Configuration
4.9 Security
CP 1243-1
78
Operating Instructions, 04/2017, C79000-G8976-C365-03
Note
Specifying the VPN properties of the CPs
You specify the VPN properties of the CPs in the "Security" > "Firewall" > "VPN" parameter
group of the relevant module.
Result
You have created a VPN tunnel. The firewalls of the CPs are activated automatically: The
"Activate firewall" check box is selected as default when you create a VPN group. You
cannot deselect the check box.
Download the configuration to all modules that belong to the VPN group.
4.9.10.3
VPN communication with SOFTNET Security Client (engineering station)
Setting up VPN tunnel communication between the SOFTNET Security Client and the CP is
essentially the same as described in Creating a VPN tunnel for S7 communication between
VPN tunnel communication works only if the internal node is disabled
Under certain circumstances the establishment of VPN tunnel communication between
SOFTNET Security Client and the CP fails.
SOFTNET Security Client also attempts to establish VPN tunnel communication to a lower-
level internal node. This communication establishment to a non-existing node prevents the
required communication being established to the CP.
To establish successful VPN tunnel communication to the CP, you need to disable the
internal node.
Use the procedure for disabling the node as explained below only if the described problem
occurs.
Disable the node in the SOFTNET Security Client tunnel overview:
1.
Remove the checkmark in the "Enable active learning" check box.
The lower-level node initially disappears from the tunnel list.
2.
In the tunnel list, select the required connection to the CP.
3.
With the right mouse button, select "Enable all members" in the shortcut menu.
The lower-level node appears again temporarily in the tunnel list.
4.
Select the lower-level node in the tunnel list.
5.
With the right mouse button, select "Delete entry" in the shortcut menu.
Result: The lower-level node is now fully disabled. VPN tunnel communication can be
established.