Configuration
4.8 Security
CP 1243-1
Operating Instructions, 12/2016, C79000-G8976-C365-02
59
With Industrial Ethernet Security, individual devices or network segments of an Ethernet
network can be protected:
● Access to individual devices and network segments protected by security modules is
allowed.
● Secure connections via non-secure network structures becomes possible.
Due to the combination of different security measures such as firewall, NAT/NAPT routers
and VPN via IPsec tunnels, security modules protect against the following:
● Data espionage
● Data manipulation
● Unwanted access
Creating a VPN tunnel for S7 communication between stations
Requirements
To allow a VPN tunnel to be created for S7 communication between two S7 stations or
between an S7 station and an engineering station with a security CP (for example CP 1628),
the following requirements must be met:
● The two stations have been configured.
● The CPs in both stations must support the security functions.
● The Ethernet interfaces of the two stations are located in the same subnet.
Note
Communication also possible via an IP router
Communication between the two stations is also possible via an IP router. To use this
communications path, however, you need to make further settings.
To create a VPN tunnel, you need to work through the following steps:
1. Creating a security user
If the security user has already been created: Log on as a user.
2. Select the "Activate security features" check box
3. Creating the VPN group and assigning security modules
4. Configure the properties of the VPN group
5. Configure local VPN properties of the two CPs
You will find a detailed description of the individual steps in the following paragraphs of this
section.
To Next Page
Loading...
