NSJ and access via internet

[pszczepan]

Hi ! I tries to establish connection with my NSJ over Internet. I open pdf file "Accessing_Omron_PLCs_via_the_Internet" and: I cannot find PLC ethernet module setup. In Cx Programmer Unit setup I can't open setup for Ethernet modul So - How I can setup IP router and other WAN parameters to my NSJ Ethernet modul? Another question comes from IP guys - How looks authorization for connection with PLC over Internet. f.e If someone scan network and he finds "open port" and he knows Cx-programmer he can get unathorized connection and can change program in PLC. How I can avoid it? - only program protection Thanks Pawel

[PdL]

Most routers also support IP filtering when using port forwarding rules, so the port is only forwarded if the source IP is [Pawel]. But the chance that someone finds port 9600 to be open on a random public IP and then also figures a certain program called CX-Programmer from a certain manufacturer called Omron can be used for this access is small enough for me to have it open all the time. Call me stupid but I am not so paranoid about these things. Chance is bigger someone with bad intentions connects locally!

[pszczepan]

Hi ! I have connection via Ethernet. When I write http://[NSJ 172.16.20.220] in IE I get: "http://%5B%20nsj%20172.16.20.220%5D/" The IE does not recognize this syntax http://[NSJ IP]. What I do wrong? Pawel

[PdL]

Pawel, replace [NSJ IP] for 172.16.20.220. You can also just type 172.16.20.220 in IE. Worth a try, don't know if NJS ethernet adapter supports HTTP interface.

[pszczepan]

I did as you wrote and IE did not find it. IT scaned this IP and port 80 is not open. So propably I have to set this service somewhere. Menu System of NSJ and Ethernet settings looks like: For me there is nothing to set http service. Any other idea? Pawel

[PdL]

Like I said, worth a try but it looks like HTTP is not supported. Good question how to set the IP adress table... for the moment I don't know. You are right you the IP address table at the NSJ system menu COMMS tab is read only.

[pszczepan]

IP address table - in Manual is written that it is read-only, but I can change the values there from the MENU System or in CX- Designer ( Conversion Table - I guess it means the same) But still I do not know how I can set IP Router table which is in "Accessing_Omron_PLCs_via_the_Internet" in PLC Ethernet Setup Module. Any suggestion.

[ECSI]

The IP address table is set using CX-Designer on the Comm. Setting tab:

[PdL]

Doh There you said it yourself, you can change it anyway in the system menu or set it in CX-Designer. Isn't IP router table and IP address table the same ? Or am I mixing things up now... I am reinstalling my system right now so don't have access on any software or documents...

[Sleepy Wombat]

Again.......

[PdL]

second time only gets better

[beegee]

hi all, I've been off-line for some time... :( to clarify: The NSJ with built in ethernet does NOT have the same possibilities as the ETN21 boards on CS1 and CJ1. This is the normal ethernet port from the NS that has been routed to the PLC. You can't access it with the I/O table, settings are only done through CX designer. There is no wab server running in the NSJ. I've been working for two years with NSJ now and I don't miss the possibilities you have through IE on the ETN21 (I do miss the possibility to send E-mails and to sync the clock) If you really want to address the PLC (FINS) you'll need to set up a routing table in the PLC regards

[pszczepan]

Hi ! Now I am working on having PLC access via internet. My settings: PLC IP 192.168.0.77 Router IP (LAN side) - 192.168.0.3 Router IP (WAN side) - 80.51.245.250 IT Department forwarded port 9600. Right now only TCP I set in PLC: CX programmer configuration: What do you think about settings - any errors? Right now I have a few question? - What is the "IP proxy address" in CX Designer ( first picture). I do not have this parameter in MEnu System in my NSJ - strange - it should be the same. I cannot find any info about this parameter in NSJ manual also. - Is enough if IT Department forwarded only TCP port? Do I need also UDP 9600 port? Thanks for help Pawel Edited October 19, 2007 by pszczepan

[PdL]

I think the UDP port is also open already, as you have set Ethernet as network type from CXP which is by UDP, and you say you can connect ? By my knowledge Ethernet uses UDP default port 9600 and Ethernet TCP/IP uses TCP port 9600. But I could be wrong...

[pszczepan]

Hi ! Right now I cannot establish connection with above settings. IT Department told me that the router is specific and they have to open and forward port with UDP protocol separate. So, I will expect them to open UDP protocol also. I hope it will resolve my problem. Thanks Pawel Edited October 20, 2007 by pszczepan

[pszczepan]

Hmmm. IT Department forwarded UDP and TCP protocol on 9600 port. Settings are correct, but still I cannot establish connection. In previous post Beegee wrote: Maybe I should set up something more. Right now I set Routing Table: I am thinking how I can check traffic. I check pinging from Router to PLC - it works. Router is specific so I cannot ping router - no answer, but when I use command : Telnet 80.51.245.250 9600 I do not get any reply - just blank screen - it is OK. In some other settings (different port) f.e Telnet 80.51.245.250 9601 I get answer "Could not open connection to the host on port 9601, connect failed" Any other idea what is the reason of the connection problem? Thanks Pawel

[pszczepan]

I made some experience - IT Department opened all ports and all protocol in router and I send a command telnet 80.51.245.250 without port specification. I received: I do not know if NSJ can use telnet commands, but it is a prove that Ethernet connection PC-internet-router-PLC is OK. I am pretty sure I have to configure something more in CX-Integrator, propably routing table, but now I have some settings. What should be more? Pawel

[beegee]

hi, you pput your default gateway bin the NS to 80.51.245.250. I think you should put 192.168.0.3, because the ns cannot reach the address 80.51.245.250 with the subnet mask 255.255.255.0..... cu Beegee

[pszczepan]

Still nothing ! I changed NS settings as Beegee said. They are now: I tried many different settings f.e frame length shorter f.e 540 and no connection. I do not know if this router is set correct - IT Department said YES. I got reply for telnet command - maybe it is prove that PLC-router-internet-PC is OK Can I check in some way if port 9600 is open for both protocols? Maybe I have to set something more in CX-Integrator - not only Routing table for Inner Board. HMM IT Department monitored router and below thera are activities: For me everything is OK. My remote IP 212.2.100.126 through 80.51.245.250 goes to 192.168.0.77 (NSJ) Thanks PAwel Edited October 30, 2007 by pszczepan

[JPV]

Hi Pawel, I succed uploading PLC Program from a NSJ12 via Internet and ADSL modem. My local temporary WAN IP: 83.112.169 (ADSL modem) My Local fixed LAN IP: 10.62.241.50 The remote temporary WAN IP: 86.203.141.4 (my NSJ12) My remote NSJ12 LAN IP: 10.62.241.12 (sorry, I use the same domain on each LAN network) local settings port 9600 Net n°1 Node: 12 Subnet: 255.255.255.0 Gateway: 10.62.241.1 I should add (for a while) my local temporary WAN IP address corresponding to the node number of my PC 50 83 112 169 38 I can now connect CxP using following setup: NSJ G5D Ethernet Source Net: 0 Destin Net: 0 Node: 12 Frame: 512 Delai: 5s Driver Auto detection enabled (which shows my last IP 50) IP 86.203.141.4 I hope this will help you. JPV PS: If you read this today, I can add your own IP address in my NSJ12 Table then you can test

[beegee]

I connect on a PLC (NSJ5) through VPN even abroad, without any problem: my PLC settings: Network: network source address 1 network destination address 1 node 111 frame length 1004 response timeout 3s Driver: Workstation node number : !!! no autodetect !!! but the last number of the ip address you get when you type ipconfig/all in CMD window ip address: 10.0.0.111 this is the local address at the customers' site. port number 9600 the only things I set in the NS are: network address 1 node number 111 udp port 9600 ip address 10.0.0.111 subnet mask: 255.255.255.0 default gateway: 10.0.0.1 no entries in conversion table kind regards

[pszczepan]

Now I am trying to connect via PLC Router port forwarding, JPV way is more important for me right now. When I look at your setings I have a few questions: - to JPV : What Is "The remote temporary WAN IP: 86.203.141.4" - Is it "PLC Side" router WAN IP? You wrote "My local temporary WAN IP: 83.112.169 (ADSL modem)" - after 169 I guest should be .38 - correct? - to Beegee - Do you have CXP installed at your customer's server - locally or only remotly in your laptop? VPN connections are different and the settings should be as local settings via LAN. You do not use PLC side router IP. This a problem with my connection. Thanks Pawel

[beegee]

only on my laptop I thought omron only supports A,B, C networks (no D or E networks) this could be the rason why it did work for JPV ( the addressing gives the PLC the impression it is on a class A network) cu beegee

[JPV]

Exact WAN IP: 83.112.169.38 have a look to the attached drawing. To add your IP on my NSJ, I need also your LAN IP address of your PC to get its node n° (last field) Regards, JPV Edited November 7, 2007 by JPV

[pszczepan]

Just great ! Thanks a lot JPV. Now I know that I configured PC side wrong before. I have external IP address and it was enough to write 12 as a node in conversion table. I typed : 12 88 199 160 12 and it works really good - I set frame length 1004 Interesting that in NS Integrator Ethernet network is a network 1 but in CXP you set just network 0 That is true you can set "auto detect" and it works Finally the topic can be closed