Siemens Scalance SC636-2C NAT config

Pink_Rabbit

Member
P
Join Date
Apr 2024
Location
Flemish-Brabant
Posts
2
Hi all,

I have some difficulties with programming a NAT config in my Scalance SC636-2C

When programming the NAT-table i'm not able to reach my devices.

143.26.58.XXX is public network adress, 100.100.100.XXX is private (machine) network.

Here some screenshots of what i setup now.

What i do wrong here? Please some advice.

Thanks!
 

Attachments

  • merged.pdf
    190.2 KB · Views: 10
NAT is super specific about details. What is the IP/Subnet mask/Gateway of the local device and the external device? Which device is initiating the communication? Is the firewall activated?
 
Thanks for your reply.

Local Devices:
  • Process PLC
    • Internal IP: 100.100.100.2 Subnet 255.255.255.0 Gateway 100.100.100.1
    • External IP: 143.26.58.100 Subnet 255.255.254.0 Gateway 143.26.58.1
    • Initiate External
  • Safety PLC
    • Internal IP: 100.100.100.3 Subnet 255.255.255.0 Gateway 100.100.100.1
    • External IP: 143.26.58.102 Subnet 255.255.254.0 Gateway 143.26.58.1
    • Initiate External
  • Prosoft EGSD Comm:
    • Internal IP: 100.100.100.5 Subnet 255.255.255.0 Gateway 100.100.100.1
    • External IP: 143.26.58.103 Subnet 255.255.254.0 Gateway 143.26.58.1
    • Initiate Bi-directional
NAT router
  • Internal IP 100.100.100.1 Subnet 255.255.255.0
  • External IP 143.26.58.101 Subnet 255.255.254.0 Gateway 143.26.58.1
External Devices:
  • All devices laptop, server OPC,....
No firewall needed, is not activated.
 
Appreciate the detail.

My recollection is you use Source NAT when you want to initiate internal (example, HMI on machine wants to use a network drive on the plant network), but need to use NAT to change the IP. I think you use Destination NAT (declare via NETMAP in Scalance for whatever reason) when you want to initiate external. The Prosoft card may need source and destination NAT, if both sides are initiating. For Source NAT, you can also activate Masquerading for the internal interface, if you want all devices to share the IP of the router for outgoing comms, and you don't need to lock it down to certain devices only. This means you don't need to declare rules for each one.

Note that NAT only needs to be set up for the initiating direction of the communication. The router automatically remembers to un-NAT things for response data.

Because gateways are declared for all the internal devices, the communication could potentially be accomplished by standard routing, and then you avoid NAT altogether. I'm assuming NAT is required because of repeated machines using the same IP space?
 
What protocol is in question?
Can you ping the IPs?
Can you open the port on IP address?
Are you sure that your mask for External IP address is correct? (I don't think it is)
I have tried your IP address and you have left your port 102 open to everyone! Filter it ASAP.
 

Similar Topics

R
Is Siemens SCALANCE S615 The Right Tool ?
Hi All, Quick sanity check - got a PLC addressed as 10.34.62.172 - we don't want to change this address but the factory want to access some data...
Replies
3
Views
1,556
rtgibson
R
B
Siemens Scalance -XC208 NAT
Hi folks, I am struggling quite lot with NAT in Scalance switch XC208. Main task is to isolate lan and production network. I would like to...
Replies
4
Views
4,975
nrwicks
N
J
Siemens Scalance S602 NAT
Hi all, I'm having an issue with the setup of the NAT function of a Siemens S602 Scalance. I already have a working NAT functionality (see pic in...
Replies
7
Views
2,950
Jeroen Benoot
J
A
Siemens Scalance W700 Com Debug
Hi all, First a heads up, this is my first time working with Siemens product so please bare with me. We are testing the Siemens Scalance W700...
Replies
5
Views
3,232
mk42
M
A
SMS to Multiple Cell Numbers using Siemens Scalance M874-2
Hello Experts!!! I am working on Siemens Scalance M874-2 GSM Modem. I have successfully configured the Modem using WBM for SMS Application and...
Replies
1
Views
3,047
ansariobaid
A
Back
Top Bottom