Configuration Example y 02/2015 Setting up a secure VPN · PDF file Configuration Example y 02/2015 Setting up a secure VPN Connection between two CPs x43-1 Adv

http://support.automation.siemens.com/WW/view/en/108910347

Configuration Example 02/2015

Setting up a secure VPNConnection between twoCPs x43-1 Adv. Using a staticIP AddressCP 343-1 Advanced, CP 443-1 Advanced


Warranty and Liability

Security: CPx43_CPx43_StaticEntry ID: 108910347, V1.0, 02/2015 2

Sie

men

sA

G20

15A

llrig

hts

rese

rved

Warranty and LiabilityNote The Application Examples are not binding and do not claim to be complete

regarding the circuits shown, equipping and any eventuality. The ApplicationExamples do not represent customer-specific solutions. They are only intendedto provide support for typical applications. You are responsible for ensuring thatthe described products are used correctly. These Application Examples do notrelieve you of the responsibility to use safe practices in application, installation,operation and maintenance. When using these Application Examples, yourecognize that we cannot be made liable for any damage/claims beyond theliability clause described. We reserve the right to make changes to theseApplication Examples at any time without prior notice. If there are any deviationsbetween the recommendations provided in these Application Examples andother Siemens publications – e.g. Catalogs – the contents of the otherdocuments have priority.

We do not accept any liability for the information contained in this document.Any claims against us – based on whatever legal reason – resulting from the use ofthe examples, information, programs, engineering and performance data etc.,described in this Application Example shall be excluded. Such an exclusion shallnot apply in the case of mandatory liability, e.g. under the German Product LiabilityAct ("Produkthaftungsgesetz"), in case of intent, gross negligence, or injury of life,body or health, guarantee for the quality of a product, fraudulent concealment of adeficiency or breach of a condition which goes to the root of the contract("wesentliche Vertragspflichten"). The damages for a breach of a substantialcontractual obligation are, however, limited to the foreseeable damage, typical forthe type of contract, except in the event of intent or gross negligence or injury tolife, body or health. The above provisions do not imply a change of the burden ofproof to your detriment.Any form of duplication or distribution of these Application Examples or excerptshereof is prohibited without the expressed consent of Siemens AG.

Securityinforma-

tion

Siemens provides products and solutions with industrial security functions thatsupport the secure operation of plants, solutions, machines, equipment and/ornetworks. They are important components in a holistic industrial securityconcept. With this in mind, Siemens' products and solutions undergo continuousdevelopment. Siemens recommends strongly that you regularly check forproduct updates.

For the secure operation of Siemens products and solutions, it is necessary totake suitable preventive action (e.g. cell protection concept) and integrate eachcomponent into a holistic, state-of-the-art industrial security concept. Third-partyproducts that may be in use should also be considered. For more informationabout industrial security, visit http://www.siemens.com/industrialsecurity.

To stay informed about product updates as they occur, sign up for a product-specific newsletter. For more information, visithttp://support.automation.siemens.com.

http://www.industry.siemens.com/topics/global/en/industrial-security/Pages/default.aspx

https://support.industry.siemens.com/cs/#?lc=en-DE

Table of Contents


Sie

men

sA

G20

15A

llrig

hts

rese

rved

Table of ContentsWarranty and Liability .............................................................................................. 21 Task and Solution........................................................................................... 4

1.1 Task .................................................................................................. 41.2 Possible solution................................................................................ 41.3 Characteristics of the solution ............................................................ 5

2 Configuration and Project Engineering ......................................................... 6

2.1 Setting up the environment ................................................................ 62.1.1 Required components and IP address overview ................................. 62.1.2 DSL access of automation cell A (DSL router2) .................................. 72.1.3 SIMATIC S7-300 stations .................................................................. 82.1.4 Setting up the infrastructure ............................................................. 182.2 Configuring the VPN tunnel.............................................................. 192.2.1 Integrating the VPN endpoint CP 343-1 Advanced (VPN client)........ 192.2.2 Integrating the VPN endpoint CP 343-1 Advanced (VPN server) ...... 212.2.3 Configuring the VPN tunnel.............................................................. 232.2.4 Loading the components .................................................................. 262.2.5 Final steps ....................................................................................... 262.3 Status of the VPN connection .......................................................... 27

3 Testing the Tunnel Function ........................................................................ 294 History .......................................................................................................... 30

1 Task and Solution


Sie

men

sA

G20

15A

llrig

hts

rese

rved

1 Task and Solution1.1 Task

The task is to allow a secure connection between two automation cells via theInternet or a company's internal network.The following customer requirements have to be considered: Protection against spying and data manipulation. Prevention of unauthorized access. Provision of secure remote access for remote maintenance and remote control. Protection of the S7 station and the connected network.

1.2 Possible solution

Complete overviewThe figure below shows one way of implementing these customer requirements:

VPN Client

SIMATIC S7-300 or S7-400with CP x43-1 Advanced

InternetModem/Router

Automation Cell B

VPN TunnelIndustrial Ethernet

StaticWAN IP Address

InternetRouter

VPN Server

SIMATIC S7-300 or S7-400with CP x43-1 Advanced

Automation Cell A

The connection between the two automation cells (SIMATIC S7 stations) isprotected by a VPN tunnel.Each automation cell features a CP 343-1/CP 443-1 Advanced. In this example,this CP forms the tunnel endpoint for the secure connection.

The CP 343-1/CP 443-1 Advanced of automation cell A acts as the VPN server,the one of automation cell B acts as the VPN client.Access to automation cell A from the WAN is predefined by the use of a staticWAN IP address.WAN access to automation cell B is flexible; the IP address of the WAN port is notrelevant.When establishing the VPN tunnel, the roles are defined as follows:Table 1-1

Component VPN role

CP x43-1 Advanced(automation cell A)

Responder (VPN server); waits for the VPN connection

CP x43-1 Advanced(automation cell B)

Initiator (VPN client); starts the VPN connection

1 Task and Solution


Sie

men

sA

G20

15A

llrig

hts

rese

rved

CP x43-1 AdvancedThe CP x43-1 Advanced (version 3 or higher) is a communications processor withsecurity functions. For the SIMATIC S7-300/S7-400, it is the bridge between thefield level and the MES level and integrates seamlessly with the security structuresof the office and IT world.The module provides protection of the data transmission between devices ornetwork segments against data manipulation/spying and unauthorized access.In addition to the basic communications services, it offers the following functions: Two separate interfaces (integrated network separation): Gigabit interface with

one RJ45 port and PROFINET interface with 2 RJ45 ports. High-quality stateful inspection firewall with filtering of IP- and MAC-based data

traffic. HTTPS, FTPS, NTP (secure). IPSec VPN (data encryption and authentication). Protection of the S7 station in which the CP is operated. Protection of the internal networks connected to the PROFINET interface. Support of multiple VPN tunnels at a time.

1.3 Characteristics of the solution

Controlled, encrypted data traffic between two CPs x43-1 Advanced. Integrated network diagnostics via SNMP or Syslog. The firewall, VPN server and communication settings are made directly in the

CP x43-1 Advanced; the security functions are integrated in thecommunications processor.

Protection of the SIMATIC controller without an additional security module.

2 Configuration and Project Engineering


Sie

men

sA

G20

15A

llrig

hts

rese

rved

2 Configuration and Project Engineering2.1 Setting up the environment

2.1.1 Required components and IP address overview

Software packagesThis solution requires the following software packages: "Security Configuration Tool V4". This software is included in the scope of

delivery of the security modules or available as a download under the followingEntry ID: 84467278.

"STEP 7 V5.5", Service Pack 2 or higher, Hotfix 1. The required HSP(HSP 1058) is included in the scope of delivery of the CP 343-1 Advanced oravailable as a download under the following Entry ID: 23183356.

Install these software packages on a PC/PG.

Required devices/components:To set up the environment, use the following components: Two CPs 343-1 Advanced (article number: 6GK7343-1GX31-0XE0). Two CPUs 317-2 PN/DP (article number: 6ES7317-2EK14-0AB0), each with

an MMC. DSL access with a dynamic WAN IP address and a DSL router (e.g.,

SCALANCE M81x-1). DSL access with a static WAN IP address and a DSL router (e.g., SCALANCE

M81x-1). One or two 24V power supplies with cable connector and terminal block plug

(the modules can also be operated with a shared power supply). Two DIN rails with fitting accessories for the S7-300 stations. PC on which the "Security Configuration Tool" and "STEP 7 V5.5" are installed. The necessary network cables, TP cables (twisted pair) according to the IE FC

RJ45 standard for Industrial Ethernet.

Note You can also use a different Internet access method (e.g., UTMS).The configuration described below refers explicitly to the components listed in"Required devices/components".

Note A different S7-300 PROFINET CPU can also be used. For the deviceenvironment in which the CP can be operated with the range of functionsdescribed here, please refer to the appropriate chapter of the CP 343-1Advanced manual:https://support.industry.siemens.com/my/ww/en/documentation/advanced/?DocVersionId=42597696395&TopicId=37239174923&guiLanguage=en



https://support.industry.siemens.com/my/ww/en/documentation/advanced/?DocVersionId=42597696395&TopicId=37239174923&guiLanguage=en




Sie

men

sA

G20

15A

llrig

hts

rese

rved

IP addressesFor this example, the IP addresses are assigned as follows:

DSL Router2 Automation Cell BCP 343-1 Advanced

DSL Router1

192.168.2.89 10.70.0.4172.16.47.1172.22.80.2

Automation Cell ACP 343-1 Advanced

192.168.2.1DynamicWAN IP

StaticWAN IP

172.16.0.1

Table 2-1

Component Port IP address Router Subnet mask

CPU PROFINET port 172.22.80.3 172.22.80.2 255.255.255.0CP 343-1 Adv. PROFINET port 172.22.80.2 - 255.255.255.0CP 343-1 Adv. Gigabit port 172.16.47.1 172.16.0.1 255.255.0.0DSL router2 LAN port 172.16.0.1 - 255.255.0.0DSL router2 WAN port Static IP address from

provider- Assigned by

providerDSL router1 WAN port Dynamic IP address from

provider- Assigned by

providerDSL router1 LAN port 192.168.2.1 - 255.255.255.0CP 343-1 Adv. Gigabit port 192.168.2.89 192.168.2.1 255.255.255.0CP 343-1 Adv. PROFINET port 10.70.0.4 - 255.255.255.0CPU PROFINET port 10.70.0.3 10.70.0.4 255.255.255.0

2.1.2 DSL access of automation cell A (DSL router2)

Static IP addressWAN access of automation cell B to the CP 343-1 Advanced (automation cell A) isimplemented using a fixed public IP address. This IP address must be requestedfrom the provider and then stored in DSL router2.

Port forwarding on DSL router2Due to the use of a DSL router as an Internet gateway, you have to enable thefollowing ports on DSL router2 and forward the data packets to the CP 343-1Advanced (VPN server; Gigabit port): UDP port 500 (ISAKMP) UDP port 4500 (NAT-T)

VPN functionIf the DSL router itself is VPN-capable, make sure that this function is disabled.



Sie

men

sA

G20

15A

llrig

hts

rese

rved

2.1.3 SIMATIC S7-300 stations

STEP 7 projectUse the STEP 7 configuration software to create a new project and create onehardware configuration for each automation cell (A and B) with the modules youare using.For the required IP addresses for the two CPs 343-1 Advanced (Gigabit port andPROFINET port) and their CPU (PROFINET port), please refer to Table 2-1.Change the names of the CP 343-1 Advanced to allow later discrimination in theSecurity Configuration Tool.Due to the use of two CPs 343-1 Advanced, the Gigabit port default name existstwice. As this port must be unique for the entire project, change the Gigabitinterface name of one CP. In this example, the Gigabit port of the CP of automationcell A was changed.

Configuration dialogs of automation cell AThe following figures show the most important configuration dialogs for the S7-300station (automation cell A):Interface configuration of the CPU (server side):



Sie

men

sA

G20

15A

llrig

hts

rese

rved

Interface configuration of the CP (VPN server; Gigabit port):

New name for the Gigabit port (CP; VPN server):



Sie

men

sA

G20

15A

llrig

hts

rese

rved

Interface configuration of the CP (VPN server; PROFINET port):

New module name of the CP (VPN server):



Sie

men

sA

G20

15A

llrig

hts

rese

rved

Configuration dialogs of automation cell BThe following figures show the most important configuration dialogs for the S7-300station (automation cell B):Interface configuration of the CPU (client side):

Interface configuration of the CP (VPN client; Gigabit port):



Sie

men

sA

G20

15A

llrig

hts

rese

rved

Interface configuration of the CP (VPN client; PROFINET port):

New module name of the CP (VPN client):



Sie

men

sA

G20

15A

llrig

hts

rese

rved

Time-of-day synchronizationIn the OFF state, the CPs 343-1 Advanced lose the current time stamp and, bydefault, are set to 01.01.1984.To establish secure communication, it is essential that the current date and timeare always set on the CPs. Otherwise, the certificates used are interpreted asinvalid and secure VPN communication is not possible.The CP provides the following modes for time-of-day synchronization: SIMATIC Mode (used in this example) NTP Mode (Network Time Protocol)

Time-of-day synchronization for the two S7-300 stations is configured in theirhardware configuration.

Proceed as follows:

1. In the SIMATIC Manager, open the hardware configuration of the S7-300station (automation cell A).

2. In the STEP 7 object properties of the CP 343-1 Advanced, "Time-of-DaySynchronization" tab, check the "Accept time of day on CP" check box andselect "Automatic".



Sie

men

sA

G20

15A

llrig

hts

rese

rved

3. Click "OK" to close the dialog.

4. In the STEP 7 object properties of the CPU, "Diagnostics/Clock" tab, set the"As master" synchronization type and the "1 minute" time interval forsynchronization in the automation system.


6. Select "Station" > "Save and Compile" to save and compile the hardwareconfiguration.

7. Close the hardware configuration.

8. Proceed in the same way to configure time-of-day synchronization for theS7-300 station (automation cell B).

Note More information on these modes and the configuration can be found in Chapter3.3.5 of the Configuration Manual for SIMATIC S7 CPs (Entry ID: 60053848).




Sie

men

sA

G20

15A

llrig

hts

rese

rved

Factory defaultTo make sure that no old configurations and certificates are stored in the CPs343-1 Advanced, reset the modules to factory default.For the appropriate chapter in the CP 343-1 Advanced manual, please use thefollowing link:https://support.industry.siemens.com/my/ww/en/documentation/advanced/?DocVersionId=42597696395&TopicId=40344018827&guiLanguage=en

Changing the IP address of the CPUsTo download the project data to the two CPUs, it is useful to first change the IPaddress of the CPUs as shown in Table 2-1.

The STEP 7 function "Edit Ethernet Node…" is suitable for assigning the IPaddress. For more information, please refer to the manual, Entry ID: 45531110.

Loading the controller1. Connect the PC to a PROFINET port of the CPU and change the network

settings on the PC as follows:

To load automation cell B:IP address: 10.70.0.100Subnet mask: 255.255.255.0

To load automation cell A:IP address: 172.22.80.100Subnet mask: 255.255.255.0

2. In the SIMATIC MANAGER, select the S7-300 station to whose CPU you haveconnected.Select "PLC" > "Download…" to download the project to the CPU and thenstart the CPU.The CPU can be accessed via IP address 10.70.0.3 or 172.22.80.3.

3. Repeat steps 1 and 2 for the other S7-300 station.






Sie

men

sA

G20

15A

llrig

hts

rese

rved

Adjusting the time in the CPUDue to the "SIMATIC Mode" time-of-day synchronization, the CPU cyclicallypasses on its time to the CP 343-1 Advanced.The CPU clock must no longer be in the default state. It must have been set once.Time-of-day synchronization as the time-of-day master does not start before thetime of day has been set via SFC 0 "SET_CLK" or using the PG function.

Note In the following cases, the CPU clock has not yet been set:

In the as-supplied state. After resetting to the as-supplied state using the mode selector switch. After a firmware update.

1. Connect the PC to a PROFINET port of the CPU and change the networksettings on the PC as follows:



2. In the SIMATIC Manager, open the hardware configuration of the S7-300station to whose CPU you have connected.

3. Select the CPU and select "PLC" > "Set Time of Day" to open the dialog whereyou can set the time of day.

4. Check the "Take from PG/PC" check boxand select "Apply" to confirm your selection.



Sie

men

sA

G20

15A

llrig

hts

rese

rved

5. Select "Close" to close the dialog.

6. Proceed in the same way to set the time of day for the otherS7-300 station.

ResultThe time of day of the two CPUs has been set to the current PG time.



Sie

men

sA

G20

15A

llrig

hts

rese

rved

2.1.4 Setting up the infrastructure

Connect all the components involved in this solution.

DSL Router2 Automation Cell BCP 343-1 Advanced

DSL Router1

Gigabit Port PROFINETPort

Gigabit PortPROFINETPort

Automation Cell ACP 343-1 Advanced

LAN PortWAN PortWAN PortLAN Port

Table 2-2

Component Local port Partner Partner port

CP 343-1 Advanced (VPN server) PROFINET port E.g., other network nodes (do not exist inthis solution)

CP 343-1 Advanced (VPN server) Gigabit port DSL router2 LAN portCP 343-1 Advanced (VPN client) Gigabit port DSL router1 LAN portCP 343-1 Advanced (VPN client) PROFINET port E.g., other network nodes (do not exist in

this solution)

Note In all devices in the internal network of the CP 343-1 Advanced (e.g., controllers,panels, etc.), please make sure to enter the IP address of the CP's PROFINETport as the default gateway.



Sie

men

sA

G20

15A

llrig

hts

rese

rved

2.2 Configuring the VPN tunnel

SCT projectThe VPN tunnel configuration is performed using the Security Configuration ToolV4 integrated in STEP 7 and started when enabling the security function in theCP 343-1 Advanced.As both automation cells are in one shared STEP 7 project, only one SCT project iscreated.

Component usedThis solution uses the following security component: CP 343-1 Advanced(version 3 or higher).

2.2.1 Integrating the VPN endpoint CP 343-1 Advanced (VPN client)

OverviewTo integrate the CP into the Security Configuration Tool, perform the followingsteps: Enable the security function of the CP. Create a user and password for the SCT project integrated in STEP 7 and the

shared SCT project.Proceed as follows:

1. Open your STEP 7 project and in the SIMATIC Manager, open the hardwareconfiguration of the S7-300 station (automation cell B).

2. In the STEP 7 object properties of the CP 343-1 Advanced, "Security" tab,check the "Enable security" check box.

3. In the following dialog, create a new user with a user name and the associatedpassword. The user is automatically assigned the "Administrator" role.



Sie

men

sA

G20

15A

llrig

hts

rese

rved

4. Confirm your entries with "OK".

5. Close the STEP 7 object properties with "OK".

6. Confirm the following security message with "OK".



ResultYou have created a new security project.



Sie

men

sA

G20

15A

llrig

hts

rese

rved

2.2.2 Integrating the VPN endpoint CP 343-1 Advanced (VPN server)

OverviewTo integrate the CP into the Security Configuration Tool, perform the followingsteps: Enable the security function of the CP. Log in to the shared SCT project.

Proceed as follows:

1. In the SIMATIC Manager, open the hardware configuration of the S7-300station (automation cell A).

2. In the STEP 7 object properties of the CP 343-1 Advanced, "Security" tab,check the "Enable security" check box.

3. In the following dialog, log in with the user name you have created and theassociated password.

4. Confirm your entries with "OK".

5. Close the STEP 7 object properties with "OK".

6. Confirm the following security message with "OK".



Sie

men

sA

G20

15A

llrig

hts

rese

rved



Opening the SCT projectIn one of the hardware configurations (e.g., of automation cell A), select the "Edit"> "Security Configuration Tool" menu command to open the Security ConfigurationTool and log in.

ResultThe security modules are displayed in the list of configured modules.



Sie

men

sA

G20

15A

llrig

hts

rese

rved

2.2.3 Configuring the VPN tunnel

Creating a VPN groupAll members of a VPN group are authorized to communicate with each otherthrough a VPN tunnel.To create a VPN group, proceed as follows:

1. In the project tree, select the "VPN groups" item. Use "Insert" > "Group" orselect the appropriate menu icon to create a new VPN group.

2. One after the other, select the security modules from the "All modules" list anduse drag and drop to insert them into the VPN group.

ResultThe two security modules have been assigned to VPN group Group1. Certificatesare used for authentication.



Sie

men

sA

G20

15A

llrig

hts

rese

rved

Defining the VPN parametersTo establish the VPN tunnel, you have to enter the following information: Definition of the VPN role WAN IP address of DSL router2

Parameterize this information as follows:

1. In the "All modules" project tree, select the CP-343_Client and double-click toopen its properties dialog.

2. In the "VPN" tab, keep the default VPN role. Enable access to the internalnetwork.


4. In the "All modules" project tree, select the CP-343_Server and double-click toopen its properties dialog.



Sie

men

sA

G20

15A

llrig

hts

rese

rved

5. In the "VPN" tab, select the "Responder" VPN role for the CP 343-1 Advanced.In the WAN IP address / FQDN field, enter the WAN IP address of your DSLaccess point.In addition, enable access to the internal network.

6. Click "OK" to close the dialog and select "OK" to confirm the message.

7. Save the project.

8. Close the Security Configuration Tool and the following security message.



11. In the SIMATIC MANAGER, open the hardware configuration of the otherautomation cell and save and compile it.

12. Select "Options" > "Configure Network" to start NetPro and here, too, compilethe entire configuration using "Network" > "Save and Compile…".

13. Close the output to check the consistency.

14. Close NetPro and the hardware configuration.

ResultThe VPN configuration is complete.



Sie

men

sA

G20

15A

llrig

hts

rese

rved

2.2.4 Loading the components

The transfer of the configuration data to the appropriate security components isimplemented via the STEP 7 project.

CP 343-1 Advanced1. On the PC, open the STEP 7 project.

2. Connect the PC to a PROFINET port of a CPU and change the networksettings on the PC as follows:



3. In the SIMATIC MANAGER, select the S7-300 station to whose CPU you haveconnected.Use "PLC" > "Download…" to download the configuration to the CPU and thenstart the CPU.The CPU can be accessed via IP address 10.70.0.3 or 172.22.80.3.

4. Repeat steps 2 and 3 for the other automation cell.

5. If downloading has completed without errors, the security modules startautomatically and the new configuration has been activated.

ResultThe security modules are configured and in productive mode.

2.2.5 Final steps

Connect the PROFINET ports of the CP 343-1 Advanced to your network (e.g.,automation network).For all devices on the PROFINET port of the devices, set the appropriate standardrouter (IP address of the PROFINET port).



Sie

men

sA

G20

15A

llrig

hts

rese

rved

2.3 Status of the VPN connection

When all security modules have been parameterized, loaded and connected to theappropriate DSL routers, the CP 343-1 Advanced of automation cell B initializesthe VPN tunnel to the CP 343-1 Advanced of automation cell A.Diagnostics in the Security Configuration Tool or NCM diagnostics allow you toview the status.

Security Configuration ToolFor diagnostics via the Security Configuration Tool, proceed as described below:

1. Open your STEP 7 project.

2. Connect the PC to the PROFINET port of a CP, for example of automation cellA, and change the network settings on the PC as follows:

For automation cell A:IP address: 172.22.80.100Subnet mask: 255.255.255.0

3. In one of the hardware configurations, select the "Edit" > "SecurityConfiguration Tool" menu command to open the Security Configuration Tooland log in if necessary.

4. Use the "View" > "online" menu command to activate "Online" mode.

5. If the VPN tunnel has been established, both security modules are displayedas reachable ("Yes").

6. In the content area, select CP-343_Server and double-click.



Sie

men

sA

G20

15A

llrig

hts

rese

rved

7. The "Communications status" tab displays the communication status.

3 Testing the Tunnel Function


Sie

men

sA

G20

15A

llrig

hts

rese

rved

3 Testing the Tunnel FunctionChapter 2 completes the commissioning of the configuration and the securitymodules have established a VPN tunnel for secure communication.You can test the established tunnel connection using a ping command on aninternal node. This is described below.Alternatively, you can also use other methods to test the configuration (e.g., byopening the internal Web page of the CP 343-1 Advanced with addresshttps://172.16.47.1 or https://192.168.2.89 or loading the S7 controller fromSTEP 7).

1. Connect the PC, for example, to the PROFINET port of the CP of automationcell B and change the network settings on the PC as follows:

IP address: 10.70.0.100Subnet mask: 255.255.255.0Gateway: 10.70.0.4

2. On the PC, select "Start" > "All Programs" > "Accessories" > "CommandPrompt" in the start bar.

3. In the command line of the "Command Prompt" window that appears, enter the"ping <IP address of Gigabit port of CP of automation cell A>" command at thecursor position.

ResultYou get a positive response.

Note In Windows, the default settings of the firewall may prevent ping commands frompassing. You may have to enable the ICMP services of the "Request" and"Response" type.

4 History


Sie

men

sA

G20

15A

llrig

hts

rese

rved

4 History

Table 4-1

Version Date Modifications

V1.0 02/2015 First version

Configuration Example y 02/2015 Setting up a secure VPN · PDF file Configuration Example y 02/2015 Setting up a secure VPN Connection between two CPs x43-1 Adv

Documents