WAGO - How to bring your PLC online

• 1 INSYS router, e. g. MIRO L-200

• 1 suitable cellular antenna

• 1 M2M SIM card in industrial quality

• 1 Ethernet cable

• 1 power supply unit or-power supply (12-24 V DC)

• 1 Configuration PC with browser (for initial setup, can also be the remote access PC)

• 1 Remote access PC with browser and PLC-specific software, such as e. g. CODESYS 3.5

1. If you do not already have an account for the icom Connectivity Suite, register on the portal. See this Configuration Guide.

2. Sign in to the portal.

3. Add the PC, from which you want to access the controller, to the VPN network. See this Configuration Guide.

   Please note!

   You do not have to set an accessible IP for the remote access PC, since access to the PC from the VPN network is not necessary.

4. Add the router, which you want to use to access the controller, to the VPN network. See this Configuration Guide.

   Please note!

   • If you assign a device code here, keep it in mind for the subsequent configuration of the router.

   • Enter as accessible IP the IP address, which the router should get in the network accessible from remote, in this case 192.168.22.1.

   • Check Netmapping.

   • Enter as Router/LAN IP the IP address, which the router should get in the local network, which also contains the controller, in this case 192.168.1.1.

   

You will need a PC with a free Ethernet socket. A DHCP client should be activated on the PC; otherwise you must set up a static IP address in the address range 192.168.1.0/24. The IP address 192.168.1.1 is already occupied by the router.

The router should be in default settings for this configuration!

Reset the router to default settings in case it has already been used.

1. Insert the SIM card into the router (for routers with two SIM card slots, make sure that you insert the SIM card into SIM1).

2. Install the router on the DIN rail (installation notes are available in the Installation and User Manual).

3. Connect the antenna (when using an antenna on routers with two antenna sockets, make sure that you connect the antenna to LTE1).

4. Connect the configuration PC to the router to socket ETH1 using an Ethernet cable.

5. Connect the power supply to terminals V+ (or VIN, positive) and V- (or GND, negative).

The uppermost LED PWR (Power) should light now and signal that the router is supplied with power.

1. Open a new browser window or tab - keep the browser window with the icom Connectivity Suite - VPN open.

2. Enter https://insys.icom into the address bar of the browser.

3. Click on the welcome screen on To Startup wizard.

   Please note!

   If the welcome screen is not displayed, you may also start the Startup wizard in the   Wizards → Startup wizard menu.

4. Click in step 1 - System time - on NEXT - this takes over the system time from the configuration PC and configures a regular update of the time.

5. Enter in step 2 - Authentication - a user name and a safe password for future access to the router and click on NEXT .

6. Select in step 3 - Internet connection - the interface you want to use to establish the connection, here LTE - SIM1, enter a PIN for the SIM cad if required, select the APN and click on NEXT .
   

7. Enable in step 4 - VPN connection - the Configure VPN switch, select as Type of VPN connection the icom Connectivity Suite, select Download configuration automatically and enter Customer name as well as Device code or Default code.
   
   If you did not specify a device code when registering the router, the default code will be used here. Customer name and default code can be found in the icom Connectivity Suite - VPN in the  System → My VPN-Hub menu (you will be directed to the old user interface at the moment).
   
   Click on NEXT .

8. Click in step 5 - LAN connection - on NEXT - the LAN connection will be configured automatically by the icom Connectivity Suite - VPN.

9. Step 6 - icom Router Management - allows to configure your router for the icom Router Management. For this purpose, the router must first be set up as described here.

10. Click on RUN WIZARD.

The Startup wizard is executed and displays the progress of the configurations it has made. The Ethernet interface of the router will be reconfigured. However, after clicking on EXIT WIZARD, the router can still be accessed via the Ethernet connection from the configuration PC, as its default setting is in the same network as that of the controller. Otherwise, the router could only be accessed from the remote access PC via the icom Connectivity Suite - VPN.

The router should be indicated as Online in the device list in the portal of the icom Connectivity Suite - VPN (VPN > Devices menu) after a few minutes.

Compatibility of the controller with the PLC software!

Make sure that the controller firmware is up-to-date and works with the PLC-specific software used (in this case CODESYS 3.5).

Establish a local connection to the controller and enter its IP address in a browser (in our example 192.168.1.17). Check the settings and adjust them if necessary.

Use this Configuration Guide to set up a Windows PC for a connection to the icom Connectivity Suite - VPN. Proceed in the same way for a computer with a Linux operating system. It is important to download the OpenVPN configuration file generated by the icom Connectivity Suite - VPN and import this configuration file into the OpenVPN software. Instructions for iOS and Android are available here.

Open a browser and enter the remote access address of the controller 192.168.22.17 into the address bar of the browser.

You have remote access to the user interface of the controller this way.

Access to other devices in the network!

If there are other devices in the local network on the router, you can also access them via the IP network 192.168.22.0/24 that can be reached for remote access. For example, if another controller in the local network has the IP address 192.168.1.23, you can access it via the remote access address 192.168.22.23.

In order to program the controller, it is necessary that the PC on which the required CODESYS 3.5 software is installed is located in the local network of the controller or has remote access to this network. In the following, we describe remote access to the controller in this network.

1. Start CODESYS 3.5 and open the project of the controller to which you want to establish remote access.
   

2. Go to Device → Communication Settings.
   

3. Change the existing IP address for for the access from the local network 192.168.1.17 to the remote access address 192.168.22.17. Then, enter Username and Password for the controller and conform the changes with OK.
   
   The controller is now displayed as online by the green LED symbol.
   

4. Click on the online symbol to connect the controller.
   

5. Enter Username and Password for the controller. After successful authentication, you are connected to the controller.
   

You can now monitor the controller and make changes to its programming.

A Web-Proxy enables access to the user interface of the controller also from a device that is not in the VPN network of the icom Connectivity Suite - VPN.

Security risk!

The controller is accessible via the Internet when using a web proxy.

The encrypted connection is only protected against Internet access by a password. This is either the device code of the INSYS routers or, if the password has been deactivated in the web proxy, the password of your application. Obey the security of your application and the rules for strong passwords. We do not recommend this function for applications that are relevant to security.

To access the user interface of your controller via a web proxy, the web server must be activated on your controller.

1. Log in to the Portal of the icom Connectivity Suite - VPN.

2. Click in the menu on VPN → Webproxies. The page for setting up a web proxy opens in the classic user interface.

3. Click on the Add new webproxy button.

4. Select the router in whose local network your controller is located under Device.

5. Enter a Name for your web proxy.

6. Enter the IP address in VPN of your controller that is accessible from remote, in our example 192.168.22.17.

7. Check the checkbox The destination uses https protocol to permit access to the controller via HTTPS.

8. Enter the Port that is used for access to the device, this is for HTTPS 443.

9. Check the checkbox Use webproxy without authentication to disable the password request by the icom Connectivity Suite - VPN. Please note the information above!

10. Click on OK.

You can now access the user interface of your controller directly via the link in the Webproxy call column, even if the device used is not in the VPN network of the icom Connectivity Suite - VPN or the VPN connection does not exist.