Skip to Content

SiePortal

The integrated platform for your product selection, buying and support workflow - bringing together Industry Mall and Online Support.

SiePortalDeutsch

Search

Home
Support Support
{{(apiData.Support | filter:{'rank':1}:true)[0].title}} Support
- Menu temporary not available
- Menu temporary not available
- Menue temporary not available
- {{item.title}}

Products & Services
- Menu temporary not available
- Menue temporary not available
- {{item.title}}
Support Support
{{(apiData.Support | filter:{'rank':1}:true)[0].title}} Support
- Menu temporary not available
- Menue temporary not available
- {{item.title}}
MySiePortal MySiePortal
{{(apiData.MySiePortal | filter:{'rank':1}:true)[0].title}} MySiePortal
- Menu temporary not available
- Menue temporary not available
- {{item.title}}
Cart ({{apiData.CartCount}})

Navigation

Scalance S 612 through internet

Created by: simatic2008 at: 3/7/2008 11:08 AM (9 Replies)

Rating (0)

Thanks 0

10 Entries

3/7/2008 11:08 AM	Rate (0)
simatic2008 Posts: 1 Rating: (0)	Hi, guys !!! I have read some topics and manulas, but didn't find answers or solutions (maybe in my situation it is impossible) ! So i have to establish connection between my laptop and Scalance S 612 and S7-300 CPU 315-2 PN/DP. In some manuals i saw examples, but always i need to adjust properties (IP) of routers. I can't do it, so my question is: " Can i establish connection without dealing with routers, even only in read mode?" Scalanse have static IP through router (for example routerB). My company router A, gives to my laptop also IP but i can't get to know it. Also i know Scalance MAC adress. So i wrote something like diagram below laptop with step7 = > company router A with proxy (don't know IP,don't have permission to adjust) = > Internet => router B (know IP, don't have permission to adjust) => Scalance S 612 (know MAC adress) => S7-300 (know MAC adress) Is it possible to make connection ?! with best regards !
simatic2008 Posts: 1 Rating: (0)	Last edited by: simatic2008 at: 07.03.2008 11:09
Suggestion To thank Quote Answer

3/7/2008 11:33 AM	Rate (0)
J_Bell Posts: 5822 Rating: (412)	Hello, well i guess this is exactly your solution: Security with SIMATIC NET Best regards J_Bell
J_Bell Posts: 5822 Rating: (412)
Suggestion To thank Quote Answer

3/7/2008 3:46 PM	Rate (0)
INS Gold Member Joined: 4/6/2006 Last visit: 2/5/2024 Posts: 604 Rating: (56)	Hello, No at this way it's not possible. You always need to create Port Forwarding in the Router B in your case. This because certain traffic has to be directed towards de Scalance S612 in this case, and this traffic comes over ports 500/4500 UDP. Your example is described in the following faq: http://support.automation.siemens.com/WW/view/en/24953806 Furthermore it's also interesting to check or Router A is not blocking the ports 500/4500 because of an integrated Firewall.
	Best regards, INS
Suggestion To thank Quote Answer

10/31/2008 6:41 PM	Rate (0)
Berg Silver Member Joined: 1/17/2006 Last visit: 4/3/2025 Posts: 554 Rating: (29)	INS Hello, No at this way it's not possible. You always need to create Port Forwarding in the Router B in your case. This because certain traffic has to be directed towards de Scalance S612 in this case, and this traffic comes over ports 500/4500 UDP. Your example is described in the following faq: http://support.automation.siemens.com/WW/view/en/24953806 Furthermore it's also interesting to check or Router A is not blocking the ports 500/4500 because of an integrated Firewall. Hello, I'm having trouble to drag and drop both modules (module 1 - S612 andmodule 2 - SOFTNET Security Client) in one group (Group 1) as showed in FAQ. A message appears "This group only accepts modules in Routing-mode" (see attached file). What is my mistake ? Please for any help !! regards, Berg Attachment security_config_tool.JPG (249 Downloads)
	"Educate the children and it won't be necessary to punish the men." Pythagoras
Suggestion To thank Quote Answer

11/1/2008 11:57 PM	Rate (0)
J_Bell Posts: 5822 Rating: (412)	Dear Berg, I am not sure... but maybe you missed the following part in the mentioned FAQ: Configuration of the SCALANCE S 61x V2 in routing mode Maybe this helps already... or was the issue you mentioned related to the SOFTNET Security Client? Best regards J_Bell
J_Bell Posts: 5822 Rating: (412)
Suggestion To thank Quote Answer

11/3/2008 2:52 PM	Rate (0)
Berg Silver Member Joined: 1/17/2006 Last visit: 4/3/2025 Posts: 554 Rating: (29)	J_Bell Dear Berg, I am not sure... but maybe you missed the following part in the mentioned FAQ: Configuration of the SCALANCE S 61x V2 in routing mode Maybe this helps already... or was the issue you mentioned related to the SOFTNET Security Client? Best regards J_Bell Dear J_Bell, I'm sorry,I really had missed this part of the mentioned FAQ. My issue is about the Security Configuration Tool really.I've donethe stepsof the mentioned FAQ,and thegenerated file ".dat" isunknown for me. I have some doubts: 1) Could you tell me ifthe generated and editedcodeis correct ? 2) Thepart in bold of the showed belowcode has the IP addresses cleared, as follows: ip_address: 0.0.0.0 ip_mask as 0.0.0.0 What the reason of this behavior ? Maybe because the router A (like showed in FAQ) is a dynamicIP ? Thank you again ! regards, Berg ------------------------- <?xml version="1.0" encoding="utf-8"?> <SWSEM xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://www.siemens.com"> <PC> <version>1.1</version> <name>Module2</name> <comment /> <def_router> <ip_address>0.0.0.0</ip_address> <ip_mask>0.0.0.0</ip_mask> </def_router> <router /> <pkcs12files> <pkcs12filename>Configuration1.MC1E2@G9A54.p12</pkcs12filename> </pkcs12files> <certificates> <certfilename>Configuration1.Group1.cer</certfilename> </certificates> </PC> <SEM> <name>Module1</name> <comment /> <ip_address>217.91.8.166</ip_address> <activelearn>no</activelearn> <secure> <group>2</group> <time>172800</time> <limit>0</limit> <encrypt1>3DES</encrypt1> <auth1>SHA</auth1> <encrypt2>3DES</encrypt2> <auth2>SHA</auth2> <pfs1>no</pfs1> <pfs2>no</pfs2> </secure> <ip_node /> <sub_node> <node> <ip_address>140.80.0.0</ip_address> <ip_mask>255.255.0.0</ip_mask> </node> </sub_node> <certfilename>Configuration1.Group1.cer</certfilename> </SEM> </SWSEM> -------------------------
	"Educate the children and it won't be necessary to punish the men." Pythagoras
Suggestion To thank Quote Answer

11/4/2008 12:01 PM	Rate (0)
J_Bell Posts: 5822 Rating: (412)	Dear Berg, well... on the first sight I would say it just looks like the one form the sample. So it seems to be OK, but I fear, if this is your final configuration... it will not work. For your second question about the 0.0.0.0 for the default Router in the SOFTNET Security Client I think that this value shows that your PC has to use the default value set by your, at least I think you use one, DHCP Server. So it uses the standard values you also use for your Internet access. Maybe you remember... you never changed the values for the dev. Gateway in SCT, did you? Best regards J_Bell
J_Bell Posts: 5822 Rating: (412)
Suggestion To thank Quote Answer

11/4/2008 6:16 PM	Rate (0)
Berg Silver Member Joined: 1/17/2006 Last visit: 4/3/2025 Posts: 554 Rating: (29)	J_Bell Dear Berg, well... on the first sight I would say it just looks like the one form the sample. So it seems to be OK, but I fear, if this is your final configuration... it will not work. For your second question about the 0.0.0.0 for the default Router in the SOFTNET Security Client I think that this value shows that your PC has to use the default value set by your, at least I think you use one, DHCP Server. So it uses the standard values you also use for your Internet access. Maybe you remember... you never changed the values for the dev. Gateway in SCT, did you? Best regards J_Bell Dear J_Bell, I'm sorry but I don't understand why you tell that it will not work if this ismy final configuration. Please, can you explain your comment in detail ? For my second question, I configured as the FAQ shows (attached file) and even so appears 0.0.0.0 as default Router !! Sorry mydoubts,but I really need put it to work. Thank you for the help again. best regards, Berg Attachment config.JPG (272 Downloads)
	"Educate the children and it won't be necessary to punish the men." Pythagoras
Suggestion To thank Quote Answer

11/4/2008 11:29 PM	Rate (0)
J_Bell Posts: 5822 Rating: (412)	Dear Berg, I wonder, why do you want to get code explained you do not need to handle with the latest version of the Software at all? Well, let me try to explain what you are worried about. The first part of the Code you posted contains the information that it is about Module2, isn't it? Well, this is the SOFTNET Security Client, not your S612 VPN Gateway. As the Values are set to 0 this may cause the System to take the default values preset by you or your System administrator. So you did not change a value at the SCT for the SOFTNET Security Client, did you? The Module1, as the second point in the code, it contains the Default Router and the external IP Address... well, as I know you may not have this externalIP Address because this IP Address is a fixed IP Address in Germany. You may surely check this within the Internet, so I doubt that you have this IP anywhere. Therefore I doubt that these settings may be your final settings. I hope I couldforward my arguments clearly now. Best regards J_Bell
J_Bell Posts: 5822 Rating: (412)	Last edited by: J_Bell at: 11/5/2008 10:56 AM
Suggestion To thank Quote Answer

11/6/2008 4:59 PM	Rate (0)
Berg Silver Member Joined: 1/17/2006 Last visit: 4/3/2025 Posts: 554 Rating: (29)	J_Bell Dear Berg, I wonder, why do you want to get code explained you do not need to handle with the latest version of the Software at all? Well, let me try to explain what you are worried about. The first part of the Code you posted contains the information that it is about Module2, isn't it? Well, this is the SOFTNET Security Client, not your S612 VPN Gateway. As the Values are set to 0 this may cause the System to take the default values preset by you or your System administrator. So you did not change a value at the SCT for the SOFTNET Security Client, did you? The Module1, as the second point in the code, it contains the Default Router and the external IP Address... well, as I know you may not have this externalIP Address because this IP Address is a fixed IP Address in Germany. You may surely check this within the Internet, so I doubt that you have this IP anywhere. Therefore I doubt that these settings may be your final settings. I hope I couldforward my arguments clearly now. Best regards J_Bell Dear J_Bell, I did not change any value in SCT for the SOFTNET Security Client, actually I not be able to edit the SOFTNET Security Client in the SCT, in the other words, the SSC propertiesare not accessible to edit. Ok, I understood the second issue about the first module. Thank you for the aid. best regards Mr. J_Bell, Berg
	"Educate the children and it won't be necessary to punish the men." Pythagoras
Suggestion To thank Quote Answer

|

Share this page:

Share this page on...

Follow us on