Configuration
4.9 Security
CP 1243-1
76
Operating Instructions, 04/2017, C79000-G8976-C365-03
4.9.10.2
Creating a VPN tunnel for S7 communication between stations
Requirements
To allow a VPN tunnel to be created for S7 communication between two S7 stations or
between an S7 station and an engineering station with a security CP (for example CP 1628),
the following requirements must be met:
●
The two stations have been configured.
●
The CPs in both stations must support the security functions.
●
The Ethernet interfaces of the two stations are located in the same subnet.
Note
Communication also possible via an IP router
Communication between the two stations is also possible via an IP router. To use this
communications path, however, you need to make further settings.
Procedure
To create a VPN tunnel, you need to work through the following steps:
1.
Creating a security user
If the security user has already been created: Log on as a user.
2.
Select the "Activate security features" check box
3.
Creating the VPN group and assigning security modules
4.
Configure the properties of the VPN group
5.
Configure local VPN properties of the two CPs
You will find a detailed description of the individual steps in the following paragraphs of this
section.
Creating a security user
To create a VPN tunnel, you require appropriate configuration rights. To activate the security
functions, you need to create at least one security user.
1.
In the local security settings of the CP, click the "User login" button.
Result: A new window opens.
2.
Enter the user name, password and confirmation of the password.
3.
Click the "Logon" button.
You have created a new security user. The security functions are now available to you.
With all further logons, log on as user.