P-NET on the internet (WAN)
Connecting VIGO 5.9 over the Internet to a remote system
What is needed?
– Internet connection with fixed IP address
– NAT (Network Address Translation) firewall or NAT router
– Local network with (at least) one PD 602 (DPI, LAN) connected
With VIGO 5.9, the PC connects to one PD 602 (DPI) through its Ethernet interface. Access to other controllers on P-NET is achieved via this Front-end DPI.
This example shows only how the remote VIGO PC can take the initiative to make a connection to the control system.
How the control system itself actively establishes a connection to a device outside of the plant is not described.
The remote VIGO 5.9 PC can only “see” one IP address which is the NAT Firewall. Inside this, the port number points to the node that supports this particular port access.
In VIGO version 5.9, a static remote port address is used, thus only one DPI can be addressed – the Front-end DPI.
The Front-end DPI is connected to the rest of the installation by the light port, and by this means, the remote VIGO can route its way to other devices in the installation.
Routing example: Reading of the Pt 100 value from the I/O module connected to the light port on a PD 600.
The remote VIGO PC needs a different MIB file from the local PC, to allow for the routing of communication via the light port of the Front-end DPI.
VIGO version 5.9 does not support the Password system defined in the DPI. Calls to the NAT must be routed to the local port (port number: 34378) of the DPI, to allow access without a password.
The Front-end PD 602 is set to IP 172.17.17.5, but in the Remote VIGO PC, the MIB file must be changed to let the VIGO PC believe that the Front-end PD 602 is IP 192.168.10.226, as this is the IP of the NAT device, which will re-direct the communication to the PD 602 DPI.
This configuration will allow remote access and diagnosis over the Internet to an existing PROCES-DATA control system installation.
An alternative configuration, which involves a PD 661 P-NET Light-Link to P-NET RS485 converter, provides direct access to the devices without routing through the PD 600 (node 7).
Example MIB files
MIB example files for the Local PC and the Remote PC corresponds to this system layout:
MIB file for the “Remote PC”
In the remote PC’s MIB file, the Ethernet port of the PD 602 is set-up with the parameters of the NAT gateway.
The NAT gateway is then set-up to re-direct the call to the correct IP address on the LAN side.
MIB file for the “Local PC”
In the local PC’s MIB file, the Ethernet port of the PD 602 is configured with the real parameters.
This is the MIB data that is stored in the DPI.