6 Controlling the Data Traffic
6.2 NAT - Network Address Translation
6.2.4 NAT Application Examples
Connecting a production cell with the company network via 1:1 NAT
You have multiple identical production cells and want to connect them with your company network. As even the IP addresses used in the production cells are identical, you convert the IP addresses using the 1:1 NAT function.
The following is known:
Prerequisites for further configuration:
The Firewall is in router mode.
The IP parameters of the router interface are configured.
The gateway and the IP address of the devices in production cells are configured.
The devices in the production cells have the IP address of the internal interface (port 1) of the Firewall as their gateway.
Parameter Firewall Number 1 Firewall Number 2
Internal Network 10.0.1.192/28 10.0.1.192/28
External Network 10.0.2.192/28 10.0.2.208/28
10.0.1.192/28
Controlling the Data Traffic 6.2 NAT - Network Address Transla-tion
First you configure firewall number 1.
Enter the parameters for converting the IP addresses.
Save the settings in the non-volatile memory.
Configure firewall number 2 in the same way.
Use the values for firewall number 2 from the table on the previous page.
Connecting 2 Devices via Double NAT
For test purposes, you want to connect a work station in your company network with a robot in a production cell. As the test set-up requires the two devices to be logically located in the same network, you convert the IP addresses using the double NAT function.
Select the dialog
Network Security:NAT:1:1 NAT.
Click on “Create Entry”.
You thus add a new entry to the table.
Enter the parameters for converting the IP addresses:
“Description”: Production hall 1
“Internal network”: 10.0.1.193
“External network”: 10.0.2.1
“Netmask”: 28
Click on the “Active” field of this entry to activate the entry.
Click “Set” to temporarily save the entry in the configuration.
Select the dialog
Basic Settings:Load/Save.
Click on “Save to NVM +ACA” to permanently save the configuration in the active configuration.
Controlling the Data Traffic 6.2 NAT - Network Address Transla-tion
The following is known:
Prerequisites for further configuration:
The Firewall is in router mode.
The IP parameters of the router interface are configured.
The IP addresses of the devices are configured.
Figure 35: Connecting 2 Devices via Double NAT
Parameter Robot Work station
IP address in the production network
(internal) 10.0.1.194 10.0.1.195a
IP address in the company network
(external) 10.0.2.194a 10.0.2.195
Table 10: the IP addresses of the test devices a: This IP address is created using NAT
10.0.1.192/28
int.
10.0.1.193
10.0.2.0/24 10.0.1.194
ext.
10.0.2.1 10.0.2.195
Controlling the Data Traffic 6.2 NAT - Network Address Transla-tion
Enter the parameters for converting the IP addresses.
Save the settings in the non-volatile memory.
Select the dialog
Network Security:NAT:1:1 NAT.
Click on “Create Entry”.
You thus add a new entry to the table.
Enter the parameters for converting the IP address of the robot:
“Description”: Robot production hall (test)
“Internal network”: 10.0.1.194
“External network”: 10.0.2.194
“Netmask”: 32
Click on the “Output” (double NAT) field of this entry to activate double NAT for the entry.
Click on the “Active” field of this entry to activate the entry.
Click on “Create Entry”.
You thus add a new entry to the table.
Enter the parameters for converting the IP address of the work station:
“Description”: Work station company network (test)
“Internal network”: 10.0.1.195
“External network”: 10.0.2.195
“Netmask”: 32
Click on the “Output” (double NAT) field of this entry to activate double NAT for the entry.
Click on the “Inverted” field of this entry to select the entry as an inverted 1:1 NAT entry.
Click on the “Active” field of this entry to activate the entry.
Click on “Write” to temporarily save the entries in the configuration.
Select the dialog
Basic Settings:Load/Save.
Click on “Save to NVM +ACA” to permanently save the configuration in the active configuration.
Controlling the Data Traffic 6.2 NAT - Network Address Transla-tion
Managing a switch in a production cell from a PC outside the production cell (Port Forwarding)
You have used a Firewall to connect with your company network a production cell with its own IP addresses which should not be visible in the company network. You configure the port forwarding function so that an administrator in the company network can manage a switch within the production cell.
The following is known:
Prerequisites for further configuration:
The Firewall is in router mode.
The IP parameters of the router interface are configured.
The gateway and the IP address of the devices in production cells are configured.
The devices in the production cells have the IP address of the internal interface (port 1) of the Firewall as their gateway.
Figure 36: Managing a switch within the production cell from outside
Parameter Switch Firewall PC
IP address of internal port 10.0.1.201
IP address of external port 10.0.2.1
IP address 10.0.1.193 10.0.2.17
Gateway 10.0.1.201 10.0.2.1
Controlling the Data Traffic 6.2 NAT - Network Address Transla-tion
Configure the firewall.
Enter the parameters for converting the IP addresses.
Save the settings in the non-volatile memory.
Select the dialog
Network Security:NAT:Port Forwarding.
Click on “Create Entry”.
You thus add a new entry to the table.
Enter the parameters for the http transmission:
“Source Address (CIDR)”: 10.0.1.17/24
“Source Port”: any
“Incoming Address”: 10.0.2.1
“Incoming Port”: 8080
You can freely allocate port numbers higher than 1024.
“Forwarding address”: 10.0.1.193
“Forwarding port”: http, Web server of the switch.
“Protocol”: tcp.
Click on the “Active” field of this entry to activate the entry.
Click on “Create Entry”.
You thus add a new entry to the table.
Enter the parameters for the SNMP transmission:
“Source Address (CIDR)”: 10.0.1.17/24
“Source Port”: any
“Incoming Address”: 10.0.2.1
“Incoming Port”: 8081
You can freely allocate port numbers higher than 1024.
“Forwarding address”: 10.0.1.193
“Forwarding port”: snmp, for the communication of the applet with the website of the switch.
“Protocol”: udp.
Click on the “Active” field of this entry to activate the entry.
Click on “Write” to temporarily save the entries in the configuration.
Select the dialog
Basic Settings:Load/Save.
Click on “Save to NVM +ACA” to permanently save the configuration in the active configuration.
Controlling the Data Traffic 6.3 User Firewall