Performance, Traffic filtering – Rockwell Automation 1756-EN2TSC EtherNet/IP Secure Communication User Manual User Manual

14

Rockwell Automation Publication ENET-UM003B-EN-P - September 2013

Chapter 1

Secure Communication Architecture

Performance

The basic communication capability of the module is the same as the
1756-EN2T module.

• The module supports the same number of TCP and CIP connections as

the 1756-EN2T module (256 CIP connections and 128 TCP/IP
connections).

• The module supports configuration of IPsec associations with as many as

8 IP addresses (devices); only 1 of which can be a Cisco ASA connection.

• The module supports CIP Sync communication.

Traffic Filtering

When IPsec is enabled, the module blocks traffic that is not received via a VPN
client, another peer with an IPsec connection, or an appliance with an IPsec
connection, with these exceptions:

• BOOTP/DHCP traffic (to let the module obtain an IP address)
• HTTPS traffic (needed to configure the module)
• CIP Sync packets (you have the option to disable CIP Sync)
• Logix produced/consumed tags (the establishment of the

produced/consumed connection occurs over via IPsec)

• 1756 I/O connections in a remote chassis

If the 1756-EN2TSC module is the trusted slot for a ControlLogix chassis, the
following traffic to the controller must go through the 1756-EN2TSC module.

• RSLinx® Classic traffic (such as Studio 5000™ and ControlFLASH

communication)

• RSLinx Enterprise traffic (such as FactoryTalk View® SE and

FactoryTalk View ME communication)