Industrial Networking

Similar documents
Rev. 9/22/2017. Security Best Practices Checklists for Building Automation Systems (BAS)

1 Purpose. ewon2001 User Manual ver ewon2001 TM TCP/IP Router 23. Feb. 2006

Quick Note 05. Configuring Port Forwarding to access an IP camera user interface on a TransPort LR54. 7 November 2017

MAC Address Filtering Setup (3G18Wn)

QNAP Q center Assistant Monitor Your QNAP NAS behind a NAT Router with Q center

Step 3 - How to Configure Basic System Settings

200AE1 Network Services Gateway

SOFTWARE-DEFINED WAN (SD-WAN)

Chapter 2 Review Questions

4562 Converged Networking Router

ARCSERVE UDP CLOUD DIRECT DISASTER RECOVERY APPLIANCE VMWARE

Application Note: Split Public Addresses between WAN and DMZ

2Wire IG 2700 ADSL Router. RJ45 connecting cable

Quick Note 31 Using an External Modem with a Digi TransPort Router

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the SonicWall Firewall.

Quick Guide of SimpleDDNS Settings (with UPnP)

LP-1521 Wideband Router 123 Manual L VPN Configuration between two LP-1521`s with Dynamic IP.

Chapter 3 LAN Configuration

Digi Connect Family Application Guide How to Create a VPN between Digi and Juniper Netscreen

Example - Allowing SIP-based VoIP Traffic

CHAPTER 7 ADVANCED ADMINISTRATION PC

Technical Support Information

3) Click the Screen Sharing option and click connect to establish the session

Broadband Router DC-202. User's Guide

LogTunnel Deployment Guide

ConnectDirect. Quick Start Guide

EdgeMarc 4552 Networking Gateway

Presenter John Baker

POS. EPSON TM-U220 IP CONFIGURATION Windows Version (Firmware V. 4.00) a project guide to rezku POS

Technical Support Information

Remote User - Mediatrix SBC on the Edge

Quick Note 026. Using the firewall of a Digi TransPort to redirect HTTP Traffic to a proxy server. Digi International Technical Support

Setting up a secure VPN Connection between the TS Adapter IE Advanced and Windows 7

Quick Start Guide WALL IE. Version. 7 en. as of FW

Advanced Security and Forensic Computing

Quality of Service Setup Guide (NB14 Series)

Remote User - Mediatrix SBC on the Edge

Configuring the UMTS router. Application for the Web-IO Digital: Configuring a UR 5 UMTS router for connecting the Web-IO over the cell phone network

Quick Note. Configure an IPSec VPN tunnel between a Digi TransPort LR router and a Digi Connect gateway. Digi Technical Support 20 September 2016

Digi Connect Family Application Guide How to Create a VPN between the Wi-Point 3G and TheGreenBow VPN Client

D-Link (Europe) Ltd. 4 th Floor Merit House Edgware Road London HA7 1DP U.K. Tel: Fax:

Vodafone MachineLink. Remote Administration Configuration Guide

Networking IP filtering and network address translation

RAPIDUS WIRELESS RL-SERIES USER GUIDE

u-link Remote Access Service Technical User Guide Version 1.4

CIS-331 Final Exam Fall 2015 Total of 120 Points. Version 1

LevelOne. Quick Installation Guide. WHG series Secure WLAN Controller. Introduction. Getting Started. Hardware Installation

Lab - Connect to a Router for the First Time

PCD3.M6860 Power CPU with 2 Ethernet interfaces. April 2013, U. Jäggi & M. Montani

Technical Support Information

F.A.Q for TW100-S4W1CA

Setting up securityglobal FW Rulesets SIMATIC NET. Industrial Ethernet Security Setting up security. Preface. Firewall in standard mode

Security SSID Selection: Broadcast SSID:

LevelOne WBR User s Manual. 11g Wireless ADSL VPN Router. Ver

SIMATIC NET. Industrial Ethernet Security SCALANCE S615 Getting Started. Preface. Connecting SCALANCE S615 to the WAN 1

The Administration Tab - Diagnostics

Moxa Remote Connect Server Software User s Manual

AirLive RS Security Bandwidth Management. Quick Setup Guide

SonicWALL Security Appliances. SonicWALL SSL-VPN 200 Getting Started Guide

Siemens Spares. Setting up security in STEP 7. Professional SIMATIC NET. Industrial Ethernet Security Setting up security in STEP 7 Professional

Chapter 7 LAN Configuration

DOWNLOAD PDF CISCO ASA 5505 CONFIGURATION GUIDE

Configuring NAT for IP Address Conservation

Firewall. Access Control, Port Forwarding, Custom NAT and Packet Filtering. Applies to the xrd and ADSL Range. APPLICATION NOTE: AN-005-WUK

CHAPTER 5 WINDOWS OPERATING SYSTEM

Integrating the Hardware Management Console s Broadband Remote Support Facility into your Enterprise

Recommended QoS Configuration Settings for. Dell SonicWALL SOHO Router

Stateful Failover Technology White Paper

LevelOne FBR User s Manual. 1W, 4L 10/100 Mbps ADSL Router. Ver

Quick Installation Guide of Acer WLAN 11b Broadband Router

Double WeOS 1-1 NAT Rules with Proxy ARP

Broadband Router User s Manual. Broadband Router User s Manual

Chapter 3 LAN Configuration

b. Suppose the two packets are to be forwarded to two different output ports. Is it

Port Forwarding Setup (NB7)

OpenVPN protocol. Restrictions in Conel routers. Modified on: Thu, 14 Aug, 2014 at 2:29 AM

Barracuda Link Balancer

G806+H3C WSR realize VPN networking

Configuring VPN from Proventia M Series Appliance to Proventia M Series Appliance

Setting up a secure VPN Connection between a Tablet (ios), SCALANCE S615 and SINEMA Remote Connect Server. SINEMA Remote Connect, SCALANCE S615

Matrix Technical Support Mailer 42_NVR SATATYA NVR registration on MATRIX DNS Server

Configuration examples for the D-Link NetDefend Firewall series DFL-260/860

Quick Note 65. Configure an IPSec VPN tunnel between a TransPort WR router and an Accelerated SR router. Digi Technical Support 7 June 2018

Mini IP Cameras. Installation manual INSTALLATION MANUAL. RP Series. RP SERIES - MINI IP CAMERAS Page: 1

DVG-2001S VoIP Terminal Adapter

UIP1869V User Interface Guide


IndustrialPro Routers (SN/RAM Series) Wireless Modems

IPv4 Firewall Rule configuration on Cisco SA540 Security Appliance

IT 341: Introduction to System

RX3041. User's Manual

XL-PB350CA. EoC bridge slave. User manual

ThingsPro Software User s Manual

Conceptronic C54BRS4A Firmware Recovery Instructions

Match-in-VRF Support for NAT

How to assign an IP address and access your device

D-Link Central WiFiManager Configuration Guide

IP806GA/GB Wireless ADSL Router

ESI Voice Router Public-Installation Guide

The Applications and Gaming Tab - Port Range Forward

Transcription:

Industrial Networking Tech Note 12 RAM -6021: Configuring NAT Abstract: How to configure the RAM-6021 for Network Address Translation (NAT) 1 to 1 Products: RAM-6021 Use Case / Problem Solved: Short Description Often in factory automation applications, the network will be comprised of cells and/or panels of different networks that have duplicated IP addressing schemes. The RAM-6021 and NAT functionality can be used to isolate these devices from one another and allow remote access to those devices from the network at the same time. Required Software: Web Browser Required Firmware: 4.22 or higher RAM -6021: Configuring NAT 1

Scenarios There are two common scenarios when using NAT. 1. The NAT address(es) will be on the same subnet as Eth0. 2. The NAT address(es) will be on a different subnet than both Eth0 and Eth1. Same Subnet When the NAT addresses being used are on the same subnet as ETH0 a sub-interface must be defined on ETH0 (called an Alias on the RAM). There will be one Alias address per NAT address (the Alias and NAT address will be the same address). Outside Network 10.10.100.0 /24 ETH0 RAM6021 Device 1 192.168.10.100 ETH0: 10.10.10.120 /24 : 192.168.10.1 /24 NAT1: 10.10.100.56 > 192.168.10.100 ETH0 Aliases (Sub-Interfaces) 1: 10.10.100.56 The outside network (WAN side, corporate network) is 10.10.100.0 with a mask of 255.255.255.0 (24 bit mask). ETH0 = 10.10.100.120 /24 NAT address #1 = 10.10.100.56 /24 (translating to 192.168.10.100 on the Eth1 side) An Alias/Sub-Interface has to be defined under ETH0 with an address of 10.10.100.56 /24. Define the alias (sub-interface) on Eth0: 1. Navigate to Network - Interfaces - Ethernet 0. 2 RAM -6021: Configuring NAT

2. In the Internet Aliases table click Add. 3. Enter the Sub-Interface # (1,2,3...), IP Address (10.10.100.56 in this case) and subnet mask (255.255.255.0 in this case). 4. Click Finish. 5. Click Apply. 6. Add additional Sub-Interface (Alias) addresses as needed. Define the NAT addresses: 1. Navigate to Network - Firewall - Masquerade/NAT/DMZ Rules. RAM -6021: Configuring NAT 3

2. In the NAT (One-To-One) Rules table click Add. a. In the NAT Rules Settings pop-up menu complete the following: b. Label: SimpleText Field Enter meaningful label c. Original Destination Address: NAT address being seen by remote hosts (external) (10.10.100.56 in this example) d. New Destination Address: Actual address of device behind the router (e.g. PLC) (192.168.10.100 in this example) e. Protocol and Whitelist can most likely stay as TCP and Default. f. Click Finish. 3. Click Apply. 4. Add additional NAT address translations as needed. Define Trusted Interfaces Eth0 by default is defined as Untrusted. Eth0 needs to be defined as Trusted. 1. Navigate to Network - Firewall - General Settings. 4 RAM -6021: Configuring NAT

2. Delete Eth0 from the Untrusted Interfaces table. 3. Add Eth0 to the Trusted Interfaces table. 4. Click Apply. Different Subnet: The NAT addresses being used are on a different subnet than ETH0 (and Eth1). Outside Network 10.10.100.0 /24 ETH0 RAM6021 Device 1 192.168.10.100 ETH0: 10.10.100.120 /24 : 192.168.10.1 /24 NAT1: 15.20.100.56 > 192.168.10.100 ETH0 = 10.10.100.120 /24 NAT (#1) = 15.20.100.56 /24 (translating to 192.168.10.100 on the Eth1 side) RAM -6021: Configuring NAT 5

Define the NAT addresses: 1. Navigate to Network - Firewall - Masquerade/NAT/DMZ Rules 2. In the NAT Rules Settings pop-up menu complete the following: a. In the NAT (One-To-One) Rules table click Add b. Label: SimpleText Field Enter meaningful label c. Original Destination Address: NAT address being seen by remote hosts (external) (15.20.100.56 in this example) d. New Destination Address: Actual address of device behind the router (e.g. PLC) (192.168.10.100 in this example) e. Protocol and Whitelist can most likely stay as TCP and Default f. Click Finish. 3. Click Apply. 4. Add additional NAT address translations as needed. 6 RAM -6021: Configuring NAT

Define Trusted Interfaces Eth0 by default is defined as Untrusted. Eth0 needs to be defined as Trusted 1. Navigate to Network - Firewall - General Settings. 2. Delete Eth0 from the Untrusted Interfaces table. 3. Add Eth0 to the Trusted Interfaces table. 4. Click Apply. NOTE: In this situation the routing has to be in place in the outside network to get to the NAT address (in this example 15.20.100.56/24). Meaning, the manager of the network on the Eth0 side of the RAM-6021 needs to add the proper routes to get to the new made up NAT addresses. Disclaimer: It is the customer's responsibility to review the advice provided herein and its applicability to the system. Red Lion Controls makes no representation about specific knowledge of the customer's system or the specific performance of the system. Red Lion is not responsible for any damage to equipment or connected systems. The use of these documents is at your own risk. For more information: http://www.redlion.net/support/policies-statements/warranty-statement RAM -6021: Configuring NAT 7

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback