L2tp connections – Rockwell Automation 1756-EN2TSC EtherNet/IP Secure Communication User Manual User Manual

28

Rockwell Automation Publication ENET-UM003B-EN-P - September 2013

Chapter 3

Configure a Secure Connection to a Microsoft Windows Client

To configure this secure connection, do the following.

1. Configure the 1756-EN2TSC module to support a connection to a

mobile client.

2. Configure a connection to the Microsoft Windows client.
3. Open the connection.

L2TP Connections

The 1756-EN2TSC module uses Layer 2 Tunneling Protocol (L2TP)
connections for Windows clients. Communication occurs within an L2TP
tunnel (after VPN is already running). The server IP address is used to
communicate with the module. The client IP address is assigned from the client
address pool.

All communication generated by software products, such as RSLinx software, to
an L2TP server address of a 1756-EN2TSC module is sent via an IPsec
connection. This diagram shows how the physical and L2TP IP addresses differ.

• Client, physical IP address 10.10.10.2
• 1756-EN2TSC module, physical IP address 10.10.10.1
• L2TP server, virtual IP address 192.168.1.1
• L2TP client, pool of virtual IP addresses start 192.168.1.2 and end

192.168.1.100

The client uses IP address 10.10.10.2 to establish a connection with the
1756-EN2TSC module at IP address 10.10.10.1. The L2TP server on the
1756-EN2TSC module at IP address 192.168.1.1 establishes a secure connection
with the L2TP client on the client at an IP address from the pool 192.168.1.2
through 192.168.1.100.

Once the pool of addresses is configured, that pool is reserved for that specific
1756-EN2TSC module. If you have a second 1756-EN2TSC module in the
same controller chassis, you must use a separate subnet (such as 192.168.2.1),
even though the pool from the first address is not completely used.

L2TP Server
(192.168.1.1)

1756-EN2TSC
10.10.10.1

L2TP Client
(192.168.1.2)

PC
10.10.10.2

1756-EN2TSC Module

Personal Computer (L2TP Client)