Siemens S7-1200 Remote Access

Saulo35

Member
S
Join Date
Jan 2012
Location
Port Coquitlam, BC
Posts
112
Hi,

Here is my dilemma - I hope somebody has done this before. This involves equipment in three different locations (and countries).

On site:
  • Two Siemens S7-1200 PLCs, connected via Ethernet to an unmananged RedLion N-Tron 108TX switch. Their IP addresses are 192.68.0.11 and 31, Subnet 255.255.255.0.
  • The N-Tron unmanaged switch
  • A Desktop PC running Windows 10, TeamViewer and Opto PAC software. The PC is connected to the above switch as well. The IP address is 192.168.0.90.
  • Internet_Key Alcatel Modem USB HSDPA X020 connected to one of the PC's USB ports, provides 3G Internet access to the PC. The IP address varies daily.

At Office #1:
  • A desktop PC running Windows 10, Putty and TeamViewer, routinely used to connect to the Site PC to commission the Opto22 system via TeamViewer.
  • We installed a trial version of TIA Portal 13. We do not have the offline PLC file.

At Office #2:
  • A laptop or desktop running Siemens TIA Portal 13. They need to remotely connect to Site to commission the two Siemens S7-1200 PLCs. They apparently do this routinely with other sites using VPN. TIA Portal 13 uses port 102.
  • We don't have control over this office (and they are not very cooperative, so we have to make it work on Office #1 first in order to convince Office #2 to do the same.

Challenges:

  • We established an SSH tunnel between the Site PC and the Office #1 PC. This makes the Office #1 PC believe the local port at IP address 127.0.0.1 is actually the remote port at the remote IP address. We are unsure what the remote IP address should be: that of the PLC? That of the Site PC? We tried both, of course. One problem is, TIA Portal 13 will not allow 127.0.0.1 as a PLC IP address. The "accessible devices" feature does not return anything.
  • We are hesitant about installing a VPN like OpenVPN at the Site PC because we fear that, during the installation process, we may lose TeamViewer access to the PC (for good) and we don't have anybody on site.

Any suggestions will be appreciated.

Thank you
 
Can you on site install a Industrial VPN like eW*n? That way you can connect to site from wherever and whatever
/Tim
 
You cannot expect "accessible devices" to work over VPN.
To access an S7-1200/1500 PLC via Remote you usually have to search for a specific IP address. In TIA you chose to search for "device with same IP address". Trying to search for all devices or compatible devices will likely fail.

You can possibly in TIA manually specify the IP address 127.0.0.1 and hopefully access the PLC. But I dont see why you need to swap IP addresses. What is the reason ? This is usually something you do with 1-to-1 NAT routers if you have several identical machines that you need to be simultanously online with.

Teamviewer has an integrated VPN server. Have you seen this guide ?
http://www.plcs.net/downloads/index...w to setup Teamviewer VPN.pdf&directory=Misc&

A comment: The IP address subnet 192.168.0.xx is very poorly chosen. I know it is the default IP subnet when you configure a new station in Siemens TIA, but you should change it to something that does not conflict with the default subnet of that is used by many commercial ethernet routers.
Avoid these:
10.0.
10.1
10.2
172.0
172.1
192.168.0
192.168.1
 
In case that you do go the route of installing another VPN to reach the remote site, then you can also reach the remote Teamviewer by the PCs IP address, i.e. without the dynamically generated ID and password.
On the remote PCs Teamviewer you have to enable "Incoming LAN connections", and setup a suitable fixed password.
When you have an active VPN connection, you simply specify the PCs IP and the fixed password to start a Teamviewer connection.
 
I usually can search for accessible devices but not when the PLC and tia portal version is a missmatch. I had this peoblem last christmas, and it was exactly as Jesper described, had to specify the ip adress to connect. Transfered my new program and then I could see it in accessible devices agaim
 
Thank rQx and JesperMP, I will investigate the information you provided and report back.

Regarding the installation of eW*n on site, I am somewhat limited to what I can get done on site, but I will check that option. I have seen many people talking about eW*n regarding this matter, especially on Siemens' forums.

"You can possibly in TIA manually specify the IP address 127.0.0.1" - I tried creating a new project on my trial TIA (at Office #1) (I don't have the PLCs' offline file), defining a CPU identical to the ones on site, but TIA refused to assign 127.0.0.1 as the PLC's IP address.

"But I dont see why you need to swap IP addresses" - I am not sure I understand the question, I will re-read my posting and see if I can answer.
 
Saulo35 said:
"But I dont see why you need to swap IP addresses" - I am not sure I understand the question, I will re-read my posting and see if I can answer.
Click to expand...
It was based on this.
Saulo35 said:
We established an SSH tunnel between the Site PC and the Office #1 PC. This makes the Office #1 PC believe the local port at IP address 127.0.0.1 is actually the remote port at the remote IP address.
Click to expand...
I thought that you had mapped the IP addresses, so that the IP 192.168.0.1 is mapped to 127.0.0.1 at your office site.
If that is the case, it should be possible to reach the PLC 192.168.0.11 by specifying the address 127.0.0.11. This is what we do with 1-to-1 NAT routers.
 
Yes, that was the intention - to make the Office #1 PC believe that a certain "reachable" IP address - in this case, 127.0.0.1 - was , in fact, the Site's internal IP address 192.169.0.11. Unfortunately, TIA Portal did not like 127.0.0.1 as a PLC IP address.
 
JesperMP, regarding your suggestion "Teamviewer has an integrated VPN server. Have you seen this guide?", the TeamViewer manual says, under 8.2: "If you connect your local computer to the remote computer via TeamViewer VPN, only those two computers will be linked together in a virtual private network. No other computers in the LAN of either computer will be accessible."

Therefore, it looks like it will not allow TIA Portal either at Office #1 or #2 to access the PLCs.
 
Saulo35 said:
JesperMP, regarding your suggestion "Teamviewer has an integrated VPN server. Have you seen this guide?", the TeamViewer manual says, under 8.2: "If you connect your local computer to the remote computer via TeamViewer VPN, only those two computers will be linked together in a virtual private network. No other computers in the LAN of either computer will be accessible."

Therefore, it looks like it will not allow TIA Portal either at Office #1 or #2 to access the PLCs.
Click to expand...
Read the guide that I gave you a link to.
 

Similar Topics

P
Siemens S7-1200 with Crevis G series remote I/O
We have a customer requirement to use a Siemens PLC in an upcoming line. Siemens is new to us. Since they seemed geared towards Profinet we went...
Replies
2
Views
1,565
mk42
M
H
comment communique siemens s7-1200 avec vfd delta
commentaire communiqué siemens s7-1200 avec vfd delta ? (cablage et sur tia portal )
Replies
0
Views
85
houssem02
H
M
Siemens S7 1200 CP2341 ethernet
Hi, I have a 1214 on ip 192.168.0.100. This is connected to other modules through a switch on same network. I need to connect this to a company...
Replies
1
Views
141
tarik1978
T
G
Siemens S7-1200 firmware upgrade
Hi Experts, I would like to make firmware upgrade from v3.0 to v4.5 (S7-1200 CPU 1215C). Can I do it from v3.0 to v4.5? Do I need to take some...
Replies
6
Views
212
goghie
G
R
Siemens S7-1200 profinet communication with codesys plc
Hi Guys, I am trying to establish communication over profinet between Siemens S7-1200 PLC as IO device and codesys plc as IO controller. But I am...
2 3
Replies
43
Views
2,564
raghu_k
R
Back
Top Bottom