×
Siemens Industry Online Support
Siemens AG
Entry type: FAQ Entry ID: 94769585, Entry date: 06/17/2014
(0)
Rate

What should you watch out for when setting up a VPN tunnel with the SOFTNET Security Client (V4 + HF1)?

  • Entry
  • Associated product(s)

Description
This entry provides important information about using the SOFTNET Security Client (SSC) for establishing a VPN connection.

Windows firewall
If the SOFTNET Security Client is being used on the Windows 7 operating system, you need an enabled Windows firewall to establish a VPN connection.

Network configuration
If the PC with SOFTNET Security Client installed has multiple network adapters, you must observe the following rules.

  • A default gateway may be entered only for one single network adapter. If necessary, remove other default gateways or replace them with static routes.
  • The IP address of the network card on the PC with SOFTNET Security Client installed, via which the VPN tunnel is to be set up, must not be from the internal network of the VPN partner (Fig. 01, point 1).
  • The other connected networks on the PC with SOFTNET Security Client installed and the internal network of the VPN partner must be different (Fig. 01, point 2). Even if no cable is connected, the routing function is impaired.


Fig. 01

Other VPN Clients
VPN software from third-party manufacturers also causes incompatibilities and prevents proper functioning of the SSC. Uninstall such software; disabling does not suffice. SSC Tunnel to SCALANCE M-800
The text file from the Security Configuration Tool must be changed when using the SOFTNET Security Client (V4 + HF1) in Windows 7. The following changes are necessary:

  • Security > IPSecVPN > Phase 2
  • Key Derivation: DH group 2

Security notes
Siemens offers products and solutions with industrial security functions which support the secure operation of plants, solutions, machines, devices and/or networks. They are important components in a comprehensive industrial security concept. The Siemens products and solutions continue to be developed under this aspect. Siemens recommends that you keep yourself regularly informed about product updates.
For the safe operation of Siemens products and solutions it is necessary to take appropriate security measures (cell protection concept, for example) and to integrate each component in an overall industrial security concept which is state of the art. This should also cover the third-party products used. Additional information about industrial security is available at:
http://www.siemens.com/industrialsecurity.
In order to keep yourself informed about product updates, we recommend subscribing to our product-specific newsletter. Additional information about this is available at
http://support.automation.siemens.com.

Security information
In order to protect technical infrastructures, systems, machines and networks against cyber threats, it is necessary to implement – and continuously maintain – a holistic, state-of-the-art IT security concept. Siemens’ products and solutions constitute one element of such a concept. For more information about cyber security, please visit
https://www.siemens.com/cybersecurity#Ouraspiration.