Configuration
3.17 Security (CP) and certificates
Configuration - DNP3
Configuration Manual, 11/2018, C79000-G8976-C508-01
77
● Local area networks can be connected together securely via the Internet ("site-to-site"
connection).
● Secure access to a company network ("end-to-site" connection)
● Secure access to a server ("end-to-end" connection)
● Communication between two servers without being accessible to third parties (end-to-end
or host-to-host connection)
● Ensuring information security in networked automation systems
● Securing the computer systems including the associated data communication within an
automation network or secure remote access via the Internet
● Secure remote access from a PC/programming device to automation devices or networks
protected by security modules via public networks.
With Industrial Ethernet Security, individual devices or network segments of an Ethernet
network can be protected:
● Access to individual devices and network segments protected by security modules is
allowed.
● Secure connections via non-secure network structures becomes possible.
Due to the combination of different security measures such as firewall, NAT/NAPT routers
and VPN via IPsec tunnels, security modules protect against the following:
● Data espionage
● Data manipulation
● Unwanted access
Creating a VPN tunnel for S7 communication between stations
Requirements
To allow a VPN tunnel to be created for S7 communication between two S7 stations or
between an S7 station and an engineering station with a security CP (for example CP 1628),
the following requirements must be met:
● The two stations have been configured.
● The CPs in both stations must support the security functions.
● The Ethernet interfaces of the two stations are located in the same subnet.
To Next Page
Loading...
Need help?
General
