Help needed for eWON Cosy 131 NAT 1:1
Hello,
I am working with an eWON Cosy 131 device and having some difficulty getting it to perform as required. We need to configure the device to read info from a Rockwell PLC on the LAN side to a Rockwell PLC on the
WAN side. I have used the NAT 1:1 feature to map our LAN PLC to an IP address on the WAN subnet. I can ping the WAN mapped IP but I am getting error bits in our PLC when trying to read the message from the PLC.
Please let me know if you have any information that can help us with this configuration. I can give more details on our current setup if needed. You can reach me by email or by the office number listed below.
Our customer has about 30 of these devices that we are trying to interface through so we need to verify if this is something that can be done asap.
Thanks,
-
@Julia_A_Foster_x_468
You should be able use the mapped WAN IP to communicate with the PLC on the eWON's LAN.
Have you changed the advanced parameters for WANITPROT and FwrdToWAN?
Those values need to be a value of 1 and 2 respectively as specified in the NAT 1:1 KB article.kb-0289-00-en-connect-to-devices-on-ewon-lan-from-computer-on-remote-site.pdf
Also, is the mapped WAN IP reserved on the WAN network?
0 -
Joe,
I followed the steps outlined in the document including changing the advanced parameters you mentioned below. The mapped WAN IP address is reserved for our device, yes.
Thanks,
Julia
0 -
@Julia_A_Foster_x_468
Have you ever configured the 2 rockwell devices to communicate successfully?
"
There's another option other than NAT 1:1.We could open up the WAN to LAN traffic completely which is typically not recommended because it allows you to access all your LAN devices from the WAN (less secure).
In your case, it may be beneficial to try it out.
We'll need to change up to 3 parameters in the eWON device.
kb-0068-00-en-access-internet-via-cosy-beside-talk2m-vpn.pdf
"¢ NatItf = 2 (Nat and TF on WAN)
"¢ VPNRedirect = 0 (Allow traffic outside the VPN tunnel)
"¢ FwrdToWAN = 1 (Forward LAN traffic to WAN)After changing the parameters, and re-booting your device. You'll have to ensure that your default gateway on your Rockwell PLC on the eWON's LAN is set to the eWON's LAN IP, and the default gateway of the Rockwell PLC on the WAN is set to the eWON's WAN IP.
0 -
Joe,
When the 2 Rockwell PLCs are on the same network, the messaging works fine. We would like to avoid opening the WAN to all LAN traffic. I was told that may cause IP conflicts as well as less security than is desired.
Has the Cosy 131 device ever been successfully used to message between 2 PLCs like I am trying to do? They are RSLogix 5000 if that makes a difference.
Thanks,
Julia
0 -
@Julia_A_Foster_x_468
Yes, this should work, NAT 1:1 should allow all traffic to be routed to that LAN device.
WAN to LAN access should not cause IP conflicts if the WAN & LAN are in different subnets but it is definitely less secure.
Which Rockwell PLCs are you using? Which industrial protocols are you trying to use?
Which error are you receiving when trying to communicate?Additionally, if you can, please provide a backup of your eWON device (including support files).
kb-0135-00-en-create-an-ewon-backup-through-ebuddy.pdf
0 -
We have a 1756-L61 (LAN) and a 1756-L63 (WAN). We just have a string and an integer in the L61 that we are trying to read the values of with a MSG instruction (CIP data table read) in the L63.
I will provide you with the eWON backup tomorrow.
Thanks,
Julia
0 -
Hi Joe,
Attached is the backup file for our eWON.
Thanks,
Julia
We have a 1756-L61 (LAN) and a 1756-L63 (WAN). We just have a string and an integer in the L61 that we are trying to read the values of with a MSG instruction (CIP data table read) in the L63.
I will provide you with the eWON backup tomorrow.
Thanks,
Julia
eWON_MatrixTech.tar (32.5 KB)
0 -
@Julia_A_Foster_x_468
Thank you for uploading the backup.
Just to confirm, the PLC's IP address is 172.16.25.106, and you are mapping it to a WAN IP 10.135.30.40?
As a next step, I would ensure that the NATITF parameter is set to a value of 3 in your COMCFG, and update your eWON's FW version to 12.1s2, which will give us access to new logs in the device.
https://websupport.ewon.biz/support/product/upgrade-ebuddy/upgrade-ebuddy
0 -
Yes, the IP addresses you mentioned are correct.
I have set the NATITF parameter to 3 and updated the firmware to version 12.1s2 and attached a new backup file.
Thanks,
Julia
eWON_MatrixTech_v12-1s2.tar (35.5 KB)
0 -
@Julia_A_Foster_x_468
Your device appears to be configured correctly for NAT 1:1.
If the PLCs use some sort of broadcasting or low level exchange (ARP) then that may not pass through the NAT 1:1 but ethernet/IP traffic will definitely pass through.
Which software are you using to communicate from PLC to PLC? Can you see your PLC in Rslinx?
0 -
I can see either PLC on RSLinx as long as my computer is on that subnet. We are trying to use a MSG instruction in RSLogix 5000; message type CIP Data Table Read routed through the Ethernet card (ENBT) and looking for the IP of our second PLC.
0 -
Hello @Julia_A_Foster_x_468,
I am thinking that the CIP traffic might not work though the NAT 1:1 translation. Would you be able to take a wireshark showing the MSG instruction? Seeing a capture of the traffic hitting the WAN interface and the traffic going out the LAN should give us a better idea into what is going on here.
Deryck
0 -
Hi @Julia_A_Foster_x_468.
Were you able to capture a wireshark log of the traffic or otherwise resolve the issue by another means?
Regards,
Chris0 -
Hi Chris,
We completed the research requested by the client and advised them based on our findings.
Thanks,
Julia
0
Please sign in to leave a comment.
Comments
14 comments