settings


1. Select VPN > IPSec > Global Setting from the MOXA menu. The IPSec Global Setting
webpage displays.
14
MOXA Industrial Secure Router Installation Guide
D301766X012 August 2014

2. Enable the All IPSec Connection setting.


3. Click Apply.

15. EDR2: Configure the IPSec settings


1. Select VPN > IPSec > IPSec Setting from the MOXA menu. The IPSec Setting webpage
displays.
2. Define the following settings:
 Select Advanced Setting
 Enable Tunnel Setting and set the name as Test1
 Select Site to Site as the VPN Connection Type
 Define 61.20.223.253 as the Remote VPN Gateway
 Define 192.168.128.0 and 255.255.255.0 as the Remote Network and Netmask
settings
Note
These remote values represent the settings you defined on the EDR1.

 Set the Authentication Code as a Pre-shared Key with an 8-digit random value.
This 8-digit value must be the same value you defined for EDR1 in Section 8.
Note
Under no circumstances use 12345678 as shown in Figure 9; that value is only an
example. Determine your own numeric value for this field.

 In the Key Exchange (Phase 1) field, set AES-256 as the Encryption Algorithm and
SHA256 as the Hash Algorithm.
 In the Data Exchange (Phase 2) field, set AES-256 as the Encryption Algorithm
and SHA256 as the Hash Algorithm
3. Click Add. The IPSec Connection table at the bottom of the screen redisplays,
showing the new IPSec connection.
4. Click Apply.

16. Connect EDR1 and EDR2


Using an Ethernet cable, connect the EDR1 and EDR2 using the defined WAN ports.

17. Verify EDR1 and EDR2 IPSec connections


Select VPN > IPSec > IPSec Status from the MOXA menu. This screen shows the defined
connections (that is, both device have established connections). It may take several
minutes for both MOXA devices to appear. Click Refresh to refresh the display if
necessary.

15
MOXA Industrial Secure Router Installation Guide
August 2014 D301766X012

Figure 13: IPSec Status webpage

18. Ping connections


Step 17 verifies that you have correctly defined the communication connections on each
MOXA router. We suggest you conduct a “ping” test to verify that the routers are
communicating with each other. This test sends a signal packet from one router to the
other, and requires that you have a device (a PC or RTU) on each router to answer the
ping.

In the following example, a PC connected to EDR2 (IP address 192.168.127.1) and


attached a second PC to EDR1 (IP address 192.168.128.1). The ping command generates
from EDR1.
1. Click Start. Enter CMD in the Search bar at the bottom of the screen and press Enter.
The Command Prompt dialog displays.
2. At the C:> prompt enter ping 192.168.127.1. The Command Prompt dialog displays
the result.

This test verifies that the EDR1 and EDR2 are communicating successfully.

16

Das könnte Ihnen auch gefallen