Configuration
4.11 Security
CP 1243-7 LTE
Operating Instructions, 04/2017, C79000-G8976-C381-03
73
The CP itself can only communicate with a single communications partner via VPN.
Connection to the telecontrol server
No VPN connection between CP and TCSB
For secure communication via a VPN tunnel, the communications partners are assigned to a
common VPN group. The configuration of a VPN connection between CP and TCSB is not
possible because the telecontrol server cannot be configured in STEP 7.
Thanks to the encrypted telecontrol protocol, the connection between the CP and telecontrol
server is already protected.
CP as passive subscriber of VPN connections
Setting permission for VPN connection establishment with passive subscribers
If the CP is connected to another VPN subscriber via a gateway, you need to set the
permission for VPN connection establishment to "Responder".
This is the case in the following typical configuration:
VPN subscriber (active) ⇔ gateway (dyn. IP address) ⇔ Internet ⇔ gateway (fixed IP
address) ⇔ CP (passive)
Configure the permission for VPN connection establishment for the CP as a passive
subscriber as follows:
1. In STEP 7, go to the devices and network view.
2. Select the CP.
3. Open the parameter group "VPN“ in the local security settings.
4. For each VPN connection with the CP as a passive VPN subscriber, change the default
setting "Initiator/Responder" to the setting "Responder".
SYSLOG
Use of SYSLOG only with 1 VPN connection
If you want to use SYSLOG with level 7 (debug) via Vpn connections, this is only possible
with a single established VPN connection.
To Next Page
Loading...
