FieldPoint Family

Hi Philibuster,

I'm not sure to what extent me or Applications Engineers will be able to assist you with this matter -- the problem you are facing is more or less a pure IT issue. The first step you need to take is to get setup to ping the cFP. This is something that you'll need to work with your IT department to figure out. Once you're able to ping the cFP, you'll need to use port forwarding in order to properly target the cFP through the VPN. I know that the answer I have provided is extremely high level, but it's all I can offer since I lack both a deep networking knowledge, and a complete understanding of the networks that we are trying to connect through (again, something the IT folks should be able to help with). One suggestion I would make is to try to change one of the domains to use a slightly different domain addressing (I'm referring to the fact that both networks -- the one inside and outside the VPN -- make use of 192.x.x.x addresses). The reason I make this one recommendation is that otherwise, the port forwarding and the addressing might turn into a very big headache to get right if you are on a 192.x.x.x network and are calling into a 192.x.x.x network. By changing one of the networks, you'll be able to keep a better track of the networks as you go through the process of setting up the port forwarding etc.

Sanjay,

Thanks for your response.

I was hoping to find someone with both IT and cFP-1808 experience to fill in the required details. IT usually doesn't understand the capabilities/limitations of the cFP-1808 and therefore can't suggest how to configure it (or the router) to work together considering its 'same subnet' limitation while on a VPN. It also seems that most people with cFP-1808 experience use a simple local network configuration. I've seen some discussion about NI internally using a VPN to access fieldpoint devices described from a very high level but I have never seen a detailed example step-by-step description of how to configure and run a cFP-1808 on a remote VPN network.

I hope someone can help.

Basically you need to use static IP assignment -  don't use DHCP to automatically assign addresses - the cFP-180x doesn't completely work.

What I finally realized is that the cFP-180x has a bug when it uses DHCP supplied information. Although it uses the DHCP assigned IP address nothing else is configured properly - most notably the gateway IP address. When you look into the router DHCP pool assignments it looks like the assignment process didn't complete. For some reason the cFP-180x assigns a 0.0.0.0 gateway address. This may allow it to work on the same subnet because the 0.0.0.0 address causes the default subnet to be used to route messages back to a destination (on the same subnet).

When I assigned a static IP address and filled in all the required addresses and subnet masks myself (including the VPN router gateway adddress) packets are routed properly and everything works across the VPN.

Hi Philibuster,

Thanks for taking the time to post this discovery on the forum. I'm glad that you were able to access the cFP 1808 properly after making using of static IP assignment. Hopefully others who are attempting this will benefit from the information here. Out of curiosity, did you have to setup port forwarding on the external router?

Hi Sanjay,

No changes were necessary on the router other than the DHCP pool address range to allow static IP assignments. Port forwarding is not necessary in our VPN configuration since all the ports are forwarded through the VPN tunnel.

On the other hand, If you were allowing remote clients to directly access the cFP-180x via the internet through the router/firewall then you would need to set up port forwarding. The cFP-180x requires forwarding of ports used by LOGOS (UDP ports 1024 to 65535), MODBUS TCP (TCP port 502), or other supported protocols as needed by the remote client. 

A brief discussion of this can be found at:

http://digital.ni.com/public.nsf/allkb/F0DE7A1A88D92D6D86256D710049FB40

Some of the information in this guideline is a little misleading and inaccurate to a neophyte; especially in the VPN/PPTP section.  For example,  you may connect to the (remote) VPN using the VPN server address but a client doesn't connect to the cFP-180x using the VPN server address. The client uses the IP address of the cFP-180x that has been setup on the VPN network.  For example, take a look at my diagram (using static instead of DHCP assigned addresses). Once the remote client has connected to the VPN at 207.32.212.3 they would then communicate with the cFP-1808 at the static IP address 192.168.0.238 as though the remote client were on the same local network.

For any of this to work you will need a valid gateway address (the router). Consequently, you will need to configure the cFP-180x to use a static IP address and fill in all the gateway / subnet information manually -  don't use DHCP because of the gateway issue.

Philibuster

Hi Philibuster,

Thanks for elaborating on the details -- I learned a lot myself from your implementation!