Automation Units and Automation Networks
SICAM RTUs, SICAM AK 3 User Manual 253
DC2-028-2.03, Edition 07.2016
6.4 Application/Configuration of IPSEC VPN
IPSec VPN (Internet Protocol Security – Virtual Private Network) is an extension of the Inter-
net Protocol (IP) for encryption and authentication mechanisms. IPSec actively establishes a
VPN tunnel (initiator), which guarantees the required confidentiality, authenticity and integrity
of data transmission in IP networks. The termination of the IPSec VPN tunnel takes place in a
CISCO router. SICAM AK 3 supports only a single IPSec VPN tunnel. It is used as remote
terminal unit.
Thus, it is e.g. possible, to secure the IEC 60870-104 communication completely between a
SICAM CMIC and a higher-level control center, even if the connection is running over a public
network .
SICAM AK 3 uses the IKE-protocol (Internet key exchange) and the PSK-authentication pro-
cess (pre-shared key). The used key (pre-shared key) can be set by means of an engineering
tool (e.g. SICAM TOOLBOX II). It is securely stored in SICAM TOOLBOX II and SICAM AK 3.
Hint
IPSec can only be used in SICAM AK 3 when engineering is done by means of SICAM TOOLBOX II.
Features:
• Communication with the control system via IEC 60870-104
(Ethernet-Interface, X0 or X1, can be set with parameter)
• 1 IP address
• 1 subnet mask
• 1 default router
• Parameter Network settings | IP adress | Mode of Ethernet Ports = 1 IP
address (connected ports in switch mode with IPSec VPN)
• IPSec VPN own tunnel IP address
• IPSec VPN own tunnel subnet mask
• IPSec VPN tunnel remote gateway IP address
• IPSec VPN tunnel remote PEER subnet
• IPSec VPN tunnel remote PEER subnet
• The unused Ethernet interface is deactivated due to security reasons
Hint for network configurations
• SICAM AK 3 and the remote station must be in different networks when using IPSec VPN
• The parameter IPSec VPN Tunnel Remote Router PEER Subnet and IPSec VPN Tunnel Remote
Router PEER Subnet Mask are used for SICAM AK 3 internal router functions.
To Next Page
Loading...
Need help?
General
