Configuration and operation
6.15 H-connections over VPN
6.15
H-connections over VPN
Scope of services
The CP does not support operation of fault-tolerant S7 connections (H-connections) within a
VPN tunnel.
A maximum of 10 fault-tolerant S7 connections are supported per CP.
Restrictions
The following restrictions apply to operation:
• Due to the additional load through the VPN, a lower transmission speed over the H-
connection must be expected.
• When operating large numbers of connections via the CP, it may be necessary to increase
the monitoring time of the H-connections.
With monitoring times that are too short, it is possible that some connections cannot be
established or that breakdowns occur during operation.
You are recommended to set the monitoring time to at least one second.
Depending on the number of VPN groups, number of H-connections and the
communication load, it may be necessary to increase the monitoring times further.
• An H-connection can only be established after the VPN group is created.
• The first connection establishment of an H-connection via VPN takes longer than without
VPN tunneling.
• If you use a CP for H-connection via VPN, it cannot operate any of the following services in
parallel:
– S7 communication
– SEND/RECV communication (TCP, ISO-on-TCP, UDP or ISO)
• Only the H-connections operated with the CP itself can be established within the VPN
tunnel.
No other SEND/RECV communication (TCP, ISOonTCP, UDP, ...) can run over the VPN
tunnel, even over routing.
• The operation of H-connections over VPN with SCALANCE S / SCALANCE SC as VPN
connection endpoint is not released.
When using the CP in SIMATIC PCS 7, observe the restrictions and guidelines for PCS 7.
78
Equipment Manual, 03/2023, C79000-G8976-C256-07
CP 443-1 Advanced