RSLinx and Cisco VPN

Having difficulties remote connecting...I've googled and read the other threads here, but not getting a definitive answer.

Situation is VPN into a client's business network, which has a bridge to their plant network. The bridge is opened, and the ports for RSLinx are allowed. I can ping the remote IP address, but the ABETH driver doesn't see it (Yellow ? and Red X).

The default gateway on the CLX in question is correctly set, but what should the subnet be set to? As an example, my VPN IP address is 10.176.Z.X on the corporate side, and the PLC IP is 10.180.Y.X on the Plant side. I can ping and receive a reply the 10.180.Y.X address from the PLC, but when I put that IP into the ABETH driver, red X and Yellow ?

Currently the Subnet is set to 255.255.255.0 on the ENBT which I'm thinking restricts access to devices connecting with 10.180.Y. Shouldn't the subnet be 255.0.0.0?

You're right about the subnet mask; the corporate network must be a Class A private subnet (10.X.Y.Z) where there can be 16,777,216 different hosts.

PING doesn't really mean much in this case. Try HTTP, to see if you can see the embedded web page.

And download and use TCPing (www.elifulkerson.com) to test your connection to TCP Port 44818. That's the port that ControlLogix Ethernet uses.

I presume you've seen my numerous posts suggesting the appending of ":EIP" to the IP address in the RSLinx Classic Ethernet Devices configuration table, to keep the driver from attempting to probe the older A-B protocol TCP Port 2222 first.

Ken, I would have bet $100 you'd be the one to respond....I believe all my prior searches on google, you were in the thick of the discussions

So, I tried tcping, and it wouldn't ping the ports...But it threw me, that it wouldn't even ping the default port 8080 that I thought 'ping' used. So, I downloaded this utility: http://www.radmin.com/download/previousversions/portscanner.php

It allows you to scan all ports and show you which one is open. Well, only the FTP port 21 is opened, which 'ping' must use in addition to port 80, which is why it was working but tcping wasn't. I confirmed that tcping was successful also on port 21. IT assured me the proper ports were opened, but who knows where it's getting trapped in the VPN cloud, as I'm going through several routers, bridges, et al to get to the production machine.

Emailing IT now, so hopefully they can resolve.

Thanks for the help

EDIT: Just FYI, ping doesn't use any port per say. It uses ICMP message packets. Had to read up on 'ping'

Robert

When you say "my VPN IP address is 10.176.Z.X on the corporate side" do you mean that is the address of the VPN server ( Which indicates it sits behind the firewall) or is that the address your laptop is given once you are connected?

Either way you have to get traffic from all used ports from the 10.176.z.x network to the 10.180.Y.X on the Plant side.

This has to be done via routing or NAT.I would recommend getting detail on how traffic is routed from the corporate VPN side to the Plant side in great detail and to solve this issue make the rulke route all traffic and all ports to test connectivity then you can go back and disable non used ports.

The IT group is kinda going about it backwards.

Thanks, PLC....

There's port blocking going on somewhere, but IT hasn't tracked it down yet...Unfortunately, the corporate area network is managed by a dept in France, so it takes awhile to find the rabbit. For now, I was able to connect into another facility that was set up several years ago, and hop from there over to the PLC in the other facility. So on the Corporate side, everything seems ok. The problem is I connect into a partner VPN as a contractor, so something there is blocking my access to this particular other facility.