• No results found

Setting up VPN Access for Remote Diagnostics Support

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Setting up VPN Access for Remote Diagnostics Support"

Copied!
15
0
0

Loading.... (view fulltext now)

Download now ( 15 Page )

Full text

(1)

Setting up VPN Access for Remote Diagnostics Support

D. R. Joseph, Inc. supports both dial-up and Internet access for remote support of 3GIBC1 and LF-Sizer control systems. This document describes how to setup the remote site to allow a VPN client to log in and then route to the DRJ

equipment. The following diagram shows the overall schematic of the connection.

The first step to the process is to setup the Remote VPN Host to accept a

request from a VPN client to access the Remote IBC System. The steps for this process are generally known by IT personnel, but for convenience the basic steps follow and are based on the data found at this web site:

(2)

Summary

Virtual Private Networks (VPN) allow users working at home, on the road or at a branch office to connect in a secure manner to a remote corporate server using the public Internet. VPN server or host is a computer that accepts VPN connections from VPN clients. A VPN server or host can be a NT/W2K server or W2K/XP Pro. VPN client is a

computer that initiates a VPN connection to a VPN server or host. A VPN client can be an individual computer running MS Windows NT version 4.0, Windows 2000, 9x. VPN clients can also be any non-Microsoft Point-to-Point Tunneling Protocol (PPTP) client or Layer Two Tunneling Protocol (L2TP) client using IPSec.

Network Design

The following items should be established prior to setting up the VPN and access permissions:

VPN address: This is the static public IP address that is assigned to the Remote VPN Host. Remote clients will reference this IP address when attempting to establish a VPN connection.

VPN protocol: PPTP

VPN username: Decide on a user name for the remote VPN client.

VPN password: Decide on a password for the remote VPN client

IBC static IP address: This is the IP address that matches the sub-net of the Remote Host’s Intranet. This should be a local IP address and NOT a public IP address. It must be static. The current setting in the IBC system is 10.10.226.100 (see steps 1-13 for setting this value).

IBC gateway IP address: If there is no Intranet gateway, set this to 0.0.0.0, otherwise set to the gateway IP address (see steps 1-13 for setting this value).

IBC subnet mask: in most cases, this will be a class C subnet of 255.255.255.0 (see steps 1-13 for setting this value).

Touch Screen IP Address: This value must match the subnet of the IBC system. The current value is 10.10.226.160 (see steps 14-26 for setting this value.

(3)

Basic VPN Requirement

On the Remote VPN Host machine, you will need to create a user account that the VPN client will use to log in.

User Permission. Enable a user to access the VPN. To do this, go to ADD Users and Computers, select or create the user who needs to access the VPN, click Dial-in. Check Allow access on the Remote Access Permission (Dial-in or VPN).

IP Configuration. The VPN server should have a static IP address and assign the arranged IP addresses to VPN clients. The VPN server must also be configured with DNS and WINS server addresses to assign to the VPN client during the

connection.

Data Encryption. Data carried on the public network should be rendered unreadable to unauthorized clients on the network. • Protocol Support. The TCP/IP is a common protocol used in

the public network. The VPN also includes IP, Internetwork Packet Exchange (IPX), NetBEUI and so on.

Firewall Ports. When you place a VPN server behind your firewall, be sure to enable IP protocol 47 (GRE) and TCP port 1723.

Interface(s) for VPN server. If your network doesn't have a router or the VPN is also a gateway, your computer must have at least two interfaces, one connecting to the Internet and another connecting to the LAN. If it is behind a router, you just need one NIC.

One interface for VPN client. The interface can be a dial-in modem, or a dedicated connection to the Internet.

Security. See the diagram on the following page and let DRJ know what settings you selected:

(4)
(5)

IBC System Setup

Access Service Menus

Once the VPN access is setup, you will need to configure the IBC system for the static intranet IP address you assigned, along with the subnet and gateway (if any). To do this you will need to access the service menus.

Access Service: 1. From the main screen press the BACK button. The SYSTEM Selection screen will display.

2. Press the SERVICE button and the SERVICE ACCESS screen will display. Note: the SYSTEM SELECTION screen also shows the current IBC software revision, the job# and the valve size.

3. Press the Password button and enter the current service

password. The factory default for the service password is 4095.

4. Press the ACCESS button to access the service menus.

5. The SERVICE MENU displays all the available parameter groups. Not all systems have the Cage Controller group shown here.

(6)

Configure

Ethernet

Settings

6. Select the EXPERT MODE button.

7. Enter the Expert Mode Password of 8747 then press the ENT key

8. This symbol verifies you are in expert mode. If you get a red X then the password was entered

incorrectly. Retry steps 6 and 7.

(7)

9. Press the

COMMUNICATION CONFIGURATION button.

10.Select ETHERNET CONFIG button. (note: make a note of what the IP settings are before you change anything)

11.You must enter the Level 2 security credentials to access the Ethernet settings. The User ID is ISIBC1.

(8)

12.Set the IP address, Subnet and gateway as required. Port must be 502, Addr must be 12, Mstr TO must be 10, Slv TO 250.

Press the OK button when you are sure the settings are correct.

13.If you are certain you have the correct settings, press the ACCEPT key. Write these values down BEFORE pressing the ACCEPT button. You will not be able to get back to these settings if you forget the values.

Touch Screen

will Stop

Communicating

at this point

14.After about 1 minute, you will see the following error

message. If you want to see the full message, press the Window Button.

(9)

15.This is information only. Press the X button when you are done and then proceed to step 16.

Reconfiguring

Touch Screen

IP Settings

16.Touch the upper left corner THEN the lower right corner. Do not touch both

positions at the same time.

Note: It does not matter which screen you are on.

17.Select the Offline mode button

(10)

18.This is the system password screen. Press the box to enter the password.

19.Enter the password using the popup

keypad. The password is 73226213. Press the ENT key when

finished.

20.This is the main menu screen. Select the Main Unit button first.

(11)

21.You are now on the Main Unit menu. Select the Ethernet button.

Set Touch

Screen IP

Address and

Subnet

22.At the point you must identify the Touch Screen IP address. It must be unique from the IBC IP address you set in steps 12 and 13. The Subnet Mask must match what you entered in step 12.

Do not change the Port value. It must remain 8000.

Press the Back key when finished with this step. 23.Now select the

Peripheral button to tell the touch screen what the new IBC system IP address is.

(12)

24.Press in the area shown to select the current Modbus TCP Master driver.

25.You are now at the Peripheral

Configuration Menu. Press on the Device button.

DO NOT CHANGE ANY VALUES ON THIS SCREEN

26.Touch the IP Address box and enter the new IP address you entered in step 12 for the IBC System.

DO NOT CHANGE THE PORT No. or the UNIT ID!

Press the Exit button when finished.

(13)

27.If you have completed all the steps, press the Yes button.

The touch screen will automatically restart. If you did everything correctly, it will start communicating. You can repeat the entire process if it is still not working.

(14)

Connecting the IBC System

The cable connection to the IBC system should be a CAT5 or CAT5e style cable. Whether a cross-over or straight cable is used depends on if the Remote Host is using a switch or a router. The cable should be a cross over cable if a switch is used. It should be straight through if a router is used.

How to Build an Ethernet Crossover Cable

The crossover Ethernet cable is used when connecting two Ethernet devices without a router or managed switch between the devices.

Use this diagram when building your own Ethernet cables.

• For more details, please visit

www.wiringwizard.com, select CAT-5 in the column on the left.

Connect the Ethernet Cable to IBC or LF-Sizer

The Ethernet or LAN port is located near the bottom of the panel. There are four RJ45 connectors across the bottom of the main controller. The LAN port is the left most connector. The LAN cable should be connected to the Sixnet Managed

(15)

Verify Link Level is Functioning

If the cable is configured properly, you will see the LINK led turn on. It will stay on at all times. If the LINK LED is off, then recheck your cable configuration. On the Sixnet

Ethernet Modem, only the Yellow LED will come on. This means the connection is a 10 MHz connection. For the company intranet, you will probably see both the green and yellow LEDs come on which indicates a 100 MHz connection.

One important note: If you are connecting a laptop directly to the IBC, you need the cross-over cable. If you use a straight through cable, you will still get the LINK led. The LINK led is not an indication of correct cable; it is only an indication that the hardware level is active.

Verify that Remote VPN Host Can Ping IBC

Using the Ping command to make sure you can ping the IBC system from the Remote VPN Host.

Contact DRJ and Provide Connection Details

Send an email to [email protected] with “VPN Connection Details for custname” in the subject. Custname is the name of the customer. Make sure you send the following: 1. Static IP Address of Remote VPN Host

2. User Name 3. Password

4. Static IP Address of IBC System To IBC System

To Company Intranet

References

Download now ( PDF - 15 Page - 1.08 MB )

Related documents

Do you have the insurance coverage you need?

MoneySENSE may, in its sole discretion, modify these Quiz Terms and Conditions, substitute prizes or cancel the quiz, without prior notice to any

Is This The How-to For You?

If you receive this error, please check that the start date entered is within the period of at least one of your professional jobs. If it does, your details may not have been

Do you need to... Do you need to...

Email filtering is a process of monitoring incoming email and then taking the appropriate action to protect against Spam and viruses. Certain criteria are set to determine if an

Think - Aretha Franklin (arr. P.Marillia).pdf

from the Blues Brothers Movie Think Big Band Arranged by Philippe Marillia Vocal (Aretha) Aretha F ranklin Ted White Think f.. Think Think Think you think think

Studi Pencocokan Plat Kendaraan Dengan Metode Phase Only Correlation

Algoritma pencocokan yang digunakan pada tugas akhir ini adalah Phase only Correlation (POC), yaitu algoritma yang mencocokkan fasa dari dua buah citra dengan melihat nilai

111757820 CS 1 INAP Call Flowv0 1 Scribd

criticality O This parameter contains the calling party number which identifies the calling party or geographical origin of the call for which filtering shall be applied..

Configuring SSL VPN on the Cisco ISA500 Security Appliance

N OTE You must configure the SSL VPN configuration and the SSL VPN group policies on the ISA500 before a remote user can access resources on the private network.. Configuring