Configuration
4.9 Security (CP 1543SP-1)
CP 154xSP-1
Operating Instructions, 12/2019, C79000-G8976-C426-05
71
3.
Double-click on the "VPN groups" > "Assign module to a VPN group" entry.
4.
Assign the security modules between which VPN tunnels will be established to the VPN
group.
Note
Current date and current time on the CP for VPN connections
To establish a VPN connection and for the associated recognition of the certificates to be
exchanged, the current date and the current time are required on both stations.
Configure the properties of the VPN group
1.
Double-click on the newly created VPN group.
Result: The properties of the VPN group are displayed under "Authentication".
2.
Enter a name for the VPN group. Configure the settings of the VPN group in the
properties.
These properties define the default settings of the VPN group that you can change at any
time.
Note
Specifying the VPN properties of the CPs
You specify the VPN properties of the CPs in the "Security" > "Firewall" > "VPN" parameter
group of the relevant module.
Result
You have created a VPN tunnel. The firewalls of the CPs are activated automatically: The
"Activate firewall" check box is selected by default when you create a VPN group. You
cannot disable the option.
Download the configuration to all modules that belong to the VPN group.
4.9.5.4
VPN communication with SOFTNET Security Client (engineering station)
VPN tunnel communication works only if the internal node is disabled
Under certain circumstances the establishment of VPN tunnel communication between
SOFTNET Security ClientSOFTNET Security Client and the CP fails.
SOFTNET Security Client also attempts to establish VPN tunnel communication to a lower-
level internal node. This communication establishment to a non-existing node prevents the
required communication being established to the CP.
To establish successful VPN tunnel communication to the CP, you need to disable the
internal node.