You are not registered yet. Please click here to register!


 
 
plc storereviewsdownloads
This board is for PLC Related Q&A ONLY. Please DON'T use it for advertising, etc.
 
Try our online PLC Simulator- FREE.  Click here now to try it.

---------->>>>>Get FREE PLC Programming Tips

New Here? Please read this important info!!!


Go Back   PLCS.net - Interactive Q & A > PLCS.net - Interactive Q & A > LIVE PLC Questions And Answers

PLC training tools sale

Reply
 
Thread Tools Display Modes
Old March 24th, 2010, 08:48 AM   #1
macgioo2
Member
Ireland

macgioo2 is offline
 
Join Date: Oct 2009
Location: Bournemouth
Posts: 85
vpn connection to plc in LAN

Hi guys,


I have a question, I want to create a vpn for remote access for maintanance to a plc.

I have a designated broadband connection to the HMI (Windows XP) which has two network cards.

1 for WLAN and 1 for LAN.

The PLC is on the LAN obviously, I can acess the PC WAN remotely but how do I get from the PC WAN to the PC LAN to see the PLC.

Any help or guidance would be much appreciated
Thanks
  Reply With Quote
Old March 24th, 2010, 10:23 AM   #2
rdrast
Lifetime Supporting Member
United States

rdrast is offline
 
rdrast's Avatar
 
Join Date: Apr 2003
Location: South Carolina Lowcountry
Posts: 3,934
Why bother with two NIC's ?
I suppose you can bridge between them, but then you effectively have a single network again, so I fail to see the advantage.
__________________
------------------------------------
How to ask questions the SMART Way!

Look First, Ask Second!

  Reply With Quote
Old March 24th, 2010, 11:23 AM   #3
mordred
Member
Canada

mordred is offline
 
mordred's Avatar
 
Join Date: Mar 2004
Location: Red Deer
Posts: 1,892
sounds like your talking a pass through connection. to answer this question we would need the make and model of the PLC and the HMI
  Reply With Quote
Old March 24th, 2010, 02:07 PM   #4
macgioo2
Member
Ireland

macgioo2 is offline
 
Join Date: Oct 2009
Location: Bournemouth
Posts: 85
Well the PLC is AB Control Logix 1769 L35E and the HMI is factorytalk se on a windows xp machine.

The pc is 192.168.0.167 for LAN and 192.168.1.169 for WAN

the plc is 192.168.0.159, I can get as far as 192.168.1.169 but I cant see anything after that.

If you need anything else please ask, I'm really stuck with this and I'm on-site with the customer

and will be until its fixed!!

thanks

Last edited by macgioo2; March 24th, 2010 at 02:12 PM.
  Reply With Quote
Old March 24th, 2010, 03:17 PM   #5
MuotioJ
Member
Finland

MuotioJ is offline
 
Join Date: Mar 2010
Location: Jyväskylä
Posts: 6
Your ip packets dont know where to go

Attached is image that tries to illustrate some of your problem.

There is programming pc you connect by vpn trough internet to that HMI. Those devices between are firewalls and routers, those dont matter if vpn connection is established and working.

What matters is that hmi pc is in two subnets: 192.168.0.x for factory network and 192.168.1.x for (I presume) office network, its the one that is used to go trough to internet.

Now when you ping 192.168.1.169 yout programming pc sends sertain packet on network and then device at ip address 192.168.1.169 answers with ack message to ip of that pc that send ping packet. All is well, as device targetet with ping knows where that sending machine is. So it can reply.

Now when you try to ping 192.168.0.159 the packet does not know where it should go as pingin machine has no idea where subnet 192.168.0.x is.

So what you need to do is setup routes. These must be placed atleast on HMI pc, details depend lot to local application and vpn in use. So I suggest if you have it department, have a call to them.
Attached Files
File Type: pdf Connection.pdf (72.2 KB, 121 views)
  Reply With Quote
Old March 24th, 2010, 08:12 PM   #6
Ranjith
Member
Australia

Ranjith is offline
 
Join Date: May 2007
Location: Melbourne
Posts: 226
how do you connect to the windows XP PC remotely? Is there a router before the PC? What is the router IP address? All you need to do is to set the router IP address same range as the PLC and PC. EX 192.168.0.1 Then set the gateway address of the PC and the PLC as 192.168.0.1. You will find this as the same place as you set the IP address and the Subnet mask. You do not need 2 network cards on the PC.
  Reply With Quote
Old March 25th, 2010, 01:53 AM   #7
todster
Member
United States

todster is offline
 
Join Date: Apr 2007
Location: NY
Posts: 175
XP shares the same core as Server 2003. You can change a setting in the registry and enable routing services.
HKEY_LOCAL_MACHINE \SYSTEM\CurrentControlSet\Services\Tcpip \Parameters IPEnableRouter = 1 (the default is 0) It's unsupported by MS but it works. You'll just need to set up the routes. A reboot will also be required. It's been quite some time since I've used it but it wasn't that hard to do.
  Reply With Quote
Old March 25th, 2010, 02:59 AM   #8
macgioo2
Member
Ireland

macgioo2 is offline
 
Join Date: Oct 2009
Location: Bournemouth
Posts: 85
Yes I realize that the simple solution is to change the ip of the router so that all devices are in the same range, 192.168.0.xx.

However the customer is adamant that he does not want the plc on the internet.

I have no option but to jump from the WAN to the LAN.

I'm using netsupport to connect to the router/pc from outside.

I don't even know how to route from WAN into LAN!

Is there a handy guide?
  Reply With Quote
Old March 25th, 2010, 03:27 AM   #9
MuotioJ
Member
Finland

MuotioJ is offline
 
Join Date: Mar 2010
Location: Jyväskylä
Posts: 6
Its all about IT security. Does your customer have IT department?
  Reply With Quote
Old March 25th, 2010, 03:34 AM   #10
todster
Member
United States

todster is offline
 
Join Date: Apr 2007
Location: NY
Posts: 175
What you're looking for is IP forwarding. The service exists in XP, it's just not advertised. Googling "xp as a router" or "routing with xp" is one staring point for setting up. You can also look at the docs for server 2003 regarding the routing service for more indepth configurations.
  Reply With Quote
Old March 25th, 2010, 03:35 AM   #11
macgioo2
Member
Ireland

macgioo2 is offline
 
Join Date: Oct 2009
Location: Bournemouth
Posts: 85
I'm afraid not, advice I've been given tells me I'm just a few steps away from realizing the concept. But I lack the knowledge to execute.

Question. Is it really a matter for this company. I own the ASDL connection.

I can connect to the router/pc from outside.

I own the PC and both NIC's in it.

I own the PLC and local switches.

The bridge I'm trying to build is between the two network cards inside the PC.

As suggested before, is it not a local route inside the PC i'm trying to create!

Or am I missing the basic concept??
  Reply With Quote
Old March 25th, 2010, 03:52 AM   #12
macgioo2
Member
Ireland

macgioo2 is offline
 
Join Date: Oct 2009
Location: Bournemouth
Posts: 85
Thanks todster, I think you cracked it!!

http://www.home-network-help.com/ip-forwarding.html
  Reply With Quote
Old March 25th, 2010, 05:34 AM   #13
The Plc Kid
Member
United States

The Plc Kid is offline
 
The Plc Kid's Avatar
 
Join Date: Feb 2009
Location: Macon, Georgia
Posts: 3,051
Quote:
Originally Posted by rdrast View Post
Why bother with two NIC's ?
I suppose you can bridge between them, but then you effectively have a single network again, so I fail to see the advantage.
Bob

I think he is trying to use the HMI pc as a Jumpbox http://techrepublic.com.com/5208-128...ontent;leftCol

http://www.derkeiler.com/Newsgroups/.../msg00047.html

We used to have a couple of those setups here.

This http://www.****.biz/is the best solution for a customer like this. Everthing is already done. It is secure and you really do not need any help from the it dept if they customer does not have one.
  Reply With Quote
Old March 25th, 2010, 06:10 AM   #14
mordred
Member
Canada

mordred is offline
 
mordred's Avatar
 
Join Date: Mar 2004
Location: Red Deer
Posts: 1,892
http://www.plctalk.net/qanda/showthread.php?t=54154

This thread is similar Ken Roach posted some useful info on how RS linx lite handles TCP/IP
  Reply With Quote
Old March 25th, 2010, 10:52 PM   #15
todster
Member
United States

todster is offline
 
Join Date: Apr 2007
Location: NY
Posts: 175
All Macgioo2 wants to do is communicate with another subnet utilizing existing hardware. He could also have taken any standard $40 DLink wan/lan router and tweaked it to do the same thing. If you're a walmart diehard then don't bother, as their stuff is missing 20% of the features , that's why it cost 20% less, you got what you paid for. There's really no need to buy an expensive dongle to do what he already can do, more cost effectively. If he were to buy something that requires absolutely no intelligence to set up, what would he be implying about himself? What would he have learned, or gained?
Another option would be a multi-nic pc setup headless with no mouse, monitor, or kb. Install the free HyperV core with a virtual 'nix variant (also free) config'd as a vlan. Set bios for auto on if power failure and virtual to auto start on recovery.
The path you choose to go from point A to point B is based on your abilities and perception.
  Reply With Quote
Reply
Jump to Live PLC Question and Answer Forum

Bookmarks


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Topics
Thread Thread Starter Forum Replies Last Post
Siemens Step7 remote connection via VPN syphax LIVE PLC Questions And Answers 6 November 13th, 2008 12:37 PM
Remote VPN connection with MP and/or S7 PeterJan LIVE PLC Questions And Answers 1 November 4th, 2008 03:49 AM
PLC connection wz 2 wire Transmitter Amr Muhammed LIVE PLC Questions And Answers 1 April 26th, 2008 11:26 AM
PLC connection wz 2 wire Transmitter Amr Muhammed LIVE PLC Questions And Answers 2 April 26th, 2008 07:20 AM
plc connection chocobo244 LIVE PLC Questions And Answers 0 May 20th, 2006 10:31 PM


All times are GMT -5. The time now is 11:38 PM.


.