www.quantumautomation.com | 4400 East La Palma Ave. Anaheim, CA 92807 | P: 714-854-0800 | F: 714-854-0803

August 22, 2013

NAT configurations for Moxa’s EDR series

What is a NAT?

Not to be confused with those pesky flying insects, GNATs. NAT or Network Address

Translation is a routing process where IP address information is translated to another IP

address. Both addresses are typically of different subnetworks or segments in which

Layer 3 devices such as the EDR-G902, EDR-G903 and EDR-810 series readily

support.

Types of NATs typically use

N:1 NAT

This is a very popular NAT process that is encountered all the time,

especially if your network utilizes the Internet connection.

N:1 NAT is when one (1) IP address translates to multiple (N) IP

addresses, very much how the Internet connection at home and small

office is set-up to do.

Port Forwarding

When you are in a N:1 NAT, you sometimes need to access services that

is located in the LAN side of the network (or the “N” part of the NAT)

which is hidden from the WAN or Internet.

Port Forwarding will associate a specific port or a range of ports from the

LAN and map it to another set of ports which can be different to the WAN.

This is usually used to forward ports in order to access Websites or FTP

servers from the LAN to WAN.

Port Forwarding can be too restrictive especially if you have multiple

similar services you would like to forward, such as HMI web interfaces

and FTP servers.

P a g e | 2

www.quantumautomation.com | 4400 East La Palma Ave. Anaheim, CA 92807 | P: 714-854-0800 | F: 714-854-0803

.

1:1 NAT

The 1:1 NAT is a way to map one WAN IP Address to one LAN IP

Address.

This is very useful when you want to standardize the IP Address scheme

of your production line while still providing connectivity.

Application Scenario

Overview

Ten production lines independent from each other.

The Customer requests to access the Web Interface from 2 of the 3 HMIs

to look at production status for each line.

The customer requests to have a set of specific data to be logged from

each line to their existing SCADA server in the office network for

production analysis.

The Production Line and Office Network have different IP address

schemes.

Goal

Minimize communication changes of PLC’s and other Network devices in

the production lines

Keep all the production lines separated from each other.

Provide the network connection to the SCADA server

Provide the Web Interface service to the customer’s Office Network

Solution

Add an EDR router in each Production Line

P a g e | 3

www.quantumautomation.com | 4400 East La Palma Ave. Anaheim, CA 92807 | P: 714-854-0800 | F: 714-854-0803

Set the EDR series for 1:1 NATing

Add the LAN IP address as the Gateway Address of the requested PLC

and HMI

Map the PLC and HMIs IP address to a set of IP addresses that will be

part of the customer’s office Network.

What will happen with the solution

The Production Line network does not have to change; a gateway

address is added so that requests/responses from the customer office’s

network will go to the EDR first.

Each production line will not see each other; therefore, minimizes

possible IP conflicts from the Production Line.

The Office Network has full access only to the requested PLC and HMI.

Additional security feature such as the EDR’s built in Firewall can

be implemented if desired to increase system security.

How to Set-Up an EDR series for 1:1 NAT

This section will cover set-by-step on how to set-up the EDR-G903 for 1:1 NATing.

Keep in mind the set-up is very similar for the EDR-G902 and EDR-810 series as well.

Overview

Set the EDR-G903 for 1:1 NAT to route a P3K PAC and a C-More HMI to

another network.

Setting before adding the EDR-G903

o P3K PAC

IP Address: 192.168.7.20

Subnet: 255.255.255.0

Gateway: None

o C-More HMI

IP Address: 192.168.7.21

Subnet: 255.255.255.0

Gateway: None

Setting after adding the EDR-G903

o P3K PAC

IP Address: 192.168.7.20

Subnet: 255.255.255.0

Gateway: 192.168.7.250

o C-More HMI

IP Address: 192.168.7.21

Subnet: 255.255.255.0

Gateway: 192.168.7.250

o EDR-G903

LAN Port

IP Address: 192.168.7.250

Subnet: 255.255.255.0

Gateway: Not Applicable

WAN1 Port

P a g e | 4

www.quantumautomation.com | 4400 East La Palma Ave. Anaheim, CA 92807 | P: 714-854-0800 | F: 714-854-0803

IP Address: 10.10.10.2

Subnet: 255.255.255.0

Gateway: None

1:1 Mapping

192.168.7.20 to 10.10.10.200

192.168.7.21 to 10.10.10.210

Firewall

Fully Open

Set-Up Instructions

Connect to the LAN port of the EDR-G903

Login to the EDR-G903

Default IP address: 192.168.127.254

Username: Admin

Password: No Password

For testing purposes, go to the Firewall settings and make sure all ports

are open.

Click on Firewall Policy

Click on Policy Overview

P a g e | 5

www.quantumautomation.com | 4400 East La Palma Ave. Anaheim, CA 92807 | P: 714-854-0800 | F: 714-854-0803

Change the LAN IP address of the EDR-G903

Click Network

Interface

LAN

o IP Address: 192.168.7.250

o Subnet Mask: 255.255.255.0

Click Activate

Click Confirm

Don’t forget to change the PC’s IP computer to be part of the new LAN

network

P a g e | 6

www.quantumautomation.com | 4400 East La Palma Ave. Anaheim, CA 92807 | P: 714-854-0800 | F: 714-854-0803

Change the WAN IP address of the EDR-G903

Click Network

Interface

WAN1

This can be DHCP; however, it has to be part of the same network

the 1:1 NAT is mapped to. In this case 10.10.10.x Network

o Connect Mode: Enable

o Connect Type: Static IP

o IP Address: 10.10.10.2

o In this set-up, the DNS and PPTP are not needed.

Click Activate

Click Confirm

Configure the NAT for 1:1

Click on NAT

P a g e | 7

www.quantumautomation.com | 4400 East La Palma Ave. Anaheim, CA 92807 | P: 714-854-0800 | F: 714-854-0803

Click on New/Insert

A popup will appear

Click OK

C-More HMI Configuration

o NAT Mode: 1-1

o Interface: WAN1

o LAN/DMZ IP 192.168.7.21

o WAN IP 10.10.10.210

Make sure Enable is Checked

Click Modify

P a g e | 8

www.quantumautomation.com | 4400 East La Palma Ave. Anaheim, CA 92807 | P: 714-854-0800 | F: 714-854-0803

Do the same for the P3K

o NAT Mode: 1-1

o Interface: WAN1

o LAN/DMZ IP 192.168.7.20

o WAN IP 10.10.10.200

Click Activate

Click Confirm

Test Instructions

Disconnect the computer to the LAN port of the EDR-G903

Connect the PLC/HMI Network to the LAN port

Connect the PC to the WAN1 port of the EDR-G903

Change the IP address of the PC to be part of the 10.10.10.x

network

o PC IP Address: 10.10.10.40

o Subnet Mask: 255.255.255.0

o Gateway: Blank

o DNS Servers: Blank

P a g e | 9

www.quantumautomation.com | 4400 East La Palma Ave. Anaheim, CA 92807 | P: 714-854-0800 | F: 714-854-0803

Ping the mapped P3K PAC

Ping the mapped C-More

Access the FTP Server of the C-More

Access the Remote web console of the C-More

Access the P3K PLC for programming for the NATed network

Congratulations! The system has been set-up for 1:1 NATing

P a g e | 10

www.quantumautomation.com | 4400 East La Palma Ave. Anaheim, CA 92807 | P: 714-854-0800 | F: 714-854-0803

About Us

Quantum Automation is a networking and controls distributor comprised of talented Electrical and

Mechanical Engineers dedicated to understanding and delivering exactly what you need. Founded in

1991, Quantum Automation is the largest of four Value Added Resellers for AutomationDirect in

America. We are also the largest distributor of Moxa networking products in America. Our other major

product lines are: Advantech for industrial computers, IDEC for control products, and eWON for Remote

Access Routers. Recognized for outstanding customer service, quality products, hands-on training,

competitive prices, and over 30,000 part numbers to choose from, it’s no wonder thousands of OEMs,

Systems Integrators, and End Users choose Quantum Automation as their #1 Value Added Reseller!

Can the LAN and WAN networks have the same IP

address scheme and route properly?

KNOW THE ANSWER TO THE QUESTION?

ANSWER THE QUESTION FOR A CHANCE TO WIN A $100 AMAZON

GIFT CARD!

» Click Here

http://www.quantumautomation.com/techcorner-questionnaire.html