passtrough cj1m/ETN21 to another cj1m/ETN21 over internet

[Tony 0]

Good afternoon , I hope you can help my out with the following problem. I connect from my office over internet to various cj1m plc's equiped with etn21 card's for SCADA monitoring and remote programming. Due to a routing fault of my DSL provider, I can't access one of them because the clients WAN ip is exactly the same as mine exept for the last digits. There's simply no route, even pinging is impossible. Since this particular site is accessible from every other location with different ip range I wondered if I could set up one accessible plc to act as gateway to connect to the problem site. I am thinking Ip router table in the etn21 or configuring routing tables in the PLC. since i'm not an expert in this but did manage to set up the various plc's to have remote acces, any detailed help would be very welcome. Thanx

[Pago 0]

If there's no routing and if you ping to the ip tha it replicated the the ping response can comes from your PC and not the PLC that's why you have ping replies. Are you using some kind of VPN? If so what type of equipmente is your VPN server? Regards,

[Tony 0]

@ pago, I think you misunderstood me, there is no response from the ping request; "request timed out." I dont use vpn, I even tried directly from my laptop on DHCP receiving my WAN ip directly from ISP. I can not ping any IP witch is in the same IP-range as my WAN IP except for the WAN gateway. thanx for your reply.

[PdL 71]

Does this mean it has worked previously but all of a sudden doesn't work anymore? How do you connect to the PLC's and SCADA? Do you use some kind of remote desktop software or straight TCP connections?

[Tony 0]

I used to have 2 dsl connections here, and connected through the other one witch isn't here anymore. no remote desktop, I connect straight to the PLC.: PC running CX-prog and Scada --->> local dsl modem -->> WAN -->> remote dsl modem with port 9600 forwarded -->> ETN21 I understand that you might think I am making a mistake in local modem/router setup. but believe me I have tested every possibility, and actually realy need help with the workaround solution, and meanwhile figure things out with my ISP, witch goes through Spanish helpdesk employees and therefore is not very promising . Grtz Tony

[PdL 71]

OK, above post provides a lot more useful information. The only thing I can think of is the remote WAN router's LAN ip has changed? In that case it needs to be updated in the ETN21 IP router table. Can you access the remote WAN routers settings pages? Perhaps it provides a client IP list where you can check if it lists the ETN21 IP. I understand the remote location makes it all the more difficult to check things, but best would be to have someone locally plug in on the router LAN side and ping the ETN21 IP's for you, to be absolutely sure the ETN21 are available. Also, have them check what the WAN router LAN IP is and verify it matches the IP listed in the ETN21 IP routing table. If they reply to the ping request but you still can't access them despite the port forwarding, next option would be to set up a VPN if the router supports VPN tunneling.

[PMCR 66]

I am almost certain that what you are suggesting cannot be done with a single Ethernet card in a PLC, but could be done if the PLC that you want to be the router had 2 ETN cards. An Omron PLC ethernet card cannot route message coming in on an ETN card back out the same ETN card. To accomplish what you are suggesting, PLC A would need 2 network cards, one on FINS network 1, the other on FINS network 2 (FINS network numbers are examples). PLC B would have 1 ETN card setup on FINS network 2. You could setup a FINS TCP hook in PLC A between PLC A and PLC B using TCP forwarding in the router at PLC B. Then you could connect to PLC A on FINS Network 1, and bridge to Network 2, node X (PLC B's node number) and because of the static TCP connection between PLC A and B, you could connect.

[PdL 71]

See attached document, page 3. Could it be the address registered in the IP address table has changed now that you have switched DSL connections and you have to update this entry? Accessing_Omron_PLCs_via_the_Internet.pdf

[PMCR 66]

Similar doc showing 0.0.0.0 in IP Router Table as 'Default Gateway'. White_Paper_Allowing_Internet_based_access_to_Omron_PLCs.pdf

[PdL 71]

Yes, if the IP address table is left empty and the IP router table has a mask of 000.000.000.000 then you can switch connecting WAN IP's without any problem.

[Tony 0]

Nothing has changed PdL I can still access this particular plc from another location (Home). @ PMCR, that doesn't sound promising.. To install an extra card would be a little overdone to do some routing. I am going to look in to the two attached docs now. Thanx

[PdL 71]

Your right, let me put it this way. No router IP has changed, but If I understand correctly the connecting IP is different than before right ? But like you state the fact that you can connect to it from another location rules out a lot of causes, in fact I can't think of the reason right now why it doesn't work...

[Tony 0]

Yes correct PdL, the connecting IP is different than before, but I have multiple connecting ip's setup in the ETN21's IP router table.(3 in total ) I can connect with 2 of them. just not the one which we have at the office and is in the same Ip range as the clients WAN IP. The reason that it doesn't work has nothing to do with Omron ETN21 or CX programmer comms setup, but the fact that I can't reach to any wan ip in the same range as our office WAN ip. That's why I was looking into a work around (use another remote PLC (A) to which a am able to connect from our office as gateway to remote PLC (B) ). Greetz Tony