Viola Systems 2270 Spezifikationen

© 2010 VIOLA SYSTEMS LTD. WWW.VIOLASYSTEMS.COM VA-09-1-4_CONFIGURATION_GUIDE.PDF APPLICATION NOTE

10 / 80 6. Choosing the type of the VPN The communication between Arctic and M2M GW is implemented with establishing a VPN tunnel (see page

11 / 80 The private IP addresses are typically used in M2M GW's LAN, in VPN peer IPs and in Arctic's LAN. To avoid overlapping th

12 / 80 • Table 2: Scenario 1, example IP addresses 7.2. Scenario 2, M2M GW behind the company firewall Again, only one public IP address is

13 / 80 • Figure 8: Scenario 3, Arctics with operator's private access point 8. Before starting Before starting the installation a

14 / 80 9. Tools needed for initial setup 9.1. Place for making the initial setup It is assumed that the M2M GW and Arctic are locally acc

15 / 80 10. Connecting and cabling the units 10.1. Unpacking Save the packages and boxes of the received equipment for possible later use.

16 / 80 locked him/herself out from the Ethernet ports by firewall), but it is not usually needed, while initially configuring the M2M GW.

17 / 80 part nr. 3220 (power supply, null modem cable, cross connected Ethernet cable). • Serial cable for console port When connecting a

18 / 80 • Figure 10: Arctic's connectors 12. Configuring the installation environment This chapter describes the actions needed befor

19 / 80 • Figure 12: XP Control Panel, Category view • Figure 13: XP Control Panel, Classic view 3. Click "Network connections&

2 / 80 Copyright and Trademarks Copyright 2009, Viola Systems Ltd. All rights to this document are owned solely by Viola Systems Ltd. All r

20 / 80 • Figure 17: XP LAN properties 6. Scroll down the "This connection uses the following items" list to see the "Inte

21 / 80 • Figure 18: XP TCP/IP properties 8. Click "OK" button to apply the changes. 13. Configuring the M2M Gateway Once the

22 / 80 • Figure 19: Secure connection failed The reason for such an error message is that M2M GW's certificate is not in the list of

23 / 80 • Figure 21: Get certificate 4. Click the "Get Certificate" button to load the certificate. Once loaded, you can confi

24 / 80 or connect via different network interface (and thus to different IP address of M2M GW). You will need to repeat the same procedure

25 / 80 • Figure 24: Continuing to the web site 2. Click the text "Continue to this website (not recommended)". The reason f

26 / 80 • Figure 25: Phishing filter 4. You can ignore the message and click "Ask me later" radio button, then click "OK&

27 / 80 • Figure 26: M2M GW's login screen with Internet Explorer 6. Log in with the following default user credentials: Username: vi

28 / 80 1. Click the icon "Network Configuration": • Figure 28: Network configuration icon The following screen opens: • Fi

29 / 80 • Figure 31: M2M GW, network interfaces screen 3. As you are now connected to M2M GW via eth0, which is the future WAN port, it i

3 / 80 Table of contents 1. GENERAL ...

30 / 80 • Figure 33: M2M GW eth1 settings Note: In general, do not enable “Proxy ARP”. See page 49, chapter 14.7: Configuring the routing s

31 / 80 IP Address: <from_ISP>, static Broadcast: <from_ISP> Activate at boot: Yes Enable proxy ARP: No • Figure 35: M2M GW e

32 / 80 • Figure 36: Routing and Gateways icon 2. The following screen opens (Figure 37: M2M GW, routing and gateways configuration scre

33 / 80 • Figure 38: Hostname and DNS icon 2. The following screen will open: • Figure 39: M2M GW, hostname and DNS client settings 3

34 / 80 • OpenVPN The Arctics referred to in this document do not support OpenVPN. Instead, the OpenVPN is typically used for connecting th

35 / 80 • Figure 42: L2TP-VPN configuration Settings: • Port The port where the M2M GW listens to L2TP client connections. You can leave

36 / 80 • Figure 43: Configuring L2TP peer 3. In the example configuration, fill the values as in Figure 43: Configuring L2TP peer: Peer

37 / 80 o Tunnel the following network If there are TCP/IP connected devices in Arctic’s LAN (on contrary to the setup, where there are onl

38 / 80 • Figure 45: M2M GW's SSH-VPN configuration 3. Click “Add Peer” button. For the example configuration in Figure 6: Scenario 1

39 / 80 10. Repeat the procedure for all Arctic’s if there is more than one. 11. Click “Lock keys” in order to prevent accidental erasing

4 / 80 1. General 1.1. Purpose This document addresses to challenges encountered within the initial configuration of Viola M2M Gateway, V

40 / 80 • Figure 46: Arctic's Ethernet settings • Override Ethernet configuration by DHCP? Enable only if the Arctic should fetch t

41 / 80 empty if local hosts do not need DNS services for accessing the Internet through Arctic. • MAC address Displays Arctic's MAC/

42 / 80 avoid blocking the SIM card if the entered PIN code is not matching the PIN code of the SIM card. o If a wrong PIN number is enter

43 / 80 As opposite to the picture above, you may want to set the “Use GPRS as default route” to “Disabled” in order to follow the example

44 / 80 • Required password The password required for dialing-in user. • Idle timeout Timeout in seconds if the connection is idle. • L

45 / 80 • Figure 49: Arctic's SSH-VPN settings

46 / 80 • Use SSH-VPN Set to “Yes” to allow SSH-VPN operation • Interface Defines the interface (GPRS or Ethernet) to be used when establ

47 / 80 • Figure 50: Arctic's L2TP-VPN settings • Interface Defines the interface (GPRS or Ethernet) to be used when establishing t

48 / 80 o Set as "None" if there is no need for accessing other devices than the M2M GW. o Set as "Tunnel the following net

49 / 80 • Figure 51: Arctic's Monitor settings 14.7. Configuring the routing settings of the Arctic Usually there is no need for add

5 / 80 3. Caution The initial setup of the devices should be done in one centralized location; performing the initial setup in a geographi

50 / 80 • Figure 52: Arctic's routing settings 14.8. Configuring the S-NAT settings of the Arctic In this example configuration, t

51 / 80 • Figure 53: Arctic's S-NAT settings 14.9. Configuring the D-NAT settings of the Arctic In this example configuration, there

52 / 80 • Figure 54: Arctic's D-NAT settings 14.10. Configuring the DynDNS settings of the Arctic The M2M solution provides static V

53 / 80 • Figure 55: Arctic's DynDNS settings 14.11. Configuring the NTP settings of the Arctic The NTP is an abbreviation for Netw

54 / 80 • Figure 56: Arctic's NTP settings NTP Settings: • NTP server The IP address of the NTP server. • Query interval The int

55 / 80 14.12. Configuring the SMS Config settings of the Arctic The SMS config allows controlling the Arctic via SMS messages. The used com

56 / 80 • Figure 58: Arctic's firewall 14.14. Enabling/disabling the services of the Arctic Arctic provides some services by default.

57 / 80 • Figure 59: Arctic's services 14.14.2. Telnet server The Arctic’s Telnet server offers a method for connecting to the Arct

58 / 80 • Figure 60: Telnet server 14.14.3. DHCP server The Arctic has an embedded DHCP server. It can offer IP addresses, netmasks and ot

59 / 80 • Figure 61: Arctic's DHCP server 14.14.4. DNS proxy The DNS, domain name server, responds to naming service queries for map

6 / 80 • Figure 1: Installation workflow 4.1. Quick reference to the installation procedures Field engineers having previous experience w

60 / 80 • Figure 62: Arctic's DNS proxy 14.14.5. SNMP agent Certain Arctics support a subset of SNMP, simple network management pro

61 / 80 15. Connecting a serial device The serial application device connectivity is only available at Arctic Gateway products, not Routers.

62 / 80 The Figure 64: Arctic serial GW RS1 settings shows the Serial GW RS1 settings. Note the RS1 status indicator line that shows whethe

63 / 80 • Network reply timeout (ms) If the "Request-reply communication" is set to "yes", the time of waiting the answ

64 / 80 • Only one device can command the bus, slaves can’t speak with each other • A device can transmit and receive simultaneously (full

65 / 80 16.1.2. Testing the M2M GW’s console connection Connect a keyboard and a display to M2M GW. If you’re using PS/2 keyboard, it may b

66 / 80 It is always best first to check the Network Æ Summary for existence of GPRS and VPN interfaces in Arctics, if the Arctic GUIs are

67 / 80  Test 8: Test the SCADA server’s connection to eth1 interface of M2M GW. 16.2.7. End-to-end connectivity Last, test the SCADA se

68 / 80 Mar 24 03:34:19 m2mgw sudo: vvpn : TTY=unknown ; PWD=/home/vvpn ; USER=root ; COMMAND=/usr/sbin/pppd noauth nodetach notty call

69 / 80 See RFCs 1918 and 4193 for further information regarding private IP networks. 17.3. Introduction to IP address classes In the moder

7 / 80 □ IT department for assistance, if present □ Manuals for every device related to the installation □ Cables; network, power, serial

70 / 80 • Figure 66: Classless Arctic LAN As we look closer to Arctic’s LAN, we can see that the IP addresses are from class A private netw

71 / 80 17.7. CIDR, classless inter-domain routing When there are several classless networks, it may be a tedious task to maintain routing t

72 / 80 18.1. Scenario 1, public access point with M2M GW 1. Arctic receives an IP address from cellular network. Typically this IP address

73 / 80 PUK Personal unblocking key PS/2 In this context: a mini DIN plug containing 6 pins, for connecting a keyboard RX Received d

74 / 80 When configuring the IEC-104 for GPRS connection, one can start with the following values: • IEC t0 (connection establishment tim

75 / 80 • Document the solution – store the work for later use Follow good documentation practices 21.2. Identifying the Arctic device T

76 / 80 21.4. Contacting Viola Systems Technical support The Viola Systems Technical Support is able to help with technical problems relat

77 / 80 within three seconds from Arctic device start, then re-enter the values without equal sign, e.g. as with following commands: setenv

78 / 80 In Arctic GPRS gateway, there is a switch that controls the RS1 serial port’s mode. There are two operating modes; • Console for c

79 / 80 Serial line to connect to: COM1 (or the respective COM-port in your PC) Speed (baud): 19200 Data bits: 8 Stop bits: 1 Parity: None F

8 / 80 5. Choosing a correct product for the solution 5.1. Choosing the Arctic product There are several Arctic products, each designed for

80 / 80 • RFC-4008 • RFC-778, 891, 956 , 1305 • RFC-2131 • RFC-1213 • RFC-1157 • RFC-1519 Ethernet specifications: http://www.ieee802.org

9 / 80 • Figure 3: Viola GPRS or EDGE Gateway 5.2. Choosing the M2M GW product There are two models of M2M GW, both 19” rack mounted, 1 u