Configure a mobile client – Rockwell Automation 1756-EN2TSC EtherNet/IP Secure Communication User Manual User Manual

Rockwell Automation Publication ENET-UM003B-EN-P - September 2013

29

Configure a Secure Connection to a Microsoft Windows Client

Chapter 3

The Microsoft IPSec client uses classful network-addressing architecture.

• The traffic from a Windows client is directed to a specific VPN based on

the class of the IP address set in the L2TP configuration.

• Class C addresses (192.168.0.0 through 192.168.255.255) provide the

fewest addresses and supports as many as 256 non-overlapping subnets.
Class C addresses also ensure that no IP address is masked by the active
VPN connection.

• Two 1756-EN2TSC modules connected to the same Windows client at

the same time must be assigned to non-overlapping subnets. Once the
secure tunnel exists, RSLinx software uses the L2TP server IP addresses to
communicate with the controllers through the 1756-EN2TSC modules.

Configure a Mobile Client

A mobile client does not have a predetermined IP address explicitly configured in
the module. For example, a personal computer configured for DHCP connects
to the module. If the IP address of the personal computer changes, no
configuration changes are required on the module.

If the Windows client is a mobile client, make the following configurations on
the module.

First L2TP Server
(192.168.1.1)

1756-EN2TSC
10.10.10.1

First L2TP Client
(192.168.1.2)

PC
10.10.10.2

First 1756-EN2TSC Module

Personal Computer (L2TP Client)

Second L2TP Server
(192.168.2.1)

1756-EN2TSC
10.10.10.6

Second 1756-EN2TSC Module

Second L2TP Client
(192.168.2.2)