Bosch Rexroth - How to bring your PLC online

• 1 INSYS router, e. g. MIRO L-200

• 1 suitable cellular antenna  

• 1 M2M SIM card in industrial quality

• 1 Ethernet cable

• 1 power supply unit or-power supply (12-24 V DC)

• 1 Configuration PC with browser (for initial setup, can also be the remote access PC)

• 1 Remote access PC with browser and PLC-specific software, such as e. g. ctrlX PLC Engineer

1. If you do not already have an account for the icom Connectivity Suite, register on the portal. See this Configuration Guide.

2. Sign in to the portal.

3. Add the PC, from which you want to access the controller, to the VPN network. See this Configuration Guide.

   Please note!

   You do not have to set an accessible IP for the remote access PC, since access to the PC from the VPN network is not necessary.

4. Add the router, which you want to use to access the controller, to the VPN network. See this Configuration Guide.

   Please note!

   • If you assign a device code here, keep it in mind for the subsequent configuration of the router.

   • Enter as accessible IP the IP address, which the router should get in the network accessible from remote, in this case 192.168.11.1.

   • Check Netmapping.

   • Enter as Router/LAN IP the IP address, which the router should get in the local network, which also contains the controller, in this case 192.168.1.1.

   

You will need a PC with a free Ethernet socket. A DHCP client should be activated on the PC; otherwise you must set up a static IP address in the address range 192.168.1.0/24. The IP address 192.168.1.1 is already occupied by the router.

The router should be in default settings for this configuration!

Reset the router to default settings in case it has already been used.

1. Insert the SIM card into the router (for routers with two SIM card slots, make sure that you insert the SIM card into SIM1).

2. Install the router on the DIN rail (installation notes are available in the Installation and User Manual).

3. Connect the antenna (when using an antenna on routers with two antenna sockets, make sure that you connect the antenna to LTE1).

4. Connect the configuration PC to the router to socket ETH1 using an Ethernet cable.

5. Connect the power supply to terminals V+ (or VIN, positive) and V- (or GND, negative).

The uppermost LED PWR (Power) should light now and signal that the router is supplied with power.

1. Open a new browser window or tab - keep the browser window with the icom Connectivity Suite - VPN open.

2. Enter https://insys.icom into the address bar of the browser.

3. Click on the welcome screen on To Startup wizard.

   Please note!

   If the welcome screen is not displayed, you may also start the Startup wizard in the   Wizards → Startup wizard menu.

4. Click in step 1 - System time - on NEXT - this takes over the system time from the configuration PC and configures a regular update of the time.

5. Enter in step 2 - Authentication - a user name and a safe password for future access to the router and click on NEXT .

6. Select in step 3 - Internet connection - the interface you want to use to establish the connection, here LTE - SIM1, enter a PIN for the SIM cad if required, select the APN and click on NEXT .
   

7. Enable in step 4 - VPN connection - the Configure VPN switch, select as Type of VPN connection the icom Connectivity Suite, select Download configuration automatically and enter Customer name as well as Device code or Default code.
   
   If you did not specify a device code when registering the router, the default code will be used here. Customer name and default code can be found in the icom Connectivity Suite - VPN on the System → My VPN Hub page in the Account Information field.
   
   Click on NEXT .

8. Click in step 5 - LAN connection - on NEXT - the LAN connection will be configured automatically by the icom Connectivity Suite - VPN.

9. Step 6 - icom Router Management - allows to configure your router for the icom Router Management. For this purpose, the router must first be set up as described here.

10. Click on RUN WIZARD.

The Startup wizard is executed and displays the progress of the configurations it has made. The Ethernet interface of the router will be reconfigured. However, after clicking on EXIT WIZARD, the router can still be accessed via the Ethernet connection from the configuration PC, as its default setting is in the same network as that of the controller. Otherwise, the router could only be accessed from the remote access PC via the icom Connectivity Suite - VPN.

The router should be indicated as Online in the device list in the portal of the icom Connectivity Suite - VPN (VPN > Devices menu) after a few minutes.

Compatibility of the controller with the PLC software!

Make sure that the controller firmware is up-to-date and works with the PLC-specific software used (in this case ctrlX PLC Engineer).

Establish a local direct connection to the controller, open a command prompt or terminal window and send a Ping to the IP address of the controller (in our example 192.168.1.2):
> ping 192.168.1.2

If the ping is received successfully, you have verified the IP address of the controller.

Use this Configuration Guide to set up a Windows PC for a connection to the icom Connectivity Suite - VPN. Proceed in the same way for a computer with a Linux operating system. It is important to download the OpenVPN configuration file generated by the icom Connectivity Suite - VPN and import this configuration file into the OpenVPN software. Instructions for iOS and Android are available here.

Open a command prompt or terminal window and send a Ping to the remote access address of the controller (in our example 192.168.11.2):
> ping 192.168.11.2

If the ping is received successfully, you have verified the access to the controller.

Access to other devices in the network!

If there are other devices in the local network on the router, you can also access them via the IP network 192.168.22.0/24 that can be reached for remote access. For example, if another controller in the local network has the IP address 192.168.1.23, you can access it via the remote access address 192.168.22.23.

In order to program the controller, it is necessary that the PC on which the required ctrlX PLC Engineering software is installed is located in the local network of the controller or has remote access to this network. In the following, we describe remote access to the controller in this network.

1. Start ctrlX PLC Engineering and open the project of the controller to which you want to establish remote access.
   

2. Change to Device and open it using a double-click.
   

3. Change the existing IP address for access from the local network 192.168.1.2 to the remote access address 192.168.11.2 and confirm this by clicking Apply. Then enter the user name and password for the controller and confirm the change with OK.
   

4. Confirm the use of the certificate by clicking on OK.
   The controller is read out and displayed.
   
   The controller is now shown as online by the green LED symbol.
   

5. Click on the online icon to connect to the controller..
   
   
   
   If the controller and the application are highlighted in green, the connection has been successfully established.

You can now monitor the controller and make changes to its programming.

The connection can be terminated again with a click on the offline icon.

A webproxy enables access to the user interface of the controller also from a device that is not in the VPN network of the icom Connectivity Suite - VPN.

Security risk!

The controller is accessible via the Internet when using a webproxy.

The encrypted connection is only protected against Internet access by a password. This is either the device code of the INSYS routers or, if the password has been deactivated in the webproxy, the password of your application. Obey the security of your application and the rules for strong passwords. We do not recommend this function for applications that are relevant to security.

To access the user interface of your controller via a webproxy, the web server must be activated on your controller.

1. Log in to the Portal of the icom Connectivity Suite - VPN.

2. Click on the   VPN → Endpoints (Webproxies) page on + ADD ENDPOINT.

3. Select the Device network of your router that you previously added in icom Connectivity Suite - VPN.

4. Select HTTPS as the Protocol for accessing the endpoint.

5. Enter the IP address that is accessible from remote under IP in VPN, in our example 192.168.11.2.

6. Enter the Port that is used for access to the device, this is for HTTPS 443.

7. Enter an Endpoint name that uniquely describes the endpoint so that it can be distinguished from others.

8. Activate the Add webproxy switch and click NEXT.
   

9. Change the randomly generated string in Name in URL to a ‘descriptive’ address. The resulting URL is displayed as a preview below the field.

10. For Basic Authentication, optionally select No Authentication to disable the password request by the icom Connectivity Suite - VPN. Please note the information above!

11. Click on CREATE to add the endpoint.
    

You can now access the user interface of your controller directly via the link in the Webproxy call column, even if the device used is not in the VPN network of the icom Connectivity Suite - VPN or the VPN connection does not exist.

• Are remote access PC and router indicated as Online in the device list of the icom Connectivity Suite - VPN (VPN > Devices menu)?

• Does remote access to the router work via the address https://192.168.11.1?

• Is it possible to ping the controller in the local network of the router? To do this, go to the Administration → Debugging menu and enter for the Ping Tool the local address of the controller 192.168.1.2 as Parameter.

• Does local access to the controller work via the local address 192.168.1.2 from a PC in the local network of the controller?

• Open the Status → Dashboard page and check the necessary connections.