Scribd Logo
Hochladen

Willkommen bei Scribd!

  • VPN

    Hochgeladen von

    Luiz Carlos Tilha
    27 Ansichten4 Seiten
    PG functions are used with STEP 7 to access an automation system (e.g. SIMATIC S7) in the local network from the external network. Access is made via a gateway that uses the NAT and NAPT services. The PG functions, S7 communication etc. Use port 102 (TCP) Information on the which protocol uses which TCP port is available in Entry ID: 8970169.

    Originalbeschreibung:

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Verfügbare Formate

    PDF, TXT oder online auf Scribd lesen

    Stufen Sie dieses Dokument als nützlich ein?

    Sind diese Inhalte unangemessen?

    Dieses Dokument melden
    PG functions are used with STEP 7 to access an automation system (e.g. SIMATIC S7) in the local network from the external network. Access is made via a gateway that uses the NAT and NAPT services. The PG functions, S7 communication etc. Use port 102 (TCP) Information on the which protocol uses which TCP port is available in Entry ID: 8970169.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Als PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    27 Ansichten4 Seiten

    VPN

    Hochgeladen von

    Luiz Carlos Tilha
    PG functions are used with STEP 7 to access an automation system (e.g. SIMATIC S7) in the local network from the external network. Access is made via a gateway that uses the NAT and NAPT services. The PG functions, S7 communication etc. Use port 102 (TCP) Information on the which protocol uses which TCP port is available in Entry ID: 8970169.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Als PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    von 4

    Siemens Industry Online Support - Automation Service, Automation Supic Service, Simatic Support, Technical Support, Technical Consulting

    07/06/12 10:05

    showtheentrylist IndustrialEthernetPCCPs--Operationandmaintenance--Teleservicing
    WhichportsareusedbythevariousservicesfordatatransferbymeansofTCPandUDPandwhatshouldyou watchoutforwhenusingroutersandfirewalls? WhatshouldyouwatchoutforwitharemoteaccesstoaSIMATICS7withSTEP7viathe Internet? AlternativerouteswhensettingupconnectionswiththePGChannelRoutingfunction TeleprogrammingviaINDUSTRIALETHERNETwithSTEP5(PGBUSfunctions) TeleprogrammingviaINDUSTRIALETHERNETwithSTEP7 WhatrequirementsmustbefulfilledandwhatshouldIwatchoutforwhenexecutingRouting?

    S7-300CPU31x--Configuringandprogrammingcommunication--ConfiguringPROFINETinterfaces S7-400CPU41x--Configuringandprogrammingcommunication--ConfiguringthePROFINET interface WhatshouldyouwatchoutforwitharemoteaccesstoaSIMATICS7withSTEP7viatheInternet? Displaypartnumber

    Description: Remoteaccessismadetoanautomationsystem(e.g.SIMATICS7)viatheInternet.Inthiscase,only onecontrollercanbereachedbytheremoteaccessviaportforwarding.Accesstoothercontrollersin theautomationcellisviaPGrouting.

    Fig.01 PGfunctionsareusedwithSTEP7toaccessanautomationsystem(e.g.SIMATICS7)inthelocal networkfromtheexternalnetwork.AccessismadeviaagatewaythatusestheNAT(NetworkAddress Translation)andNAPT(NetworkAddressPortTranslation)services.

    http://support.automation.siemens.com/WW/llisapi.dll?func=cslib.csinfo&lang=en&objid=38571711&caller=view

    Pgina 1 de 4

    Siemens Industry Online Support - Automation Service, Automation Supic Service, Simatic Support, Technical Support, Technical Consulting

    07/06/12 10:05

    Fig.02 Intheabove-mentionedexamples,thePGfunctionspermitthefollowingwithSTEP7: DownloadingoftheconfigurationanduserprogramtotheCPU Monitoringofblocksandtags ThePGfunctions,S7communicationetc.usePort102(TCP). InformationonthewhichprotocoluseswhichTCPportisavailableinEntryID:8970169. Intheabove-mentionedapplications,yousettheportforwardingintheDSLModem/Routerontheplant sideandinthegatewaysothatthemessagesofPort102fromtheexternalnetworkareforwardedto Port102oftheIPaddressoftheSIMATICS7.TheIPaddressoftheSIMATICS7isinthelocalnetwork. Exampleofportforwarding: Example RemoteaccessviaInternet usingportforwarding AccessviaNAT/NAPT External IPaddress 217.91.8.166 192.168.2.1 External port 102 102 Internal IPaddress 172.168.2.10 172.168.2.10 Internal port 102 102 Application STEP7 STEP7

    Forthefollowingapplications,attentionmustbepaidtothefixedexternalIPaddressofthestandard DSLmodem/routerontheplantsideandtheexternalIPaddressofthegateway: Monitorblocks, sothatitispossibletomonitorblocksontheSIMATICS7CPUonlineviaSTEP7. Downloadinterface, sothatitispossibletodownloadtheconfigurationviaSTEP7. Monitorblocks YoumustmakethefollowingchangeinthehardwareconfigurationoftheSIMATICS7toenable monitoringofblocksontheSIMATICS7CPUonlineviaSTEP7. InthehardwareconfigurationoftheSIMATICS7,youreplacetheIPaddressoftheinterfacethat enablesaccesstotheInternet(e.g.IECPorintegratedPNinterfaceoftheCPU)withtheexternalIP addressoftheDSLmodem/routerontheplantside. Thechangedhardwareconfigurationisonly onlyformonitoringtheblocksandmustnot mustnotbeloadedintothe CPU,becausethisinformationisstoredintheprojectandthusthesystemdataischangedinthe project.AdownloadchangesthesettingsoftheCPsortheCPUandthusrendersfurtheronline monitoringimpossible.

    http://support.automation.siemens.com/WW/llisapi.dll?func=cslib.csinfo&lang=en&objid=38571711&caller=view

    Pgina 2 de 4

    Siemens Industry Online Support - Automation Service, Automation Supic Service, Simatic Support, Technical Support, Technical Consulting

    07/06/12 10:05

    AdownloadofthesystemdataorthehardwareconfigurationwithchangedIPaddresspreventsfurther onlinemonitoringviaportforwarding. Downloadinterface NochangesaremadeintheprojectwhenyousetthedownloadinterfaceinSTEP7.TheoriginalIP addressisretainedintheproject.OnlytheIPaddressofthedownloadtargetisreplacedbytheexternal IPaddressoftheDSLmodem/routerontheplantside. Thus,itisalsopossibletodownloadthesystemdataandhardwareconfigurationwithouttheonline connectionbeingcutafterthedownload.However,noblockmonitoringispossiblehere.

    Fig.03 Note: Withtheremoteaccessoptionsmentionedabove,thelocalnetworkisnot notprotectedagainst unauthorizedaccess.WethereforerecommendthatyouuseaVPN(VirtualPrivateNetwork)forremote accessviatheInternet.ViaVPN,youcanusethePGfunctionswithSTEP7: withoutchangingtheIPaddressoftheIndustrialEthernetinterfaceinthehardwareconfiguration tomonitortheblocksand withoutchangingtheIPaddressofthedownloadinterfacestodownloadthehardware configurationoruserprogramintotheCPU. InstructionsforconfiguringaVPNwithSCALANCES6xandSOFTNETSecurityClientareavailablein
    http://support.automation.siemens.com/WW/llisapi.dll?func=cslib.csinfo&lang=en&objid=38571711&caller=view Pgina 3 de 4

    Siemens Industry Online Support - Automation Service, Automation Supic Service, Simatic Support, Technical Support, Technical Consulting

    07/06/12 10:05

    thefollowingentries: EntryID:32447942 EntryID:24968210 AdescriptionofthevariousWANaccessmethodsforremoteaccesstoautomationsystems(e.g. SIMATICS7)isavailableinEntryID:26662448. EntryID: EntryID:38571711Date: Date:2009-12-14 Thisentryisavailableinthefollowinglanguages: german french italian spanish chinese Iregardthisarticle.... Copylink
    Print Siemens AG 2012 - Corporate Information - Privacy Policy - Terms of Use

    ashelpful

    asnothelpful

    Sendtoafriend

    Suggestionfortheentry

    http://support.automation.siemens.com/WW/llisapi.dll?func=cslib.csinfo&lang=en&objid=38571711&caller=view

    Pgina 4 de 4

    Das könnte Ihnen auch gefallen