BECKHOFF IPC-Security User Manual
Page 68
3. Right-click the Server (Request Security) profile and select Properties
4. Select the All IP traffic rule and click on Edit
5. Using the tab Authentication Methods, edit the currently listed method (Kerberos) and click on Edit
6. Now mark the option box Use this string (preshared key) and enter, for example, test123
7. Acknowledge all open windows by clicking OK
Now the PLC Controller has been set up to request the establishment of an IPSec channel using Shared
Key authentication. However, standard IP Clients will also still be able to connect to the Controller. If you
want to disable unsecured IP-communications and only want to use IPSec, you need to do the same steps
as above, only with the profile Secure Server (Require Security).
Setting up the IPSec Client (Desktop computer)
After the IPSec Server has been set up, you need to configure the desktop computer to act as an IPSec
Client. Do the following steps:
1. Open the IP Security Policy Management Snap-in as described above
2. Right-click the Client (Respond Only) profile and select Assign
3. Right-click the profile again and select Properties
4. Edit the current security rule and browse to the tab Authentication Methods
5. Here you need to edit the current rule (Kerberos) and change it to Use this string (preshared key)
6. Enter test123 as the preshared key
7. Acknowledge all open windows by clicking on OK
Try to establish a connection from your desktop computer to the PLC controller, for example try to open the
Controller in Windows Explorer:
1. Click on Start → Run and enter \\IP-Address-Of-Controller, then click on OK
2. You should now see all shares on the PLC Controller
To check if the network communication has really been secured:
1. Open the IP Security Monitor Snap-In in MMC. This tool will give you information about currently
established IPSec connections
2. Here you can see the currently established connection between Controller and Desktop computer
under Main Mode → Security Associations, see screenshot below
68